[langsec-discuss] LangSec BoF session at USENIX Security today at 9:30pm

Meredith L. Patterson clonearmy at gmail.com
Sun Aug 18 22:32:52 UTC 2013


I'd certainly be happy to do another one at next year's USENIX Security.
Are there any other conferences you'd like to see one at?

I'm currently planning to attend
http://planet-sl.org/parsing-at-sle2013/index.php?option=com_content&view=article&id=307&Itemid=892&lang=en
(having
submitted a presentation on Hammer; I plan to go whether it's accepted or
not). It's co-located with the Software Language Engineering conference
(program:
http://planet-sl.org/sle2013/index.php?option=com_content&view=article&id=352:accepted-papers&catid=96:2013&lang=en),
which is in turn co-located with ACM SPLASH (http://splashcon.org/2013/),
formerly known as OOPSLA. Will anyone else be there? We could meet up for
beers or something.

Cheers,
--mlp


On Sun, Aug 18, 2013 at 8:50 PM, Darren Highfill <darren at utilisec.com>wrote:

> Are there plans for another session? (Unfortunately I missed this one.)
>
> Best regards,
> Darren Highfill
>
> M: +1 865 806 8675 | E: darren at utilisec.com
> On Aug 18, 2013 2:36 PM, "Sergey Bratus" <sergey at cs.dartmouth.edu> wrote:
>
>>
>>    It was a lively exchange, and a number of interesting examples and
>> research issues came up. We are working on the notes from the BoF, should
>> have them in a couple of days.
>>
>>    Thanks,
>>
>> --Sergey
>>
>> On Sun, 18 Aug 2013, Will Sargent wrote:
>>
>>  How was the BoF session?
>>>
>>>
>>> On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <sergey at cs.dartmouth.edu
>>> >**wrote:
>>>
>>>  Dear All,
>>>>
>>>>    The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at
>>>> 9:30pm
>>>> in Regency Ballroom BCD (after the rump session). Description as posted
>>>> at http://langsec.org/bof/ follows:
>>>>
>>>> Language-Theoretic Security: Compositional Correctness for the Real
>>>> World
>>>>
>>>> Handling the composition of computing systems is arguably the hardest
>>>> task
>>>> of both security theory and practice. A system composed of parts with
>>>> well-understood properties typically has emergent properties that are
>>>> hard
>>>> to derive from the properties of the parts, to validate, or even to
>>>> detect.
>>>> These new properties often come as a nasty surprise, creating
>>>> vulnerabilities that only manifest when "safe" pieces are combined.
>>>>
>>>> The language-theoretic view of security examines system and program
>>>> components as computational automata, both in isolation and when
>>>> composed
>>>> into larger systems. This approach has led to the discovery of serious
>>>> vulnerabilities in the PKI infrastructure, remote PHY-layer frame
>>>> injection
>>>> in 802.11b and other wireless protocols, and attacker-driven
>>>> computation in
>>>> the ELF runtime toolchain. Defensively, it also points the way to better
>>>> implementation security through message validation and the conceptual
>>>> separation of code between input recognition and processing. This BoF
>>>> will
>>>> also explore how to employ language-theoretic principles to construct
>>>> software that is robust by design and exposes as little state and
>>>> computational power as possible to adversaries.
>>>>
>>>> If you've ever struggled to find a "sweet spot" between formal software
>>>> validation and the collective experience of both software exploiters and
>>>> defenders in the field, language-theoretic security offers a way to
>>>> design
>>>> protocols and build systems that can actually be validated and avoid
>>>> large
>>>> classes of bugs. Come hear success stories in both attack and defense,
>>>> and
>>>> check out the theory and systems challenges of this new and developing
>>>> field.
>>>>
>>>> Meredith L. Patterson, Nuance Communications
>>>> Sergey Bratus, Dartmouth College
>>>> ______________________________****_________________
>>>> langsec-discuss mailing list
>>>> langsec-discuss at mail.langsec.****org <langsec-discuss at mail.langsec.**
>>>> org <langsec-discuss at mail.langsec.org>>
>>>> https://mail.langsec.org/cgi-****bin/mailman/listinfo/langsec-**
>>>> **discuss<https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss>
>>>> <https://mail.**langsec.org/cgi-bin/mailman/**listinfo/langsec-discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>>> >
>>>>
>>>>
>>>  ______________________________**_________________
>> langsec-discuss mailing list
>> langsec-discuss at mail.langsec.**org <langsec-discuss at mail.langsec.org>
>> https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>
>
> _______________________________________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20130819/0f787ee0/attachment-0001.html>


More information about the langsec-discuss mailing list