Data Format Description and Its Applications in It Security
نویسندگان
چکیده
Data formats play a central role in information processing, exchange and storage. Security-related tasks such as the documentation of exploits or format-aware fuzzing of files depend on formalized data format knowledge. In this article, we present a model for describing arbitrary data format instances as well as arbitrary data formats as a whole. Using the Bitstream Segment Graph (BSG) model and the BSG Reasoning approach, we describe a PNG image serving as exploit for Adobe Photoshop CS2 (CVE-2007-2365). We furthermore show directions how our work can be applied to secure data format design as well as formal security analysis.
منابع مشابه
Reverse Engineering of Network Software Binary Codes for Identification of Syntax and Semantics of Protocol Messages
Reverse engineering of network applications especially from the security point of view is of high importance and interest. Many network applications use proprietary protocols which specifications are not publicly available. Reverse engineering of such applications could provide us with vital information to understand their embedded unknown protocols. This could facilitate many tasks including d...
متن کاملمقایسه ی کیفیت مستندات پروندههای پزشکی بیماران بستری در بیمارستانهای عمومی دانشگاه علوم پزشکی ایران و تامین اجتماعی شهر تهران : 1386
Introduction: Quality of patients care is directly linked with medical documentation quality, because in all medical professions related to patient care, quality of decisions depends on information quality. Thus, in this study two main populations that offer medical care in country, Ministry of Health (MoH) and Social security Organization, were selected to measure access rate, and level of med...
متن کاملA New Method for Intrusion Detection Using Genetic Algorithm and Neural network
Abstract— In order to provide complete security in a computer system and to prevent intrusion, intrusion detection systems (IDS) are required to detect if an attacker crosses the firewall, antivirus, and other security devices. Data and options to deal with it. In this paper, we are trying to provide a model for combining types of attacks on public data using combined methods of genetic algorit...
متن کاملریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملSecurity of Sponge structures
Sponge structure is a structure widely used in the design of cryptographic algorithms that reduces the design of the algorithms to the design of a permutation or pseudo-random function. The development of sponge-based algorithms and the selection of designs based on this structure in SHA3 and CAESAR competitions increase the need to examine its security against various types of attacks. In the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009