JSW 2019 Vol.14(9): 423-436 ISSN: 1796-217X
doi: 10.17706/jsw.14.9.423-436
doi: 10.17706/jsw.14.9.423-436
Towards Denial-of-Service Memory Vulnerabilities
Tianhan Lu1, Yu-Ju Lee1, Wen-Wei Liao2, 3∗
1Department of Computer Science, University of Colorado Boulder, CO 80309-0430, USA
2University of Colorado Boulder Cooperative Institute for Research in Environmental Sciences, USA.
3International College ofSemiconductor Technology, National Chiao Tung University, Taiwan.
Abstract—We address the problem of verifying a program to be free of Denial-of-Service memory vulnerabilities. More specifically, we define a program to be safe from DoS attacks if its memory usage at any time during execution is linear to sizes of its inputs. We design an analysis algorithm that verifies if a program satisfies this definition, and reports code snippets in the program that may cause a nonlinear amount of memory usage in case the verification fails. We also formally prove the correctness of our algorithm w.r.t. the above definition. Our experimental results indicate that the analysis algorithm is both effective and efficient.
Index Terms—Program verification, software security, static analysis.
2University of Colorado Boulder Cooperative Institute for Research in Environmental Sciences, USA.
3International College ofSemiconductor Technology, National Chiao Tung University, Taiwan.
Abstract—We address the problem of verifying a program to be free of Denial-of-Service memory vulnerabilities. More specifically, we define a program to be safe from DoS attacks if its memory usage at any time during execution is linear to sizes of its inputs. We design an analysis algorithm that verifies if a program satisfies this definition, and reports code snippets in the program that may cause a nonlinear amount of memory usage in case the verification fails. We also formally prove the correctness of our algorithm w.r.t. the above definition. Our experimental results indicate that the analysis algorithm is both effective and efficient.
Index Terms—Program verification, software security, static analysis.
Cite: Tianhan Lu, Yu-Ju Lee, Wen-Wei Liao, "Towards Denial-of-Service Memory Vulnerabilities," Journal of Software vol. 14, no. 9, pp. 423-436, 2019.
PREVIOUS PAPER
Programming Is Diagramming Is Programming
NEXT PAPER
Last page
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsw@iap.org
-
Apr 26, 2021 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Nov 18, 2021 News!
Papers published in JSW Vol 16, No 1- Vol 16, No 6 have been indexed by DBLP [Click]
-
Dec 24, 2021 News!
Vol 15, No 1- Vol 15, No 6 has been indexed by IET-(Inspec) [Click]
-
Nov 18, 2021 News!
[CFP] 2022 the annual meeting of JSW Editorial Board, ICCSM 2022, will be held in Rome, Italy, July 21-23, 2022 [Click]
-
Aug 01, 2023 News!