In today's connected world, we heavily rely on network protocols to communicate with one another. To ensure the confidentiality and integrity of the exchanged data, we need to assess and improve the security of these protocols and their implementation. This observation obviously concerns so-called security protocols, such as TLS and SSH, but it is also important to consider high-level, complex, application-level protocols, such as HTTP/2 and lower-level protocols such as DNS or BGP.
Security flaws are indeed pervasive in network protocols, at the specification level or due to implementation flaws: incomplete specification, memory corruption bugs, logical errors, state machine shortcuts, cryptographic attacks, etc.
The GASP project proposes a generic framework to describe protocols and automatically derive tools. We will first define a description language for messages, and derive parsers and scanning tools. Then, we will design languages to describe state machines, from which reference implementations can be derived. Finally, we will develop protocol fuzzers and test existing implementations. Our goal is thus to provide a generic approach to secure protocols, from observation to implementation to testing.
The short-term impact of the project would be to improve the knowledge about protocol deployment and implementations. We will also aim at sharing the produced tools as well as the data collected and results obtained during the project. In the long run, the proposed languages could help produce better specifications and improve the time of development for protocol stacks.
Monsieur Olivier Levillain (TELECOM SUDPARIS)
The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.
TSP TELECOM SUDPARIS
Help of the ANR 184,297 euros
Beginning and duration of the scientific project: September 2019 - 48 Months