We study a class of denial-of-service (DoS) vulnerabilities that occur in parsing structured data. These vulnerabilities enable low bandwidth DoS attacks with input that causes algorithms to execute in disproportionately large time and / or space. We generalise the characteristics of these vulnerabilities, and frame them in terms of three aspects, TTT: (1) the Topology of composite data structures formed by the internal representation of parsed data, (2) the presence of recursive functions for the Traversal of the data structures and (3) the presence of a Trigger that enables an attacker to activate the traversal. An analysis based on this abstraction was implemented for one target platform (Java), and in our study, we found that the impact...
Although it has been demonstrated that Natural Language Processing (NLP) algorithms are vulnerable t...
The use of the Internet has increased drastically the last few years. This trend has led to a consta...
A malicious attack that can prevent establishment of Internet connections to web servers is termed a...
In recent years, multiple vulnerabilities exploiting the serialisation APIs of various programming l...
The loosely-coupled and dynamic nature of web services architectures has many benefits, but also lea...
Most web applications have critical bugs (faults) affecting their security, which makes them vulnera...
A denial of service attack (DOS) is any type of attack on a networking structure to disable a server...
Program Vulnerabilities may be unwarranted for any organization and may lead to severe system failur...
As computer networks continue to proliferate, the world\u27s dependence on a secure communication in...
In this paper, we investigate the current use of data compression in network services that are at th...
Denial Of Service (DOS) and Distributed Denial Of Service (DDOS) attacks are attempts to make\ud a s...
We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficienc...
This paper provides a taxonomy of runtime taint tracking approaches for managed code, such as code w...
Any computer program processing input from the user or network must validate the input. Input-handli...
Availability requires that computer systems function normally without loss of resources to legitimat...
Although it has been demonstrated that Natural Language Processing (NLP) algorithms are vulnerable t...
The use of the Internet has increased drastically the last few years. This trend has led to a consta...
A malicious attack that can prevent establishment of Internet connections to web servers is termed a...
In recent years, multiple vulnerabilities exploiting the serialisation APIs of various programming l...
The loosely-coupled and dynamic nature of web services architectures has many benefits, but also lea...
Most web applications have critical bugs (faults) affecting their security, which makes them vulnera...
A denial of service attack (DOS) is any type of attack on a networking structure to disable a server...
Program Vulnerabilities may be unwarranted for any organization and may lead to severe system failur...
As computer networks continue to proliferate, the world\u27s dependence on a secure communication in...
In this paper, we investigate the current use of data compression in network services that are at th...
Denial Of Service (DOS) and Distributed Denial Of Service (DDOS) attacks are attempts to make\ud a s...
We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficienc...
This paper provides a taxonomy of runtime taint tracking approaches for managed code, such as code w...
Any computer program processing input from the user or network must validate the input. Input-handli...
Availability requires that computer systems function normally without loss of resources to legitimat...
Although it has been demonstrated that Natural Language Processing (NLP) algorithms are vulnerable t...
The use of the Internet has increased drastically the last few years. This trend has led to a consta...
A malicious attack that can prevent establishment of Internet connections to web servers is termed a...