APPLICATIONS OF LANGUAGE-THEORETIC SECURITY TOWARDS SYSTEM SECURITY

Abstract

Language-theoretic security (or LangSec) research lies at the intersection of computer security research and formal language theory. In addition to investigating novel approaches for secure input handling in software systems, LangSec research also investigates novel conceptions of software exploitability derived from insights of formal language theory. This thesis advances this line of research by presenting: (1) A survey of parser differential antipatterns (Chapter 3) (2) A formal grammar backed secure parser generation framework for microcontrollers (Chapter 4) (3) A toolkit for securing software module boundaries from crafted-input attacks (Chapter 5) ( 4) An analysis which demonstrates latent functionality in complex package management systems and its security implications (Chapter 8) (5) A framework for testing parser correctness via grammar-based input synthesis (Chapter 6) (6) A novel fuzzing method for discovering parser differentials (Chapter 7)