Project Everest - Fast, Correct, and Secure Software for Deployment Now
Offered By: 0xdade via YouTube
Course Description
Overview
Syllabus
Intro
Microsoft Research
The HTTPS Ecosystem is critical
The HTTPS Ecosystem is complex
High-Profile TLS Attacks
Defenses against specific coding errors • Compiler warnings
Static analysis - Find bugs by code analysis
State-machine verification • Compact implementation of TLS in C • Formal specification of the state machine
Program Proof for Correctness and Security What we do • Mathematical specification of security and correctness properties
Everest Verified Components in C and asm - Vale Crypto
Is our code perfectly secure? Depends on various modeling assumptions
Verified open source components in C and assembly
Parser research? So 1980s?
Verified components: the crypto library
EverCrypt: a cryptographic provider
Multiplexing: many implementations, one API
Application components for Azure Confidential Computing Open Enclave
TLS 1.3 & QUIC Standardization
Taught by
0xdade
Related Courses
SPARK 2014AdaCore via Independent Automated Reasoning: Symbolic Model Checking
EIT Digital via Coursera Software Testing and Verification
University System of Maryland via edX Haskell for Imperative Programmers
YouTube Model Checking and Temporal Logic - E. Allen Emerson's Turing Award Lecture
Association for Computing Machinery (ACM) via YouTube