The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them

Momot, Falcon; Bratus, Sergey; Hallberg, Sven M.; Patterson, Meredith L.

doi:10.1109/secdev.2016.019

Cited by 35 publications

(20 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Overall, the QUIC design forces developers to write so-called shotgun parsers, that is parsers which mix several kind of operations (parsing, input-validating code, processing code) [9], whereas a cleaner design would lead to a simpler and more straightforward implementation.…”

Section: Implementation Of the Initial Exchangementioning

confidence: 99%

See 1 more Smart Citation

Analysis of QUIC Session Establishment and Its Implementations

Gagliardi

Levillain

2020

Information Security Theory and Practice

View full text Add to dashboard Cite

In the recent years, the major web companies have been working to improve the user experience and to secure the communications between their users and the services they provide. QUIC is such an initiative, and it is currently being designed by the IETF. In a nutshell, QUIC originally intended to merge features from TCP/SCTP, TLS 1.3 and HTTP/2 into one big protocol. The current specification proposes a more modular definition, where each feature (transport, cryptography, application, packet reemission) are defined in separate internet drafts. We studied the QUIC internet drafts related to the transport and cryptographic layers, from version 18 to version 23, and focused on the connection establishment with existing implementations. We propose a first implementation of QUIC connection establishment using Scapy, which allowed us to forge a critical opinion of the current specification, with a special focus on the induced difficulties in the implementation. With our simple stack, we also tested the behaviour of the existing implementations with regards to security-related constraints (explicit or implicit) from the internet drafts. This gives us an interesting view of the state of QUIC implementations.

show abstract

Section: Implementation Of the Initial Exchangementioning

confidence: 99%

“…To test the behaviour of these implementations, we sent different stimuli. The baseline was a valid QUIC Client Initial Packet corresponding to the latest version 9 . Then, we sent variations around this first stimulus:…”

Section: Test Descriptionmentioning

confidence: 99%

Analysis of QUIC Session Establishment and Its Implementations

Gagliardi

Levillain

2020

Information Security Theory and Practice

View full text Add to dashboard Cite

show abstract

“…The well-known LangSec anti-pattern of shotgun parsing is present in forwarding flaws, as noted in [4]: some of the parsing is not done in the main application but in the external service it relies on. However, it is not so clear that this antipattern is really avoidable here: after all, the back-end service is meant to process some data, and doing some parsing for that may be unavoidable.…”

Section: Common Anti-pattern: Shotgun Parsingmentioning

confidence: 99%

“…Moreover, the simple classification we use and the (anti)patterns we observe suggest an extension (or refinement?) of the taxonomy of LangSec errors proposed by Momot et al [4] and additions to the list of remedies to expunge them.…”

Section: Introductionmentioning

confidence: 99%

LangSec Revisited: Input Security Flaws of the Second Kind

Poll

2018

2018 IEEE Security and Privacy Workshops (SPW)

View full text Add to dashboard Cite

We consider a simple classification of input flaws in two categories: (1) flaws in processing input, with buffer overflows in parsers as the classic example and (2) flaws in forwarding input to some other system, aka injection flaws, with SQL injection and XSS as classic examples. The LangSec paradigm identifies common root causes for both categories of flaws, but much of the LangSec literature and efforts focus on the first category of flaws, esp. on techniques to eliminate parser bugs. Therefore we take a look at some existing approaches to tackling the second category of flaws, to identify (anti)patterns and place these in the LangSec perspective.

show abstract

“…Fisher et al [7] provide an extensive and authoritative overview, including a discussion of their PADS language and tools. More recently, parsing binary data has gained an interest from the security community through an approach called language-theoretic security [18]. Active projects in this area are binary data parsing toolkits such as Hammer [22] and Nom [5].…”

Section: Related Workmentioning

confidence: 99%

Model-driven software engineering in practice: privacy-enhanced filtering of network traffic

Dijk

Creeten

Ham

et al. 2017

Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering

View full text Add to dashboard Cite

Network traffic data contains a wealth of information for use in security analysis and application development. Unfortunately, it also usually contains confidential or otherwise sensitive information, prohibiting sharing and analysis. Existing automated anonymization solutions are hard to maintain and tend to be outdated. We present Privacy-Enhanced Filtering (PEF), a model-driven prototype framework that relies on declarative descriptions of protocols and a set of filter rules, which are used to automatically transform network traffic data to remove sensitive information. This paper discusses the design, implementation and application of PEF, which is available as open-source software and configured for use in a typical malware detection scenario. CCS CONCEPTS • Software and its engineering → Model-driven software engineering; Domain specific languages; • Security and privacy → Usability in security and privacy;

show abstract

The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them

Cited by 35 publications

References 15 publications

Analysis of QUIC Session Establishment and Its Implementations

Analysis of QUIC Session Establishment and Its Implementations

LangSec Revisited: Input Security Flaws of the Second Kind

Model-driven software engineering in practice: privacy-enhanced filtering of network traffic

Contact Info

Product

Resources

About