Static analysis of regular expressions
dc.contributor.advisor | Van der Merwe, Andries Brink | en_ZA |
dc.contributor.author | Weideman, Nicolaas Hendrik | en_ZA |
dc.contributor.other | Stellenbosch University. Faculty of Science. Dept. of Mathematical Sciences. Division Computer Science. | en_ZA |
dc.date.accessioned | 2017-11-19T13:28:16Z | |
dc.date.accessioned | 2017-12-11T11:07:11Z | |
dc.date.available | 2017-11-19T13:28:16Z | |
dc.date.available | 2017-12-11T11:07:11Z | |
dc.date.issued | 2017-11-19 | |
dc.description | Thesis (MSc)--Stellenbosch University, 2017 | en_ZA |
dc.description.abstract | ENGLISH ABSTRACT : Regular expressions are widely used throughout the programming community. In most cases, regular expressions allow for pattern matching tasks to be performed efficiently, but in some instances regular expression matching can be extremely slow. The exploit of the potential slowness of regular expression matching, is known as a regular expression denial of service attack. We investigate regular expression denial of service attacks, by approaching it from a computational complexity and automata theoretic point of view. A method for accurately modeling the matching time behaviour of a backtracking regular expression matcher, by using automata theoretic methods, is presented. We analyze our models by using the concept of ambiguity in nondeterministic finite-state automata. Our approach is evaluated on repositories of regular expressions often used in practice. Techniques for mitigating the vulnerability of backtracking regular expression matchers are investigated as a means to thwart regular expression denial of service attacks. | en_ZA |
dc.description.abstract | AFRIKAANSE OPSOMMING : Reguliere uitdrukkings word gereeld gebruik in die skryf van sagteware. In die meeste gevalle stel sulke uitdrukkings mens in staat om patroonherkenningsprobleme op ’n doeltreffende manier op te los. Daar is egter sommige situasies waar hierdie proses uiters tydrowend kan wees. Die uitbuiting van sulke kwesbaarhede staan as ’n diensontseggingaanval bekend. Ons ondersoek hierdie aanvalle vanuit die oogpunt van berekeningskompleksiteit en outomateteorie. ’n Metode word gegee om die herkenningstyd van ’n terugspoor herkenner van reguliere uitdrukkings akkuraat te modelleer. Ons analiseer die modelle deur gebruik te maak van die konsep van dubbelsinnigheid in nie-deterministiese eindigetoestand-outomate. Die metodes word getoets deur dit toe te pas op magasyne van reguliere uitdrukkings wat in die praktyk gebruik word. Tegnieke om die kwesbaarheid van terugspoor herkenners van reguliere uitdrukkings te verbeter word ondersoek, met die doelwit om diensontseggingaanvalle te voorkom. | af_ZA |
dc.format.extent | xiii, 100 pages : illustrations | en_ZA |
dc.identifier.uri | http://hdl.handle.net/10019.1/102879 | |
dc.language.iso | en_ZA | en_ZA |
dc.publisher | Stellenbosch : Stellenbosch University | en_ZA |
dc.rights.holder | Stellenbosch University | en_ZA |
dc.subject | Computer programming language -- Regular expressions | en_ZA |
dc.subject | UCTD | en_ZA |
dc.subject | Automata theory | en_ZA |
dc.subject | Computer programming language -- Denial-of-service attack (DoS attack) | en_ZA |
dc.subject | Computer programming language -- Backtracking matchers | en_ZA |
dc.subject | Computer software -- Static analysis techniques | en_ZA |
dc.title | Static analysis of regular expressions | en_ZA |
dc.type | Thesis | en_ZA |