Sciweavers

IPPS
2006
IEEE

A case for exploit-robust and attack-aware protocol RFCs

14 years 5 months ago
A case for exploit-robust and attack-aware protocol RFCs
A large number of vulnerabilities occur because protocol implementations failed to anticipate illegal packets. rfcs typically define what constitute “right” packets relevant to the protocol and they specify what the response should be for such packets. They are often ambiguous and remain silent on what the protocol implementation should do for packets which deviate from the specification. Implementers must and, by and large, do faithfully implement an rfc. However, implementers usually take any silence in a specification as “design freedom”. Even though the protocol implementers are network specialists, they often are not knowledgeable in network security and cryptography issues, past exploits and common attack techniques that can impact the security of a protocol module, and consequently, the whole system. This paper systematically discusses vulnerabilities that can be attributed to protocol designs, inadequacies of rfcs, and omissions of the protocol implementers. Using s...
Venkat Pothamsetty, Prabhaker Mateti
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where IPPS
Authors Venkat Pothamsetty, Prabhaker Mateti
Comments (0)