Sometimes when you dig into the technology underneath your favorite devices and applications, you almost wish you hadn’t.
Still, it’s good to get an idea of what hackers are doing, how teams are responding, and what’s going on with the mobile devices that we all rely on more and more with each new year. Some of that has an intersection with AI/ML, in ways that might surprise you.
Check out Adam Chlipala’s talk on modern methods: applying this sort of data science to the practice of computer programming is going to be pretty heavy for anyone who isn’t a coder.
Still, it’s good to get an idea of what hackers are doing, how teams are responding, and what’s going on with the mobile devices that we all rely on more and more with each new year. Some of that has an intersection with AI/ML, in ways that might surprise you.
Check out Adam Chlipala’s talk on modern methods: applying this sort of data science to the practice of computer programming is going to be pretty heavy for anyone who isn’t a coder. Video: looking at some of the underlying coding of popular systems can give us more clues to what is coming next
Seriously, though – Adam Chlipala’s talk on modern methods in applying data science to the practice of computer programming is going to be pretty heavy for anyone who isn’t a coder. To those who do understand the generation of programmed functions and how those pieces go together, it’s probably a very useful tutorial in thinking about new models.
Chlipala starts out with setting the stage in referring to the Heartbleed OpenSSL library bug in 2014, in response to which concerned parties created a Linux workshop:
“(The Linux Foundation) was bringing together those of us in academia, studying tools for programming and assurance about code, with the people who are building and maintaining these most popular critical cryptography and other secure systems in the wild … (to) get us to talk to each other and figure out how we might help each other out.”
Noting that his past work in elliptic curve cryptography indicated it was hard to generate code that was “correct, fast and secure,” Chlipala cites ‘big-integer modular arithmetic’ as one particular challenge.
“It was a little surprising to me that arithmetic could be such a difficult implementation domain. But I learned more about it. And it turned out that there’s a set of standardized algorithms that matters for cryptography…”
He then lays out a three-part criteria of algorithms, prime numbers and hardware architectures, suggesting that different configurations can impede certain types of performance and results.
“When you pick a new element out of that three-way cross-product, … what you have to do is, you go off and get one of a small set of experts to rewrite all the code from scratch in C or assembly, to get the best performance at the same time as security.”
While illustrating how engineers built code with automation, he lays out what the code looks like, and describes a process where there is a machine checkable proof involved. (Take a look at the part where he explains a “many-primes experiment” with 32-bit and 64-bit systems.)
Then there’s another portion of the presentation talking about a ‘high assurance random search’ program making arbitrary choices and mutating code, comparing versions, and keeping the best one in order to improve performance.
Finally, Chlipala illustrates how this technology made it into all of today’s browsers and mobile platforms, for example, with the integration into Chrome in 2018.
“We initiated this project here at MIT in 2015. We released it on GitHub. And then several of my students over the years did internships at Google, arranged by people like Adam Langley, one of the authors of Google’s boring SSL library. And then in 2018, a few years later, the first release of Chrome shipped that uses our code for almost all secure web connections. And since then, for one thing, Google created a new team specifically to try to scale up this kind of technology in their settings … our code has been adopted for all major web browsers in the meantime, as well as all major mobile platforms for their TLS implementations.”
In closing, he explains:
“This is the path that led (on) from … decades of work in formal methods: the idea that you can prove a compiler – and we showed that it’s a really good fit for this problem of generating trustworthy cryptographic software.”
It’s interesting to look at the ways that we use traditional tools for new technologies, and how we apply some pretty familiar aspects of IT to new systems. In some of these cases, you’re dealing with the ability to add a “proof” – to close a door, or to secure some result that’s important for the market, and for users. The accolades come with it – but that’s not why it’s done. An essential part of building is being confident in knowing how to build. That’s something to think about when you’re trying to plumb the treasure trove of AI/ML for new applications.
Read the full article here
