LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the Shannon Communication Model and how does it relate to interface security?

Shannon's 1948 model is Sender → Encode → Channel → Decode → Receiver; for a correct interface, decoding must undo encoding, i.e. Dec(Enc(M)) = M.

Sender → encode → channel → decode → receiver, with the faithful round-trip vs where injection lives.

* Shannon's source-encode-channel-decode-sink model — a faithful round-trip versus the mismatch where injection lives. *

The model is borrowed from communication theory but maps cleanly onto any interface: your data M gets serialized (encoded), travels a channel, then gets parsed (decoded). Security depends on that round-trip being faithful — if the parser reconstructs something other than what the sender meant, the gap is exactly where injection attacks live:

Model:

Sender --> Message M --> Enc(M) --> [Channel] --> Enc(M) --> Dec(Enc(M)) --> Receiver

Security relevance:

  • The encoding/decoding must be consistent
  • Both parties must use compatible Enc/Dec functions
  • If Dec(Enc(M)) != M, there's a problem!

Interface analogy:

Shannon Element Interface Equivalent Security Concern
Message M User input data Can be crafted maliciously
Encoding Enc(M) Serialization/formatting May transform data unexpectedly
Channel Network/Interface Can be intercepted or modified
Decoding Dec(Enc(M)) Parsing/interpretation May interpret data differently than intended

Concrete example — SQL Injection:

  • M = O'Brien (user's name)
  • Enc(M) = "INSERT INTO users VALUES('O'Brien')" (naive string concat)
  • Dec(Enc(M)) = SQL parser sees O then Brien as SQL code → Dec(Enc(M)) ≠ M!

Go deeper:

From Quiz: SPRG / Security Review | Updated: Jul 14, 2026