Capturing the iccMAX calculatorElement: A Case Study on Format Design

ICC profiles are widely used to provide faithful digital color reproduction across a variety of devices, such as monitors, printers, and cameras. In this paper, we document our efforts on reviewing and identifying security issues with the calculatorElement description from the recent iccMAX specific...

Full description

Saved in:
Bibliographic Details
Main Authors: Kothari, Vijay H., Anantharaman, Prashant, Smith, Sean W., Hitaj, Briland, Mundkur, Prashanth, Shankar, Natarajan, Li, Letitia W., Diatchki, Iavor, Harris, William
Format: Conference Proceeding
Language:English
Subjects:
Calculators
Computer bugs
data description languages
Fault diagnosis
formal methods
iccMAX
LangSec
parser
Privacy
Security
Semantics
specification
Static analysis
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:ICC profiles are widely used to provide faithful digital color reproduction across a variety of devices, such as monitors, printers, and cameras. In this paper, we document our efforts on reviewing and identifying security issues with the calculatorElement description from the recent iccMAX specification (ICC.2:2019), which expands upon the ICC v4 specification (ICC.1:2010). The iccMAX calculatorElement, which captures a calculator function through a stack-based computational approach, was designed with security in mind. We analyzed the iccMAX calculatorElement using a variety of approaches that utilized: the proof assistant PVS, the theorem-proving language ACL2, the data description language DaeDaLus, and tools tied to the data description language Parsley. Bringing the tools of formal data description, theorem proving, and static analysis to a non-trivial real-world specification has shed light on both the tools and the specification. This exercise has led us to discover numerous bugs within the specification, to identify specification improvements, to identify flaws with a demo implementation, and to recognize ways that we can improve our own tools. Additionally, this particular case study has broader implications for those who work with specification, data description languages, and parsers. In this paper, we document our work on this exercise and relay our key findings.
ISSN:2770-8411
DOI:10.1109/SPW54247.2022.9833859