Skip to main content



Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Talks

Martha Pollack 

Martha Pollack
AI: The Good, the Bad, and the Ugly.
Wednesday, April 24, 2019
3:30pm – 5:00pm
Filene Auditorium, Moore Building

Cyrus Farivar 

Cyrus Farivar
50 Years of Surveillance Law in America
Monday, April 29, 2019
Filene Auditorium, Moore Hall, Dartmouth
5:00 p.m.


Past Talks

Sarit Kraus

Dr. Sarit Kraus
Professor of Computer Science at Bar-Ilan University
Attention Based Fraud Detection of Online Banking Transactions
Thursday, February 14, 2019
Haldeman Center 041
4:00 PM

Amro Farid Professor Amro Farid
Associate Professor of Engineering, Thayer School of Engineering at Dartmouth
Hetero-functional Graph Theory for Interdependent Smart City Infrastructures
Wednesday, February 6, 2019
Life Sciences Center 201
5:00 PM
Meredith Patterson

Meredith Patterson
Co-originator of the Language-theoretic Approach to Computer Security
Computational Linguistics & Computer Security
Tuesday, October 23, 2018
Kemeny Hall 108

Samantha Ravich

Samantha Ravich
Deputy Chair of the President's Intelligence Advisory Board
Cyber-Enabled Economic Warfare: Why America’s Private Sector is now on
the Front Lines of an Emerging Battlefield
Thursday, September 27, 2018
Haldeman 41 (Kreindler Conference Room)

William Regli, Ph.D

William Regli, Ph.D.
Director of the Institute for Systems Research at the Clark School of Engineering, 
Professor of Computer Science at the 
University of Maryland at College Park
A New Type of Thinking
Friday, June 22, 2018
Life Sciences Center 105
11:00 AM

Tata Consulting Logo

Dr. Gautam Shroff
Vice President, Chief Scientist, and Head of Research at Tata Consultancy Services 
Enterprise AI for Business 4.0: from Automation to Amplification
Thursday, June 07, 2018
Haldeman 041 Kreindler Conference Room
3:30 PM

John Dickerson UMD

John P Dickerson
Assistant Professor, Department of Computer Science, University of Maryland
Using Optimization to Balance Fairness and Efficiency in Kidney Exchange
Monday,  May 21, 2018
Kemeny Hall 008
3:30 PM

Senator Jeanne Shaheen

Jeanne Shaheen
U.S. Senator from New Hampshire
Russian Interference in American Politics and Cyber Threats to Our Democracy
Tuesday, February 20, 2018
Alumni Hall (Hopkins Center)
11:00 AM

Lisa Monaco

Lisa Monaco
Former Homeland Security Advisor to President Obama
In Conversation: Lisa Monaco, Fmr Homeland Security Advisor to President Obama
Tuesday, February 13, 2018
Filene Auditorium (Moore Building)
5:00 PM
Sponsored by The Dickey Center for International Understanding

John Stewart EPRI

John Stewart
Sr. Technical Leader, Cyber Security, EPRI
Securing Grid Control Systems
Friday, January 12, 2018
Sudikoff L045 Trust Lab
12:00 Noon

M. Todd Henderson

M. Todd Henderson
Professor of Law, University of Chicago
Hacking Trust: How the Social Technology of Cooperation Will Revolutionize Government
Thursday, January 11, 2018
Room 003, Rockefeller Center
Sponsored by: Rockefeller Center

Dr. Liz Bowman

Dr. Elizabeth Bowman
U.S. Army Research Laboratory
Artificial Intelligence, Machine Learning and Information: Army Social Computing Research
Tuesday, December 5, 2017
Haldeman 041 Kreindler Conference Room
4:00 PM

Dr. Fabio Pierazzi

Dr. Fabio Pierazzi
Royal Holloway University of London
Network Security Analytics for Detection of Advanced Cyberattacks
Tuesday, November 28, 2017
Sudikoff Trust Lab (L045)
12:30 PM

V.S. Subrahmanian

V.S. Subrahmanian
Dartmouth Distinguished Professor in Cybersecurity, Technology, and Society
Bots, Socks, and Vandals
Tuesday, November 14, 2017
Carson L01
5:00 PM 

Rand Beers

Rand Beers ('64)
Big Data, the Internet, and Social Media:  The Road to the November 2016 Election
Wednesday, November 8, 2017
Haldeman 41 (Kreindler Conference Hall)
4:30 PM 

Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31, 2017
udikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 

Sal Stolfo

Salvatore J. Stolfo 
Columbia University
A Brief History of Symbiote Defense
Tuesday, October 31, 2017
Rockefeller 003
5:00 PM

Russian Bear

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine
Thursday 6 April 2017, Oopik Auditorium 5:30 PM
Video of Roman's and Oleksii's presentations


ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
HomeEvents >

Towards a formal theory of computer insecurity: a language-theoretic approach

len meredith
Len Sassaman Meredith L. Patterson

Len Sassaman, Katholieke Universiteit Leuven
Meredith L. Patterson, Independent researcher
Thursday, February 17, 2011


Finding weaknesses in computer programs and systems is commonly thought of as a "knack" or "a black art" by industry practitioners and academics alike. This craft of vulnerability analysis is typically taught by example, through case studies of (in)famous vulnerabilities of the past and the often highly idiosynchratic methods used by their discoverers. Moreover, even though we have a number of theories for how to build provably secure systems from scratch, they do not readily yield themselves to finding insecurities in state-of-the-art existing systems.

When we teach students about those pitfalls of insecure programming, we do not involve a theory that would explain the fundamental origins of this insecurity, and neither do we look to such a theory when searching for exploitable vulnerabilities in a piece of software. This is in stark contrast with other areas of CS, where we continually see and use applications of complexity theory, computation theory, various algorithm analysis results, etc.

The authors show their way from asking themselves these questions to identifying the suitable theoretical constructs and using them to expose a slew of high-impact "0day" vulnerabilities in one of the most frequently used security protocols of today, Secure Sockets Layer and X.509 security certificates, used throughout the world to protect e-commerce, as well as confidential and even classified data.

The authors will further show how many classic case studies in software vulnerabilties can be reduced to familiar principles of the formal languages and computation theory and discuss the implications of this reduction for the future of the current Internet protocols and the design of new secure ones.

Finally, the authors will discuss how modern programming language techniques such as monadic programming and parser combinators -- usually considered obscure -- can have a direct bearing on teaching secure programming in such mundane tasks as web application development.


Len Sassaman, Katholieke Universiteit Leuven

Len Sassaman is a member of the Shmoo Group, as well as a researcher at COSIC, the COmputer Security and Industrial Cryptography laboratory at Katholieke Universiteit Leuven. He is currently pursuing his PhD in electrical engineering, advised by Bart Preneel and David Chaum. The focus of Len's past research has been privacy-preserving technologies, such as anonymity and confidentiality systems, which emphasize usability as a security parameter in privacy solutions subject to the limitations of today's communication systems. Len has over fifteen years of experience designing and deploying privacy enhancing technologies and evaluating protocol security. Len is the maintainer of the anonymous remailer software Mixmaster, a former Tor and Mixmaster server operator, and has written many papers on the topic of anonymous system design. Len has also consulted on policy issues regarding Internet privacy in today's society.

Len Sassaman also co-invented the field of language-theoretic security research, which is the topic of his talk. Prior to becoming an academic researcher, Len was an active cypherpunk and held such roles as Chief Architect at Anonymizer, Inc., Senior Security Architect at Known Safe, Inc., and a Lead Software Engineer at PGP Security, Inc. Last year at Black Hat, Len presented (with Dan Kaminsky) a series of fatal flaws in the Certificate Authority system, discovered using language-theoretic security analysis methods.

Len has spoken at many security conferences, co-founded the CodeCon and Biohack! conferences and the HotPETS workshop.


Meredith L. Patterson is an independent researcher whose areas of expertise range from CS-related topics such as database design, data-mining algorithms, complexity theory, computational linguistics, information security, and privacy-enhancing technology systems; to synthetic biology, design of transgenic organisms using low-cost, build-it-yourself lab equipment, and human metabolic system studies; and speculative fiction as a published author of multiple short stories, mostly science fiction.

Meredith has a BA in Linguistics from the University of Houston and a MA in Linguistics from the University of Iowa. She is heavily involved with the DIYBio movement, and works on transgenic lactic acid bacteria. She co-founded the field of language-theoretic security research, which she used to successfully defeat such troublesome attacks as SQL injection with her "Dejector" library. Most recently, she presented the Biopunk Manifesto at a UCLA synthetic biology conference, and presented her work with Dan Kaminsky and Len Sassaman on breaking the Internet's certificate authority system (by creating usable, bogus certificates crafted to exploit ambiguity in X.509 parsing implementations using language-theoretic security analysis principles) at the Financial Cryptography 2010 conference.

Meredith lives in Leuven, Belgium. In her spare time, she knits, repairs cars, and hacks on open source software.



Last Updated: 2/28/11