One of the most difficult aspects of securing a protocol implementation is simply bounding the scope of the attack surface: how do you tell where attacks are likely to crop up? Historically, variations between implementations have led to some of the most successful attack techniques -- from simple TCP "Christmas tree" packets to last year's multiple break of the X.509 certificate authority system (by these speakers). But without access to all the relevant source code, how can developers identify potential sources of exploitable variations in behavior? In this presentation, we go beyond the accumulated wisdom of "best practices" and demonstrate a quantitative technique for minimizing inconsistent behavior between implementations. We will also show how this technique can be used from an attacker's perspective. Last year we showed you how to break X.509; this year, we will show you how we found those vulnerabilities and how the same techniques can be used to discover multiple novel 0-days in any vulnerable protocol implementation.
Meredith L. Patterson is an independent researcher whose areas of expertise range from CS-related topics such as database design, data-mining algorithms, complexity theory, computational linguistics, information security, and privacy-enhancing technology systems; to synthetic biology, design of transgenic organisms using low-cost, build-it-yourself lab equipment, and human metabolic system studies; and speculative fiction as a published author of multiple short stories, mostly science fiction. Meredith has a BA in Linguistics from the University of Houston and a MA in Linguistics from the University of Iowa. She is heavily involved with the DIYBio movement, and works on transgenic lactic acid bacteria. She co-founded the field of language-theoretic security research, which she used to successfully defeat such troublesome attacks as SQL injection with her "Dejector" library. Most recently, she presented the Biopunk Manifesto at a UCLA synthetic biology conference, and presented her work with Dan Kaminsky and Len Sassaman on breaking the Internet's certificate authority system (by creating usable, bogus certificates crafted to exploit ambiguity in X.509 parsing implementations using language-theoretic security analysis principles) at the Financial Cryptography 2010 conference. Meredith lives in Leuven, Belgium. In her spare time, she knits, repairs cars, and hacks on open source software. This is her second Black Hat presentation.
Katholieke Universiteit Leuven Len Sassaman is a member of the Shmoo Group, as well as a researcher at COSIC, the COmputer Security and Industrial Cryptography laboratory at Katholieke Universiteit Leuven. He is currently pursuing his PhD in electrical engineering, advised by Bart Preneel and David Chaum. The focus of Len's past research has been privacy-preserving technologies, such as anonymity and confidentiality systems, which emphasize usability as a security parameter in privacy solutions subject to the limitations of today's communication systems. Len has over fifteen years of experience designing and deploying privacy enhancing technologies and evaluating protocol security. Len is the maintainer of the anonymous remailer software Mixmaster, a former Tor and Mixmaster server operator, and has written many papers on the topic of anonymous system design. Len has also consulted on policy issues regarding Internet privacy in today's society. Len Sassaman also co-invented the field of language-theoretic security research, which is the topic of his talk. Prior to becoming an academic researcher, Len was an active cypherpunk and held such roles as Chief Architect at Anonymizer, Inc., Senior Security Architect at Known Safe, Inc., and a Lead Software Engineer at PGP Security, Inc. Last year at Black Hat, Len presented (with Dan Kaminsky) a series of fatal flaws in the Certificate Authority system, discovered using language-theoretic security analysis methods. Len has spoken at many security conferences, co-founded the CodeCon and Biohack! conferences and the HotPETS workshop, and will be returning to Black Hat for his eighth talk at this conference.