| |||||
|
| |||||
|
Search Irongeek.com:  
Help Irongeek.com pay for bandwidth and research equipment: |
Software Security Cryptography OWASP/App Sec - Session #1 - Aaron Bedra
Following close on the heels of heartbleed we have seen a resurgence in questioning C as the implementation choice for critical infrastructure. With performance innovations on managed runtimes the option to implement more and more critical pieces in alternative languages is becoming tangible. Of course this brings along with it a different set of problems. To re-write a system like OpenSSL or even just to implement SSL/TLS on top of a managed runtime there are some serious obstacles to overcome.
This talk will examine solving the memory management problem present when building cryptographic systems on top of managed runtimes. It's no secret that key material and other such sensitive data should be able to be properly allocated and erased from memory with certainty. Aaron will detail the problem with a small implementation of a common cryptographic system and demonstrate how the issue
surfaces. He will then detail what steps need to be taken to solve this issue and re-examine the suitability of using these platforms for critical infrastructure. Bio:
Aaron is a Principal Engineer at Groupon. He is the creator of Repsheet, an open source threat intelligence and attack prevention framework. He is the co-author of Programming Clojure, 2nd Edition, and a frequent open source contributor.
15 most recent posts on Irongeek.com:
| ||||
Printable version of this article
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast