Eleventh Language-theoretic Security (LangSec) IEEE Security & Privacy Workshop |
Preliminary Program (All times are in US Pacific time) |
8:30-8:40am | Opening Words from the Organizers |
8:40-9:40am | Keynote (Session chair: Sergey Bratus): Parsers, the fractal attack surface; Daniel Wallach (Rice University, DARPA I2O). |
9:40-10:00am | Invited Talk (Session chair: TBA): From Legacy to Verified Parsers with AI; Tahina Ramananandro (Microsoft Research). |
10:00-10:20am | Break |
10:20am-12:00pm | First Session: Research Papers (Session chair: TBA) |
| Exploring Zero-Shot Prompting for Generating Data Format Descriptions; Prashant Anantharaman and Vishnupriya Varadharaju (Narf Industries). |
| C2VPG: Translating Practical Context-Free Grammars into Visibly Pushdown Grammars by Order-Based Tagging; Xiaodong Jia and Gang Tan (Pennsylvania State University) . |
| Email Smuggling with Differential Fuzzing of MIME Parsers; Seyed Behnam Andarzian, Martin Meyers and Erik Poll (Radboud University). |
| Towards programming languages free of injection-based vulnerabilities by design; Eric Alata and Pierre-François Gimenez (LAAS-CNRS, INSA; Univ. Rennes, INRIA, IRISA). |
noon-1:15pm | Lunch |
1:15-2:15pm | Keynote (Session chair: TBA): Fault Injection: From Data Transfers to Weird Machines; Cristofaro Mune (Raelize). |
2:15-2:45pm | Break |
2:45-3:40pm | Second Session: Papers and Research Reports (Session chair: TBD) |
| Large Language Models for Validating Network Protocol Parsers; Mingwei Zheng, Danning Xie and Xiangyu Zhang (Purdue University). |
| Parsing with the Logic FC; Owen M. Bell, Sam M. Thompson and Dominik D. Freydenberger (Loughborough University). |
| AI Security is a LangSec Problem; Max von Hippel and Evan Miyazono (Benchify, Inc.; Atlas Computing). |
3:40-4pm | Afternoon Break |
4-5:00pm | Third Session: Research Reports (15 mins) and Work-in-Progress (10 mins) (Session chair: Sergey Bratus) |
| Hi-Res: Precise Exploit Detection using Object-Granular Memory Monitoring; Ziyang Yang, Saumya Solanki, Scott Rixner and Nathan Dautenhahn (Rice University; Serenitix). |
| Automatic Schema Inference from Unknown Protobuf Messages; Jared Chandler (Dartmouth College). |
| Removing the Vulnerable Webapp: Combining JWT and Stored Procedures to Foil SQL Injection; Falcon Darkstar Momot (Aiven Oy). |
| Extending OpenAPI for semantic checking of API usage; Jacob Torrey (Thinkst). |
| TBA. |
5:00-5:05pm | Closing words from organizers |