GadgetCA: A Tool for Generating ReDoS Attacks

GadgetCA - Nástroj pro generování ReDoS útoků

software

In order to use the result by another entity, it is always necessary to acquire a license

The licensor does not require a license fee for the result

Holík Lukáš, doc. Mgr., Ph.D. (DITS)
Holíková Lenka, Ing., Ph.D. (DITS)
Homoliak Ivan, Ing., Ph.D. (DITS)
Lengál Ondřej, Ing., Ph.D. (DITS)
Vojnar Tomáš, prof. Ing., Ph.D. (DITS)
Veanes Margus

regular expressions, pattern matching, security, counting-set automata, ReDoS, generator

The tool allows to generate ReDoS attacks for automata-based matchers. It is the first generator capable of attacking the automata-based matchers using bounded repetition. It is based on counting-set automata (CsA) which are small and can be constructed faster than deterministic counting automata (DFA). 

Nástroj i dokumentaci lze získat na URL: http://www.fit.vutbr.cz/research/groups/verifit/tools/gadgetca

Free software under the terms of GNU GPL (cf. http://www.gnu.org/licenses/gpl.html).

Efficient Finite Automata for Automated Reasoning, MŠMT, ERC CZ, LL1908, 2020-2024, running
Scalable Techniques for Analysis of Complex Properties of Computer Systems, GACR, Standardní projekty, GA20-07487S, 2020-2022, running
Spolehlivé, bezpečné a efektivní počítačové systémy, BUT, Vnitřní projekty VUT, FIT-S-20-6427, 2020-2023, completed

Automated Analysis and Verification Research Group - VeriFIT (RG VERIFIT)
IT Security Research Group (RG Security@FIT)

Department of Intelligent Systems (DITS)