Home // International Journal On Advances in Security, volume 2, number 1, 2009 // View article
DATA FORMAT DESCRIPTION AND ITS APPLICATIONS IN IT SECURITY
Authors:
Michael Hartle
Andreas Fuchs
Marcus Ständer
Daniel Schumann
Max Mühlhäuser
Keywords: Data format description, finite bit sequences, documentation of exploits, formal security validation
Abstract:
Data formats play a central role in information processing, exchange and storage. Security-related tasks such as the documentation of exploits or format-aware fuzzing of files depend on formalized data format knowledge. In this article, we present a model for describing arbitrary data format instances as well as arbitrary data formats as a whole. Using the Bitstream Segment Graph (BSG) model and the BSG Reasoning approach, we describe a PNG image serving as exploit for Adobe Photoshop CS2 (CVE-2007-2365). We furthermore show directions how our work can be applied to secure data format design as well as formal security analysis.
Pages: 90 to 111
Copyright: Copyright (c) to authors, 2009. Used with permission.
Publication date: June 7, 2009
Published in: journal
ISSN: 1942-2636