cfaed Publications

RecordFlux: Formal Message Specification and Generation of Verifiable Binary Parsers

Reference

Tobias Reiher, Alexander Senier, Jeronimo Castrillon, Thorsten Strufe, "RecordFlux: Formal Message Specification and Generation of Verifiable Binary Parsers" , In Proceeding: International Conference on Formal Aspects of Component Software (Arbab, Farhad and Jongmans, Sung-Shik) , Springer International Publishing, pp. 170–190, Cham, Oct 2019. [doi]

Abstract

Various vulnerabilities have been found in message parsers of protocol implementations in the past. Even highly sensitive software components like TLS libraries are affected regularly. Resulting issues range from denial-of-service attacks to the extraction of sensitive information. The complexity of protocols and imprecise specifications in natural language are the core reasons for subtle bugs in implementations, which are hard to find. The lack of precise specifications impedes formal verification.

Bibtex

@InProceedings{reiher_facs19,
author = {Tobias Reiher and Alexander Senier and Jeronimo Castrillon and Thorsten Strufe},
title = {RecordFlux: Formal Message Specification and Generation of Verifiable Binary Parsers},
booktitle = {International Conference on Formal Aspects of Component Software},
year = {2019},
editor = {Arbab, Farhad and Jongmans, Sung-Shik},
organization = {Springer},
publisher = {Springer International Publishing},
location = {Amsterdam, The Netherlands},
address = {Cham},
month = oct,
pages = {170--190},
numpages = {21},
abstract = {Various vulnerabilities have been found in message parsers of protocol implementations in the past. Even highly sensitive software components like TLS libraries are affected regularly. Resulting issues range from denial-of-service attacks to the extraction of sensitive information. The complexity of protocols and imprecise specifications in natural language are the core reasons for subtle bugs in implementations, which are hard to find. The lack of precise specifications impedes formal verification.},
isbn={978-3-030-40914-2},
doi = {10.1007/978-3-030-40914-2_9},
url = {https://link.springer.com/chapter/10.1007/978-3-030-40914-2_9},
}

Downloads

1910_Reiher_FACS [PDF]

Permalink

https://cfaed.tu-dresden.de/publications?pubId=2531


Go back to publications list