Software Security in the Presence of Faults
who: Peter Gutmann
when: Sat, 13 Nov 2021 09:15:00 +1300
where: The Michael Fowler Centre
Software security is usually concerned with issues like buffer overflows, SQLI, integer overflows, format string vulnerabilities, and the usual OWASP top ten catalogue. What’s rarely considered is its behaviour in the presence of faults which, combined with security-related code and in particular cryptography that’s horribly sensitive to faults, leads to problems when the software is deployed into environments where faults are not only expected but a normal part of operations. “Software Security in the Presence of Faults” looks at situations where faults arise, and the range of software measures that can be used to defend against them affecting security-critical code.
Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures, security usability, and embedded systems security. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption including serving as the last editor of the world's longest-running security RFC, RFC 8894, and is the author of the open source cryptlib security toolkit, "Cryptographic Security Architecture: Design and Verification" (Springer, 2003), and a perpetually upcoming book "Engineering Security". In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.