[langsec-discuss] LangSec BoF session at USENIX Security today at 9:30pm

Darren Highfill darren at utilisec.com
Mon Aug 19 03:28:37 UTC 2013


Sometime during the actual work week would probably be easier for me
personally, but I'll chime in as I find out whether my project will even
support me coming at all. I'd love to make it happen, especially if anyone
else will be around and we can make it a broader discussion.

Anyone else on this list planning to go?

Best regards,
Darren

M: +1 865 806 8675 | E: darren at utilisec.com


On Sun, Aug 18, 2013 at 9:27 PM, Meredith L. Patterson
<clonearmy at gmail.com>wrote:

> I'm currently just planning to attend Parsing at SLE on the 26th, but could
> certainly stay longer.
>
> Cheers,
> --mlp
> On Aug 18, 2013 8:55 PM, "Darren Highfill" <darren at utilisec.com> wrote:
>
>> Any ideas which days would be candidates (SPLASH lists itself as Oct.
>> 26-31)? Don't know about anyone else, but I am willing to try to make it if
>> the window narrows down some.
>>
>> FWIW, I'm working with Idaho National Laboratory on a DOE project
>> exploring the use of LANGSEC research and principles to try and tighten up
>> the use of some SCADA protocols. We're just getting rolling and are not
>> very far along - would love the opportunity to meet up with some of the
>> leaders in this area.
>>
>> Best regards,
>> Darren
>>
>> M: +1 865 806 8675 | E: darren at utilisec.com
>>
>>
>> On Sun, Aug 18, 2013 at 6:32 PM, Meredith L. Patterson <
>> clonearmy at gmail.com> wrote:
>>
>>> I'd certainly be happy to do another one at next year's USENIX Security.
>>> Are there any other conferences you'd like to see one at?
>>>
>>> I'm currently planning to attend
>>> http://planet-sl.org/parsing-at-sle2013/index.php?option=com_content&view=article&id=307&Itemid=892&lang=en (having
>>> submitted a presentation on Hammer; I plan to go whether it's accepted or
>>> not). It's co-located with the Software Language Engineering conference
>>> (program:
>>> http://planet-sl.org/sle2013/index.php?option=com_content&view=article&id=352:accepted-papers&catid=96:2013&lang=en),
>>> which is in turn co-located with ACM SPLASH (http://splashcon.org/2013/),
>>> formerly known as OOPSLA. Will anyone else be there? We could meet up for
>>> beers or something.
>>>
>>> Cheers,
>>> --mlp
>>>
>>>
>>> On Sun, Aug 18, 2013 at 8:50 PM, Darren Highfill <darren at utilisec.com>wrote:
>>>
>>>> Are there plans for another session? (Unfortunately I missed this one.)
>>>>
>>>> Best regards,
>>>> Darren Highfill
>>>>
>>>> M: +1 865 806 8675 | E: darren at utilisec.com
>>>> On Aug 18, 2013 2:36 PM, "Sergey Bratus" <sergey at cs.dartmouth.edu>
>>>> wrote:
>>>>
>>>>>
>>>>>    It was a lively exchange, and a number of interesting examples and
>>>>> research issues came up. We are working on the notes from the BoF, should
>>>>> have them in a couple of days.
>>>>>
>>>>>    Thanks,
>>>>>
>>>>> --Sergey
>>>>>
>>>>> On Sun, 18 Aug 2013, Will Sargent wrote:
>>>>>
>>>>>  How was the BoF session?
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <
>>>>>> sergey at cs.dartmouth.edu>**wrote:
>>>>>>
>>>>>>  Dear All,
>>>>>>>
>>>>>>>    The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at
>>>>>>> 9:30pm
>>>>>>> in Regency Ballroom BCD (after the rump session). Description as
>>>>>>> posted
>>>>>>> at http://langsec.org/bof/ follows:
>>>>>>>
>>>>>>> Language-Theoretic Security: Compositional Correctness for the Real
>>>>>>> World
>>>>>>>
>>>>>>> Handling the composition of computing systems is arguably the
>>>>>>> hardest task
>>>>>>> of both security theory and practice. A system composed of parts with
>>>>>>> well-understood properties typically has emergent properties that
>>>>>>> are hard
>>>>>>> to derive from the properties of the parts, to validate, or even to
>>>>>>> detect.
>>>>>>> These new properties often come as a nasty surprise, creating
>>>>>>> vulnerabilities that only manifest when "safe" pieces are combined.
>>>>>>>
>>>>>>> The language-theoretic view of security examines system and program
>>>>>>> components as computational automata, both in isolation and when
>>>>>>> composed
>>>>>>> into larger systems. This approach has led to the discovery of
>>>>>>> serious
>>>>>>> vulnerabilities in the PKI infrastructure, remote PHY-layer frame
>>>>>>> injection
>>>>>>> in 802.11b and other wireless protocols, and attacker-driven
>>>>>>> computation in
>>>>>>> the ELF runtime toolchain. Defensively, it also points the way to
>>>>>>> better
>>>>>>> implementation security through message validation and the conceptual
>>>>>>> separation of code between input recognition and processing. This
>>>>>>> BoF will
>>>>>>> also explore how to employ language-theoretic principles to construct
>>>>>>> software that is robust by design and exposes as little state and
>>>>>>> computational power as possible to adversaries.
>>>>>>>
>>>>>>> If you've ever struggled to find a "sweet spot" between formal
>>>>>>> software
>>>>>>> validation and the collective experience of both software exploiters
>>>>>>> and
>>>>>>> defenders in the field, language-theoretic security offers a way to
>>>>>>> design
>>>>>>> protocols and build systems that can actually be validated and avoid
>>>>>>> large
>>>>>>> classes of bugs. Come hear success stories in both attack and
>>>>>>> defense, and
>>>>>>> check out the theory and systems challenges of this new and
>>>>>>> developing
>>>>>>> field.
>>>>>>>
>>>>>>> Meredith L. Patterson, Nuance Communications
>>>>>>> Sergey Bratus, Dartmouth College
>>>>>>> ______________________________****_________________
>>>>>>> langsec-discuss mailing list
>>>>>>> langsec-discuss at mail.langsec.****org <langsec-discuss at mail.langsec.*
>>>>>>> *org <langsec-discuss at mail.langsec.org>>
>>>>>>> https://mail.langsec.org/cgi-****bin/mailman/listinfo/langsec-**
>>>>>>> **discuss<https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss>
>>>>>>> <https://mail.**langsec.org/cgi-bin/mailman/**
>>>>>>> listinfo/langsec-discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>  ______________________________**_________________
>>>>> langsec-discuss mailing list
>>>>> langsec-discuss at mail.langsec.**org <langsec-discuss at mail.langsec.org>
>>>>> https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
>>>>>
>>>>
>>>> _______________________________________________
>>>> langsec-discuss mailing list
>>>> langsec-discuss at mail.langsec.org
>>>> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>>>>
>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20130818/35dae463/attachment.html>


More information about the langsec-discuss mailing list