invited-talk

Verified Secure Implementations for the HTTPS Ecosystem: Invited Talk

Author:

Cédric FournetAuthors Info & Claims

PLAS '16: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security

October 2016

Page 89

https://doi.org/10.1145/2993600.2996279

Published: 24 October 2016 Publication History

Get Access

Abstract

The HTTPS ecosystem, including the SSL/TLS protocol, the X.509 public-key infrastructure, and their cryptographic libraries, is the standardized foundation of Internet Security. Despite 20 years of progress and extensions, however, its practical security remains controversial, as witnessed by recent efforts to improve its design and implementations, as well as recent disclosures of attacks against its deployments. The Everest project is a collaboration between Microsoft Research, INRIA, and the community at large that aims at modelling, programming, and verifying the main HTTPS components with strong machine-checked security guarantees, down to core system and cryptographic assumptions. Although HTTPS involves a relatively small amount of code, it requires efficient low-level programming and intricate proofs of functional correctness and security. To this end, we are also improving our verifications tools (F*, Dafny, Lean, Z3) and developing new ones. In my talk, I will present our project, review our experience with miTLS, a verified reference implementation of TLS coded in F*, and describe current work towards verified, secure, efficient HTTPS.

Index Terms

Verified Secure Implementations for the HTTPS Ecosystem: Invited Talk
1. Security and privacy

Recommendations

Analysis of the HTTPS certificate ecosystem
IMC '13: Proceedings of the 2013 conference on Internet measurement conference

We report the results of a large-scale measurement study of the HTTPS certificate ecosystem---the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, ...
Read More
A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web ...
Read More
Securing SSL Certificate Verification through Dynamic Linking
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Recent discoveries of widespread vulnerabilities in the SSL/TLS protocol stack, particular with regard to the verification of server certificates, has left the security of the Internet's communications in doubt. Newly proposed SSL trust enhancements ...
Read More

Comments

Information & Contributors

Information

Published In

PLAS '16: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security

October 2016

116 pages

ISBN:9781450345743

DOI:10.1145/2993600

Program Chairs:
Toby Murray
University of Melbourne and Data61
,
Deian Stefan
UC San Diego and Intrinsic

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Check for updates

Author Tags

Qualifiers

Invited-talk

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24, 2016

Vienna, Austria

Acceptance Rates

PLAS '16 Paper Acceptance Rate 6 of 11 submissions, 55%;

Overall Acceptance Rate 43 of 77 submissions, 56%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
141
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Index Terms

Recommendations

Analysis of the HTTPS certificate ecosystem

A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

Securing SSL Certificate Verification through Dynamic Linking

Comments

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Login options

Full Access

PDF

eReader

Abstract

Index Terms

Recommendations

Analysis of the HTTPS certificate ecosystem

A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

Securing SSL Certificate Verification through Dynamic Linking

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations