Are there plans for another session? (Unfortunately I missed this one.) Best regards, Darren Highfill
M: +1 865 806 8675 | E: [email protected] On Aug 18, 2013 2:36 PM, "Sergey Bratus" <[email protected]> wrote: > > It was a lively exchange, and a number of interesting examples and > research issues came up. We are working on the notes from the BoF, should > have them in a couple of days. > > Thanks, > > --Sergey > > On Sun, 18 Aug 2013, Will Sargent wrote: > > How was the BoF session? >> >> >> On Wed, Aug 14, 2013 at 11:05 AM, Sergey Bratus <[email protected]> >> **wrote: >> >> Dear All, >>> >>> The USENIX Security '13 LangSec BoF will be today, Wed Aug 14 at >>> 9:30pm >>> in Regency Ballroom BCD (after the rump session). Description as posted >>> at http://langsec.org/bof/ follows: >>> >>> Language-Theoretic Security: Compositional Correctness for the Real World >>> >>> Handling the composition of computing systems is arguably the hardest >>> task >>> of both security theory and practice. A system composed of parts with >>> well-understood properties typically has emergent properties that are >>> hard >>> to derive from the properties of the parts, to validate, or even to >>> detect. >>> These new properties often come as a nasty surprise, creating >>> vulnerabilities that only manifest when "safe" pieces are combined. >>> >>> The language-theoretic view of security examines system and program >>> components as computational automata, both in isolation and when composed >>> into larger systems. This approach has led to the discovery of serious >>> vulnerabilities in the PKI infrastructure, remote PHY-layer frame >>> injection >>> in 802.11b and other wireless protocols, and attacker-driven computation >>> in >>> the ELF runtime toolchain. Defensively, it also points the way to better >>> implementation security through message validation and the conceptual >>> separation of code between input recognition and processing. This BoF >>> will >>> also explore how to employ language-theoretic principles to construct >>> software that is robust by design and exposes as little state and >>> computational power as possible to adversaries. >>> >>> If you've ever struggled to find a "sweet spot" between formal software >>> validation and the collective experience of both software exploiters and >>> defenders in the field, language-theoretic security offers a way to >>> design >>> protocols and build systems that can actually be validated and avoid >>> large >>> classes of bugs. Come hear success stories in both attack and defense, >>> and >>> check out the theory and systems challenges of this new and developing >>> field. >>> >>> Meredith L. Patterson, Nuance Communications >>> Sergey Bratus, Dartmouth College >>> ______________________________****_________________ >>> langsec-discuss mailing list >>> [email protected].****org >>> <[email protected].**org<[email protected]> >>> > >>> https://mail.langsec.org/cgi-****bin/mailman/listinfo/langsec-** >>> **discuss<https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss> >>> <https://mail.**langsec.org/cgi-bin/mailman/**listinfo/langsec-discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss> >>> > >>> >>> >> ______________________________**_________________ > langsec-discuss mailing list > [email protected].**org <[email protected]> > https://mail.langsec.org/cgi-**bin/mailman/listinfo/langsec-**discuss<https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss> >
_______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
