{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T14:19:15Z","timestamp":1730297955312,"version":"3.28.0"},"reference-count":85,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179442","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"1238-1255","source":"Crossref","is-referenced-by-count":2,"title":["Improving Developers\u2019 Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix Strategies"],"prefix":"10.1109","author":[{"given":"Sk Adnan","family":"Hassan","sequence":"first","affiliation":[{"name":"Virginia Tech,Blacksburg,VA,USA"}]},{"given":"Zainab","family":"Aamir","sequence":"additional","affiliation":[{"name":"Stony Brook University,Stony Brook,NY,USA"}]},{"given":"Dongyoon","family":"Lee","sequence":"additional","affiliation":[{"name":"Stony Brook University,Stony Brook,NY,USA"}]},{"given":"James C.","family":"Davis","sequence":"additional","affiliation":[{"name":"Purdue University,West Lafayette,IN,USA"}]},{"given":"Francisco","family":"Servant","sequence":"additional","affiliation":[{"name":"University of M&#x00E1;laga,M&#x00E1;laga,Spain"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931073"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236027"},{"key":"ref3","first-page":"21","article-title":"Regular expression learning for information extraction","volume-title":"Proceedings of the Conference on Empirical Methods in Natural Language Processing (EMNLP 08)","author":"Li"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2016.7783747"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/1989323.1989479"},{"key":"ref6","first-page":"118","article-title":"oaw xtext: A framework for textual dsls","volume-title":"Workshop on Modeling Symposium at Eclipse Summit","volume":"32","author":"Efftinge"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"ref9","article-title":"Owasp modsecurity core rule set"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2015.2439274"},{"key":"ref11","article-title":"Denial of service through regular expressions","author":"Crosby","year":"2003","journal-title":"USENIX Security work in progress report"},{"key":"ref12","article-title":"VAC - ReDoS: Regular Expression Denial Of Service","author":"Roichman","year":"2009","journal-title":"Open Web Application Security Project (OWASP)"},{"article-title":"Outage postmortem","year":"2016","author":"Exchange","key":"ref13"},{"author":"Graham-Cumming","key":"ref14","article-title":"Details of the cloudflare outage on july 2, 2019"},{"article-title":"Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers","volume-title":"USENIX Security Symposium (USENIX Security)","author":"Staicu","key":"ref15"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510047"},{"key":"ref17","first-page":"109","article-title":"Analyzing Catastrophic Backtracking Behavior in Practical Regular Expression Matching","volume-title":"EPTCS: Automata and Formal Languages 2014","volume":"151","author":"Berglund","year":"2014"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40946-7_27"},{"key":"ref19","article-title":"Static Analysis of Regular Expressions","volume-title":"MS Thesis","author":"Weideman","year":"2017"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54580-5_1"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/sp40001.2021.00062"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38631-2_11"},{"key":"ref23","article-title":"Static Analysis for Regular Expression Exponential Runtime via Substructural Logics","author":"Rathnayake","year":"2014","journal-title":"CoRR"},{"issue":"3","key":"ref24","first-page":"222","article-title":"Checking Time Linearity of Regular Expression Matching Based on Backtracking","volume":"9","author":"Sugiyama","year":"2014","journal-title":"Information and Media Technologies"},{"issue":"5","key":"ref25","first-page":"543","article-title":"Derivative-Based Diagnosis of Regular Expression Ambiguity","volume-title":"International Journal of Foundations of Computer Science","volume":"28","author":"Sulzmann","year":"2017"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238159"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3129416.3129440"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3071178.3071196"},{"key":"ref29","first-page":"659","article-title":"Flashregex: deducing anti-redos regexes from examples","volume-title":"2020 35th IEEE\/ACM International Conference on Automated Software Engineering (ASE).","author":"Li"},{"article-title":"Regis: Regular expression simplification via rewrite-guided synthesis","year":"2021","author":"Claver","key":"ref30"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338909"},{"article-title":"Improving Developers\u2019 Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix Strategies","year":"2022","author":"Hassan","key":"ref33"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1515\/9781400882618-002"},{"key":"ref35","volume-title":"Introduction to the Theory of Computation","volume":"2","author":"Sipser","year":"2006"},{"volume-title":"Mastering regular expressions","year":"2002","author":"Friedl","key":"ref36"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00048"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/1836089.1836120"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1147\/rd.32.0114"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(91)90381-B"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85780-8_8"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1137\/0214044"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00032"},{"key":"ref44","first-page":"35","article-title":"A regular-expression matcher","author":"Spencer","year":"1994","journal-title":"Software solutions in C"},{"article-title":"Regular Expression Matching Can Be Simple And Fast (but is slow in Java, Perl, PHP, Python, Ruby, \u2026)","year":"2007","author":"Cox","key":"ref45"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00047"},{"key":"ref47","article-title":"On the impact and defeat of regular expression denial of service","volume-title":"Ph.D. dissertation","author":"Davis","year":"2020"},{"key":"ref48","article-title":"Denial of Service via Algorithmic Complexity Attacks","author":"Crosby","year":"2003","journal-title":"USENIX Security"},{"key":"ref49","first-page":"4165","article-title":"Counting in regexes considered harmful: Exposing ReDoS vulnerability of nonbacktracking matchers","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Turo\u0148ov\u00e1"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2019.00039"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8667972"},{"key":"ref52","first-page":"3847","article-title":"{ReDoSHunter}: A combined static and dynamic approach for regular expression {DoS} detection","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Li"},{"key":"ref53","first-page":"4219","article-title":"Regulator: Dynamic analysis to detect ReDoS","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"McLaughlin"},{"key":"ref54","doi-asserted-by":"crossref","DOI":"10.1145\/3133956.3134073","article-title":"SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities","volume-title":"Computer and Communications Security (CCS)","author":"Petsios","year":"2017"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236039"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213868"},{"key":"ref57","first-page":"393","article-title":"Rampart: Protecting web applications from cpuexhaustion denial-of-service attacks","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Meng"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24415"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833597"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00077"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3544216.3544250"},{"key":"ref62","first-page":"343","article-title":"A sense of time for javascript and node. js: First-class timeouts as a cure for event handler poisoning","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Davis"},{"key":"ref63","first-page":"693","article-title":"Detecting asymmetric application-layer denial-ofservice attacks in-flight with finelame","volume-title":"2019 USENIX Annual Technical Conference (USENIX ATC)","author":"Demoulin"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/321239.321249"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/363347.363387"},{"article-title":"Regular Expression Matching in the Wild","year":"2010","author":"Cox","key":"ref66"},{"author":"Developers","key":"ref67","article-title":"regex - rust"},{"key":"ref68","article-title":"regexp - go"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17462-0_24"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-34175-6_24"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/3428286"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-07469-1_3"},{"article-title":"dk. brics. automaton\u2013finite-state automata and regular expressions for java","year":"2010","author":"M\u00f8ller","key":"ref73"},{"journal-title":"Compilers: principles, techniques and tools","year":"2020","author":"Aho","key":"ref74"},{"year":"2013","key":"ref75","article-title":"safe-regex"},{"key":"ref76","article-title":"antlr-pcre"},{"key":"ref77","first-page":"781","volume-title":"Precision and Recall","author":"Ting","year":"2010"},{"article-title":"Automatic repair of vulnerable regular expressions","year":"2020","author":"Chida","key":"ref78"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4612-4380-9_16"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511761676"},{"key":"ref81","article-title":"Pypi \u2013 the python package index"},{"key":"ref82","article-title":"npm"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-84800-044-5_3"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-013-9286-4"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409670"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","start":{"date-parts":[[2023,5,21]]},"location":"San Francisco, CA, USA","end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179442.pdf?arnumber=10179442","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:18:53Z","timestamp":1721452733000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179442\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":85,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179442","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}