Loading…
July 17-19 | Tokyo, Japan
View More Details  & Register Here
Wednesday, July 17 • 15:10 - 15:50
A Memory Safe and OpenSSL-Compatible TLS Library in Rust - Yiming Jing, Baidu USA

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
TLS is a cornerstone of Internet security. But most existing TLS libraries are implemented with C/C++, which make them particularly susceptible to memory safety issues. Heartbleed, for example, is a buffer over-read vulnerability in OpenSSL that caused detrimental loss across the globe.

In 2018, Baidu open sourced MesaLink, a memory safe and OpenSSL-compatible TLS library implemented in the Rust programming language. Rust provides strong memory safety guarantees; most vulnerabilities can be detected and eliminated at compile-time. Rust also brings in unique new challenges, especially when we integrate Rust code with existing C code.

MesaLink has been in production at Baidu with >10M monthly active users. This talk covers an introduction to Rust, design decisions, memory safe system principles, and how Baidu replaced OpenSSL with MesaLink in production.

Speakers
avatar for Yiming Jing

Yiming Jing

Security Scientist, Baidu USA
Dr. Yiming Jing is a security scientist at Baidu X-Lab. He has been working on Android security research and building secure software systems. He is the author and maintainer of MesaLink, a memory safe and OpenSSL-compatible TLS library. https://yimingjing.com


Wednesday July 17, 2019 15:10 - 15:50
Meeting Room 1 (Floor 5F)