Data Format Description and Its Applications in IT Security

Download Now Date Added: Jun 2010
Format: PDF

Data formats play a central role in information processing, exchange and storage. Security-related tasks such as the documentation of exploits or format-aware fuzzing of files depend on formalized data format knowledge. In this paper, the authors present a model for describing arbitrary data format instances as well as arbitrary data formats as a whole. Using the Bitstream Segment Graph (BSG) model and the BSG Reasoning approach, they describe a PNG image serving as exploit for Adobe Photoshop CS2 (CVE-2007-2365). They furthermore show directions how their work can be applied to secure data format design as well as formal security analysis.