Abstract
The Abstract Syntax Notation One (ASN.1) can be used to model types of values carried by signals in SDL or MSC but is also directly used by network protocol implementors. In the last few years, the press has reported several alleged vulnerabilities of ASN.1 and the Basic Encoding Rules (BER) related to network protocols like SNMP and, more recently, OpenSSL. In reality it has been shown that the security issues (theoretically denial of service attacks) were due to low-quality and poorly-tested compiler implementations. We use some formal methods to go further. We review formally the design of the BER themselves and prove that, under some assumptions, it is flawless whatever the network protocol is and whatever the values to be transmitted are. More precisely, we start with a formal modeling of the BER which abstracts away low-level details but captures the design principles. Then we define a soundness property stating that the composition of encoding and decoding yields a value which is equivalent to the original. Finally we prove that this property holds for all values specified with ASN.1.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dubuisson, O.: ASN.1 — Communication Between Heterogeneous Systems. Academic Press, London (2000) ISBN 0-12-6333361-0, http://www.oss.com/asn1/dubuisson.html
ITU-T Rec. X.680 (2002) or ISO/IEC 8824-1:2002: Information technology —Abstract Syntax Notation One (ASN.1): Specification of basic notation (2002), http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
ITU-T Rec. X.681 (2002) or ISO/IEC 8824-2:2002: Information technology —Abstract Syntax Notation One (ASN.1): Information object specification (2002), http://www.itu.int/ITU-T/studygroups/com17/languages/X.681-0207.pdf
ITU-T Rec. X.682 (2002) or ISO/IEC 8824-3:2002: Information technology —Abstract Syntax Notation One (ASN.1): Constraint specification (2002), http://www.itu.int/ITU-T/studygroups/com17/languages/X.682-0207.pdf
ITU-T Rec. X.683 (2002) or ISO/IEC 8824-4:2002: Information technology —Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications (2002), http://www.itu.int/ITU-T/studygroups/com17/languages/X.683-0207.pdf
ITU-T Rec. X.690 (2002) or ISO/IEC 8825-1:2002: Information technology —ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) (2002), http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
ITU-T Rec. X.691 (2002) or ISO/IEC 8825-2:2002: Information technology —ASN.1 Encoding Rules: Specification of Packed Encoding Rules (PER) (2002), http://www.itu.int/ITU-T/studygroups/com17/languages/X.691-0207.pdf
Rinderknecht, C.: An Algorithm for Validating ASN.1 (X.680) Specifications using Set Constraints. The Computer Journal 46 (2003)
Chailloux, E., Manoury, P., Pagano, B.: Programmation d’applications avec Objective Caml, p. 700. O’Reilly, France (2000), English version at http://caml.inria.fr/oreilly-book
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rinderknecht, C. (2005). Proving a Soundness Property for the Joint Design of ASN.1 and the Basic Encoding Rules. In: Amyot, D., Williams, A.W. (eds) System Analysis and Modeling. SAM 2004. Lecture Notes in Computer Science, vol 3319. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31810-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-31810-1_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24561-2
Online ISBN: 978-3-540-31810-1
eBook Packages: Computer ScienceComputer Science (R0)