Mostrar el registro sencillo del ítem

dc.contributor.authorDavis, James C.
dc.contributor.authorServant-Cortés, Francisco Javier 
dc.contributor.authorLee, Dongyoon
dc.date.accessioned2024-10-11T10:47:29Z
dc.date.available2024-10-11T10:47:29Z
dc.date.issued2021
dc.identifier.citationJ. C. Davis, F. Servant and D. Lee, "Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)," 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2021, pp. 1-17, doi: https://doi.org/10.1109/SP40001.2021.00032es_ES
dc.identifier.urihttps://hdl.handle.net/10630/34698
dc.description.abstractRegular expressions (regexes) are a denial of service vector in most mainstream programming languages. Recent empirical work has demonstrated that up to 10% of regexes have super-linear worst-case behavior in typical regex engines. It is therefore not surprising that many web services are reportedly vulnerable to regex denial of service (ReDoS). If the time complexity of a regex engine can be reduced transparently, ReDoS vulnerabilities can be eliminated at no cost to application developers. Unfortunately, existing ReDoS defenses — replacing the regex engine, optimizing it, or replacing regexes piecemeal — struggle with soundness and compatibility. Full memoization is sound and compatible, but its space costs are too high. No effective ReDoS defense has been adopted in practice. We present techniques to provably eliminate super-linear regex behavior with low space costs for typical regexes. We propose selective memoization schemes with varying space/time tradeoffs. We then describe an encoding scheme that leverages insights about regex engine semantics to further reduce the space cost of memoization. We also consider how to safely handle extended regex features. We implemented our proposals and evaluated them on a corpus of real-world regexes. We found that selective memoization lowers the space cost of memoization by an order of magnitude for the median regex, and that run-length encoding further lowers the space cost to constant for 90% of regexes.es_ES
dc.language.isoenges_ES
dc.rightsinfo:eu-repo/semantics/openAccesses_ES
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/*
dc.subjectAtaques de denegación de servicioes_ES
dc.subject.otherRegular expressionses_ES
dc.subject.otherDenial of servicees_ES
dc.subject.otherSoftware securityes_ES
dc.titleUsing Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS).es_ES
dc.typeinfo:eu-repo/semantics/conferenceObjectes_ES
dc.relation.eventtitleIEEE Symposium on Security and Privacy (SP)es_ES
dc.relation.eventplaceSan Francisco, Estados Unidoses_ES
dc.relation.eventdateMayo 2021es_ES
dc.rights.ccAttribution-NonCommercial-NoDerivatives 4.0 Internacional*


Ficheros en el ítem

Este ítem aparece en la(s) siguiente(s) colección(ones)

Mostrar el registro sencillo del ítem

Attribution-NonCommercial-NoDerivatives 4.0 Internacional
Excepto si se señala otra cosa, la licencia del ítem se describe como Attribution-NonCommercial-NoDerivatives 4.0 Internacional