TY - GEN
T1 - Repairing DoS Vulnerability of Real-World Regexes
AU - Chida, Nariyoshi
AU - Terauchi, Tachio
N1 - Funding Information:
We thank the anonymous reviewers for their useful comments. This work was supported by JSPS KAKENHI Grant Numbers 17H01720, 18K19787, 20H04162, and 20K20625.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - There has been much work on synthesizing and repairing regular expressions (regexes for short) from examples. These programming-by-example (PBE) methods help the users write regexes by letting them reflect their intention by examples. However, the existing methods may generate regexes whose matching may take super-linear time and are vulnerable to regex denial of service (ReDoS) attacks. This paper presents the first PBE repair method that is guaranteed to generate only invulnerable regexes. Importantly, our method can handle real-world regexes containing lookarounds and backreferences. Due to the extensions, the existing formal definitions of ReDoS vulnerabilities that only consider pure regexes are insufficient. Therefore, we first give a novel formal semantics and complexity of backtracking matching algorithms for real-world regexes, and with them, give the first formal definition of ReDoS vulnerability for real-world regexes. Next, we present a novel condition called real-world strong 1-unambiguity that is sufficient for guaranteeing the invulnerability of real-world regexes, and formalize the corresponding PBE repair problem. Finally, we present an algorithm that solves the repair problem. The algorithm builds on and extends the previous PBE methods to handle the realworld extensions and with constraints to enforce the real-world strong 1-unambiguity condition.
AB - There has been much work on synthesizing and repairing regular expressions (regexes for short) from examples. These programming-by-example (PBE) methods help the users write regexes by letting them reflect their intention by examples. However, the existing methods may generate regexes whose matching may take super-linear time and are vulnerable to regex denial of service (ReDoS) attacks. This paper presents the first PBE repair method that is guaranteed to generate only invulnerable regexes. Importantly, our method can handle real-world regexes containing lookarounds and backreferences. Due to the extensions, the existing formal definitions of ReDoS vulnerabilities that only consider pure regexes are insufficient. Therefore, we first give a novel formal semantics and complexity of backtracking matching algorithms for real-world regexes, and with them, give the first formal definition of ReDoS vulnerability for real-world regexes. Next, we present a novel condition called real-world strong 1-unambiguity that is sufficient for guaranteeing the invulnerability of real-world regexes, and formalize the corresponding PBE repair problem. Finally, we present an algorithm that solves the repair problem. The algorithm builds on and extends the previous PBE methods to handle the realworld extensions and with constraints to enforce the real-world strong 1-unambiguity condition.
KW - ReDoS
KW - Real-world regexes
KW - repair
KW - synthesis
UR - http://www.scopus.com/inward/record.url?scp=85135914463&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85135914463&partnerID=8YFLogxK
U2 - 10.1109/SP46214.2022.9833597
DO - 10.1109/SP46214.2022.9833597
M3 - Conference contribution
AN - SCOPUS:85135914463
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 2060
EP - 2077
BT - Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 43rd IEEE Symposium on Security and Privacy, SP 2022
Y2 - 23 May 2022 through 26 May 2022
ER -