Senior Security Researcher, Narf Industries
Do PDF Tools Conform To The Specification?
The PDF specification has been popular since the 1990s as a common data transmission format. However, as more tools implement this standard, tools have also deviated from the specification in subtle ways. Until now, the true extent of these deviations has not been cataloged. In this talk, I present a type checker that strictly enforces the constraints of the PDF specification.
I also present SPARTA, a novel tool I built that generates Rust code that type checks Portable Data Format (PDF) files. Our PDF checker has contributed to at least four significant clarifications and corrections to the PDF 2.0 specification and various open-source PDF tools. In addition to our checker, we also built a practical tool, PDFFixer, to dynamically patch type errors in PDF files.
Prashant Anantharaman is a Senior Security Researcher at Narf Industries LLC in Boston, USA. He received a Ph.D. in Computer Science from Dartmouth College, USA, in May 2022, where he worked with Sean Smith and Sergey Bratus on Language-Theoretic Security and File Format design. He has worked on several DARPA projects, such as SAFEDOCS, RADICS, and GAPS, that have led to real-world impact. His work has contributed to several corrections to the ICC and PDF format standards.