Apr 19, 2016: Sven M. Hallberg: Language-Theoretic Lessons in Protocol Design

April 19, 2016Language-Theoretic Lessons in Protocol Design
Room: HB 2BSven M. Hallberg

Even though network protocols play an integral part in the security of distributed systems, most are built and specificied in more or less informal ways, featuring ad-hoc designs, "flexible" or "extensible" constructs, and committee decisions. This leads to complex protocols from which rise exploitable systems and implementations. It is well known that complexity is the enemy of security; the emergent discipline of language-theoretic security advocates searching for *language* complexity at all layers of the stack as a valuable and disciplined approach to discovering vulnerabilities. The talk introduces this view and presents techniques and lessons learned from the implementation of a parser for a complex industrial control protocol (DNP3, IEEE Std. 1815-2013).