How reliable is the crowdsourced knowledge of security implementation?
Stack Overflow (SO) is the most popular online Q&A site for developers to share their
expertise in solving programming issues. Given multiple answers to a certain question …
expertise in solving programming issues. Given multiple answers to a certain question …
{APISan}: Sanitizing {API} Usages through Semantic {Cross-Checking}
API misuse is a well-known source of bugs. Some of them (eg, incorrect use of SSL API, and
integer overflow of memory allocation size) can cause serious security vulnerabilities (eg …
integer overflow of memory allocation size) can cause serious security vulnerabilities (eg …
Symcerts: Practical symbolic execution for exposing noncompliance in X. 509 certificate validation implementations
The X. 509 Public-Key Infrastructure has long been used in the SSL/TLS protocol to achieve
authentication. A recent trend of Internet-of-Things (IoT) systems employing small footprint …
authentication. A recent trend of Internet-of-Things (IoT) systems employing small footprint …
Example-based vulnerability detection and repair in java code
The Java libraries JCA and JSSE offer cryptographic APIs to facilitate secure coding. When
developers misuse some of the APIs, their code becomes vulnerable to cyber-attacks. To …
developers misuse some of the APIs, their code becomes vulnerable to cyber-attacks. To …
Evaluating the security of open radio access networks
The Open Radio Access Network (O-RAN) is a promising RAN architecture, aimed at
reshaping the RAN industry toward an open, adaptive, and intelligent RAN. In this paper, we …
reshaping the RAN industry toward an open, adaptive, and intelligent RAN. In this paper, we …
[PDF][PDF] Practical Security Analysis of Zero-Knowledge Proof Circuits.
As privacy-sensitive applications based on zero-knowledge proofs (ZKPs) gain increasing
traction, there is a pressing need to detect vulnerabilities in ZKP circuits. This paper studies …
traction, there is a pressing need to detect vulnerabilities in ZKP circuits. This paper studies …
[PDF][PDF] 软件与网络安全研究综述
刘剑, 苏璞睿, 杨珉, 和亮, 张源, 朱雪阳, 林惠民 - 软件学报, 2017 - jos.org.cn
互联网已经渗入人类社会的各个方面, 极大地推动了社会进步. 与此同时, 各种形式的网络犯罪,
网络窃密等问题频繁发生, 给社会和国家安全带来了极大的危害. 网络安全已经成为公众和政府 …
网络窃密等问题频繁发生, 给社会和国家安全带来了极大的危害. 网络安全已经成为公众和政府 …
Devils in the guidance: predicting logic vulnerabilities in payment syndication services through automated documentation analysis
Finding logic flaws today relies on the program analysis that leverages the functionality
information reported in the program's documentation. Our research, however, shows that the …
information reported in the program's documentation. Our research, however, shows that the …
Arbitrar: User-guided api misuse detection
Software APIs exhibit rich diversity and complexity which not only renders them a common
source of programming errors but also hinders program analysis tools for checking them …
source of programming errors but also hinders program analysis tools for checking them …
Oauthlint: An empirical study on oauth bugs in android applications
Mobile developers use OAuth APIs to implement Single-Sign-On services. However, the
OAuth protocol was originally designed for the authorization for third-party websites not to …
OAuth protocol was originally designed for the authorization for third-party websites not to …