Meredith L. Patterson
Bio: Meredith L. Patterson (born April 30, 1977) is an American technologist, science fiction writer, and journalist. She has spoken at numerous industry conferences on a wide range of topics. She is also a blogger and software developer, and a leading figure in the biopunk movement.
Patterson is known for her work in computational linguistics and its applications to computer security. In 2005, she presented the first parse tree validation technique for stopping SQL injection attacks at the Black Hat conference in Las Vegas.
She has integrated her support vector machine datamining library inside of PostgreSQL to provide a “query-by-example” extension to the SQL language, allowing DBAs to quickly and easily form complex datamining requests based on example positive and negative inputs. While this work was initially funded by Google’s Summer of Code program, Patterson’s datamining work now forms the basis of her startup, Osogato, which couples the datamining database with acoustic feature extractors allowing users to create playlists from their own music collections and find new music based on the inherent properties of the music they provide as sample inputs. Osogato was launched at SuperHappyDevHouse.
Prior to founding Osogato, Patterson worked for Mu Security (now Mu Dynamics). Before that, she was a PhD student at the University of Iowa. She did her undergrad in linguistics at the University of Houston and received her Masters in linguistics from the University of Iowa.
Patterson has contributed to multiple open-source database software projects, including SciTools, Klein, QBE, and written patches to PostgreSQL. Her “Dejector” library integrates with PostgreSQL to implement the SQL injection approach taken in her Black Hat paper. Patterson is also credited with contributing to the Summer of Code project Firekeeper, which her husband mentored.
In 2009 at BlackHat, Dan Kaminsky presented joint work with Patterson and Sassaman, revealing pervasive flaws in the Internet’s certificate authority infrastructure. Their work revealed that existing web browsers could be fooled into accepting fraudulent X.509 certificates.
As our “voyage of the Beagle” continues, the language-theoretic security framework, initially proposed by Len Sassaman, Meredith L. Patterson, and Sergey Bratus, has developed not only as a descriptive framework for the classification of vulnerabilities, but a constructive framework for conceptualizing and reducing to practice both “weird machines” in the most unusual places and engineering principles for more attack-resistant, more performant software. In this talk, we’ll highlight an important example of LANGSEC in practice before we even gave it that name, follow the growth in the field over the last two years, and give a look ahead at just some of the directions in which the field is expanding.