Filters








16,759 Hits in 9.4 sec

Static Detection of DoS Vulnerabilities in Programs that use Regular Expressions (Extended Version) [article]

Valentin Wüstholz and Oswaldo Olivo and Marijn J. H. Heule and Isil Dillig
2017 arXiv   pre-print
A prominent algorithmic complexity attack is regular expression denial-of-service (ReDoS), in which the attacker exploits a vulnerable regular expression by providing a carefully-crafted input string that  ...  Specifically, our approach automatically identifies vulnerable regular expressions in the program and determines whether an "evil" input string can be matched against a vulnerable regular expression.  ...  In this paper, we propose a static technique for automatically uncovering DoS vulnerabilities in programs that use regular expressions.  ... 
arXiv:1701.04045v1 fatcat:qxkjpioepjc3hga32jtmbihbuq

Static Detection of DoS Vulnerabilities in Programs that Use Regular Expressions [chapter]

Valentin Wüstholz, Oswaldo Olivo, Marijn J. H. Heule, Isil Dillig
2017 Lecture Notes in Computer Science  
Specifically, our approach automatically identifies vulnerable regular expressions in the program and determines whether an "evil" input string can be matched against a vulnerable regular expression.  ...  A prominent algorithmic complexity attack is regular expression denial-of-service (ReDoS ), in which the attacker exploits a vulnerable regular expression by providing a carefully-crafted input string  ...  In this paper, we propose a static technique for automatically uncovering DoS vulnerabilities in programs that use regular expressions.  ... 
doi:10.1007/978-3-662-54580-5_1 fatcat:f6lyqx7swzhnboafwutp35xdgq

Context-aware, Adaptive and Scalable Android Malware Detection through Online Learning (extended version) [article]

Annamalai Narayanan, Mahinthan Chandramohan, Lihui Chen, Yang Liu
2017 arXiv   pre-print
Contrary to this fact, most of the prior works on Machine Learning based Android malware detection have assumed that the distribution of the observed malware characteristics (i.e., features) does not change  ...  In order to perform accurate detection, a novel graph kernel that facilitates capturing apps' security-sensitive behaviors along with their context information from dependency graphs is proposed.  ...  (C4) Expressiveness. PRGs are known to be complex and expressive data structures that characterize topological relationships among program entities.  ... 
arXiv:1706.00947v2 fatcat:sduouh6iovhkxficotkgpwaycq

A Formal Approach to Physics-Based Attacks in Cyber-Physical Systems (Extended Version) [article]

Ruggero Lanotte and Massimo Merro and Andrei Munteanu and Luca Viganò
2021 arXiv   pre-print
running example in Uppaal SMC, the statistical extension of the Uppaal model checker; we use Uppaal SMC as an automatic tool for carrying out a static security analysis of our running example in isolation  ...  readings or control commands in order to drive a CPS into an undesired state, and we provide the means to assess attack tolerance/vulnerability with respect to a given attack. (3)~We formalise how to  ...  Massimo Merro and Andrei Munteanu have been partially supported by the project "Dipartimenti di Eccellenza 2018-2022" funded by the Italian Ministry of Education, Universities and Research (MIUR).  ... 
arXiv:1902.04572v3 fatcat:tvbea3y7t5d6ll5h5o4u62iikq

From IP ID to Device ID and KASLR Bypass (Extended Version) [article]

Amit Klein, Benny Pinkas
2019 arXiv   pre-print
Our work examines the generation of this field in Windows (versions 8 and higher), Linux and Android, and shows that the IP ID field enables remote servers to assign a unique ID to each device and thus  ...  In modern Linux and Android versions, this field leaks a kernel address, thus we also break KASLR.  ...  tag than that of the "regular" browser.  ... 
arXiv:1906.10478v2 fatcat:aqxxj4w54bhstbonrts23gy4qq

Towards a Theory of Scale-Free Graphs: Definition, Properties, and Implications (Extended Version) [article]

Lun Li, David Alderson, Reiko Tanaka, John C. Doyle, Walter Willinger
2005 arXiv   pre-print
In this paper, we propose a new, mathematically precise, and structural definition of the extent to which a graph is scale-free, and prove a series of results that recover many of the claimed properties  ...  In fact, it is easily shown that the existing theory has many inherent contradictions and verifiably false claims.  ...  Using a probabilistic framework, one approach is to model the distribution of galaxies as a stationary random process and express clustering in terms of correlations in the distributions of galaxies (see  ... 
arXiv:cond-mat/0501169v2 fatcat:vjacsiorifafdjb5i4wg4fgcry

A New Source Code Auditing Algorithm For Detecting Lfi And Rfi In Php Programs

Seyed Ali Mir Heydari, Mohsen Sayadiharikandeh
2008 Zenodo  
More precisely, we use regular expression as a fast and simple method to define some patterns for detection of vulnerabilities.  ...  Static analysis of source code is used for auditing web applications to detect the vulnerabilities.  ...  [14, 15] use the static source code analysis concept with using regular expressions in an interesting way.  ... 
doi:10.5281/zenodo.1060896 fatcat:utf7ahqrvnc2ffh4yb62vjbnde

An automated approach to fix buffer overflows

Aamir Shahab, Muhammad Nadeem, Mamdouh Alenezi, Raja Asif
2020 International Journal of Electrical and Computer Engineering (IJECE)  
A static analysis tool has been used to evaluate the performance of the developed prototype tools.  ...  This research contributes by developing a prototype that automatically fixes different types of buffer overflows by using the strategies suggested in CWE articles and existing research.  ...  This module is developed using regular expressions. These regular expressions search for a specific function in source code and the attributes declared with that function were found.  ... 
doi:10.11591/ijece.v10i4.pp3777-3787 fatcat:f4x6xjl7hjcjbet5dfobbr6ozm

Improving security using extensible lightweight static analysis

D. Evans, D. Larochelle
2002 IEEE Software  
This paper describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities) and can be readily  ...  extended to detect new vulnerabilities.  ...  Untainted values can be derived from tainted input by using Perl's regular expression matching.  ... 
doi:10.1109/52.976940 fatcat:b6uozxksebgnnf5y3vqisr63hi

Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities

Richard Chang, Guofei Jiang, Franjo Ivancic, Sriram Sankaranarayanan, Vitaly Shmatikov
2009 2009 22nd IEEE Computer Security Foundations Symposium  
As networked systems grow in complexity, they are increasingly vulnerable to denial-of-service (DoS) attacks involving resource exhaustion.  ...  version of the wu-ftpd server.  ...  STATIC DETECTION OF DOS VULNERABILITIES To detect vulnerabilities that allow a remote attacker to exhaust CPU or stack resources via inputs of coma, our SAFER framework uses a novel combination of two  ... 
doi:10.1109/csf.2009.13 dblp:conf/csfw/ChangJISS09 fatcat:xyjzghrecna5jjryuhdgphrq4y

Static Analysis Tools Against Cross-site Scripting Vulnerabilities in Web Applications : An Analysis

Nurul Atiqah Abu Talib, Kyung-Goo Doh
2021 Journal of Software Assessment and Valuation  
It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006.  ...  The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer.  ...  TBA tools, which typically use regular-expressions to parse data, have the advantage of expressiveness in detecting recurrent patterns and information [27] , which may be the reason for their higher probability  ... 
doi:10.29056/jsav.2021.12.14 fatcat:rh23aaif5vcjvfq5pg3zpzxhmm

Sound and precise analysis of web applications for injection vulnerabilities

Gary Wassermann, Zhendong Su
2007 Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation - PLDI '07  
Both static and dynamic approaches have been proposed to detect or prevent SQL injections; while dynamic approaches provide protection for deployed software, static approaches can detect potential vulnerabilities  ...  Our tool successfully discovered previously unknown and sometimes subtle vulnerabilities in real-world programs, has a low false positive rate, and scales to large programs (with approx. 100K loc).  ...  We also thank Yasuhiko Minamide for developing the PHP string analyzer that we used in this work and for answering our questions about his tool.  ... 
doi:10.1145/1250734.1250739 dblp:conf/pldi/WassermannS07 fatcat:3zly5365ujgndhm7asqqlw3tnm

Sound and precise analysis of web applications for injection vulnerabilities

Gary Wassermann, Zhendong Su
2007 SIGPLAN notices  
Both static and dynamic approaches have been proposed to detect or prevent SQL injections; while dynamic approaches provide protection for deployed software, static approaches can detect potential vulnerabilities  ...  Our tool successfully discovered previously unknown and sometimes subtle vulnerabilities in real-world programs, has a low false positive rate, and scales to large programs (with approx. 100K loc).  ...  We also thank Yasuhiko Minamide for developing the PHP string analyzer that we used in this work and for answering our questions about his tool.  ... 
doi:10.1145/1273442.1250739 fatcat:hbyxtjhpcrhdrdm2r55aoo7xry

Towards automatic generation of vulnerability-based signatures

D. Brumley, J. Newsome, D. Song, Hao Wang, Somesh Jha
2006 2006 IEEE Symposium on Security and Privacy (S&P'06)  
A vulnerability signature is a representation (e.g., a regular expression) of the vulnerability language.  ...  Our experiments show that we can automatically generate a vulnerability signature using a single exploit which is of much higher quality than previous exploit-based signatures.  ...  We show that precise regular expression signature generation can be reduced to the model checking problem in the extended version of this paper [8] .  ... 
doi:10.1109/sp.2006.41 dblp:conf/sp/BrumleyNSWJ06 fatcat:ay4f2hth4zcgrkjvx7277qnw6e

Automatic Prevention of Buffer Overflow Vulnerability Using Candidate Code Generation

Young-Su JANG, Jin-Young CHOI
2018 IEICE transactions on information and systems  
Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs.  ...  Our results showed that statements containing buffer overflow vulnerabilities could be detected and prevented by using a substitution variable and by sanitizing code vulnerabilities based on the size of  ...  Moreover, sanitization analysis of regular expressions and built-in validation functions is ineffective in detecting vulnerabilities in input sources arising from either a user or another program [8]  ... 
doi:10.1587/transinf.2018edp7192 fatcat:2pjbypj5xvfp7hunxgu3tk3yj4
« Previous Showing results 1 — 15 out of 16,759 results