Skip to main content
Conference ProceedingsOPEN ACCESS

DISCOVER: Detecting algorithmic complexity vulnerabilities

ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2019) 1129-1133
DOI: 10.1145/3338906.3341177
3Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.

Abstract

Algorithmic Complexity Vulnerabilities (ACV) are a class of vulnerabilities that enable Denial of Service Attacks. ACVs stem from asymmetric consumption of resources due to complex loop termination logic, recursion, and/or resource intensive library APIs. Completely automated detection of ACVs is intractable and it calls for tools that assist human analysts. We present DISCOVER, a suite of tools that facilitates human-on-the-loop detection of ACVs. DISCOVER's workflow can be broken into three phases - (1) Automated characterization of loops, (2) Selection of suspicious loops, and (3) Interactive audit of selected loops. We demonstrate DISCOVER using a case study using a DARPA challenge app. DISCOVER supports analysis of Java source code and Java bytecode. We demonstrate it for Java bytecode.

Author supplied keywords

Cite

CITATION STYLE

APA

Awadhutkar, P., Santhanam, G. R., Holland, B., & Kothari, S. (2019). DISCOVER: Detecting algorithmic complexity vulnerabilities. In ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 1129–1133). Association for Computing Machinery, Inc. https://doi.org/10.1145/3338906.3341177

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free