[langsec-discuss] LangSec BoF session at USENIX Security today at 9:30pm

Darren Highfill darren at utilisec.com
Mon Aug 19 00:55:50 UTC 2013


Any ideas which days would be candidates (SPLASH lists itself as Oct.
26-31)? Don't know about anyone else, but I am willing to try to make it if
the window narrows down some.

FWIW, I'm working with Idaho National Laboratory on a DOE project exploring
the use of LANGSEC research and principles to try and tighten up the use of
some SCADA protocols. We're just getting rolling and are not very far along
- would love the opportunity to meet up with some of the leaders in this
area.

Best regards,
Darren

M: +1 865 806 8675 | E: darren at utilisec.com


On Sun, Aug 18, 2013 at 6:32 PM, Meredith L. Patterson
<clonearmy at gmail.com>wrote:

> I'd certainly be happy to do another one at next year's USENIX Security.
> Are there any other conferences you'd like to see one at?
>
> I'm currently planning to attend
> http://planet-sl.org/parsing-at-sle2013/index.php?option=com_content&view=article&id=307&Itemid=892&lang=en (having
> submitted a presentation on Hammer; I plan to go whether it's accepted or
> not). It's co-located with the Software Language Engineering conference
> (program:
> http://planet-sl.org/sle2013/index.php?option=com_content&view=article&id=352:accepted-papers&catid=96:2013&lang=en),
> which is in turn co-located with ACM SPLASH (http://splashcon.org/2013/),
> formerly known as OOPSLA. Will anyone else be there? We could meet up for
> beers or something.
>
> Cheers,
> --mlp
>
>
> On Sun, Aug 18, 2013 at 8:50 PM, Darren Highfill <darren at utilisec.com>wrote:
>
>> Are there plans for another session? (Unfortunately I missed this one.)
>>
>> Best regards,
>> Darren Highfill
>>
>> M: +1 865 806 8675 | E: darren at utilisec.com
>> On Aug 18, 2013 2:36 PM, "Sergey Bratus" <sergey at cs.dartmouth.edu> wrote:
>>
>>>
>>>    It was a lively exchange, and a number of interesting examples and
>>> research issues came up. We are working on the notes from the BoF, should
>>> have them in a couple of days.
>>>
>>>    Thanks,
>>>
>>> --Sergey
>>>
>>> On Sun, 18 Aug 2013, Will Sargent wrote:
>>>
>>>  How was the BoF session?
>>>>
>>>>
>>>> On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <
>>>> sergey at cs.dartmouth.edu>**wrote:
>>>>
>>>>  Dear All,
>>>>>
>>>>>    The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at
>>>>> 9:30pm
>>>>> in Regency Ballroom BCD (after the rump session). Description as posted
>>>>> at http://langsec.org/bof/ follows:
>>>>>
>>>>> Language-Theoretic Security: Compositional Correctness for the Real
>>>>> World
>>>>>
>>>>> Handling the composition of computing systems is arguably the hardest
>>>>> task
>>>>> of both security theory and practice. A system composed of parts with
>>>>> well-understood properties typically has emergent properties that are
>>>>> hard
>>>>> to derive from the properties of the parts, to validate, or even to
>>>>> detect.
>>>>> These new properties often come as a nasty surprise, creating
>>>>> vulnerabilities that only manifest when "safe" pieces are combined.
>>>>>
>>>>> The language-theoretic view of security examines system and program
>>>>> components as computational automata, both in isolation and when
>>>>> composed
>>>>> into larger systems. This approach has led to the discovery of serious
>>>>> vulnerabilities in the PKI infrastructure, remote PHY-layer frame
>>>>> injection
>>>>> in 802.11b and other wireless protocols, and attacker-driven
>>>>> computation in
>>>>> the ELF runtime toolchain. Defensively, it also points the way to
>>>>> better
>>>>> implementation security through message validation and the conceptual
>>>>> separation of code between input recognition and processing. This BoF
>>>>> will
>>>>> also explore how to employ language-theoretic principles to construct
>>>>> software that is robust by design and exposes as little state and
>>>>> computational power as possible to adversaries.
>>>>>
>>>>> If you've ever struggled to find a "sweet spot" between formal software
>>>>> validation and the collective experience of both software exploiters
>>>>> and
>>>>> defenders in the field, language-theoretic security offers a way to
>>>>> design
>>>>> protocols and build systems that can actually be validated and avoid
>>>>> large
>>>>> classes of bugs. Come hear success stories in both attack and defense,
>>>>> and
>>>>> check out the theory and systems challenges of this new and developing
>>>>> field.
>>>>>
>>>>> Meredith L. Patterson, Nuance Communications
>>>>> Sergey Bratus, Dartmouth College
>>>>> ______________________________****_________________
>>>>> langsec-discuss mailing list
>>>>> langsec-discuss at mail.langsec.****org <langsec-discuss at mail.langsec.**
>>>>> org <langsec-discuss at mail.langsec.org>>
>>>>> https://mail.langsec.org/cgi-****bin/mailman/listinfo/langsec-**
>>>>> **discuss<https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss>
>>>>> <https://mail.**langsec.org/cgi-bin/mailman/**listinfo/langsec-discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>>>> >
>>>>>
>>>>>
>>>>  ______________________________**_________________
>>> langsec-discuss mailing list
>>> langsec-discuss at mail.langsec.**org <langsec-discuss at mail.langsec.org>
>>> https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>>
>>
>> _______________________________________________
>> langsec-discuss mailing list
>> langsec-discuss at mail.langsec.org
>> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20130818/f70a1158/attachment.html>


More information about the langsec-discuss mailing list