Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CSFW
2009
IEEE
2009
IEEE
Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities
—As networked systems grow in complexity, they are increasingly vulnerable to denial-of-service (DoS) attacks involving resource exhaustion. A single malicious input of coma can trigger high-complexity behavior such as deep recursion in a carelessly implemented server, exhausting CPU time or stack space and making the server unavailable to legitimate clients. These DoS attacks exploit the semantics of the target application, are rarely associated with network traffic anomalies, and are thus extremely difficult to detect using conventional methods. We present SAFER, a static analysis tool for identifying potential DoS vulnerabilities and the root causes of resourceexhaustion attacks before the software is deployed. Our tool combines taint analysis with control dependency analysis to detect high-complexity control structures whose execution can be triggered by untrusted network inputs. When evaluated on real-world networked applications, SAFER discovered previously unknown DoS vulner...
Real-time TrafficCSFW 2009 | DoS Vulnerabilities | Malicious Inputs | Potential Dos Vulnerabilities | Security Privacy |
Related Content
| Added | 20 May 2010 |
| Updated | 20 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | CSFW |
| Authors | Richard M. Chang, Guofei Jiang, Franjo Ivancic, Sriram Sankaranarayanan, Vitaly Shmatikov |
Comments (0)
Researcher Info
|
