Privacy in the smart city—applications, technologies, challenges, and solutions
Many modern cities strive to integrate information technology into every aspect of city life to
create so-called smart cities. Smart cities rely on a large number of application areas and …
create so-called smart cities. Smart cities rely on a large number of application areas and …
Automatic detection of Java cryptographic API misuses: Are we there yet?
The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …
correctly using these APIs is challenging for developers who lack cybersecurity training …
Secure coding practices in java: Challenges and vulnerabilities
The Java platform and its third-party libraries provide useful features to facilitate secure
coding. However, misusing them can cost developers time and effort, as well as introduce …
coding. However, misusing them can cost developers time and effort, as well as introduce …
{FuzzGen}: Automatic fuzzer generation
Fuzzing is a testing technique to discover unknown vulnerabilities in software. When
applying fuzzing to libraries, the core idea of supplying random input remains unchanged …
applying fuzzing to libraries, the core idea of supplying random input remains unchanged …
Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects
Cryptographic API misuses, such as exposed secrets, predictable random numbers, and
vulnerable certificate verification, seriously threaten software security. The vision of …
vulnerable certificate verification, seriously threaten software security. The vision of …
The cookie hunter: Automated black-box auditing for web authentication and authorization flaws
In this paper, we focus on authentication and authorization flaws in web apps that enable
partial or full access to user accounts. Specifically, we develop a novel fully automated black …
partial or full access to user accounts. Specifically, we develop a novel fully automated black …
Cognicrypt: Supporting developers in using cryptography
Previous research suggests that developers often struggle using low-level cryptographic
APIs and, as a result, produce insecure code. When asked, developers desire, among other …
APIs and, as a result, produce insecure code. When asked, developers desire, among other …
Security of open radio access networks
Abstract The Open Radio Access Network (O-RAN) is a promising radio access network
(RAN) architecture aimed at reshaping the RAN industry toward an open, adaptive, and …
(RAN) architecture aimed at reshaping the RAN industry toward an open, adaptive, and …
HVLearn: Automated black-box analysis of hostname verification in SSL/TLS implementations
S Sivakorn, G Argyros, K Pei… - … IEEE Symposium on …, 2017 - ieeexplore.ieee.org
SSL/TLS is the most commonly deployed family of protocols for securing network
communications. The security guarantees of SSL/TLS are critically dependent on the correct …
communications. The security guarantees of SSL/TLS are critically dependent on the correct …
Why eve and mallory still love android: Revisiting {TLS}({In) Security} in android applications
Android applications have a long history of being vulnerable to man-in-the-middle attacks
due to insecure custom TLS certificate validation implementations. To resolve this, Google …
due to insecure custom TLS certificate validation implementations. To resolve this, Google …