Security applications of formal language theory

IEEE Systems Journal

Volumn 7, Issue 3, 2013, Pages 489-500

  Sassaman, Len ^a   Patterson, Meredith L ^b   Bratus, Sergey ^c   Locasto, Michael E ^d  

^a UNIVERSITY OF LEUVEN   (Belgium)

^b Red Lambda Inc   (United States)

^c DARTMOUTH COLLEGE   (United States)

^d UNIVERSITY OF CALGARY   (Canada)

Author keywords

Language theoretic security; secure composition; secure protocol design

Indexed keywords

DEVELOPMENT TECHNIQUE; DIFFERENTIAL ATTACKS; FORMAL LANGUAGE THEORY; LANGUAGE-THEORETIC SECURITY; PROGRAMMING METHODOLOGY; SECURE COMPOSITION; SECURE PROTOCOLS; SECURITY APPLICATION;

FORMAL LANGUAGES;

NETWORK SECURITY;

EID: 84880540238     PISSN: 19328184     EISSN: 19379234     Source Type: Journal    
DOI: 10.1109/JSYST.2012.2222000     Document Type: Article

References (97)

1. D. Geer, "Vulnerable compliance," login: The USENIX Mag., vol. 35, no. 6, Dec. 2010.
2. F. F. X. Lindner, "The compromised observer effect," McAfee Security J., vol. 6, 2010.
3. D. J. Bernstein, "Some thoughts on security after ten years of qmail 1.0," in Proc. ACM CSAW, 2007, pp. 1-10.
4. L. Lamport, "Proving the correctness of multiprocess programs," IEEE Trans. Softw. Eng., vol. 3, no. 2, pp. 125-143, Mar. 1977.
5. R. Jhala and R. Majumdar, "Software model checking," ACM Comput. Surv., vol. 41, no. 4, 2009.
6. H. Finney, "Bleichenbacher's RSA signature forgery based on implementation error," Aug. 2006.
7. T. Izu, T. Shimoyama, and M. Takenaka, "Extending Bleichenbacher's forgery attack," J. Inform. Process., vol. 16, pp. 122-129, Sep. 2008.
8. D. Kaminsky, M. L. Patterson, and L. Sassaman, "PKI layer cake: New collision attacks against the global X.509 infrastructure," in Financial Cryptography. Berlin, Germany: Springer, 2010, pp. 289-303.
9. G. Śenizergues, "L(A) = L(B)? Decidability results from complete formal systems," Theor. Comput. Sci., vol. 251, nos. 1-2, pp. 1-166, 2001. (Pubitemid 32674076)
10. M. Sipser, Introduction to the Theory of Computation, 2nd ed., International ed. Clifton Park, NY: Thompson Course Technology, 2006.
11. S. Kepser, "A simple proof for the turing-completeness of XSLT and xQuery," in Proc. Extreme Markup Lang., 2004.
12. R. Onder and Z. Bayram, "XSLT version 2.0 is turing-complete: A purely transformation based proof," in Proc. Implementation Appl. Automata, LNCS 4094. 2006, pp. 275-276. (Pubitemid 44503283)
13. E. Fox-Epstein. (2011, Mar.). Experimentations With Abstract Machines [Online]. Available: https://github.com/elitheeli/oddities
14. M. Cook, "Universality in elementary cellular automata," Complex Syst., vol. 15, no. 1, pp. 1-40, 2004. (Pubitemid 39203440)
15. J. Wolf, "OMG-WTF-PDF," in Proc. 27th Chaos Comput. Congr., Dec. 2010.
16. N. A. Danielsson, "Total parser combinators," in Proc. 15th ACM SIGPLAN ICFP, 2010, pp. 285-296.
17. A. Koprowski and H. Binsztok, "TRX: A formally verified parser interpreter," in Proc. Prog. Lang. Syst., LNCS 6012. 2010, pp. 345-365.
18. T. Ridge, "Simple, functional, sound and complete parsing for all context-free grammars," submitted for publication.
19. N. Chomsky, "On certain formal properties of grammars," Inform. Comput./Inform. Control, vol. 2, pp. 137-167, 1959.
20. T. Berners-Lee and N. Mendelsohn. (2006). The Rule of Least Power, Tag Finding [Online]. Available: http://www.w3.org/2001/tag/doc/leastPower.html
21. R. J. Hansen and M. L. Patterson, "Guns and butter: Toward formal axioms of input validation," in Proc. Black Hat Briefings, 2005.
22. S. Ginsburg and S. Greibach, "Deterministic context free languages," in Proc. 6th Symp. Switching Circuit Theory Logical Design, 1965, pp. 203-220.
23. W. Cui, J. Kannan, and H. J. Wang, "Discoverer: Automatic protocol reverse engineering from network traces," in Proc. USENIX Sec. Symp., 2007.
24. R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee, Hypertext Transfer Protocol: HTTP/1.1, Request for Comments: 2616, Jun. 1999.
25. Information Sciences Institute, Internet Protocol, Request for Comments: 791, Sep. 1981.
26. W. Ali, K. Sultana, and S. Pervez, "A study on visual programming extension of JavaScript," Int. J. Comput. Appl., vol. 17, no. 1, pp. 13-19, Mar. 2011.
27. P. W. Abrahams, "A final solution to the dangling else of ALGOL 60 and related languages," Commun. ACM, vol. 9, pp. 679-682, Sep. 1966.
28. D. E. Knuth, "On the translation of languages from left to right," Inform. Control, vol. 8, no. 6, pp. 607-639, 1965.
29. H. J. S. Basten, "The usability of ambiguity detection methods for context-free grammars," Electron. Notes Theor. Comput. Sci., vol. 238, pp. 35-46, Oct. 2009.
30. R. W. Floyd, "On ambiguity in phrase structure languages," Commun. ACM, vol. 5, p. 526, Oct. 1962.
31. C. E. Shannon, "A mathematical theory of communication," Bell Syst. Tech. J., vol. 27, pp. 379-423, Jul. 1948.
32. W. Schramm, "How communication works," in The Process and Effects of Communication. Champaign, IL: Univ. Illinois Press, 1954.
33. D. K. Berlo, The Process of Communication. Concord, CA: Holt, Rinehart, and Winston, 1960.
34. C. A. R. Hoare, "An axiomatic basis for computer programming," Commu. ACM, vol. 12, no. 10, pp. 576-583, 1969.
35. H. P. Grice, Studies in the Way of Words. Cambridge, MA: Harvard Univ. Press, 1989.
36. B. Meyer, "Applying dsign by contract," Computer, vol. 25, pp. 40-51, Oct. 1992.
37. "CWE-77," in Common Weakness Enumeration. Jul. 2008.
38. T. Berners-Lee, R. Fielding, and L. Masinter, RFC 3986, Uniform Resource Identifier (URI): Generic Syntax, Request for Comments: 3986. Jan. 2005.
39. D. Raggett, A. Le Hors, and I. Jacobs, Forms in HTML Documents, HTML 4.01 Specification, Dec. 1999.
40. L. Carettoni and S. di Paola, HTTP Parameter Pollution. OWASP EU Poland, 2009.
41. T. Pietraszek and C. V. Berghe, "Defending against injection attacks through context-sensitive string evaluation," in Proc. RAID, 2005, pp. 124-145.
42. W. G. J. Halfond, J. Viegas, and A. Orso, "A classification of SQLinjection attacks and countermeasures," in Proc. IEEE Int. Symp. Secure Softw. Eng., Mar. 2006.
43. rix. (2001, Aug.). Writing ia32 alphanumeric shellcodes. Phrack [Online]. 57(5). Available: http://www.phrack.com/issues.html?issue=57\ &id=15
44. Nergal. (2001, Dec.). The advanced return-into-lib(c) exploits: PaX case study. Phrack [Online]. 58(4). Available: http://www.phrack.com/issues.html? issue=58&id=4
45. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, "Return-oriented programming: Systems, languages, and applications," to be published.
46. H. Shacham, "The geometry of innocent flesh on the bone: Return-intolibc without function calls (on the x86)," in Proc. CCS, 2007.
47. T. Durden. (2002, Jul.). Bypassing PaX ASLR protection. Phrack [Online]. 59(9). Available: http://www.phrack.com/issues.html?issue= 59\&id=9
48. A. One. (1996, Aug.). Smashing the stack for fun and profit. Phrack [Online]. 49(14). Available: http://www.phrack.com/issues.html?issue= 49\&id=14
49. MaXX. Vudo malloc Tricks. Phrack [Online]. 57(8). Available: http://phrack.org/issues.html?issue=57&id=8
50. Anonymous author. Once upon a free(). Phrack [Online]. 57(9). Available: http://phrack.org/issues.html?issue=57&id=9
51. jp. (2003, Aug.). Advanced Doug Lea's malloc exploits. Phrack [Online]. 61(6). Available: http://www.phrack.com/issues.html?issue=61\ &id=6
52. T. Newsham. (2000, Sep.). Format String Attacks [Online]. Available: http://www.thenewsh.com/?newsham/format-string-attacks.pdf
53. National Vulnerability Database, CVE-2005-3962, Dec. 2005.
54. National Vulnerability Database, CVE-2011-1153, Mar. 2011.
55. F. Valeur, D. Mutz, and G. Vigna, "A learning-based approach to the detection of SQL attacks," in Proc. DIMVA, Jul. 2005, pp. 123-140. (Pubitemid 41423153)
56. G. T. Buehrer, B. W. Weide, and P. A. G. Sivilotti, "Using parse tree validation to prevent SQL injection attacks," in Proc. Int. Workshop Softw. Eng. Middleware, 2005, pp. 106-113.
57. P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan, "CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks," ACM Trans. Inf. Syst. Security, vol. 13, no. 2, pp. 1-39, 2010.
58. Z. Su and G. Wassermann, "The essence of command injection attacks in web applications," in Proc. 33rd Symp. Principles Program. Lang., 2006, pp. 372-382.
59. W. G. J. Halfond and A. Orso, "Preventing SQL injection attacks using AMNESIA," in Proc. 28th Int. Conf. Softw. Eng., 2006, pp. 795-798. (Pubitemid 46600989)
60. G. Wassermann, C. Gould, Z. Su, and P. Devanbu, "Static checking of dynamically generated queries in database applications," J. ACM Trans. Softw. Eng. Methodol., vol. 16, no. 4, 2007.
61. K. Wei, M. Muthuprasanna, and S. Kothari, "Preventing SQL injection attacks in stored procedures," in Proc. Aus. Softw. Eng. Conf., 2006, pp. 191-198. (Pubitemid 44592153)
62. M. Muthuprasanna, K. Wei, and S. Kothari, "Eliminating SQL injection attacks: A transparent defense mechanism," in Proc. 8th IEEE Int. Symp. Web Site Evol., Sep. 2006, pp. 22-32.
63. C. Gould, Z. Su, and P. Devanbu, "JDBC checker: A static analysis tool for SQL/JDBC applications," in Proc. Int. Conf. Soft. Eng., 2004, pp. 697-698.
64. A. S. Christensen, A. Møller, and M. I. Schwartzbach, "Precise analysis of string expressions," in Proc. 10th Int. Static Anal. Symp., 2003, pp. 1-18.
65. S.-T. Sun and K. Beznosov, "Retrofitting existing web applications with effective dynamic protection against SQL injection attacks," Int. J. Secure Softw. Eng., vol. 1, pp. 20-40, Jan. 2010.
66. W. G. J. Halfond and A. Orso, "AMNESIA: Analysis and monitoring for NEutralizing SQL-injection attacks," in Proc. ASE 2005, Nov. 2005, pp. 174-183.
67. W. Halfond, A. Orso, and P. Manolios, "Using positive tainting and syntax-aware evaluation to counter SQL injection attacks," in Proc. FSE 2006, Nov. 2006, pp. 175-185. (Pubitemid 47129395)
68. P. Y. Gibello. (2002). ZQL: A Java SQL Parser [Online]. Available: http://zql.sourceforge.net/
69. K. Kemalis and T. Tzouramanis, "SQL-IDS: A specification-based approach for SQL-injection detection," in Proc. Symp. Appl. Comput., 2008, pp. 2153-2158.
70. A. Liu, Y. Yuan, D. Wijesekera, and A. Stavrou, "SQLProb: A proxybased architecture toward preventing SQL injection attacks," in Proc. ACM Symp. Appl. Comput., 2009, pp. 2054-2061.
71. National Vulnerability Database, CVE-2006-2313, May 2006.
72. National Vulnerability Database, CVE-2006-2314, May 2006.
73. D. Knuth, "Semantics of context-free languages," Math. Syst. Theory, vol. 2, pp. 127-145, 1968.
74. B. Kaliski. (1998, Mar.). PKCS 1: RSA Encryption [Online]. Available: http://tools.ietf.org/html/rfc2313
75. B. Ford, "Parsing expression grammars: A recognition-based syntactic foundation," in Proc. 31st ACM SIGPLAN-SIGACT Symp. POPL, 2004 pp. 111-122.
76. M. Howard, J. Pincus, and J. Wing, "Measuring relative attack surfaces," in Computer Security in the 21st Century, D. T. Lee, S. P. Shieh, and J. D. Tygar, Eds. New York: Springer, 2005, pp. 109-137.
77. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation list (CRL) Profile, RFC 5280, Obsoletes RFCs 3280, 4325, 4630, May 2008.
78. P. Eckersley, "How unique is your web browser?," Electronic Frontier Foundation, Tech. Rep., 2009.
79. N. Mathewson and R. Dingledine, "Practical traffic analysis: Extending and resisting statistical disclosure," in Proc. PET Workshop, LNCS 3424. May 2004, pp. 17-34.
80. R. Clayton, "Failures in a hybrid content blocking system," in Proc. Fifth PET Workshop, 2005, p. 1.
81. F. Lindner, "The compromised observer effect," McAfee Security J., vol. 6, 2010.
82. T. Ptacek, T. Newsham, and H. J. Simpson, "Insertion, evasion, and denial of service: Eluding network intrusion detection," Secure Networks, Inc., West Palm Beach, FL, Tech. Rep., 1998.
83. O. Arkin, "ICMP usage in scanning, the complete know-how," Sys-Security Group, Tech. Rep., version 3.0, 2001.
84. M Handley, V. Paxson, and C. Kreibich, "Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics," in Proc. 10th USENIX Security Symp., 2001, p. 9.
85. U. Shankar and V. Paxson, "Active mapping: Resisting NIDS evasion without altering traffic," in Proc. IEEE Symp. Security Privacy, May 2003, pp. 44-61.
86. S. Siddharth. (2005, Dec.). Evading NIDS, Revisited [Online]. Available: http://www.symantec.com/connect/articles/evading-nids-revisited
87. T. Garfinkel, "Traps and pitfalls: Practical problems in system call interposition based security tools," in Proc. Netw. Distributed Syst. Security Symp., Feb. 2003, pp. 163-176.
88. S. A. Hofmeyr, A. Somayaji, and S. Forrest, "Intrusion detection system using sequences of system calls," J. Comput. Security, vol. 6, no. 3, pp. 151-180, 1998.
89. H. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong, "Anomaly detection using call stack information," in Proc. IEEE Symp. Security Privacy, May 2003, p. 62.
90. D. Wagner and P. Soto, "Mimicry attacks on host-based intrusion detection systems," in Proc. ACM Conf. CCS, Nov. 2002, pp. 255-264.
91. C. Taylor and C. Gates, "Challenging the anomaly detection paradigm: A provocative discussion," in Proc. 15th NSPW, Sep. 2006, pp. 21-29. (Pubitemid 350239697)
92. R. Sommer and V. Paxson, "Outside the closed world: On using machine learning for network intrusion detection," in Proc. IEEE Symp. Security Privacy, May 2010, pp. 305-316.
93. A. Somayaji, S. Hofmeyer, and S. Forrest, "Principles of a computer immune system," in Proc. NPSW, 1998, pp. 75-82.
94. A. Somayaji and S. Forrest, "Automated response using system-call delays," in Proc. 9th USENIX Security Symp., Aug. 2000.
95. F. B. Schneider, "Enforceable security policies," ACM Trans. Inf. Syst. Secur., vol. 3, pp. 30-50, Feb. 2000.
96. K. Bhargavan, C. Fournet, and A. D. Gordon, "Modular verification of security protocol code by typing," SIGPLAN Not., vol. 45, 2010.
97. S. Chaki and A. Datta, "ASPIER: An automated framework for verifying security protocol implementations," in Proc. CSF, 2009, pp. 172-185.