Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 7 au 9 juin 2017.

Writing parsers like it is 2017Geoffroy Couprie, Pierre Chifflier


Date : 07 June 2017 à 16:45 — 30 min.

Despite being known since a long time, memory violations are still a very important cause of security problems in low-level programming languages containing data parsers.

We address this problem by proposing a pragmatic solution to fix not only bugs, but classes of bugs. First, using a fast and safe language such as Rust, and then using a parser combinator.

We discuss the advantages and difficulties of this solution, and we present two cases of how to implement safe parsers and insert them in large C projects. The implementation is provided as a set of parsers and projects in the Rust language.