Linguistics, Turing Completeness, and teh lulz

By at 11:35 pm Wednesday, Dec 28


Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.

Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!

Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.

A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!

Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.

LANGSEC explained in a few slogans

Read more                  

Cory Doctorow

Upcoming appearances

* Mar 9, Washington DC, IAPP Global Privacy Summit
* Mar 22, London, The Economist Technology Frontiers
* Mar 24, London, ORGCon

Recent books:
* Context (essays)
* With a Little Help (short stories)
* For the Win (YA novel)
* Makers (adult novel)

Where not otherwise specified, this work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States and other countries.