Hardening attack surfaces with formally proven binary format parsers
N Swamy, T Ramananandro, A Rastogi… - Proceedings of the 43rd …, 2022 - dl.acm.org
With an eye toward performance, interoperability, or legacy concerns, low-level system
software often must parse binary encoded data formats. Few tools are available for this task …
software often must parse binary encoded data formats. Few tools are available for this task …
An analysis of how many undiscovered vulnerabilities remain in information systems
JM Spring - Computers & Security, 2023 - Elsevier
Vulnerability management strategy, from both organizational and public policy perspectives,
hinges on an understanding of the supply of undiscovered vulnerabilities. If the number of …
hinges on an understanding of the supply of undiscovered vulnerabilities. If the number of …
Daedalus: Safer Document Parsing
IS Diatchki, M Dodds, H Goldstein, B Harris… - Proceedings of the …, 2024 - dl.acm.org
Despite decades of contributions to the theoretical foundations of parsing and the many
tools available to aid in parser development, many security attacks in the wild still exploit …
tools available to aid in parser development, many security attacks in the wild still exploit …
Formal synthesis of filter components for use in security-enhancing architectural transformations
DS Hardin, KL Slind - 2021 IEEE Security and Privacy …, 2021 - ieeexplore.ieee.org
Safety-and security-critical developers have long recognized the importance of applying a
high degree of scrutiny to a system's (or subsystem's) I/O messages. However, lack of care in …
high degree of scrutiny to a system's (or subsystem's) I/O messages. However, lack of care in …
[图书][B] Protecting Systems from Exploits Using Language-Theoretic Security
P Anantharaman - 2022 - search.proquest.com
Any computer program processing input from the user or network must validate the input.
Input-handling vulnerabilities occur in programs when the software component responsible …
Input-handling vulnerabilities occur in programs when the software component responsible …
Capturing the iccMAX calculatorElement: a case study on format design
ICC profiles are widely used to provide faithful digital color reproduction across a variety of
devices, such as monitors, printers, and cameras. In this paper, we document our efforts on …
devices, such as monitors, printers, and cameras. In this paper, we document our efforts on …
Strengthening Weak Links in the PDF Trust Chain
In many practical and security-critical formats, the interpretation of a document segment as a
Document Object Model (DOM) graph depends on a concept of reference and complex …
Document Object Model (DOM) graph depends on a concept of reference and complex …
[PDF][PDF] Specifying message formats with Contiguity Types
K Slind - 12th International Conference on Interactive Theorem …, 2021 - drops.dagstuhl.de
Abstract We introduce Contiguity Types, a formalism for network message formats, aimed
especially at self-describing formats. Contiguity types provide an intermediate layer between …
especially at self-describing formats. Contiguity types provide an intermediate layer between …
Interval Parsing Grammars for File Format Parsing
J Zhang, G Morrisett, G Tan - Proceedings of the ACM on Programming …, 2023 - dl.acm.org
File formats specify how data is encoded for persistent storage. They cannot be formalized
as context-free grammars since their specifications include context-sensitive patterns such …
as context-free grammars since their specifications include context-sensitive patterns such …
Parsing PEGs with Length Fields in Software and Hardware
ZS Lucas, JY Liu, P Anantharaman… - 2021 IEEE Security and …, 2021 - ieeexplore.ieee.org
Since parsers are the line of defense between binaries and untrusted data, they are some of
the most common sources of vulnerabilities in software. Language-Theoretic Security …
the most common sources of vulnerabilities in software. Language-Theoretic Security …