Eleventh LangSec Workshop

at IEEE Security & Privacy, May 15, 2025

Workshop program

Eleventh Language-theoretic Security (LangSec) IEEE Security & Privacy Workshop

Preliminary Program (All times are in US Pacific time)

8:30-8:40amOpening Words from the Organizers
8:40-9:40amKeynote (Session chair: Sergey Bratus): Parsers, the fractal attack surface; Daniel Wallach (Rice University, DARPA I2O).
9:40-10:00amInvited Talk (Session chair: TBA): From Legacy to Verified Parsers with AI; Tahina Ramananandro (Microsoft Research).
10:00-10:20amBreak
10:20am-12:00pmFirst Session: Research Papers (Session chair: TBA)
Exploring Zero-Shot Prompting for Generating Data Format Descriptions; Prashant Anantharaman and Vishnupriya Varadharaju (Narf Industries).
C2VPG: Translating Practical Context-Free Grammars into Visibly Pushdown Grammars by Order-Based Tagging; Xiaodong Jia and Gang Tan (Pennsylvania State University) .
Email Smuggling with Differential Fuzzing of MIME Parsers; Seyed Behnam Andarzian, Martin Meyers and Erik Poll (Radboud University).
Towards programming languages free of injection-based vulnerabilities by design; Eric Alata and Pierre-François Gimenez (LAAS-CNRS, INSA; Univ. Rennes, INRIA, IRISA).
noon-1:15pmLunch
1:15-2:15pmKeynote (Session chair: TBA): Fault Injection: From Data Transfers to Weird Machines; Cristofaro Mune (Raelize).
2:15-2:45pm Break
2:45-3:40pm Second Session: Papers and Research Reports (Session chair: TBD)
Large Language Models for Validating Network Protocol Parsers; Mingwei Zheng, Danning Xie and Xiangyu Zhang (Purdue University).
Parsing with the Logic FC; Owen M. Bell, Sam M. Thompson and Dominik D. Freydenberger (Loughborough University).
AI Security is a LangSec Problem; Max von Hippel and Evan Miyazono (Benchify, Inc.; Atlas Computing).
3:40-4pmAfternoon Break
4-5:00pmThird Session: Research Reports (15 mins) and Work-in-Progress (10 mins) (Session chair: Sergey Bratus)
Hi-Res: Precise Exploit Detection using Object-Granular Memory Monitoring; Ziyang Yang, Saumya Solanki, Scott Rixner and Nathan Dautenhahn (Rice University; Serenitix).
Automatic Schema Inference from Unknown Protobuf Messages; Jared Chandler (Dartmouth College).
Removing the Vulnerable Webapp: Combining JWT and Stored Procedures to Foil SQL Injection; Falcon Darkstar Momot (Aiven Oy).
Extending OpenAPI for semantic checking of API usage; Jacob Torrey (Thinkst).
TBA.
5:00-5:05pmClosing words from organizers