Writing Code To Withstand Hostile Environments

Increasingly, client/server software is being deployed in hostile environments that it may not have been designed to withstand. Attendees will learn how to spot and avoid making typical flaws in security programming, using examples and case studies from existing applications.

Basics

• Taxonomies of software and system flaws
• The importance of security
• Putting security at the right layer
• Orange book (C2, B1, B2 systems)
• Authentication versus Authorization

Data Protocols

• How protocols are secure or insecure
• Designing a protocol for security
• Typical weaknesses of protocols

Using cryptography

• Basics (Public key, Secret Key, Certificates)
• Randomness
• Algorithms
• Synchronizing protocols
• What cryptography can and can't do for you

Authentication

• What to authenticate
• Challenge/response
• Authenticating packet streams
• Publicly-available authentication systems

Writing secure network daemons

• Chroot
• Setuid
• Minimizing code
• How to avoid doing everything as "root"

Matt Blaze is a Principal Research Scientist at AT&T Laboratories, where he studies computer security, applied cryptology, and large scale distributed computing sytstems. His recent work has been influential in shaping the technological aspects of US cryptography policy; his 1994 discovery of a fundamental weakness in the US Government's proposed ``Clipper'' key escrow system was a turning point in the cryptography debate and has sparked an ongoing area of cryptology research. His current interests focus on the use of secure hardware, the management and specification of trust in large systems, public-key certificate infrastructure, and cryptography policy. Matt holds a PhD in Computer Science from Princeton University. He received the Electronic Frontier Foundation's Pioneer award in 1996.