Narcissus: correct-by-construction derivation of decoders and encoders from binary formats-Reference-Cited by-同舟云学术

Narcissus: correct-by-construction derivation of decoders and encoders from binary formats

Published:2019-07-26 Issue:ICFP Volume:3 Page:1-29
ISSN:2475-1421
Container-title:Proceedings of the ACM on Programming Languages
language:en
Short-container-title:Proc. ACM Program. Lang.

Author:

Delaware Benjamin¹,Suriyakarn Sorawit²,Pit-Claudel Clément³,Ye Qianchuan¹,Chlipala Adam³

Affiliation:

1. Purdue University, USA

2. Band Protocol, Thailand

3. Massachusetts Institute of Technology, USA

Abstract

It is a neat result from functional programming that libraries of parser combinators can support rapid construction of decoders for quite a range of formats. With a little more work, the same combinator program can denote both a decoder and an encoder. Unfortunately, the real world is full of gnarly formats, as with the packet formats that make up the standard Internet protocol stack. Most past parser-combinator approaches cannot handle these formats, and the few exceptions require redundancy – one part of the natural grammar needs to be hand-translated into hints in multiple parts of a parser program. We show how to recover very natural and nonredundant format specifications, covering all popular network packet formats and generating both decoders and encoders automatically. The catch is that we use the Coq proof assistant to derive both kinds of artifacts using tactics, automatically, in a way that guarantees that they form inverses of each other. We used our approach to reimplement packet processing for a full Internet protocol stack, inserting our replacement into the OCaml-based MirageOS unikernel, resulting in minimal performance degradation.

Funder

National Science Foundation

Defense Advanced Research Projects Agency

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3341686

Reference59 articles.

1. 2013a. CVE-2012-5965: Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType field in a UDP packet. (Jan. 2013). https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE- 2012- 5965 2013a. CVE-2012-5965: Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType field in a UDP packet. (Jan. 2013). https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE- 2012- 5965

2. 2013b. CVE-2013-1203: Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service (device reload) via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances device. (May 2013). https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE- 2013- 1203 2013b. CVE-2013-1203: Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service (device reload) via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances device. (May 2013). https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE- 2013- 1203

3. 2015. CVE-2015-0618: Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X devices allows remote attackers to cause a denial of service via malformed IPv6 packets with extension headers. (Feb. 2015). https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE- 2015- 0618 2015. CVE-2015-0618: Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X devices allows remote attackers to cause a denial of service via malformed IPv6 packets with extension headers. (Feb. 2015). https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE- 2015- 0618

4. 2016. CVE-2016-5080: Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service on a system running an application compiled by ASN1C via crafted ASN.1 data. (July 2016). https://cve.mitre.org/cgibin/cvename.cgi?name=CVE- 2016- 5080 2016. CVE-2016-5080: Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service on a system running an application compiled by ASN1C via crafted ASN.1 data. (July 2016). https://cve.mitre.org/cgibin/cvename.cgi?name=CVE- 2016- 5080

5. There and back again

Cited by 19 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Comparse: Provably Secure Formats for Cryptographic Protocols;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

2. ASN1*: Provably Correct, Non-malleable Parsing for ASN.1 DER;Proceedings of the 12th ACM SIGPLAN International Conference on Certified Programs and Proofs;2023-01-11

3. Dargent: A Silver Bullet for Verified Data Layout Refinement;Proceedings of the ACM on Programming Languages;2023-01-09

4. Specification-guided component-based synthesis from effectful libraries;Proceedings of the ACM on Programming Languages;2022-10-31

5. A type-theoretic model on NDN-TLV encoding;Proceedings of the 9th ACM Conference on Information-Centric Networking;2022-09-06