You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Attacks that use some kind of index to isolate or duplicate particular rows rely on creating some kind of index vector. Modifications to repDS, rbindDS and cDS might help protect against this style of attack while allowing legitimate use to continue without issue.
The proposals are:
Add concentration traps to rbindDS and cDS to stop vectors like (1,0,0,0,0,0,0,0,0) that can be used to isolate rows
Stop the generation of unique values (ie an index) using repDS. We need to check whether there would be a legitimate reason for doing this. Note that this is not a complete solution, and it is still possible to generate a few different vectors where the rows aren't unique and then combine them with arithmetic operations that result in a vector with unique rows.
The next step might be to stop arithmetic that results in a vector of unique values, but that would stop genuine usage commands
The text was updated successfully, but these errors were encountered:
Attacks that use some kind of index to isolate or duplicate particular rows rely on creating some kind of index vector. Modifications to repDS, rbindDS and cDS might help protect against this style of attack while allowing legitimate use to continue without issue.
The proposals are:
The next step might be to stop arithmetic that results in a vector of unique values, but that would stop genuine usage commands
The text was updated successfully, but these errors were encountered: