/
pycon-2011--through-the-side-channel--timing-and-.json
31 lines (31 loc) · 2.51 KB
/
pycon-2011--through-the-side-channel--timing-and-.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{
"alias": "video/423/pycon-2011--through-the-side-channel--timing-and-",
"category": "PyCon US 2011",
"copyright_text": "Creative Commons Attribution-NonCommercial-ShareAlike 3.0",
"description": "Through the Side Channel: Timing and Implementation Attacks in Python\n\nPresented by Geremy Condra\n\nPython's dynamic nature, large standard library, and concern for beauty\nover performance make it an elegant and uniquely easy to use language,\nbut they also cause some unique problems. In this talk we'll explore how\nfeatures ranging from dictionaries to duck typing can become security\nrisks, demonstrate those attacks on real Python projects, and examine\nhow you can protect yourself and your code.\n\nAbstract\n\nOver the last decade, an increasing body of evidence has accumulated\nindicating that even when a system is hardened enough to provide strong\nguarantees about its high-level behavior, implementation details and\nespecially performance properties can still provide attackers with an\neasy way in. For Python, this is especially problematic: its generally\nhigh-level view and the emphasis placed on flexibility often mean that\nit can be difficult to stop attackers from gaining a foothold, while its\ncomparatively low execution speed increases the efficacy of wide variety\nof implementation and timing attacks.\n\nTo help Pythonistas understand and cope with these problems, we've\ndivided this talk into two parts: in the first, we demonstrate the\nattacks against a series of widely-deployed Python projects with the\ngoal of both improving awareness about the issue and demonstrating\ncommon weaknesses to be avoided. The second demonstrates effective\ncountermeasures and alternative constructions with the goal of improving\ndefenders' odds of spotting and correcting these flaws in their own\ncode.\n",
"duration": null,
"id": 423,
"language": "eng",
"quality_notes": "",
"recorded": "2011-03-11",
"slug": "pycon-2011--through-the-side-channel--timing-and-",
"speakers": [
"Geremy Condra"
],
"summary": "",
"tags": [
"hacking",
"hardening",
"pycon",
"pycon2011",
"security"
],
"thumbnail_url": "https://archive.org/services/img/pyvideo_423___through-the-side-channel-timing-and-implementation-attacks-in-python",
"title": "Through the Side Channel: Timing and Implementation Attacks in Python",
"videos": [
{
"type": "archive.org",
"url": "https://archive.org/details/pyvideo_423___through-the-side-channel-timing-and-implementation-attacks-in-python"
}
]
}