@inproceedings{d1cf495ec4bf44dfaeef230e414250d1,
title = "Caradoc: A Pragmatic Approach to PDF Parsing and Validation",
abstract = "PDF has become a de facto standard for exchanging electronic documents, for visualization as well as for printing. However, it has also become a common delivery channel for malware, and previous work has highlighted features that lead to security issues. In our work, we focus on the structure of the format, independently from specific features. By methodically testing PDF readers against hand-crafted files, we show that the interpretation of PDF files at the structural level may cause some form of denial of service, or be ambiguous and lead to rendering inconsistencies among readers. We then propose a pragmatic solution by restricting the syntax to avoid common errors, and propose a formal grammar for it. We explain how data consistency can be validated at a finer-grained level using a dedicated type checker. Finally, we assess this approach on a set of real-world files and show that our proposals are realistic.",
keywords = "PDF, caradoc, document structure, parser",
author = "Guillaume Endignoux and Olivier Levillain and Migeon, \{Jean Yves\}",
note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 ; Conference date: 23-05-2016 Through 25-05-2016",
year = "2016",
month = aug,
day = "1",
doi = "10.1109/SPW.2016.39",
language = "English",
series = "Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "126--139",
booktitle = "Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016",
}