TY - GEN
T1 - Bohemia - A Validator for Parser Frameworks
AU - Paranjpe, Anish
AU - Tan, Gang
N1 - Funding Information:
andwhite-boxfuzzing.Ac k n o w l e d g m e n t s The authors would like to thank anonymous reviewers for their insightful comments and Rodrigo Branco for shepherding the paper. This work was supported by DARPA research grant HR0011-19-C-0073.
Publisher Copyright:
© 2021 IEEE.
PY - 2021/5
Y1 - 2021/5
N2 - Parsing is ubiquitous in software projects, ranging from small command-line utilities, highly secure network clients, to large compilers. Programmers are provided with a plethora of parsing libraries to choose from. However, implementation bugs in parsing libraries allow the generation of incorrect parsers, which in turn may allow malicious inputs to crash systems or launch security exploits. In this paper we describe a lightweight validation framework called Bohemia that a parsing library developer can use as a tool in a toolkit for integration testing the framework makes use of the concept of Equivalence Modulo Inputs (EMI) in order to generate mutated input grammars to stress test the parsing library. We also describe the result of evaluating Bohemia with a set of parsing libraries that utilize distinct parsing algorithms. During the evaluation, we found a number of bugs in those libraries. Some of those have been reported to and fixed by developers.
AB - Parsing is ubiquitous in software projects, ranging from small command-line utilities, highly secure network clients, to large compilers. Programmers are provided with a plethora of parsing libraries to choose from. However, implementation bugs in parsing libraries allow the generation of incorrect parsers, which in turn may allow malicious inputs to crash systems or launch security exploits. In this paper we describe a lightweight validation framework called Bohemia that a parsing library developer can use as a tool in a toolkit for integration testing the framework makes use of the concept of Equivalence Modulo Inputs (EMI) in order to generate mutated input grammars to stress test the parsing library. We also describe the result of evaluating Bohemia with a set of parsing libraries that utilize distinct parsing algorithms. During the evaluation, we found a number of bugs in those libraries. Some of those have been reported to and fixed by developers.
UR - http://www.scopus.com/inward/record.url?scp=85112794846&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85112794846&partnerID=8YFLogxK
U2 - 10.1109/SPW53761.2021.00030
DO - 10.1109/SPW53761.2021.00030
M3 - Conference contribution
AN - SCOPUS:85112794846
T3 - Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
SP - 162
EP - 170
BT - Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
Y2 - 27 May 2021
ER -