TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Start your ENGINEs: Dynamically Loadable Contemporary Crypto

Tutkimustuotosvertaisarvioitu

Standard

Start your ENGINEs: Dynamically Loadable Contemporary Crypto. / Tuveri, Nicola; Brumley, Billy.

2019 IEEE Cybersecurity Development (SecDev). IEEE COMPUTER SOCIETY PRESS, 2019.

Tutkimustuotosvertaisarvioitu

Harvard

Tuveri, N & Brumley, B 2019, Start your ENGINEs: Dynamically Loadable Contemporary Crypto. julkaisussa 2019 IEEE Cybersecurity Development (SecDev). IEEE COMPUTER SOCIETY PRESS, 1/01/00. https://doi.org/10.1109/SecDev.2019.00014

APA

Tuveri, N., & Brumley, B. (2019). Start your ENGINEs: Dynamically Loadable Contemporary Crypto. teoksessa 2019 IEEE Cybersecurity Development (SecDev) IEEE COMPUTER SOCIETY PRESS. https://doi.org/10.1109/SecDev.2019.00014

Vancouver

Tuveri N, Brumley B. Start your ENGINEs: Dynamically Loadable Contemporary Crypto. julkaisussa 2019 IEEE Cybersecurity Development (SecDev). IEEE COMPUTER SOCIETY PRESS. 2019 https://doi.org/10.1109/SecDev.2019.00014

Author

Tuveri, Nicola ; Brumley, Billy. / Start your ENGINEs: Dynamically Loadable Contemporary Crypto. 2019 IEEE Cybersecurity Development (SecDev). IEEE COMPUTER SOCIETY PRESS, 2019.

Bibtex - Lataa

@inproceedings{cbbfe286c04f46f4928bd18bb8a4d984,
title = "Start your ENGINEs: Dynamically Loadable Contemporary Crypto",
abstract = "Software ever-increasingly relies on building blocks implemented by security libraries, which provide access to evolving standards, protocols, and cryptographic primitives. These libraries are often subject to complex development models and long decision-making processes, which limit the ability of contributors to participate in the development process, hinder the deployment of scientific results and pose challenges for OS maintainers. In this paper, focusing on OpenSSL as a de-facto standard, we analyze these limits, their impact on the security of modern systems, and their significance for researchers. We propose the OpenSSL ENGINE API as a tool in a framework to overcome these limits, describing how it fits in the OpenSSL architecture, its features, and a technical review of its internals.We evaluate our methodology by instantiating libsuola, a new ENGINE providing support for emerging cryptographic standards such as X25519 and Ed25519 for currently deployed versions of OpenSSL, performing benchmarks to demonstrate the viability and benefits.The results confirm that the ENGINE API offers (1) an ideal architecture to address wide-ranging security concerns; (2) a valuable tool to enhance future research by easing testing and facilitating the dissemination of novel results in real-world systems; and (3) a means to bridge the gaps between research results and currently deployed systems.",
author = "Nicola Tuveri and Billy Brumley",
year = "2019",
month = "9",
doi = "10.1109/SecDev.2019.00014",
language = "English",
isbn = "978-1-5386-7290-7",
booktitle = "2019 IEEE Cybersecurity Development (SecDev)",
publisher = "IEEE COMPUTER SOCIETY PRESS",

}

RIS (suitable for import to EndNote) - Lataa

TY - GEN

T1 - Start your ENGINEs: Dynamically Loadable Contemporary Crypto

AU - Tuveri, Nicola

AU - Brumley, Billy

PY - 2019/9

Y1 - 2019/9

N2 - Software ever-increasingly relies on building blocks implemented by security libraries, which provide access to evolving standards, protocols, and cryptographic primitives. These libraries are often subject to complex development models and long decision-making processes, which limit the ability of contributors to participate in the development process, hinder the deployment of scientific results and pose challenges for OS maintainers. In this paper, focusing on OpenSSL as a de-facto standard, we analyze these limits, their impact on the security of modern systems, and their significance for researchers. We propose the OpenSSL ENGINE API as a tool in a framework to overcome these limits, describing how it fits in the OpenSSL architecture, its features, and a technical review of its internals.We evaluate our methodology by instantiating libsuola, a new ENGINE providing support for emerging cryptographic standards such as X25519 and Ed25519 for currently deployed versions of OpenSSL, performing benchmarks to demonstrate the viability and benefits.The results confirm that the ENGINE API offers (1) an ideal architecture to address wide-ranging security concerns; (2) a valuable tool to enhance future research by easing testing and facilitating the dissemination of novel results in real-world systems; and (3) a means to bridge the gaps between research results and currently deployed systems.

AB - Software ever-increasingly relies on building blocks implemented by security libraries, which provide access to evolving standards, protocols, and cryptographic primitives. These libraries are often subject to complex development models and long decision-making processes, which limit the ability of contributors to participate in the development process, hinder the deployment of scientific results and pose challenges for OS maintainers. In this paper, focusing on OpenSSL as a de-facto standard, we analyze these limits, their impact on the security of modern systems, and their significance for researchers. We propose the OpenSSL ENGINE API as a tool in a framework to overcome these limits, describing how it fits in the OpenSSL architecture, its features, and a technical review of its internals.We evaluate our methodology by instantiating libsuola, a new ENGINE providing support for emerging cryptographic standards such as X25519 and Ed25519 for currently deployed versions of OpenSSL, performing benchmarks to demonstrate the viability and benefits.The results confirm that the ENGINE API offers (1) an ideal architecture to address wide-ranging security concerns; (2) a valuable tool to enhance future research by easing testing and facilitating the dissemination of novel results in real-world systems; and (3) a means to bridge the gaps between research results and currently deployed systems.

U2 - 10.1109/SecDev.2019.00014

DO - 10.1109/SecDev.2019.00014

M3 - Conference contribution

SN - 978-1-5386-7290-7

BT - 2019 IEEE Cybersecurity Development (SecDev)

PB - IEEE COMPUTER SOCIETY PRESS

ER -