Title: Certifying/verifying Software Compilation as a Solution to Asn.1 Implementations Vulnerabilities
نویسندگان
چکیده
CERT/CC identified vulnerabilities in SNMP and OpenSSL implementations related to the use of ASN.1. Ill-formed ASN.1 Tag/Length/Value (TLV) structures and weak parsers and decoders are responsible for most of these vulnerabilities and not the ASN.1 language itself. As a consequence, exploiting SNMP and OpenSSL vulnerabilities in an operating environment may lead to failures and denials of services. ASN.1 is used in a number of important protocols; therefore it is very important to ensure that ASN.1 implementations are safe. This contribution is presented for information sharing and to generate interest in the so-called language-based approach to security and certifying compilation techniques to ensure that a protocol implementation is safe before it is deployed in an operating environment.
منابع مشابه
Security testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملOn Certifying Code Generation
Guaranteeing correctness of compilation is a major precondition for correct software. Code generation can be one of the most errorprone tasks in a compiler. One way to achieve trusted compilation is certifying compilation. A certifying compiler generates for each run a proof that it has performed the compilation run correctly. The proof is checked in a separate theorem prover. If the theorem pr...
متن کاملA Certifying Code Generation Phase
Guaranteeing correctness of compilation is a vital precondition for correct software. Code generation can be one of the most error-prone tasks in a compiler. One way to achieve trusted compilation is certifying compilation. A certifying compiler generates for each run a proof that it has performed the compilation run correctly. The proof is checked in a separate theorem prover. If the theorem p...
متن کاملRuntime Verification of Remotely Executed Code using Probabilistically Checkable Proof Systems
In this paper we consider the verification and certification of computations that are done remotely. We investigate the use of probabilistically checkable proof (PCP) systems for efficiently certifying such computations. This model can also be applied to verifying security proofs of software downloads. To make the use of PCPs more practical, a new version of Cook’s Theorem is given for the RAM ...
متن کاملEquivalence Checking for High - Level Synthesis Flow
An abstract of the thesis of Yan Chen for the Master of Science in Computer Science presented July 8, 2008. Title: Equivalence Checking for High-Level Synthesis Flow High-level synthesis provides a promising solution to design complicated circuits, but the lack of designers’ confidence in correctness of synthesis tools prevents the wide acceptance in engineering practice. I develop an equivalen...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003