Tools for disambiguating RFCs

Yen, Jane; Govindan, Ramesh; Raghavan, Barath

doi:10.1145/3472305.3472314

Cited by 7 publications

(4 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, we point out that relevant work targeting the synthesis of networkrelated software (but not network-related configurations) recently started to appear, with e.g., NLP techniques applied to text of IETF Request For Comments (RFC) normative documents for the sake of either auto-discovering and fixing ambiguities [42] or automatically generating protocol implementations [25].…”

Section: Code Synthesismentioning

confidence: 99%

Neural language models for network configuration: Opportunities and reality check

Houidi,

Rossi

2022

Preprint

View full text Add to dashboard Cite

Boosted by deep learning, natural language processing (NLP) techniques have recently seen spectacular progress, mainly fueled by breakthroughs both in representation learning with word embeddings (e.g. word2vec) as well as novel architectures (e.g. transformers). This success quickly invited researchers to explore the use of NLP techniques to other field, such as computer programming languages, with the promise to automate tasks in software programming (bug detection, code synthesis, code repair, cross language translation etc.). By extension, NLP has potential for application to network configuration languages as well, for instance considering tasks such as network configuration verification, synthesis, and cross-vendor translation. In this paper, we survey recent advances in deep learning applied to programming languages, for the purpose of code verification, synthesis and translation: in particularly, we review their training requirements and expected performance, and qualitatively assess whether similar techniques can benefit corresponding use-cases in networking.

show abstract

Section: Code Synthesismentioning

confidence: 99%

Neural language models for network configuration: Opportunities and reality check

Houidi,

Rossi

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Second, entanglement between mechanism and policy makes it difficult for new TLS libraries to reuse existing-well-developed but complex-validation policies. As a result, they must implement their own policy decisions about when to accept a certificate based on the sometimes ambiguous [125] standards, which can lead to security-critical, validation-related bugs [3-11, 15, 56]. Furthermore, software depending on TLS libraries inherit their entangled policy decisions, which are difficult to understand or change.…”

Section: The Problem Of Entanglementmentioning

confidence: 99%

“…For instance, the best way to determine whether a certificate is valid in Chrome versus Firefox is to visit a website serving that certificate in both browsers and compare the results (although even this may not provide complete certainty, as the results may differ based on the OS used [81]). If the browsers return different results, is the difference due to differing interpretations of an RFC [125], due to an unintentional bug, or due to an intentional policy choice?…”

Section: The Problem Of Entanglementmentioning

confidence: 99%

“…Path validation requirements are specified across many different and occasionally ambiguous RFCs [45,125], including but not limited to RFCs 3647, 5280, 6066, 6125, and 6960. For example, RFC 5280 states that the signatureAlgorithm field of the certificate and the signature field of the inner tbsCertificate 5 must be "the same", but does not specify what "the same" means.…”

Section: Certificate Validation Ambiguitymentioning

confidence: 99%

See 1 more Smart Citation

Hammurabi

Larisch

Aqeel

Lum

et al. 2022

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

This paper proposes using a logic programming language to disentangle X.509 certificate validation policy from mechanism. Expressing validation policies in a logic programming language provides multiple benefits. First, policy and mechanism can be more independently written, augmented, and analyzed compared to the current practice of interweaving them within a C or C++ implementation. Once written, these policies can be easily shared and modified for use in different TLS clients. Further, logic programming allows us to determine when clients differ in their policies and use the power of imputation to automatically generate interesting certificates, e.g., a certificate that will be accepted by one browser but not by another.We present a new framework called Hammurabi for expressing validation policies, and we demonstrate that we can express the complex policies of the Google Chrome and Mozilla Firefox web browsers in this framework. We confirm the fidelity of the Hammurabi policies by comparing the validation decisions they make with those made by the browsers themselves on over ten million certificate chains derived from Certificate Transparency logs, as well as 100K synthetic chains. We also use imputation to discover nine validation differences between the two browsers' policies. Finally, we demonstrate the feasibility of integrating Hammurabi into Firefox and the Go language in less than 100 lines of code each. CCS CONCEPTS• Security and privacy → Web protocol security; Logic and verification.

show abstract

Neural language models for network configuration: Opportunities and reality check

Houidi

Rossi²

2022

Computer Communications

View full text Add to dashboard Cite

Tools for disambiguating RFCs

Cited by 7 publications

References 24 publications

Neural language models for network configuration: Opportunities and reality check

Neural language models for network configuration: Opportunities and reality check

Hammurabi

Neural language models for network configuration: Opportunities and reality check

Contact Info

Product

Resources

About