[langsec-discuss] LangSec BoF session at USENIX Security today at 9:30pm

Sergey Bratus sergey at cs.dartmouth.edu
Sun Aug 18 18:36:47 UTC 2013

    It was a lively exchange, and a number of interesting examples and 
research issues came up. We are working on the notes from the BoF, should 
have them in a couple of days.



On Sun, 18 Aug 2013, Will Sargent wrote:

> How was the BoF session?
> On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <sergey at cs.dartmouth.edu>wrote:
>> Dear All,
>>    The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at 9:30pm
>> in Regency Ballroom BCD (after the rump session). Description as posted
>> at http://langsec.org/bof/ follows:
>> Language-Theoretic Security: Compositional Correctness for the Real World
>> Handling the composition of computing systems is arguably the hardest task
>> of both security theory and practice. A system composed of parts with
>> well-understood properties typically has emergent properties that are hard
>> to derive from the properties of the parts, to validate, or even to detect.
>> These new properties often come as a nasty surprise, creating
>> vulnerabilities that only manifest when "safe" pieces are combined.
>> The language-theoretic view of security examines system and program
>> components as computational automata, both in isolation and when composed
>> into larger systems. This approach has led to the discovery of serious
>> vulnerabilities in the PKI infrastructure, remote PHY-layer frame injection
>> in 802.11b and other wireless protocols, and attacker-driven computation in
>> the ELF runtime toolchain. Defensively, it also points the way to better
>> implementation security through message validation and the conceptual
>> separation of code between input recognition and processing. This BoF will
>> also explore how to employ language-theoretic principles to construct
>> software that is robust by design and exposes as little state and
>> computational power as possible to adversaries.
>> If you've ever struggled to find a "sweet spot" between formal software
>> validation and the collective experience of both software exploiters and
>> defenders in the field, language-theoretic security offers a way to design
>> protocols and build systems that can actually be validated and avoid large
>> classes of bugs. Come hear success stories in both attack and defense, and
>> check out the theory and systems challenges of this new and developing
>> field.
>> Meredith L. Patterson, Nuance Communications
>> Sergey Bratus, Dartmouth College
>> ______________________________**_________________
>> langsec-discuss mailing list
>> langsec-discuss at mail.langsec.**org <langsec-discuss at mail.langsec.org>
>> https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>

More information about the langsec-discuss mailing list