[langsec-discuss] LangSec BoF session at USENIX Security today at 9:30pm

Will Sargent will.sargent at gmail.com
Sun Aug 18 16:08:59 UTC 2013


How was the BoF session?


On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <sergey at cs.dartmouth.edu>wrote:

> Dear All,
>
>    The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at 9:30pm
> in Regency Ballroom BCD (after the rump session). Description as posted
> at http://langsec.org/bof/ follows:
>
> Language-Theoretic Security: Compositional Correctness for the Real World
>
> Handling the composition of computing systems is arguably the hardest task
> of both security theory and practice. A system composed of parts with
> well-understood properties typically has emergent properties that are hard
> to derive from the properties of the parts, to validate, or even to detect.
> These new properties often come as a nasty surprise, creating
> vulnerabilities that only manifest when "safe" pieces are combined.
>
> The language-theoretic view of security examines system and program
> components as computational automata, both in isolation and when composed
> into larger systems. This approach has led to the discovery of serious
> vulnerabilities in the PKI infrastructure, remote PHY-layer frame injection
> in 802.11b and other wireless protocols, and attacker-driven computation in
> the ELF runtime toolchain. Defensively, it also points the way to better
> implementation security through message validation and the conceptual
> separation of code between input recognition and processing. This BoF will
> also explore how to employ language-theoretic principles to construct
> software that is robust by design and exposes as little state and
> computational power as possible to adversaries.
>
> If you've ever struggled to find a "sweet spot" between formal software
> validation and the collective experience of both software exploiters and
> defenders in the field, language-theoretic security offers a way to design
> protocols and build systems that can actually be validated and avoid large
> classes of bugs. Come hear success stories in both attack and defense, and
> check out the theory and systems challenges of this new and developing
> field.
>
> Meredith L. Patterson, Nuance Communications
> Sergey Bratus, Dartmouth College
> ______________________________**_________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.**org <langsec-discuss at mail.langsec.org>
> https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20130818/c160811b/attachment.html>


More information about the langsec-discuss mailing list