Dr. Michael Locasto, CTO at Narf Industries, will give a colloquium talk, titled “An Operational Definition of Parsing (and its Consequences)” on Tuesday, November 15 from 12:30 – 1:30 PM in the Library Auditorium.
See below for more information about Dr. Locasto.
Abstract: Narf Industries conducts advanced R&D in the space of vulnerability analysis, reverse engineering, and exploit development. This talk presents some our work conducted under the SafeDocs research program, which is concerned with how to make complex document formats safe to parse and consume. We will share our recent research on the unaddressed data management problem inherent in parsing (i.e., input language recognition) and how the problem might be addressed by the novel concept of dynamic progressive types. Far from being of interest to Computer Science theorists, the question of safe recognition is of utmost practical importance to software developers. Many kinds of vulnerabilities occur within input-handling code. The Language-theoretic Security paradigm (LangSec) posits that this association is not merely coincidental, nor is it due to simple ad doc mistakes. Rather, vulnerabilities and exploitation continue to occur because practical software engineering finds it difficult to take advantage of core Computer Science concepts of grammar definition, parsing, and language recognition. In this way, LangSec offers a “science of insecurity” by indemnifying consistent anti-patterns across many different vulnerabilities over time. Our work under SafeDocs shows how to use the latest tools in parser combinator libraries and format-aware tracers to define, guard, and monitor safe parsing.
Speaker Bio: Dr. Michael E. Locasto serves as the CTO at Narf Industries, a cadre of cybersecurity experts tackling some of the most important cybersecurity problems facing society, industry, and government. From 2016 to 2021, Dr. Locasto was a Principal Computer Scientist at SRI International in the Infrastructure Security Group of their Computer Science Laboratory. He served as a PI for four DARPA programs, and also co-led SRI’s Internet of Things Security and Privacy Center. Prior to joining SRI, he was a tenured Associate Professor at the University of Calgary, where he directed the Trustworthy Systems Group and conducted research in trustworthy systems, cooperative security mechanisms, and software security. Dr. Locasto has co-authored over 80 publications in the first of computer security, and he holds 14 U.S. patents related to software security and intrusion detection. He received his Ph.D., MPhil, and MSc degrees in Computer Science from Columbia University and graduated magna cum laude from The College of New Jersey (TCNJ) with BSc in Computer Science.