It was a lively exchange, and a number of interesting examples and
research issues came up. We are working on the notes from the BoF, should
have them in a couple of days.
Thanks,
--Sergey
On Sun, 18 Aug 2013, Will Sargent wrote:
How was the BoF session?
On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <[email protected]>wrote:
Dear All,
The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at 9:30pm
in Regency Ballroom BCD (after the rump session). Description as posted
at http://langsec.org/bof/ follows:
Language-Theoretic Security: Compositional Correctness for the Real World
Handling the composition of computing systems is arguably the hardest task
of both security theory and practice. A system composed of parts with
well-understood properties typically has emergent properties that are hard
to derive from the properties of the parts, to validate, or even to detect.
These new properties often come as a nasty surprise, creating
vulnerabilities that only manifest when "safe" pieces are combined.
The language-theoretic view of security examines system and program
components as computational automata, both in isolation and when composed
into larger systems. This approach has led to the discovery of serious
vulnerabilities in the PKI infrastructure, remote PHY-layer frame injection
in 802.11b and other wireless protocols, and attacker-driven computation in
the ELF runtime toolchain. Defensively, it also points the way to better
implementation security through message validation and the conceptual
separation of code between input recognition and processing. This BoF will
also explore how to employ language-theoretic principles to construct
software that is robust by design and exposes as little state and
computational power as possible to adversaries.
If you've ever struggled to find a "sweet spot" between formal software
validation and the collective experience of both software exploiters and
defenders in the field, language-theoretic security offers a way to design
protocols and build systems that can actually be validated and avoid large
classes of bugs. Come hear success stories in both attack and defense, and
check out the theory and systems challenges of this new and developing
field.
Meredith L. Patterson, Nuance Communications
Sergey Bratus, Dartmouth College
______________________________**_________________
langsec-discuss mailing list
[email protected].**org <[email protected]>
https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss>
_______________________________________________
langsec-discuss mailing list
[email protected]
https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
