How was the BoF session?
On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <[email protected]>wrote: > Dear All, > > The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at 9:30pm > in Regency Ballroom BCD (after the rump session). Description as posted > at http://langsec.org/bof/ follows: > > Language-Theoretic Security: Compositional Correctness for the Real World > > Handling the composition of computing systems is arguably the hardest task > of both security theory and practice. A system composed of parts with > well-understood properties typically has emergent properties that are hard > to derive from the properties of the parts, to validate, or even to detect. > These new properties often come as a nasty surprise, creating > vulnerabilities that only manifest when "safe" pieces are combined. > > The language-theoretic view of security examines system and program > components as computational automata, both in isolation and when composed > into larger systems. This approach has led to the discovery of serious > vulnerabilities in the PKI infrastructure, remote PHY-layer frame injection > in 802.11b and other wireless protocols, and attacker-driven computation in > the ELF runtime toolchain. Defensively, it also points the way to better > implementation security through message validation and the conceptual > separation of code between input recognition and processing. This BoF will > also explore how to employ language-theoretic principles to construct > software that is robust by design and exposes as little state and > computational power as possible to adversaries. > > If you've ever struggled to find a "sweet spot" between formal software > validation and the collective experience of both software exploiters and > defenders in the field, language-theoretic security offers a way to design > protocols and build systems that can actually be validated and avoid large > classes of bugs. Come hear success stories in both attack and defense, and > check out the theory and systems challenges of this new and developing > field. > > Meredith L. Patterson, Nuance Communications > Sergey Bratus, Dartmouth College > ______________________________**_________________ > langsec-discuss mailing list > [email protected].**org <[email protected]> > https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss> >
_______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
