Taken Out of Context - Language Theoretic Security and Potential Applications for ICS

No ratings

Presented at S4 2014 by

Darren Highfill

Where would exploitation be without the ability to trick a machine into processing malicious input? What if there was a method of accepting input that simultaneously made the machine more efficient, alleviated complexity from the programmer, and nullified a substantial portion of attacks? LangSec is a software construction method that aims to eliminate hijacking of input-handling code by using simple formal language models to turn the input processing challenge on its head, with the side benefits of improving system performance and reducing code complexity. In this presentation, we examine the use of ""shotgun parsers"" in ICS, the pitfalls of context dependency, and the concept of weird machines – hidden functionality inadvertently built into a machine and revealed by the security researcher. We illustrate how the separation of recognition from processing greatly simplifies and strengthens code; and finally, we generate a LangSec-style parser from the definition of valid input data and show how to write LangSec-style recognizer code for DNP3 in C, using the Hammer toolkit.