SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities
暂无分享,去创建一个
Angelos D. Keromytis | Suman Jana | Jason Zhao | Theofilos Petsios | S. Jana | A. Keromytis | Jason Zhao | Theofilos Petsios
[1] Ronald L. Rivest,et al. Introduction to Algorithms , 1990 .
[2] Stefan M. Petters,et al. Making worst case execution time analysis for hard real-time tasks on state of the art processors feasible , 1999, Proceedings Sixth International Conference on Real-Time Computing Systems and Applications. RTCSA'99 (Cat. No.PR00306).
[3] M. Douglas McIlroy. A Killer Adversary for Quicksort , 1999, Softw. Pract. Exp..
[4] Stefan M. Petters. Bounding the execution time of real-time tasks on modern processors , 2000, Proceedings Seventh International Conference on Real-Time Computing Systems and Applications.
[5] Clifford Stein,et al. Introduction to Algorithms, 2nd edition. , 2001 .
[6] John A. Clark,et al. A search-based automated test-data generation framework for safety-critical systems , 2002 .
[7] Guillem Bernat,et al. WCET analysis of probabilistic hard real-time systems , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..
[8] Dan S. Wallach,et al. Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.
[9] Matthias Grochtmann,et al. Verifying Timing Constraints of Real-Time Systems by Means of Evolutionary Testing , 1998, Real-Time Systems.
[10] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.
[11] Somesh Jha,et al. Backtracking Algorithmic Complexity Attacks against a NIDS , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).
[12] Patrice Godefroid,et al. Automated Whitebox Fuzz Testing , 2008, NDSS.
[13] Xiang Cai,et al. Exploiting Unix File-System Races via Algorithmic Complexity Attacks , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[14] Iain Bate,et al. WCET analysis of modern processors using multi-criteria optimisation , 2009, 2009 1st International Symposium on Search Based Software Engineering.
[15] Kedar S. Namjoshi,et al. Robust and Fast Pattern Matching for Intrusion Detection , 2010, 2010 Proceedings IEEE INFOCOM.
[16] Guillem Bernat,et al. Hybrid measurement-based WCET analysis at the source level using object-level traces , 2010, WCET.
[17] Yang Zhang,et al. A Covert Timing Channel via Algorithmic Complexity Attacks: Design and Analysis , 2011, 2011 IEEE International Conference on Communications (ICC).
[18] Allen D. Householder,et al. Probability-Based Parameter Selection for Black-Box Fuzz Testing , 2012 .
[19] Antonio González,et al. Hardware/Software Mechanisms for Protecting an IDS against Algorithmic Complexity Attacks , 2012, 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum.
[20] Antonio González,et al. Improving the Resilience of an IDS against Performance Throttling Attacks , 2012, SecureComm.
[21] Shan Lu,et al. Understanding and detecting real-world performance bugs , 2012, PLDI.
[22] Herbert Bos,et al. Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations , 2013, USENIX Security Symposium.
[23] Hayo Thielecke,et al. Static Analysis for Regular Expression Denial-of-Service Attacks , 2013, NSS.
[24] Xin-She Yang,et al. Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.
[25] Brink van der Merwe,et al. Analyzing Catastrophic Backtracking Behavior in Practical Regular Expression Matching , 2014, AFL.
[26] Qi Luo,et al. Automating performance bottleneck detection using search-based application profiling , 2015, ISSTA.
[27] David Brumley,et al. Program-Adaptive Mutational Fuzzing , 2015, 2015 IEEE Symposium on Security and Privacy.
[28] Angelos D. Keromytis,et al. DynaGuard: Armoring Canary-based Protections against Brute-force Attacks , 2015, ACSAC.
[29] Murali Krishna Ramanathan,et al. Efficient flow profiling for detecting performance bugs , 2016, ISSTA.
[30] Ganesh Ram Santhanam,et al. Statically-Informed Dynamic Analysis Tools to Detect Algorithmic Complexity Vulnerabilities , 2016, 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM).
[31] Christopher Krügel,et al. Driller: Augmenting Fuzzing Through Selective Symbolic Execution , 2016, NDSS.
[32] Salvatore J. Stolfo,et al. NEZHA: Efficient Domain-Independent Differential Testing , 2017, 2017 IEEE Symposium on Security and Privacy (SP).
[33] Isil Dillig,et al. Static Detection of DoS Vulnerabilities in Programs that Use Regular Expressions , 2017, TACAS.
[34] Herbert Bos,et al. VUzzer: Application-aware Evolutionary Fuzzing , 2017, NDSS.