CE39 - Sécurité Globale, Cybersécurité

a Generic Approach to Secure network Protocols – GASP

Submission summary

In today's connected world, we heavily rely on network protocols to communicate with one another. To ensure the confidentiality and integrity of the exchanged data, we need to assess and improve the security of these protocols and their implementation. This observation obviously concerns so-called security protocols, such as TLS and SSH, but it is also important to consider high-level, complex, application-level protocols, such as HTTP/2 and lower-level protocols such as DNS or BGP.

Security flaws are indeed pervasive in network protocols, at the specification level or due to implementation flaws: incomplete specification, memory corruption bugs, logical errors, state machine shortcuts, cryptographic attacks, etc.

The GASP project proposes a generic framework to describe protocols and automatically derive tools. We will first define a description language for messages, and derive parsers and scanning tools. Then, we will design languages to describe state machines, from which reference implementations can be derived. Finally, we will develop protocol fuzzers and test existing implementations. Our goal is thus to provide a generic approach to secure protocols, from observation to implementation to testing.

The short-term impact of the project would be to improve the knowledge about protocol deployment and implementations. We will also aim at sharing the produced tools as well as the data collected and results obtained during the project. In the long run, the proposed languages could help produce better specifications and improve the time of development for protocol stacks.

Project coordinator

Monsieur Olivier Levillain (TELECOM SUDPARIS)

The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.

Partner

TSP TELECOM SUDPARIS

Help of the ANR 184,297 euros
Beginning and duration of the scientific project: September 2019 - 48 Months

Useful links

Explorez notre base de projets financés

 

 

ANR makes available its datasets on funded projects, click here to find more.

Sign up for the latest news:
Subscribe to our newsletter