Catégorie: Conférence avec actes
Auteurs: Olivier Levillain, Hervé Debar et Benjamin Morin
Date: octobre 2013
Série: Parsifal

Parsers are pervasive software basic blocks: as soon as a program needs to communicate with another program or to read a file, a parser is involved. However, writing robust parsers can be difficult, as is revealed by the amount of bugs and vulnerabilities related to programming errors in parsers. In particular, network analysis tools can be very complex to implement: for example, the Wireshark project regularly publishes security patches on its various dissectors.

As security researchers, we need robust tools on which we can depend. The starting point of Parsifal was a study of large amounts of SSL data. The data collected contained legitimate SSL messages, as well as invalid messages and other protocols (HTTP, SSH). To face this challenge and extract relevant information, we wrote several parsers, using different languages, which resulted in Parsifal, an OCaml- based parsing engine. Writing parsers and analysing data not only helped us better understand SSL/TLS, but also X.509 and BGP/MRT. More recently, we have started study- ing Kerberos messages.

The contribution of Parsifal to security is twofold. First we provide sound tools to analyse complex file formats or network protocols. Secondly we implement robust detection/sanitiza- tion systems. The goal of this tutorial is to present Parsifal and to use it to write a network protocol parser (DNS) and a file format parser (PNG). The PNG parser will then be used to build a PNG sanitizer. Alternatively, an X.509 certificate signing request validator can be implemented.

Publié dans les actes 2013 International Conference on Risks and Security of Internet and Systems (pages 1 à 6)

Présenté lors de la conférence CRiSIS à La Rochelle, France en octobre 2013

BibTeX Document Présentation