Using Architecture and Abstractions to Design a Security Layer for TLS

TLS is the primary protocol used to provide security and privacy for Internet traffic. Sadly, there is abundant evidence that developers do not use TLS correctly, due to a morass of poorly-designed APIs, lack of security expertise, and poor adherence to best practices. In this talk, we argue this is a problem of architecture and abstraction. We first demonstrate how a security layer fits into the Internet architecture, between applications and TCP, and how the POSIX socket API is both a convenient and simple abstraction for a TLS interface. We then discuss ramifications for developers, administrators, and OS vendors, focused on two major benefits: (1) developers have a centralized, well-tested service to easily create a secure application in minutes, and (2) system administrators and OS vendors have policy to ensure all applications on a device use best practices. We finish by illustrating how this new abstraction and architecture can simplify two of the most complex parts of TLS—certificate validation and client authentication. We are releasing code for the security layer, including both operating system services and application examples, to stimulate developer and industry interest in this approach.