[langsec-discuss] LangSec BoF session at USENIX Security today at 9:30pm

Darren Highfill darren at utilisec.com
Sun Aug 18 18:50:25 UTC 2013


Are there plans for another session? (Unfortunately I missed this one.)

Best regards,
Darren Highfill

M: +1 865 806 8675 | E: darren at utilisec.com
On Aug 18, 2013 2:36 PM, "Sergey Bratus" <sergey at cs.dartmouth.edu> wrote:

>
>    It was a lively exchange, and a number of interesting examples and
> research issues came up. We are working on the notes from the BoF, should
> have them in a couple of days.
>
>    Thanks,
>
> --Sergey
>
> On Sun, 18 Aug 2013, Will Sargent wrote:
>
>  How was the BoF session?
>>
>>
>> On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <sergey at cs.dartmouth.edu>
>> **wrote:
>>
>>  Dear All,
>>>
>>>    The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at
>>> 9:30pm
>>> in Regency Ballroom BCD (after the rump session). Description as posted
>>> at http://langsec.org/bof/ follows:
>>>
>>> Language-Theoretic Security: Compositional Correctness for the Real World
>>>
>>> Handling the composition of computing systems is arguably the hardest
>>> task
>>> of both security theory and practice. A system composed of parts with
>>> well-understood properties typically has emergent properties that are
>>> hard
>>> to derive from the properties of the parts, to validate, or even to
>>> detect.
>>> These new properties often come as a nasty surprise, creating
>>> vulnerabilities that only manifest when "safe" pieces are combined.
>>>
>>> The language-theoretic view of security examines system and program
>>> components as computational automata, both in isolation and when composed
>>> into larger systems. This approach has led to the discovery of serious
>>> vulnerabilities in the PKI infrastructure, remote PHY-layer frame
>>> injection
>>> in 802.11b and other wireless protocols, and attacker-driven computation
>>> in
>>> the ELF runtime toolchain. Defensively, it also points the way to better
>>> implementation security through message validation and the conceptual
>>> separation of code between input recognition and processing. This BoF
>>> will
>>> also explore how to employ language-theoretic principles to construct
>>> software that is robust by design and exposes as little state and
>>> computational power as possible to adversaries.
>>>
>>> If you've ever struggled to find a "sweet spot" between formal software
>>> validation and the collective experience of both software exploiters and
>>> defenders in the field, language-theoretic security offers a way to
>>> design
>>> protocols and build systems that can actually be validated and avoid
>>> large
>>> classes of bugs. Come hear success stories in both attack and defense,
>>> and
>>> check out the theory and systems challenges of this new and developing
>>> field.
>>>
>>> Meredith L. Patterson, Nuance Communications
>>> Sergey Bratus, Dartmouth College
>>> ______________________________****_________________
>>> langsec-discuss mailing list
>>> langsec-discuss at mail.langsec.****org <langsec-discuss at mail.langsec.**org<langsec-discuss at mail.langsec.org>
>>> >
>>> https://mail.langsec.org/cgi-****bin/mailman/listinfo/langsec-**
>>> **discuss<https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss>
>>> <https://mail.**langsec.org/cgi-bin/mailman/**listinfo/langsec-discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>> >
>>>
>>>
>>  ______________________________**_________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.**org <langsec-discuss at mail.langsec.org>
> https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20130818/1e18d40e/attachment.html>


More information about the langsec-discuss mailing list