Jon Postel's Robustness Principle- "Be conservative in what you do, and liberal in what you accept from others"- played a fundamental role in how Internet protocols were designed and implemented. Its influence went far beyond direct application by Internet Engineering Task Force (IETF) designers, as generations of programmers learned from examples of the protocols and server implementations it had shaped. However, it is argued that its misinterpretations were also responsible for the proliferation of Internet insecurity. In particular, several mistakes in interpreting Postel's principle lead to the opposite of robustness-unmanageable insecurity. These misinterpretations, although frequent, are subtle, and recognizing them requires closely examining fundamental concepts of computation and exploitation (or equivalent intuitions). The paper intends neither an attack on the principle nor its deconstruction, any more than a patch on a useful program intends to slight the program. It presents a view of protocol design that helps avoid these mis takes and to "patch" the principle's common formulation to remove the potential weakness that these mistakes represent.
[1]
Eric Allman,et al.
The robustness principle reconsidered
,
2011,
ACM Queue.
[2]
Len Sassaman,et al.
Exploiting the Forest with Trees
,
2010
.
[3]
Sergey Bratus,et al.
Exploit Programming: From Buffer Overflows to "Weird Machines" and Theory of Computation
,
2011,
login Usenix Mag..
[4]
Dan Geer.
Vulnerable Compliance
,
2010,
login Usenix Mag..
[5]
Sergey Bratus,et al.
Security Applications of Formal Language Theory
,
2013,
IEEE Systems Journal.
[6]
Sergey Bratus,et al.
The Halting Problems of Network Stack Insecurity
,
2011,
login Usenix Mag..
[7]
Robert T. Braden,et al.
Requirements for Internet Hosts - Communication Layers
,
1989,
RFC.
[8]
Jon Postel,et al.
DOD standard transmission control protocol
,
1980,
CCRV.