Input Handling Done Right: Building Hardened Parsers Using Language-Theoretic Security

descriptionPublicationkeyboard_double_arrow_right Article , Conference object , Other literature type 01 Sep 2017Publisher:IEEEJournal:2017 IEEE Cybersecurity Development (SecDev)

Authors: Prashant Anantharaman; Michael C. Millian; Sergey Bratus; Meredith L. Patterson;

doi: 10.1109/secdev.2017.12

Input Handling Done Right: Building Hardened Parsers Using Language-Theoretic Security

- Summary
- Metrics

Abstract

Input-handling vulnerabilities have been a constant source of security problems for decades. Many famous recent bugs are in fact input-handling bugs. We argue that the techniques for writing parsers in its present form are insufficient, and hence we propose a new pattern. In this tutorial, we will show participants a new design pattern for designing and implementing parsers using this new method. Participants will witness how this new method leads to more readable code that is easier to audit - while also inherently preventing many input-handling mistakes and having a small CPU footprint.

Related Organizations

Dartmouth College
United States

Impact byBIP!

	selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	1
	popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.	Average
	influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	Average
	impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.	Average