LangSec Workshop

at IEEE Security & Privacy, Thursday May 25, 2017

LangSec Hackathon!

"Write all the parsers, get them right the first time!"

The First LangSec Hackathon in San Jose, CA

We will be holding a LangSec hackathon at the Fairmont Hotel on Wednesday May 24, the day before the workshop. You don't need to register for the workshop to take part in the Hackathon.

The hackathon will take place in the California Room (on the 2nd floor) of Fairmont Hotel, San Jose, starting at 10am.

We will start the day with introductions from creators of Hammer and Nom parser combinators to their tools, and will also include a short training on [libFuzzer], which will be used to test parsers.

The goal will be to implement as many popular protocols that need secure input handling as possible, in the [Hammer] framework of parser combinators, in any language that Hammer has bindings for, and in [Nom], the powerful Rust parser combinator library.

Check out the [Hammer Primer] for a series of video tutorials about programming with Hammer. Check out Nom's github page for examples of parsers written in Nom.

Creators of Hammer (@maradydd, @thequux), Nom (@gcouprie, @pollux7), and libFuzzer (@kayseesee) will be on site and glad to share knowledge of the tools' internals and idioms.

The conference will provide a space with suitable Wi-Fi and power access. We are currently looking for sponsors for food and caffeinated drinks.

Tutorials at the Hackathon

The hackathon will start with tutorials on the tools, delivered by their authors. We plan three tutorials:

See the FAQ below on how to prepare for these tutorials. Please note that these times are tentative. We will be happy to extend any tutorial if the audience (you) asks for more.

Hackathon FAQ

Where: The Fairmont Hotel, San Jose, CA, California Room (on the 2nd floor)

When:

The hackathon will be co-located with our LangSec Security & Privacy Workshop. The workshop will be held on Thursday May 25; the hackathon will be held on Wednesday May 24. Please pre-register so that we can plan for hotel space. Walk-ins are welcome, too!

How to join:

Send an email with the subject of "hackathon" to sergey cs.dartmouth.edu . This will pre-register you for the hackathon, and will allow us to send you any updates. This will also help us plan for space and time. But if you haven't, don't let this stop you from just walking in!

Do I need to register for the LangSec workshop on May 25?:

No. The workshop follows the general IEEE Security & Privacy setup, which means a non-nominal registration fee to attend the presentations. These presentations will be recorded and eventually posted to Youtube. Although we plan to sponsor a limited number of registrations (e.g., for students), you don't need to register to take part in the Hackathon.

Tools:

We will offer tasks in parser implementation using

For both tools, we will have their authors attenting and giving short introductions to the tools to hackathon attendees (you).

Additionally, we will integrate Google's [libFuzzer] right at the point of check-in. This way, you will see if you got it right the first time---which we believe you will, with the right tools!

Preparing for the Hackathon:

Please bring your laptop to program on! We will have both wired and wireless access, so bring your Ethernet adapter/cable if convenient.

a) For the Hammer tutorial, please install Hammer: https://github.com/UpstandingHackers/hammer

b) For the Nom tutorial, there is an introduction to Nom parsers with code examples and fuzzing here: https://github.com/Geal/langsec-2017-hackathon-code

c) For the libFuzzer tutorial, please set up your environment before the tutorial starts. You have two choices:

  1. [preferred] Set up an 8-core VM on Google Compute Engine (or any other provider).

  2. Install Docker on your laptop and download our docker image. Details: http://tutorial.libfuzzer.info/#setup-the-environment