Static analysis of regular expressions

dc.contributor.advisorVan der Merwe, Andries Brinken_ZA
dc.contributor.authorWeideman, Nicolaas Hendriken_ZA
dc.contributor.otherStellenbosch University. Faculty of Science. Dept. of Mathematical Sciences. Division Computer Science.en_ZA
dc.date.accessioned2017-11-19T13:28:16Z
dc.date.accessioned2017-12-11T11:07:11Z
dc.date.available2017-11-19T13:28:16Z
dc.date.available2017-12-11T11:07:11Z
dc.date.issued2017-11-19
dc.descriptionThesis (MSc)--Stellenbosch University, 2017en_ZA
dc.description.abstractENGLISH ABSTRACT : Regular expressions are widely used throughout the programming community. In most cases, regular expressions allow for pattern matching tasks to be performed efficiently, but in some instances regular expression matching can be extremely slow. The exploit of the potential slowness of regular expression matching, is known as a regular expression denial of service attack. We investigate regular expression denial of service attacks, by approaching it from a computational complexity and automata theoretic point of view. A method for accurately modeling the matching time behaviour of a backtracking regular expression matcher, by using automata theoretic methods, is presented. We analyze our models by using the concept of ambiguity in nondeterministic finite-state automata. Our approach is evaluated on repositories of regular expressions often used in practice. Techniques for mitigating the vulnerability of backtracking regular expression matchers are investigated as a means to thwart regular expression denial of service attacks.en_ZA
dc.description.abstractAFRIKAANSE OPSOMMING : Reguliere uitdrukkings word gereeld gebruik in die skryf van sagteware. In die meeste gevalle stel sulke uitdrukkings mens in staat om patroonherkenningsprobleme op ’n doeltreffende manier op te los. Daar is egter sommige situasies waar hierdie proses uiters tydrowend kan wees. Die uitbuiting van sulke kwesbaarhede staan as ’n diensontseggingaanval bekend. Ons ondersoek hierdie aanvalle vanuit die oogpunt van berekeningskompleksiteit en outomateteorie. ’n Metode word gegee om die herkenningstyd van ’n terugspoor herkenner van reguliere uitdrukkings akkuraat te modelleer. Ons analiseer die modelle deur gebruik te maak van die konsep van dubbelsinnigheid in nie-deterministiese eindigetoestand-outomate. Die metodes word getoets deur dit toe te pas op magasyne van reguliere uitdrukkings wat in die praktyk gebruik word. Tegnieke om die kwesbaarheid van terugspoor herkenners van reguliere uitdrukkings te verbeter word ondersoek, met die doelwit om diensontseggingaanvalle te voorkom.af_ZA
dc.format.extentxiii, 100 pages : illustrationsen_ZA
dc.identifier.urihttp://hdl.handle.net/10019.1/102879
dc.language.isoen_ZAen_ZA
dc.publisherStellenbosch : Stellenbosch Universityen_ZA
dc.rights.holderStellenbosch Universityen_ZA
dc.subjectComputer programming language -- Regular expressionsen_ZA
dc.subjectUCTDen_ZA
dc.subjectAutomata theoryen_ZA
dc.subjectComputer programming language -- Denial-of-service attack (DoS attack)en_ZA
dc.subjectComputer programming language -- Backtracking matchersen_ZA
dc.subjectComputer software -- Static analysis techniquesen_ZA
dc.titleStatic analysis of regular expressionsen_ZA
dc.typeThesisen_ZA
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
weideman_static_2017.pdf
Size:
1.64 MB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Plain Text
Description: