On the Amazon s2n team we have a rule for handling bugs and issues; it’s not good enough to simply fix a bug or issue, we also have to dig in and find another deeper kind of fix of that eliminates most bugs of that whole class. Failsafe design, and defense in depth is nothing new of course, but in security, the tendency to add layers can backfire. Each new layer brings its own potential bugs, risks, costs, and challenges. No good deed goes unpunished! But there is hope. We’re getting more experienced and better at sniffing out risk, and seeing just how valuable different kinds of defense are. We’ll take a look at just how effective some of the simplest mitigations are, and how modern verification techniques can provide run-time assurance, without run-time risk.
Bio: Colm is a Senior Principal Engineer at Amazon Web Services, where for the last 11 years he has been working on many of Amazon’s core security, networking, and cryptography services. For the last 5 years Colm has been leading development of Amazon s2n, an Open Source implementation of the SSL/TLS protocols, and has been applying Formal Verification, Automated Reasoning, and secure code generation techniques to eliminate as many potential issues as possible.