Generating Optimised and Formally Checked Packet Parsing Code

Sebastien Mondet; Ion Alberdi; Thomas Plagemann

doi:10.1007/978-3-642-21424-0_14

IFIP International Information Security Conference

SEC 2011: Future Challenges in Security and Privacy for Academia and Industry pp 173-184

Generating Optimised and Formally Checked Packet Parsing Code

Authors
Authors and affiliations

Sebastien Mondet
Ion Alberdi
Thomas Plagemann

Conference paper

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 354)

Abstract

While implementing distributed applications, the parsing of binary packets is a very difficult and error-prone task the developer has to face. Moreover, these programming mistakes are often the source of distant vulnerabilities. In this paper we present a code-generation library, called Promiwag, for creating optimised and safe packet parsing code. Its input is concise human-readable descriptions of the protocols and the interests of the application in specific pieces of information. Promiwag follows a dependency-based algorithm, and uses high-level optimisation techniques to generate minimal parsing automatons. These automatons can be compiled into C or OCaml code for efficient execution, and to annotated Why code. This latter output is then used to automatically prove that for any possible input packet, the generated code cannot perform any illegal memory access, and that no infinite loop can be triggered. We have used our code generator to implement a pretty-printer for Internet protocols, and we provide experimental results on the performance of the generated code.

Download to read the full conference paper text

References

1.
Alberdi, I., Owezarski, P., Nicomette, V.: Luth: composing and parallelizing midpoint inspection devices. In: NSS 2010: Proceedings of the 4th International Conference on Network and System Security, pp. 9–16. IEEE Computer Society, Melbourne (September 2010)CrossRefGoogle Scholar
2.
Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. In: PASTE 2005: Proceedings of the 6th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pp. 82–87. ACM, New York (2005)CrossRefGoogle Scholar
3.
Begel, A., McCanne, S., Graham, S.L.: Bpf+: exploiting global data-flow optimization in a generalized packet filter architecture. In: SIGCOMM 1999: Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 123–134. ACM, New York (1999)CrossRefGoogle Scholar
4.
Borisov, N., Brumley, D., Wang, H.J., Dunagan, J., Joshi, P., Guo, C.: Generic application-level protocol analyzer and its language. In: NDSS (2007)Google Scholar
5.
Bos, H., de Bruijn, W., Cristea, M., Nguyen, T., Portokalidis, G.: FFPF: Fairly Fast Packet Filters. In: OSDI 2004: Proceedings of the 6th Conference on Symposium on Opearting Systems Design and Implementation (2004)Google Scholar
6.
Chlipala, A.: Certified Programming with Dependent Types. Online in-progress textbook (2009)Google Scholar
7.
Chu, D., Popa, L., Tavakoli, A., Hellerstein, J., Levis, P., Shenker, S., Stoica, I.: The design and implementation of a declarative sensor network system. In: Proceedings of the 5th International Conference on Embedded Networked Sensor Systems (2007)Google Scholar
8.
Conchon, S., Contejean, E., Kanig, J., Lescuyer, S.: Lightweight integration of the ergo theorem prover inside a proof assistant. In: AFM 2007: Proceedings of the Second Workshop on Automated Formal Methods, pp. 55–59. ACM, New York (2007)CrossRefGoogle Scholar
9.
Filliâtre, J.C.: Verification of non-functional programs using interpretations in type theory. J. Funct. Program. 13(4), 709–745 (2003)MATHCrossRefGoogle Scholar
10.
Filliâtre, J.: Why: A Multi-Language Multi-Prover Verification Tool. Research Report 1366, LRI, Université Paris Sud (2003)Google Scholar
11.
Frigo, M.: A fast Fourier transform compiler. ACM SIGPLAN Notices 34(5) (1999)Google Scholar
12.
Leroy, X.: Mechanized semantics. In: Logics and Languages for Reliability and Security. NATO Science for Peace and Security Series D: Information and Communication Security, vol. 25, pp. 195–224. IOS Press, AmsterdamGoogle Scholar
13.
Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
14.
Madhavapeddy, A.: Combining Static Model Checking with Dynamic Enforcement using the Statecall Policy Language. In: International Conference on Formal Engineering Methods (2009)Google Scholar
15.
Madhavapeddy, A., Ho, A., Deegan, T., Scott, D., Sohan, R.: Melange: Towards a functional Internet. In: Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems (2007)Google Scholar
16.
Pagano, B., Andrieu, O., Moniot, T., Canou, B., Chailloux, E., Wang, P., Manoury, P., Colaço, J.L.: Experience report: using Objective Caml to develop safety-critical embedded tools in a certification framework. In: ICFP 2009: Proceedings of the 14th ACM SIGPLAN International Conference on Functional Programming, pp. 215–220. ACM, New York (2009)CrossRefGoogle Scholar
17.
Pang, R., Paxson, V., Sommer, R., Peterson, L.: binpac: a yacc for writing application protocol parsers. In: IMC 2006: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 289–300. ACM, New York (2006)CrossRefGoogle Scholar
18.
SANS Institute: Top 20 internet security problems, threats and risks. section 5 anti-virus software (2007), http://www.sans.org/top20/2007/#s5
19.
Snort Team: Snort Users Manual. The official documentation produced by the Snort team at Sourcefire (2010)Google Scholar

Copyright information

Authors and Affiliations

Sebastien Mondet
- 1
Ion Alberdi
- 1
Thomas Plagemann
- 1

1.University of OsloNorway

About this paper

Cite this paper as:: Mondet S., Alberdi I., Plagemann T. (2011) Generating Optimised and Formally Checked Packet Parsing Code. In: Camenisch J., Fischer-Hübner S., Murayama Y., Portmann A., Rieder C. (eds) Future Challenges in Security and Privacy for Academia and Industry. SEC 2011. IFIP Advances in Information and Communication Technology, vol 354. Springer, Berlin, Heidelberg

DOI https://doi.org/10.1007/978-3-642-21424-0_14
Publisher Name Springer, Berlin, Heidelberg
Print ISBN 978-3-642-21423-3
Online ISBN 978-3-642-21424-0
eBook Packages Computer Science

Generating Optimised and Formally Checked Packet Parsing Code

Abstract

Copyright information

Authors and Affiliations

Personalised recommendations

Export citation

Cookies