Stopping 0-Days with Formal Languages

Download
pdf

Abstract: The Internet insecurity epidemic is a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software stacks. The only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a recognizer for that language. When input handling is done in ad hoc way, the de facto recognizer, i.e.the input recognition and validation code ends up scattered throughout the program, does not match the programmers' assumptions about safety and validity of data, and thus provides ample opportunities for exploitation.

Tags:
License: CC-2.5
Submitted by Sean Smith on
Feedback
Feedback
If you experience a bug or would like to see an addition or change on the current page, feel free to leave us a message.
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.