Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities

Free registration required

Executive Summary

As networked systems grow in complexity, they are increasingly vulnerable to Denial-of-Service (DoS) attacks involving resource exhaustion. A single malicious input of coma can trigger high-complexity behavior such as deep recursion in a carelessly implemented server, exhausting CPU time or stack space and making the server unavailable to legitimate clients. These DoS attacks exploit the semantics of the target application, are rarely associated with network traffic anomalies, and are thus extremely difficult to detect using conventional methods.

  • Format: PDF
  • Size: 276.2 KB