Parsifal: Writing efficient and robust binary parsers, quickly

For our needs, we wrote several parsers to analyse a lot of SSL/TLS data. As the collected messages were sometimes corrupted or invalid, standard tools did not allow for sound and robust dissection. Parsifal, an OCaml-based parsing engine, allowed us to gain insight into several important protocols. Parsifal also proved to be versatile and might be useful to the security community to write efficient and robust binary dissectors. As security researchers, we need robust tools on which we can depend. The starting point of Parsifal was a study of large amounts of SSL data. The data collected contained legitimate SSL messages, as well as invalid messages and other protocols (HTTP, SSH). To face this challenge and extract relevant information, we wrote several parsers, using different languages, which resulted in Parsifal, an OCaml-based parsing engine. The contribution of Parsifal to security is twofold. First we provide sound tools to analyse complex file formats or network protocols. Secondly we implement robust detection/sanitization systems. The goal of this paper is to present Parsifal and to use it to write a network protocol parser (DNS) and a file format parser (PNG). The PNG parser will then be used to build a PNG sanitizer. Alternatively, an X.509 certificate signing request validator can be implemented.