A messy state of the union: Taming the composite state machines of TLS
B Beurdouche, K Bhargavan… - Communications of the …, 2017 - dl.acm.org
The Transport Layer Security (TLS) protocol supports various authentication modes, key
exchange methods, and protocol extensions. Confusingly, each combination may prescribe …
exchange methods, and protocol extensions. Confusingly, each combination may prescribe …
Checking smart contracts with structural code embedding
Smart contracts have been increasingly used together with blockchains to automate
financial and business transactions. However, many bugs and vulnerabilities have been …
financial and business transactions. However, many bugs and vulnerabilities have been …
Implementing TLS with verified cryptographic security
TLS is possibly the most used protocol for secure communications, with a 18-year history of
flaws and fixes, ranging from its protocol logic to its cryptographic design, and from the …
flaws and fixes, ranging from its protocol logic to its cryptographic design, and from the …
The state of software for evolutionary biology
Abstract With Next Generation Sequencing data being routinely used, evolutionary biology
is transforming into a computational science. Thus, researchers have to rely on a growing …
is transforming into a computational science. Thus, researchers have to rely on a growing …
Automatically diagnosing and repairing error handling bugs in C
Correct error handling is essential for building reliable and secure systems. Unfortunately,
low-level languages like C often do not support any error handling primitives and leave it up …
low-level languages like C often do not support any error handling primitives and leave it up …
How {Double-Fetch} situations turn into {Double-Fetch} vulnerabilities: A study of double fetches in the linux kernel
We present the first static approach that systematically detects potential double-fetch
vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90 double …
vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90 double …
The care and feeding of wild-caught mutants
Mutation testing of a test suite and a program provides a way to measure the quality of the
test suite. In essence, mutation testing is a form of sensitivity testing: by running mutated …
test suite. In essence, mutation testing is a form of sensitivity testing: by running mutated …
Automatically detecting error handling bugs using error specifications
Incorrect error handling in security-sensitive code often leads to severe security
vulnerabilities. Implementing correct error handling is repetitive and tedious especially in …
vulnerabilities. Implementing correct error handling is repetitive and tedious especially in …
Fuzzing Error Handling Code using {Context-Sensitive} Software Fault Injection
Error handling code is often critical but difficult to test in reality. As a result, many hard-to-find
bugs exist in error handling code and may cause serious security problems once triggered …
bugs exist in error handling code and may cause serious security problems once triggered …
Apex: Automated inference of error specifications for c apis
Although correct error handling is crucial to software robustness and security, developers
often inadvertently introduce bugs in error handling code. Moreover, such bugs are hard to …
often inadvertently introduce bugs in error handling code. Moreover, such bugs are hard to …