LangSec: A Workshop on Language Theoretic Security San Jose CA, May 18th, 2014
(submission deadline now firm: Feb. 16th) Call for Papers The LangSec workshop solicits contributions of research papers and panel proposals related to the growing area of language-theoretic security. Language-theoretic security (LangSec) is a design and programming philosophy that focuses on formally correct and verifiable input handling throughout all phases of the software development lifecycle. In doing so, it offers a practical method of assurance of software free from broad and currently dominant classes of bugs and vulnerabilities related to incorrect parsing and interpretation of messages between software components (packets, protocol messages, file formats, function parameters, etc.). LangSec aims to (1) produce verifiable recognizers, free of typical classes of ad-hoc parsing bugs, (2) produce verifiable, composable implementations of distributed systems that ensure equivalent parsing of messages by all components and eliminate exploitable differences in message interpretation by the elements of a distributed system, and (3) mitigate the common risks of ungoverned development by explicitly exposing the processing dependencies on the parsed input. For further details refer to the workshop website, which includes a full and updated version of this CFP: http://spw14.langsec.org/ Or to the IEEE S&P workshop page: http://www.ieee-security.org/TC/SPW2014/index.html *** Important Dates *** Submissions due: 16 February 2014, 11:59 PM Pacific Notification to authors: 15 March 2014 Final files due: 1 April 2014 *** Submission Instructions and Formats *** Submissions should be in PDF file format and made via EasyChair. Submissions must not be anonymized. The confidentiality of submissions will be protected as is customary, but submissions with non-disclosure agreements or forms attached will be returned without review. The types of submissions sought are as follows: *** Research Papers The LangSec PC encourages submission of research papers from academia, industry, and government. There is no hard maximum page limit, but length should be justified by the content and quality of the text. The PC expects research papers to vary between 4 and 15 pages in length. Shorter papers are encouraged, but longer papers that document high-quality or extensive experimentation are very much in scope. Research papers are encouraged to address some of the topics listed below, but the list is not exhaustive: 1. systems architectures and designs based on LangSec principles 2. computer languages, file formats, and network protocols built on LangSec principles 3. re-engineering efforts of existing languages, formats, and protocols to reduce computational power 4. novel system designs for isolation and separation of parsers and processing 5. exploit programming as an engineering discipline 6. structured techniques for building weird machines 7. systems and frameworks for post-hoc or design time recognizer definition 8. identification of LangSec anti-patterns; certification of absence 9. type safety; efficient runtime type checking 10. small languages 11. parser generators 12. embedding runtime language recognizers 13. methods and techniques for practical assurance 14. parser proof-of-equivalence in distributed systems 15. LangSec case studies of successes and failures 16. comprehensive taxonomies of LangSec phenomena 17. measurement studies of LangSec systems or data sets 18. formalization of vulnerabilities and exploits in terms of language theory 19. science of protocol design: layering, fragmentation and re-assembly, extensibility, etc 20. architectural constructs for enforcing limits on computational complexity 21. empirical data on programming language features/programming styles that effect bug introduction rates (e.g., syntactic redundancy) The PC expects that topics should cover recent LangSec–related advances or make the connection between research and practical assurance through computability theory. The LangSec PC particularly encourages papers that deal with controlling LangSec anti-patterns: 1. Ad-hoc notions of input validity. 2. Parser differentials: mutual misinterpretation between system components. 3. Mixing of input recognition and processing (a.k.a. “Shotgun parsers”) 4. Ungoverned development: Adding New Features / Language Specification Drift. *** Panels The LangSec PC seeks submissions for interesting and lively panel topics. Panel submissions should identify the panel moderator and two to three panelists that have agreed to participate, along with short position statements on the panel’s core question or assertion. Panel proposals should be at most four pages in length. Panels will be scribed and the notes published in the proceedings alongside the panelist statements. *** Proof-of-Concept The LangSec PC encourages submissions that discuss actual implementations, prototypes, and proofs-of-concept. The resulting talk must not be a product pitch or a product manual, but the PC expects that the demonstration should enlighten and educate the audience to the extent that the audience could subsequently apply the tool or system in their own research or work. Proof-of-concept submissions are encouraged to include in their paper submission links to videos or other media demonstrating the project. *** Program Committee *** Sergey Bratus (Dartmouth College) Jon Callas (Silent Circle) Gal Diskin (Cyvera) Thomas Dullien (Google) Alex Gantman (Qualcomm) Dan Geer (In-Q-Tel) Robert Graham (Errata Security) David Grawrock (Intel) Dan Kaminsky (White Ops, LLC.) Felix Lindner (Recurity Labs / Phenoelit) Michael E. Locasto (University of Calgary) Meredith L. Patterson (Nuance Communications / Upstanding Hackers, LLC) Sean W. Smith (Dartmouth) Julien Vanegue (Bloomberg) Jesse Walker (Intel) Stefano Zanero (Politecnico di Milano University) *** Organizing Committee *** Sergey Bratus (Dartmouth College) Trey Darley (Splunk) TQ Hirsch (Upstanding Hackers, LLC) Michael E. Locasto (University of Calgary) Meredith L. Patterson (Nuance Communications / Upstanding Hackers, LLC) Anna Shubina (Dartmouth) -- Cordiali saluti, Stefano Zanero Politecnico di Milano - Dip. Elettronica, Informazione e Bioingegneria Via Ponzio, 34/5 I-20133 Milano - ITALY Tel. +39 02 2399-4017 Fax. +39 02 2399-3411 E-mail: [email protected] Web: http://home.dei.polimi.it/zanero/
________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
