| title | The Treachery of Files | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| date | 2019-12 | |||||||||||||||||||||||||||||||
| authors |
|
|||||||||||||||||||||||||||||||
| conference |
|
|||||||||||||||||||||||||||||||
| resources |
|
Parsing is hard, even when a file format is well specified. When the specification is ambiguous, it leads to unintended parser behaviors that make file formats susceptible to security vulnerabilities. This talk explores whether we could automatically generate a safe subset of any file format along with an associated verified parser, provides examples of malicious files, and introduces PolyFile and PolyTracker -- two new tools for reverse engineering files and parsers.