Verifying and Synthesizing Constant-Resource Implementations with Types
Offered By: IEEE via YouTube
Course Description
Overview
Explore a 19-minute IEEE conference talk on verifying and synthesizing constant-resource implementations using types. Delve into a novel type system for ensuring programs maintain constant-resource behavior, crucial for preventing side-channel attacks. Learn about the extension of automatic amortized resource analysis (AARA) techniques, achieving compositionality, precision, and automation. Discover how information flow tracking is incorporated into resource analysis, allowing for certification of programs that may violate constant-time requirements without leaking confidential information. Understand the concept of resource-aware noninterference and its enforcement. Examine the application of type inference algorithms in synthesizing constant-time implementations and repairing insecure programs automatically. Explore a second AARA system for computing lower bounds on resource usage and deriving quantitative bounds on information leakage. Gain insights into the practical applications of this approach in encryption, decryption routines, database queries, and other resource-aware functionalities.
Syllabus
Intro
Classic non-interference
Example: Sequential search
Solution: Quantitative language-based approach
Overview
Security type system
Examples
Global and local reasoning
Proving constant-resource
Evaluation
Summary
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Application Security for Developers and DevOps ProfessionalsIBM via Coursera Security and Auditing in Ethereum
EDUCBA via Coursera Exploiting and Securing Vulnerabilities in Java Applications
University of California, Davis via Coursera Become a CompTIA Security+ Certified Security Professional (SY0-601)
LinkedIn Learning CISSP Cert Prep (2021): 8 Software Development Security
LinkedIn Learning