Enforcing Authorization with Cryptography

Explore a developer-focused conference talk on enforcing authorization through cryptography. Learn about the risks of insecure direct object references and their inclusion in OWASP's Top 10 lists. Discover common solutions and their limitations, including indirect object reference maps and thorough authorization checks. Delve into a novel approach using cryptographically protected references, which balances computational time and memory requirements. Examine relevant attack vectors through threat modeling and compare secure design alternatives with benchmark results. Gain specific guidance on secure object references, access control, and database keys to share with development teams. Understand the trade-offs between security and performance in addressing this critical vulnerability.

Introduction
Agenda
The problem
Relevant Attacks
Common solutions
Direct object references
Sequential indirect object references
Random indirect references
Large memory footprint
Alternate approach
Referencing
Great
Benchmark Setup
Benchmark Results
Verification Time
Memory Usage
Identifier Size
Summary
Conclusions