Generating Optimised and Formally Checked Packet Parsing Code

While implementing distributed applications, the parsing of binary packets is a very difficult and error-prone task the developer has to face. Moreover, these programming mistakes are often the source of distant vulnerabilities. In this paper we present a code-generation library, called Promiwag, for creating optimised and safe packet parsing code. Its input is concise human-readable descriptions of the protocols and the interests of the application in specific pieces of information. Promiwag follows a dependency-based algorithm, and uses high-level optimisation techniques to generate minimal parsing automatons. These automatons can be compiled into C or OCaml code for efficient execution, and to annotated Why code. This latter output is then used to automatically prove that for any possible input packet, the generated code cannot perform any illegal memory access, and that no infinite loop can be triggered. We have used our code generator to implement a pretty-printer for Internet protocols, and we provide experimental results on the performance of the generated code.

[1]  Jean-Christophe Filliâtre,et al.  Verification of non-functional programs using interpretations in type theory , 2003, J. Funct. Program..

[2]  Philip Levis,et al.  The design and implementation of a declarative sensor network system , 2007, SenSys '07.

[3]  David J. Scott,et al.  Melange: creating a "functional" internet , 2007, EuroSys '07.

[4]  Emmanuel Chailloux,et al.  Experience report: using objective caml to develop safety-critical embedded tools in a certification framework , 2009, ICFP.

[5]  Helen J. Wang,et al.  Generic Application-Level Protocol Analyzer and its Language , 2007, NDSS.

[6]  Xavier Leroy Mechanized semantics , 2010, ArXiv.

[7]  Sylvain Conchon,et al.  Lightweight integration of the Ergo theorem prover inside a proof assistant , 2007, AFM '07.

[8]  Herbert Bos,et al.  FFPF: Fairly Fast Packet Filters , 2004, OSDI.

[9]  K. Rustan M. Leino,et al.  Weakest-precondition of unstructured programs , 2005, PASTE '05.

[10]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[11]  Larry L. Peterson,et al.  binpac: a yacc for writing application protocol parsers , 2006, IMC '06.

[12]  Anil Madhavapeddy Combining Static Model Checking with Dynamic Enforcement Using the Statecall Policy Language , 2009, ICFEM.

[13]  Matteo Frigo A Fast Fourier Transform Compiler , 1999, PLDI.

[14]  Philippe Owezarski,et al.  Luth: Composing and Parallelizing Midpoint Inspection Devices , 2010, 2010 Fourth International Conference on Network and System Security.

[15]  Adam Chlipala,et al.  Certified Programming with Dependent Types - A Pragmatic Introduction to the Coq Proof Assistant , 2013 .

[16]  Steven McCanne,et al.  BPF+: exploiting global data-flow optimization in a generalized packet filter architecture , 1999, SIGCOMM '99.