Sign In

Communications of the ACM

ACM TechNews

Improving Web Security Without Sacrificing Performance

View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The HTTPS protocol is far from perfectly secure.

A new programming tool called Vale enables high-performance cryptographic code to be verifiably correct and secure.

Credit: Carnegie Mellon University Electrical and Computer Engineering

Researchers at Carnegie Mellon University (CMU) have developed Vale, a programming tool enabling high-performance cryptographic code to be verifiably correct and secure.

The researchers demonstrated Vale's verification approach on several cryptographic components of the HTTPS ecosystem.

Websites have resisted using verified code in HTTPS because most verified code has performed significantly slower than unverified code.

"Ours was one of the first demonstrations of verified code performing just as fast, or faster, than unverified code," says CMU professor Bryan Parno. "By verified, I mean you actually have a formal mathematical proof that all of the code that makes up these HTTPS components actually meets some high-level security specification."

The researchers also demonstrated the success of the new verification system at proving resilient to timing attacks and memory-access attacks, two of the most common types of side-channel attacks.

However, the team notes Vale is highly dependent on the security specification the developers feed it.

From Carnegie Mellon News
View Full Article


Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA


No entries found