Towards Denial-of-Service Memory Vulnerabilities Journal of the Software

We address the problem of verifying a program to be free of Denial-of-Service memory vulnerabilities. More specifically, we define a program to be safe from DoS attacks if its memory usage at any time during execution is linear to sizes of its inputs. We design an analysis algorithm that verifies if a program satisfies this definition, and reports code snippets in the program that may cause a nonlinear amount of memory usage in case the verification fails. We also formally prove the correctness of our algorithm w.r.t. the above definition. Our experimental results indicate that the analysis algorithm is both effective and efficient. 2019 CIRES (Cooperative Institute for Research in Environmental Sciences) Submitted https://doi.org/10.17706/jsw.14.9.423-436 Other 1951