Enigma 2019 has ended
Monday, January 28 • 12:00pm - 12:30pm
Using Architecture and Abstractions to Design a Security Layer for TLS

Sign up or log in to save this to your schedule and see who's attending!

TLS is the primary protocol used to provide security and privacy for Internet traffic. Sadly, there is abundant evidence that developers do not use TLS correctly, due to a morass of poorly-designed APIs, lack of security expertise, and poor adherence to best practices. In this talk, we argue this is a problem of architecture and abstraction. We first demonstrate how a security layer fits into the Internet architecture, between applications and TCP, and how the POSIX socket API is both a convenient and simple abstraction for a TLS interface. We then discuss ramifications for developers, administrators, and OS vendors, focused on two major benefits: (1) developers have a centralized, well-tested service to easily create a secure application in minutes, and (2) system administrators and OS vendors have policy to ensure all applications on a device use best practices. We finish by illustrating how this new abstraction and architecture can simplify two of the most complex parts of TLS—certificate validation and client authentication. We are releasing code for the security layer, including both operating system services and application examples, to stimulate developer and industry interest in this approach.


Daniel Zappala

Brigham Young University
Daniel Zappala is the director of the Internet Research Lab at BYU. He is primarily interested in network security and usable security, particularly anywhere that people have to interact with cryptography. Daniel’s recent research includes developing a security layer for TLS, designing... Read More →

Monday January 28, 2019 12:00pm - 12:30pm
Grand Peninsula Ballroom ABCD

Twitter Feed