panel-cryptography-verification
- Joey Dodds, Galois
- Dave Novick, Intel
- Bryan Parno, Carnegie Mellon University
- Sophie Schmieg, Google
- Yuval Yarom, University of Adelaide
Abstract: Cryptography is an important component of the security of many information systems, providing foundational security services, such as confidentiality, integrity, and authentication. Implementation and verification of cryptographic algorithms is a demanding task because any mistake or unintended optimization may result in an exploitable security vulnerability. In addition, correct utilization of cryptographic implementations requires some knowledge of cryptography to avoid security issues. At the same time, many have difficulty in choosing a secure and easy-to-use implementation from the abundance of cryptographic implementations written in different languages.
This panel will focus on the challenges and opportunities that stem from the implementation and verification of cryptography in both hardware and software. The discussion aims to cover different aspects of this topic, such as correct and secure implementations of cryptographic algorithms, design, and utilization of cryptographic libraries, tools for secure implementation and automated verification, design of cryptographic interfaces, audit and certification of code, training, and patch management.