LANGSEC: Language-theoretic Security
"The View from the Tower of Babel"
The Fifth LangSec IEEE S&P Workshop at the IEEE Security & Privacy Symposium 2018 will be held in San Francisco on May 24, 2018. This year's focus will be on practical automation tools for designers of protocols and developers of protocol stacks facing hostile inputs.
The Fourth LangSec IEEE S&P Workshop at the IEEE Security & Privacy Symposium 2017 will be held in San Jose on May 25, 2017. This year, we are planning a LangSec Hackathon to go along with workshop, hacking on secure implementation of popular protocols with the Hammer parser construction kit, in any languages Hammer supports.
The Third LangSec IEEE S&P Workshop at the IEEE Security & Privacy Symposium 2016 was held in San Jose on May 26, 2016, keynoted by Doug McIlroy. The keynote, full papers, research reports, and presentation slides are posted at http://spw16.langsec.org/papers.html.
The Second Language-theoretic Security (LangSec) IEEE S&P Workshop at the IEEE Security & Privacy Symposium 2015 took place in San Jose on May 21, 2015, keynoted by Dan Geer. Workshop program and all presented papers and slides are now posted. The text of Dan Geer's keynote is also posted.
The First Language-theoretic Security (LangSec) IEEE S&P Workshop at the IEEE Security & Privacy Symposium 2014 took place in San Jose, May 18, 2014, keynoted by Caspar Bowden and Felix 'FX' Lindner. Workshop program and all presented papers are now posted.
The Language-theoretic approach (LANGSEC) regards the Internet insecurity epidemic as a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software stacks. LANGSEC posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a recognizer for that language. The recognition must be feasible, and the recognizer must match the language in required computation power.
When input handling is done in ad hoc way, the de facto recognizer, i.e. the input recognition and validation code ends up scattered throughout the program, does not match the programmers' assumptions about safety and validity of data, and thus provides ample opportunities for exploitation. Moreover, for complex input languages the problem of full recognition of valid or expected inputs may be UNDECIDABLE, in which case no amount of input-checking code or testing will suffice to secure the program. Many popular protocols and formats fell into this trap, the empirical fact with which security practitioners are all too familiar.
LANGSEC helps draw the boundary between protocols and API designs that can and cannot be secured and implemented securely, and charts a way to building truly trustworthy protocols and systems. A longer summary of LangSec in this USENIX Security BoF hand-out, and in the talks, articles, and papers below.
|LANGSEC in pictures: Occupy Babel!|
How to get on the LANGSEC mailing list: subscribe at https://mail.langsec.org/list/
2011 USENIX ;login:
2012 IEEE S&P Journal:
Vulnerabilities & bugs:
LangSec for ICS/SCADA applications:
Please link to this page as http://langsec.org/.