Research Report: The Parsley Data Format Definition Language

2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI:10.1109/SPW50608.2020.00064

Prashanth Mundkur, L. Briesemeister, N. Shankar, Prashant Anantharaman, Sameed Ali, Zephyr Lucas, Sean W. Smith

{"title":"Research Report: The Parsley Data Format Definition Language","authors":"Prashanth Mundkur, L. Briesemeister, N. Shankar, Prashant Anantharaman, Sameed Ali, Zephyr Lucas, Sean W. Smith","doi":"10.1109/SPW50608.2020.00064","DOIUrl":null,"url":null,"abstract":"Any program that reads formatted input relies on parsing software to check the input for validity and transform it into a representation suitable for further processing. Many security vulnerabilities can be attributed to poorly defined grammars, incorrect parsing, and sloppy input validation. In contrast to programming languages, grammars for even common data formats such as ELF and PDF are typically context-sensitive and heterogenous. However, as in programming languages, a standard notation or language to express these data format grammars can address poor or ambiguous definitions, and the automated generation of correct-by-construction parsers from such grammar specifications can yield correct and type- and memory-safe data parsing routines. We present our ongoing work on developing such a data format description language. Parsley is a declarative data format definition language that combines grammars and constraints in a modular way. We show how it can be used to capture data formats such as MAVLink, PDF and ELF. We briefly describe the processing pipeline we are designing to generate verified parsers from these specifications.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW50608.2020.00064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Any program that reads formatted input relies on parsing software to check the input for validity and transform it into a representation suitable for further processing. Many security vulnerabilities can be attributed to poorly defined grammars, incorrect parsing, and sloppy input validation. In contrast to programming languages, grammars for even common data formats such as ELF and PDF are typically context-sensitive and heterogenous. However, as in programming languages, a standard notation or language to express these data format grammars can address poor or ambiguous definitions, and the automated generation of correct-by-construction parsers from such grammar specifications can yield correct and type- and memory-safe data parsing routines. We present our ongoing work on developing such a data format description language. Parsley is a declarative data format definition language that combines grammars and constraints in a modular way. We show how it can be used to capture data formats such as MAVLink, PDF and ELF. We briefly describe the processing pipeline we are designing to generate verified parsers from these specifications.

查看原文本刊更多论文

研究报告:欧芹数据格式定义语言

任何读取格式化输入的程序都依赖于解析软件来检查输入的有效性，并将其转换为适合进一步处理的表示形式。许多安全漏洞可归因于定义不清的语法、不正确的解析和草率的输入验证。与编程语言相比，即使是通用数据格式(如ELF和PDF)的语法也通常是上下文敏感的和异构的。然而，就像在编程语言中一样，用于表达这些数据格式语法的标准符号或语言可以解决不准确或模棱两可的定义，并且根据这些语法规范自动生成按结构正确的解析器可以生成正确且类型和内存安全的数据解析例程。我们介绍了正在进行的开发这种数据格式描述语言的工作。Parsley是一种声明性数据格式定义语言，它以模块化的方式组合了语法和约束。我们将展示如何使用它来捕获数据格式，如MAVLink、PDF和ELF。我们简要描述了我们正在设计的处理管道，以便从这些规范生成经过验证的解析器。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量