Explore a 25-minute IEEE conference talk that delves into eliminating input-based attacks through automated encoder and decoder derivation from context-free grammars. Learn about McHammerCoder, an innovative (un)parser and encoding generator supporting both textual and binary languages. Discover how this tool automatically applies generated encodings derived from language grammars, effectively preventing injections without manual encoding definition. Gain insights into improving software system security by addressing vulnerabilities arising from complex communication languages, including arbitrary code execution and cross-site scripting in HTML and JSON. Understand the importance of correct parsing and unparsing in developing secure and reliable systems, and how McHammerCoder provides developers with proper input and output handling code for custom languages.
Overview
Syllabus
Eliminating Input-Based Attacks by Deriving Encoders and Decoders from CFGs
Taught by
IEEE Symposium on Security and Privacy