[langsec-discuss] LangSec BoF session at USENIX Security today at 9:30pm

Meredith L. Patterson clonearmy at gmail.com
Mon Aug 19 01:27:51 UTC 2013


I'm currently just planning to attend Parsing at SLE on the 26th, but could
certainly stay longer.

Cheers,
--mlp
On Aug 18, 2013 8:55 PM, "Darren Highfill" <darren at utilisec.com> wrote:

> Any ideas which days would be candidates (SPLASH lists itself as Oct.
> 26-31)? Don't know about anyone else, but I am willing to try to make it if
> the window narrows down some.
>
> FWIW, I'm working with Idaho National Laboratory on a DOE project
> exploring the use of LANGSEC research and principles to try and tighten up
> the use of some SCADA protocols. We're just getting rolling and are not
> very far along - would love the opportunity to meet up with some of the
> leaders in this area.
>
> Best regards,
> Darren
>
> M: +1 865 806 8675 | E: darren at utilisec.com
>
>
> On Sun, Aug 18, 2013 at 6:32 PM, Meredith L. Patterson <
> clonearmy at gmail.com> wrote:
>
>> I'd certainly be happy to do another one at next year's USENIX Security.
>> Are there any other conferences you'd like to see one at?
>>
>> I'm currently planning to attend
>> http://planet-sl.org/parsing-at-sle2013/index.php?option=com_content&view=article&id=307&Itemid=892&lang=en (having
>> submitted a presentation on Hammer; I plan to go whether it's accepted or
>> not). It's co-located with the Software Language Engineering conference
>> (program:
>> http://planet-sl.org/sle2013/index.php?option=com_content&view=article&id=352:accepted-papers&catid=96:2013&lang=en),
>> which is in turn co-located with ACM SPLASH (http://splashcon.org/2013/),
>> formerly known as OOPSLA. Will anyone else be there? We could meet up for
>> beers or something.
>>
>> Cheers,
>> --mlp
>>
>>
>> On Sun, Aug 18, 2013 at 8:50 PM, Darren Highfill <darren at utilisec.com>wrote:
>>
>>> Are there plans for another session? (Unfortunately I missed this one.)
>>>
>>> Best regards,
>>> Darren Highfill
>>>
>>> M: +1 865 806 8675 | E: darren at utilisec.com
>>> On Aug 18, 2013 2:36 PM, "Sergey Bratus" <sergey at cs.dartmouth.edu>
>>> wrote:
>>>
>>>>
>>>>    It was a lively exchange, and a number of interesting examples and
>>>> research issues came up. We are working on the notes from the BoF, should
>>>> have them in a couple of days.
>>>>
>>>>    Thanks,
>>>>
>>>> --Sergey
>>>>
>>>> On Sun, 18 Aug 2013, Will Sargent wrote:
>>>>
>>>>  How was the BoF session?
>>>>>
>>>>>
>>>>> On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <
>>>>> sergey at cs.dartmouth.edu>**wrote:
>>>>>
>>>>>  Dear All,
>>>>>>
>>>>>>    The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at
>>>>>> 9:30pm
>>>>>> in Regency Ballroom BCD (after the rump session). Description as
>>>>>> posted
>>>>>> at http://langsec.org/bof/ follows:
>>>>>>
>>>>>> Language-Theoretic Security: Compositional Correctness for the Real
>>>>>> World
>>>>>>
>>>>>> Handling the composition of computing systems is arguably the hardest
>>>>>> task
>>>>>> of both security theory and practice. A system composed of parts with
>>>>>> well-understood properties typically has emergent properties that are
>>>>>> hard
>>>>>> to derive from the properties of the parts, to validate, or even to
>>>>>> detect.
>>>>>> These new properties often come as a nasty surprise, creating
>>>>>> vulnerabilities that only manifest when "safe" pieces are combined.
>>>>>>
>>>>>> The language-theoretic view of security examines system and program
>>>>>> components as computational automata, both in isolation and when
>>>>>> composed
>>>>>> into larger systems. This approach has led to the discovery of serious
>>>>>> vulnerabilities in the PKI infrastructure, remote PHY-layer frame
>>>>>> injection
>>>>>> in 802.11b and other wireless protocols, and attacker-driven
>>>>>> computation in
>>>>>> the ELF runtime toolchain. Defensively, it also points the way to
>>>>>> better
>>>>>> implementation security through message validation and the conceptual
>>>>>> separation of code between input recognition and processing. This BoF
>>>>>> will
>>>>>> also explore how to employ language-theoretic principles to construct
>>>>>> software that is robust by design and exposes as little state and
>>>>>> computational power as possible to adversaries.
>>>>>>
>>>>>> If you've ever struggled to find a "sweet spot" between formal
>>>>>> software
>>>>>> validation and the collective experience of both software exploiters
>>>>>> and
>>>>>> defenders in the field, language-theoretic security offers a way to
>>>>>> design
>>>>>> protocols and build systems that can actually be validated and avoid
>>>>>> large
>>>>>> classes of bugs. Come hear success stories in both attack and
>>>>>> defense, and
>>>>>> check out the theory and systems challenges of this new and developing
>>>>>> field.
>>>>>>
>>>>>> Meredith L. Patterson, Nuance Communications
>>>>>> Sergey Bratus, Dartmouth College
>>>>>> ______________________________****_________________
>>>>>> langsec-discuss mailing list
>>>>>> langsec-discuss at mail.langsec.****org <langsec-discuss at mail.langsec.**
>>>>>> org <langsec-discuss at mail.langsec.org>>
>>>>>> https://mail.langsec.org/cgi-****bin/mailman/listinfo/langsec-**
>>>>>> **discuss<https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss>
>>>>>> <https://mail.**langsec.org/cgi-bin/mailman/**
>>>>>> listinfo/langsec-discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>>>>> >
>>>>>>
>>>>>>
>>>>>  ______________________________**_________________
>>>> langsec-discuss mailing list
>>>> langsec-discuss at mail.langsec.**org <langsec-discuss at mail.langsec.org>
>>>> https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>>>
>>>
>>> _______________________________________________
>>> langsec-discuss mailing list
>>> langsec-discuss at mail.langsec.org
>>> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20130819/ba5552f5/attachment-0001.html>


More information about the langsec-discuss mailing list