On the Security of ASN.1 Compilers
Betreuer: David Rupprecht
Beginn: as soon as possible
Dauer: 6 months
Abstract Syntax Notation One (ASN.1) is a formal description language for byte-oriented protocols. Protocols that are described with ASN.1 are used in different areas such as certificates (X.509), network managements protocols (SNMP, LDAP), or telecommunication (UMTS, LTE). ANS.1 is machine readable and can be translated via compilers to a decoding/encoding library of a programming language such as C, C++, Java, or C#. The library can then be used for network communication. However, the decoding library is exposed to an attacker via the network interface. It is, therefore, important that the ASN.1 compiler produces secure code.
The student’s task is to evaluate different ASN.1 compilers with respect to their security. For that, the student should implement an analysis tool using static or dynamic analysis methods for ASN.1 libraries and their compilers. Using this tool proprietary and open-source ASN.1 compiler are evaluated. Good C and C++ programming skills and knowledge about software security are required.