Tuesday, 26 April 2016

Open Source Project Proposal: Ada Transport Level Security (TLS) module [Draft]

The Problem

The security of web-sites underpins much of the world's on-line economy. Breaches to it, and potential flaws in implementations of it, are a substantial risk to many organisations, in many countries.

There has already been a famous vulnerability found, and repaired, in the OpenSSL implementation, but there are many closed-source implementations that may still have similar, or more severe, vulnerabilities, or that may be compromised in other ways.

One of the reasons for these vulnerabilities has been the implementation of the solutions to TLS in languages such as c, which is an inherently insecure language, and a language that it is difficult to prove, verify or to correct.

The Proposal

To establish a team, or Ada and security experts, to produce a TLS solution, written in Ada for, in the first instance, servers. This solution would provide an API that could be used with, for example, Apache.

Once this solution had been tested, proved and deployed successfully, the solution would be extended to the client side, so that browsers, such as Firefox could use it.

Funding

The proposal depends on the team being paid for the work, and for enhancements also to be paid.

Ideally this would first come from a grant, or grants. Bodies that might wish to provide funds for such grants could include OpenSSL (www.openssl.org), the EU (https://www.enisa.europa.eu ), the Digital Governments Initiative, D5 London (UK, South Korea, Estonia, Israel and New Zealand https://www.gov.uk/government/topical-events/d5-london-2014-leading-digital-governments ), the British Banking Association (BBA), and many others.

Long term funding would come from income. The produce would have dual-licensing. Free open source to individuals, and open source projects, such as Mozilla, but commercial licensing to organisations such as Apple.

The Requirements

The project, to be a success must comply with these requirements 

  • Satisfy TLS 1.2 and 1.3
  • Be designed to provide general transport layer security
  • Be compatible with existing TLS apis
  • Ensure highly secure design
  • Establish a method to verify a server is running a particular version
  • Ensure code is easy to maintain
  • Use Ada not just as the language, but as an example of good, secure, reliable and fast open source Ada

Provisional timeline

Funding applications: May-August 2016
Team Recruitment: September 2016
Design: September-October 2016
Coding: November-December-January 2016
Testing: February-March 2017
Beta with customers: April-May 2017
Full Release: September 2017


Next Steps

Please comment on this blog if you have any suggestions for improvements to this draft, or write to peter.brooks@service-governance.org




















Posted by at

6 comments:

  1. OneWingedShark28 April 2016 at 12:21

    Paid Ada work? I'd like that!

    I would also suggest:
    1) the use of the SPARK subset and tools, that way we can actually prove lack of runtime or data-flow errors.
    2) The "Be compatible with existing TLS apis" not be a basic requirement, but that the Ads-TLS / existing-APIs interfacing be done separately. (This is to say, that we should work from the algorithms out to the [extant] interfaces, rather than the reverse.)
    3) Perhaps a "dependency" list -- TLS *does* require at least ASN.1 OIDs to be implemented.

    ReplyDelete
  2. Robert I. Eachus5 May 2016 at 13:24

    This is a potential funding source:

    We invite you to submit a position statement to a workshop on Software
    Measures and Metrics to Reduce Security Vulnerabilities.
    https://samate.nist.gov/SwMM-RSV2016.html

    when: Tuesday, 12 July 2016, 9 am to 4:30 pm
    where: NIST, Gaithersburg, MD, USA

    ReplyDelete
  3. Robert I. Eachus5 May 2016 at 13:24

    This is a potential funding source:

    We invite you to submit a position statement to a workshop on Software
    Measures and Metrics to Reduce Security Vulnerabilities.
    https://samate.nist.gov/SwMM-RSV2016.html

    when: Tuesday, 12 July 2016, 9 am to 4:30 pm
    where: NIST, Gaithersburg, MD, USA

    ReplyDelete
  4. Fustbariclation30 May 2016 at 22:55

    The skeleton project has now been created in github. You can view the use-case in the wiki on github here:

    https://github.com/fustbariclation/Ada-Transport-Level-Security-TLS-module-/wiki/Deployment-models---Use-Cases

    ReplyDelete
  5. Fustbariclation8 July 2016 at 13:02

    Just an update on this project. I've been working on getting funding - it's never much fun, of course, and, so far, I've not been successful. I have still some options that I'm chasing up, so it isn't hopeless. So I'll slip the date a month or two.

    If anybody here has other suggestions for sources of funding -- please give me a shout!

    In the mean time, as you'll have seen, there's the AdaCore competition. I've entered it with a stripped-down version of the project, so it's achievable by just me, in the time.

    It's perfect timing, actually, as it gives me a great incentive to get stuck in now, even though the funding isn't settled. Having this done as a sub-project should help speed up the main project considerably - I'll, at least, have had a chance to get to know the tools, the new drivers, and their strengths and limitations, which should help us with the design.

    ReplyDelete
  6. Suraj3 November 2019 at 15:19

    This comment has been removed by a blog administrator.

    ReplyDelete

Subscribe to: Post Comments (Atom)