Modern systems heavily rely on complex network protocols to operate. However, most protocol specifications are complex and amibiguous, which leads to security vulnerabilities.
In this seminar, we will discuss network protocol implementation and focus on two main aspects: message parsing and protocol state machines.
Using real world examples, mainly taken from the TLS ecosystem, we will advocate for the need for better (and simpler) specification since it might be the only way to improve network protocol security in the long run.
Présenté lors du séminaire Sotern à Rennes, France le 9 février 2023BibTeX Présentation