YoVDO

Verifying and Synthesizing Constant-Resource Implementations with Types

Offered By: IEEE via YouTube

Tags

Type System Courses Side Channel Attacks Courses Secure Coding Practices Courses

Course Description

Overview

Explore a 19-minute IEEE conference talk on verifying and synthesizing constant-resource implementations using types. Delve into a novel type system for ensuring programs maintain constant-resource behavior, crucial for preventing side-channel attacks. Learn about the extension of automatic amortized resource analysis (AARA) techniques, achieving compositionality, precision, and automation. Discover how information flow tracking is incorporated into resource analysis, allowing for certification of programs that may violate constant-time requirements without leaking confidential information. Understand the concept of resource-aware noninterference and its enforcement. Examine the application of type inference algorithms in synthesizing constant-time implementations and repairing insecure programs automatically. Explore a second AARA system for computing lower bounds on resource usage and deriving quantitative bounds on information leakage. Gain insights into the practical applications of this approach in encryption, decryption routines, database queries, and other resource-aware functionalities.

Syllabus

Intro
Classic non-interference
Example: Sequential search
Solution: Quantitative language-based approach
Overview
Security type system
Examples
Global and local reasoning
Proving constant-resource
Evaluation
Summary


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Application Security for Developers and DevOps Professionals
IBM via Coursera
Security and Auditing in Ethereum
EDUCBA via Coursera
Exploiting and Securing Vulnerabilities in Java Applications
University of California, Davis via Coursera
Become a CompTIA Security+ Certified Security Professional (SY0-601)
LinkedIn Learning
CISSP Cert Prep (2021): 8 Software Development Security
LinkedIn Learning