On the Se­cu­ri­ty of ASN.1 Com­pi­lers


Be­treu­er: David Rupp­recht
Be­ginn: as soon as pos­si­ble
Dauer: 6 months

Wei­te­re De­tails:


Ab­stract Syn­tax No­ta­ti­on One (ASN.1) is a for­mal de­scrip­ti­on lan­gua­ge for byte-ori­en­ted pro­to­cols. Pro­to­cols that are de­scri­bed with ASN.1 are used in dif­fe­rent areas such as cer­ti­fi­ca­tes (X.​509), net­work ma­nage­ments pro­to­cols (SNMP, LDAP), or tel­e­com­mu­ni­ca­ti­on (UMTS, LTE). ANS.1 is ma­chi­ne re­a­da­ble and can be trans­la­ted via com­pi­lers to a de­co­ding/en­co­ding li­b­ra­ry of a pro­gramming lan­gua­ge such as C, C++, Java, or C#. The li­b­ra­ry can then be used for net­work com­mu­ni­ca­ti­on. Howe­ver, the de­co­ding li­b­ra­ry is ex­po­sed to an at­ta­cker via the net­work in­ter­face. It is, the­re­fo­re, im­portant that the ASN.1 com­pi­ler pro­du­ces se­cu­re code.

The stu­dent’s task is to eva­lua­te dif­fe­rent ASN.1 com­pi­lers with re­spect to their se­cu­ri­ty. For that, the stu­dent should im­ple­ment an ana­ly­sis tool using sta­tic or dy­na­mic ana­ly­sis me­thods for ASN.1 li­b­ra­ries and their com­pi­lers. Using this tool pro­prie­ta­ry and open-sour­ce ASN.1 com­pi­ler are eva­lua­ted. Good C and C++ pro­gramming skills and know­ledge about soft­ware se­cu­ri­ty are re­qui­red.