Project Everest - Fast, Correct, and Secure Software for Deployment Now
Offered By: 0xdade via YouTube
Course Description
Overview
Syllabus
Intro
Microsoft Research
The HTTPS Ecosystem is critical
The HTTPS Ecosystem is complex
High-Profile TLS Attacks
Defenses against specific coding errors • Compiler warnings
Static analysis - Find bugs by code analysis
State-machine verification • Compact implementation of TLS in C • Formal specification of the state machine
Program Proof for Correctness and Security What we do • Mathematical specification of security and correctness properties
Everest Verified Components in C and asm - Vale Crypto
Is our code perfectly secure? Depends on various modeling assumptions
Verified open source components in C and assembly
Parser research? So 1980s?
Verified components: the crypto library
EverCrypt: a cryptographic provider
Multiplexing: many implementations, one API
Application components for Azure Confidential Computing Open Enclave
TLS 1.3 & QUIC Standardization
Taught by
0xdade
Related Courses
Protocol Deep Dive: QUICPluralsight RabbitMQ Course with NodeJS, Pros & Cons, Cloud RMQ, RMQ vs Kafka, RMQ in Wireshark & More
Hussein Nasser via YouTube How Secure and Quick is QUIC? Provable Security and Performance Analyses
IEEE via YouTube A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer
IEEE via YouTube HTTP/3 is Next Generation HTTP - Is it QUIC Enough?
GOTO Conferences via YouTube