Inputs of Coma: Static Detection of Denial-of-Service VulnerabilitiesRichard Chang, Guofei Jiang, Franjo Ivancic, Sriram Sankaranarayanan, Vitaly Shmatikov |
|
As networked systems grow in complexity, they
are increasingly vulnerable to denial-of-service (DoS) attacks involving resource exhaustion. A single malicious input of coma
can trigger high-complexity behavior such as deep recursion in
a carelessly implemented server, exhausting CPU time or stack
space and making the server unavailable to legitimate clients.
These DoS attacks exploit the semantics of the target application,
are rarely associated with network traffic anomalies, and are thus
extremely difficult to detect using conventional methods.
We present SAFER, a static analysis tool for identifying potential DoS vulnerabilities and the root causes of resource exhaustion attacks before the software is deployed. Our tool combines taint analysis with control dependency analysis to detect high-complexity control structures whose execution can be triggered by untrusted network inputs. When evaluated on real-world networked applications, SAFER discovered previously unknown DoS vulnerabilities in the Expat XML parser and the SQLite library, as well as a new attack on a previously patched version of the wu-ftpd server. This demonstrates the importance of understanding and repairing the root causes of DoS vulnerabilities rather than simply blocking known malicious inputs.
|
| Many thanks to Suresh Thummalapenta for suggesting the term ``Inputs of Coma'' to describe this class of attacks. |
| Computer Security Foundations ( CSF 2009). |
| Copyright (C) IEEE. Copy has been made available online for personal use only. Do not redistribute without permission. |