Talk: Designing Composable Security 2016-08-08
"Lots of things are wrong with the internet, everything sucks" is a recurring theme at many tech events like this. But there is not enough focus on concrete long-term fixes. Discussions of security topics are not systematic enough, and people and companies pushing selfish agendas makes these problems worse.
In this talk we suggest better "ground-up" approaches to secure system design. Composability is the key idea here; we'll discuss both abstract principles for achieving this, as well as concrete components that "someone should make" that would compose with other future components. Thus, different teams can work together towards a common goal instead of competing for each others' users and volunteers. Any backwards-compatibility hacks may be decomposed away when no longer needed, instead of permanently polluting other parts of the ecosystem.
I'm Ximin Luo, a Debian Developer and security research engineer. I work on secure protocols and decentralized systems. I prefer to use high-level checked languages such as Rust, OCaml, or Haskell. I work for the Reproducible Builds project and have previously worked for MEGA, Tor, Google and Freenet.
I also like music, cooking, sci-fi and cats, in an order indistinguishable from a truly random sequence by a polynomial-time-bounded computational adversary.