Safety and Open Source
Document security and digital signatures in PDF
The push for paperless bureaucracy has been going on for quite some time, but the circumstances of the past year made the issue even more pressing than it already was.
The PDF specification outlines a number of security features, including but not limited to encryption, digital signatures and redaction support.
The goal of this talk is to give a broad overview of the various security mechanisms provided by the PDF standard and their applications in the real world, with a particular focus on digital signing.
The push for paperless bureaucracy has been going on for quite some time, but the circumstances of the past year made the issue even more pressing than it already was.
PDF has played---and continues to play---an important role in this digitalisation process. This is in large part due to the format's reputation for robust, platform-independent rendering, but its easy-to-use, natively supported security features are another key selling point.
PDF documents can be encrypted using AES or public-key encryption to keep their contents away from prying eyes, and the PDF specification also includes native support for redacting documents before public release.
Last but not least, electronic PDF signatures as a replacement for old-school "wet ink" signatures have been a major factor in moving towards paperless workflows for companies and governments alike.
Document security is a complicated and broad subject, with many different facets that often conflict with one another.
In particular, developers of workflows handling sensitive documents regularly face tough judgment calls weighing security requirements against ease of use.
The security features in the PDF specification provide a standard framework to respond to these needs.
In this talk, we'll discuss how you can leverage PDF to build secure, yet user-friendly document workflows.
In the context of digital signing, we'll go over what it means to "trust" a digital signature, and how that trust is validated in practice.
In addition, the talk wil touch upon some of the common pitfalls in PDF security that you should be aware of to prevent your documents from being exploited.
Additional information
| Type | devroom |
|---|
More sessions
| 2/6/21 |
The advantages of Free and Open Source Software are numerous, benefiting industry partners, individual contributors and the wider community who collaborate to advance state of the art. More than ever companies choose FOSS, however the world of safety is behind the curve. Software developed for safety applications often use old development practices and are closed source. Too commonly this code is seen as a competitive advantage, and having spent vast sums developing and analysing for safety, ...
|
| 2/6/21 |
The guarantees provided by SPARK, an open-source formal proof tool for Ada, and its analysis are only as strong as the properties that were initially specified. In particular, use of third-party libraries or the Ada standard libraries may weaken the analysis, if the relevant properties of the library API are not specified. We progressively added contracts to some of the GCC GNAT Ada standard libraries to enable users to prove additional properties when using them, thus increasing the safety of ...
|
| 2/6/21 |
SPARK is an open-source tool for formal verification of the Ada. language. Last year, support for pointers, aka access types, was added to SPARK. It works by enforcing an ownership policy somewhat similar to the one used in Rust. It ensures in particular that there is only one owner of a given data at all time, which can be used to modify it. One of the most complex parts for verification is the notion of borrowing. It allows to transfer the ownership of a part of a data-structure, but only for ...
|
| 2/6/21 |
Assessing whether a system is safe, requires understanding the system sufficiently. If the system depends on Linux, it is important to understand Linux within that system context and how Linux is used in that system. The challenge is selecting Linux components and features that can be evaluated for safety and identifying gaps that exist where more work is needed to evaluate safety sufficiently. The ELISA project has taken on the challenge to make it easier for companies to build and certify ...
|
| 2/6/21 |
We would like to hold an open live discussion on the topic of Safety and Open Source.
|
