Improving developers' understanding of regex denial of service tools through anti-patterns and fix strategies
Regular expressions are used for diverse purposes, including input validation and firewalls.
Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular …
Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular …
The Harder You Try, The Harder You Fail: The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNSSEC
E Heftrig, H Schulmann, N Vogel… - Proceedings of the 2024 on …, 2024 - dl.acm.org
Availability is a major concern in the design of DNSSEC. To ensure availability, DNSSEC
follows Postel's Law [RFC1123]:" Be liberal in what you accept, and conservative in what …
follows Postel's Law [RFC1123]:" Be liberal in what you accept, and conservative in what …
In-network probabilistic monitoring primitives under the influence of adversarial network inputs
Network management tasks heavily rely on network telemetry data. Programmable data
planes provide novel ways to collect this telemetry data efficiently using probabilistic data …
planes provide novel ways to collect this telemetry data efficiently using probabilistic data …
Defending Hash Tables from Subterfuge with Depth Charge
We consider the problem of defending a hash table against a Byzantine attacker that is
trying to degrade the performance of query, insertion and deletion operations. Our defense …
trying to degrade the performance of query, insertion and deletion operations. Our defense …
KernelSnitch: Side-Channel Attacks on Kernel Data Structures
L Maar, J Juffinger, T Steinbauer… - … 2025: NDSS 2025, 2025 - graz.elsevierpure.com
The sharing of hardware elements, such as caches, is known to introduce microarchitectural
side-channel leakage. One approach to eliminate this leakage is to not share hardware …
side-channel leakage. One approach to eliminate this leakage is to not share hardware …
Peregrine: ML-based Malicious Traffic Detection for Terabit Networks
Malicious traffic detectors leveraging machine learning (ML), namely those incorporating
deep learning techniques, exhibit impressive detection capabilities across multiple attacks …
deep learning techniques, exhibit impressive detection capabilities across multiple attacks …
Algorithmic Complexity Attacks on Dynamic Learned Indexes
R Yang, EM Kornaropoulos, Y Cheng - arXiv preprint arXiv:2403.12433, 2024 - arxiv.org
Learned Index Structures (LIS) view a sorted index as a model that learns the data
distribution, takes a data element key as input, and outputs the predicted position of the key …
distribution, takes a data element key as input, and outputs the predicted position of the key …
Defending hash tables from algorithmic complexity attacks with resource burning
We consider the problem of defending a hash table against a Byzantine attacker that is
trying to degrade the performance of query, insertion and deletion operations. Our defense …
trying to degrade the performance of query, insertion and deletion operations. Our defense …
Runtime Verification for Programmable Switches
A Shukla, K Hudemann, Z Vági… - IEEE/ACM …, 2023 - ieeexplore.ieee.org
We introduce a runtime verification framework for programmable switches that complements
static analysis. To evaluate our approach, we design and develop P6, a runtime verification …
static analysis. To evaluate our approach, we design and develop P6, a runtime verification …
Robust heuristics: attacks and defenses for job size estimation in WSJF systems
Packet scheduling algorithms control the order in which a system serves network packets,
which can have significant impact on system performance. Many systems rely on Shortest …
which can have significant impact on system performance. Many systems rely on Shortest …