Overview
This course aims to teach learners how to enforce authorization with cryptography to prevent attackers from tampering with requests and accessing sensitive data. The course covers the use of cryptographically protected references to enhance security while minimizing memory requirements. The teaching method includes threat modeling, outlining attack vectors, and comparing secure design alternatives for security and performance. The intended audience for this course is developers looking to enhance their understanding of secure object references and access control mechanisms.
Syllabus
Introduction
Agenda
The problem
Relevant Attacks
Common solutions
Direct object references
Sequential indirect object references
Random indirect references
Large memory footprint
Alternate approach
Referencing
Great
Benchmark Setup
Benchmark Results
Verification Time
Memory Usage
Identifier Size
Summary
Conclusions
Taught by
LASCON