Bohemia - A Validator for Parser Frameworks

Anish Paranjpe; Gang Tan

doi:10.1109/SPW53761.2021.00030

Bohemia - A Validator for Parser Frameworks

Anish Paranjpe
, Gang Tan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Parsing is ubiquitous in software projects, ranging from small command-line utilities, highly secure network clients, to large compilers. Programmers are provided with a plethora of parsing libraries to choose from. However, implementation bugs in parsing libraries allow the generation of incorrect parsers, which in turn may allow malicious inputs to crash systems or launch security exploits. In this paper we describe a lightweight validation framework called Bohemia that a parsing library developer can use as a tool in a toolkit for integration testing the framework makes use of the concept of Equivalence Modulo Inputs (EMI) in order to generate mutated input grammars to stress test the parsing library. We also describe the result of evaluating Bohemia with a set of parsing libraries that utilize distinct parsing algorithms. During the evaluation, we found a number of bugs in those libraries. Some of those have been reported to and fixed by developers.

Original language	English (US)
Title of host publication	Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	162-170
Number of pages	9
ISBN (Electronic)	9781728189345
DOIs	https://doi.org/10.1109/SPW53761.2021.00030
State	Published - May 2021
Event	2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021 - Virtual, Online, United States Duration: May 27 2021 → May 27 2021

Publication series

Name	Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021

Conference

Conference	2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
Country/Territory	United States
City	Virtual, Online
Period	5/27/21 → 5/27/21

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Computer Networks and Communications
Information Systems and Management
Safety, Risk, Reliability and Quality

Access to Document

10.1109/SPW53761.2021.00030

Cite this

@inproceedings{2804ec76a4a4469b8b2ef8e0a8fcf583,

title = "Bohemia - A Validator for Parser Frameworks",

abstract = "Parsing is ubiquitous in software projects, ranging from small command-line utilities, highly secure network clients, to large compilers. Programmers are provided with a plethora of parsing libraries to choose from. However, implementation bugs in parsing libraries allow the generation of incorrect parsers, which in turn may allow malicious inputs to crash systems or launch security exploits. In this paper we describe a lightweight validation framework called Bohemia that a parsing library developer can use as a tool in a toolkit for integration testing the framework makes use of the concept of Equivalence Modulo Inputs (EMI) in order to generate mutated input grammars to stress test the parsing library. We also describe the result of evaluating Bohemia with a set of parsing libraries that utilize distinct parsing algorithms. During the evaluation, we found a number of bugs in those libraries. Some of those have been reported to and fixed by developers.",

author = "Anish Paranjpe and Gang Tan",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021 ; Conference date: 27-05-2021 Through 27-05-2021",

year = "2021",

month = may,

doi = "10.1109/SPW53761.2021.00030",

language = "English (US)",

series = "Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "162--170",

booktitle = "Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021",

address = "United States",

}

Paranjpe, A & Tan, G 2021, Bohemia - A Validator for Parser Frameworks. in Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021. Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021, Institute of Electrical and Electronics Engineers Inc., pp. 162-170, 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021, Virtual, Online, United States, 5/27/21. https://doi.org/10.1109/SPW53761.2021.00030

Bohemia - A Validator for Parser Frameworks. / Paranjpe, Anish; Tan, Gang.
Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 162-170 (Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Bohemia - A Validator for Parser Frameworks

AU - Paranjpe, Anish

AU - Tan, Gang

PY - 2021/5

Y1 - 2021/5

N2 - Parsing is ubiquitous in software projects, ranging from small command-line utilities, highly secure network clients, to large compilers. Programmers are provided with a plethora of parsing libraries to choose from. However, implementation bugs in parsing libraries allow the generation of incorrect parsers, which in turn may allow malicious inputs to crash systems or launch security exploits. In this paper we describe a lightweight validation framework called Bohemia that a parsing library developer can use as a tool in a toolkit for integration testing the framework makes use of the concept of Equivalence Modulo Inputs (EMI) in order to generate mutated input grammars to stress test the parsing library. We also describe the result of evaluating Bohemia with a set of parsing libraries that utilize distinct parsing algorithms. During the evaluation, we found a number of bugs in those libraries. Some of those have been reported to and fixed by developers.

AB - Parsing is ubiquitous in software projects, ranging from small command-line utilities, highly secure network clients, to large compilers. Programmers are provided with a plethora of parsing libraries to choose from. However, implementation bugs in parsing libraries allow the generation of incorrect parsers, which in turn may allow malicious inputs to crash systems or launch security exploits. In this paper we describe a lightweight validation framework called Bohemia that a parsing library developer can use as a tool in a toolkit for integration testing the framework makes use of the concept of Equivalence Modulo Inputs (EMI) in order to generate mutated input grammars to stress test the parsing library. We also describe the result of evaluating Bohemia with a set of parsing libraries that utilize distinct parsing algorithms. During the evaluation, we found a number of bugs in those libraries. Some of those have been reported to and fixed by developers.

UR - https://www.scopus.com/pages/publications/85112794846

UR - https://www.scopus.com/pages/publications/85112794846#tab=citedBy

U2 - 10.1109/SPW53761.2021.00030

DO - 10.1109/SPW53761.2021.00030

M3 - Conference contribution

AN - SCOPUS:85112794846

T3 - Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021

SP - 162

EP - 170

BT - Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021

Y2 - 27 May 2021 through 27 May 2021

ER -

Bohemia - A Validator for Parser Frameworks

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this