Explore a LangSec-inspired language called Crema in this BSidesLV 2015 conference talk. Delve into the principles of Language-theoretic Security (LangSec) and its application in creating more secure systems. Learn about the concept of least computational privilege, sub-Turing execution, and the importance of language limitations in security. Examine a sample Crema program and understand its potential applications in real-world scenarios, such as improving the security of email systems like QMail and Sendmail. Discover the future work planned for Crema, including formal modeling and JIT unrolling. Gain insights into how Crema could be embedded in programs to enhance security and explore various use-cases for this innovative language.
Overview
Syllabus
Intro
Outline
Thesis
Some Definitions (cont.)
What is LangSec
Ok... What...
LangSec Perspective
Data Drives Execution
The Gap
The Angle
Least Computational Privilege
Sub-Turing Execution
Peter Pan of Programming
A Sub-Turing Language
Language Limitations
Language Fundamentals
Sample Crema Program
Future Work
Formal Model
Forward-only Execution
JIT Unrolling
Embedding Crema in Programs
QMail
Mark Dowd's Sendmail Bug
How Crema Could Help
Use-cases
Wrap-up
Questions?
