20 May
2024
20 May
'24
9:39 p.m.
On 2024-05-20 15:54, Ralph Corderoy wrote:
Doug wrote:
. . .
I commend attention to the LangSec movement,
which advocates for
rigorously enforced separation between legal and illegal inputs.
https://langsec.org
‘The Language-theoretic approach (LangSec) regards the Internet
insecurity epidemic as a consequence of ‘ad hoc’ programming of
input handling at all layers of network stacks, and in other kinds
of software stacks. LangSec posits that the only path to
trustworthy software that takes untrusted inputs is treating all
valid or expected inputs as a formal language, and the respective
input-handling routines as a ‘recognizer’ for that language.
‘LangSec helps draw the boundary between protocols
and API designs
that can and cannot be secured and implemented securely, and charts
a way to building truly trustworthy protocols and systems. A longer
summary of LangSec in this USENIX Security BoF hand-out, and in the
talks, articles, and papers below.’
Yes, it's an interesting concept. Those *n?x tools that have
lex/yacc frontends are probably closer to this than the average
hack.
It may become hard to reconcile this with the robustness principle
(Be conservative in what you send, be liberal in what you accept)
that Jon Postel popularized. Maybe it becomes necessary, though.
--
Åke Nordin <ake.nordin(a)netia.se>, resident Net/Lunix/telecom geek.
Netia Data AB, Stockholm SWEDEN *46#7O466OI99#