Towards a LangSec-aware SDLC

March 16, 2016 (at 11:30 a.m.) in Defense & Management

The keynote of TROOPERS'15 by Prof. Sergey Bratus highlighted the findings of language-theoretical security (LangSec) vis-a-vis how many classes of vulnerabilities stem from computational and grammar complexity. This talk is aimed at software developers and project managers who are looking to enhance their SDLC with LangSec-supported practices. Actionable techniques, tools and methods will be provided to integrate LangSec findings into the software your organizations develop to reduce the defect rate and improve security. Also highlighted will be major development organizations that have developed coding best-practices that are well-aligned with LangSec, thus showing the empirical benefits to these changes to the SDLC.

Jacob Torrey

Jacob is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. He has spoken at many top-tier security conferences including Black Hat USA, THREADS, SysCan and ORNL’s CISRC as well having his work profiled by WIRED.