Adversarial Input Vulnerabilities in Data Structures Taught at KTH

Abstract: The ever growing amount of data being collected online has led to a need for efficient methods of processing large data sets. One proposed and commonly implemented method is the use of Probabilistic Data Structures (PDSs). However, researchers have in recent years proposed attacks exploiting rudimentary adversarial input vulnerabilities in multiple PDSs. The simplicity of these attacks implies that the security of PDSs, and maybe data structures in general, have not been considered properly from an adversarial perspective. A possible reason for this may be a lack of education pertaining to data structures in adversarial environments in current computer science courses and programs. In this report, the Degree Programme in Computer Science (CDATE) provided at KTH Royal Institute of Technology was examined with regards to what data structures are being taught, what vulnerabilities they possess and if the education pertaining to security is sufficient for students to be able to identify simple attacks on the structures. To do this, we provide an analysis of the CDATE content related to the topic in the light of recent research. Additionally, a questionnaire was developed and distributed to students of the programme to test their knowledge of data structures in adversarial environments. Our findings indicate that while CDATE does provide sufficient education for students to understand fundamental vulnerabilities, the programme does not teach the students to look for them in an adversarial environment. We propose that incorporating the adversarial perspective briefly throughout the education could facilitate students applying the perspective themselves to recognize possible exploits, thereby enhancing the integrity of their future work.