Static Analysis for Regular Expression Exponential Runtime via Substructural Logics
نویسندگان
چکیده
Regular expression matching using backtracking can have exponential runtime, leading to an algorithmic complexity attack known as REDoS in the systems security literature. In this paper, we present a static analysis that detects whether a given regular expression can have exponential runtime for some inputs. The analysis works by forming powers and products of transition relations and thereby reducing the REDoS problem to reachability. The correctness of the analysis is proved using a substructural calculus of search trees, where the branching of the tree causing exponential blowup is characterized as a form of nonlinearity.
منابع مشابه
Runtime Adaptation for Actor Systems
We study the problem of extending RV techniques in the context of (asynchronous) actor systems, so as to be able to carry out a degree of system adaptation at runtime. We propose extensions to specification logics that provide handles for programming both monitor synchronisations (with individual actors), as well as the administration of the resp. adaptations once the triggering behaviour is ob...
متن کاملKleene Algebras, Regular Languages and Substructural Logics
We introduce the two substructural propositional logics KL, KL, which use disjunction, fusion and a unary, (quasi-)exponential connective. For both we prove strong completeness with respect to the interpretation in Kleene algebras and a variant thereof. We also prove strong completeness for language models, where each logic comes with a different interpretation. We show that for both logics the...
متن کاملSemantics, analysis and security of backtracking regular expression matchers
Regular expressions are ubiquitous in computer science. Originally defined by Kleene in 1956, they have become a staple of the computer science undergraduate curriculum. Practical applications of regular expressions are numerous, ranging from compiler construction through smart text editors to network intrusion detection systems. Despite having been vigorously studied and formalized in many way...
متن کاملStatic Analysis for Regular Expression Denial-of-Service Attacks
Regular expressions are a concise yet expressive language for expressing patterns. For instance, in networked software, they are used for input validation and intrusion detection. Yet some widely deployed regular expression matchers based on backtracking are themselves vulnerable to denial-of-service attacks, since their runtime can be exponential for certain input strings. This paper presents ...
متن کاملCoalgebraic completeness-via-canonicity for distributive substructural logics
We prove strong completeness of a range of substructural logics with respect to their relational semantics by completeness-via-canonicity. Specifically, we use the topological theory of canonical (in) equations in distributive lattice expansions to show that distributive substructural logics are strongly complete with respect to their relational semantics. By formalizing the problem in the lang...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1405.7058 شماره
صفحات -
تاریخ انتشار 2014