English
Related papers

Related papers: Finding Security Vulnerabilities in Network Protoc…

200 papers

In the modern era where software plays a pivotal role, software security and vulnerability analysis are essential for secure software development. Fuzzing test, as an efficient and traditional software testing method, has been widely…

Software Engineering · Computer Science 2025-05-20 Linghan Huang , Peizhou Zhao , Huaming Chen , Lei Ma

Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar…

Artificial Intelligence · Computer Science 2017-01-26 Patrice Godefroid , Hila Peleg , Rishabh Singh

Very recently, Barman et al. proposed a multi-server authentication protocol using fuzzy commitment. The authors claimed that their protocol provides anonymity while resisting all known attacks. In this paper, we analyze that Barman et…

Cryptography and Security · Computer Science 2020-04-17 Hafeez Ur Rehman , Anwar Ghani , Shehzad Ashraf Chaudhry , Mohammed H. Alsharif , Narjes Nabipour

Formal verification is crucial for ensuring the robustness of security protocols against adversarial attacks. The Needham-Schroeder protocol, a foundational authentication mechanism, has been extensively studied, including its integration…

Cryptography and Security · Computer Science 2025-08-29 Kangfeng Ye , Roberto Metere , Jim Woodcock , Poonam Yadav

Mutation testing consists of generating test cases that detect faults injected into software (generating mutants) which its original test suite could not. By running such an augmented set of test cases, it may discover actual faults that…

Software Engineering · Computer Science 2024-06-05 Jaekwon Lee , Enrico Viganò , Fabrizio Pastore , Lionel Briand

Memory corruption is a serious class of software vulnerabilities, which requires careful attention to be detected and removed from applications before getting exploited and harming the system users. Symbolic execution is a well-known method…

Cryptography and Security · Computer Science 2025-09-16 Sara Baradaran , Mahdi Heidari , Ali Kamali , Maryam Mouzarani

Finding software vulnerabilities in concurrent programs is a challenging task due to the size of the state-space exploration, as the number of interleavings grows exponentially with the number of program threads and statements. We propose…

Software Engineering · Computer Science 2022-10-21 Fatimah K. Aljaafari , Rafael Menezes , Edoardo Manino , Fedor Shmarov , Mustafa A. Mustafa , Lucas C. Cordeiro

Computer-based systems have been used to solve several domain problems, such as industrial, military, education, and wearable. Those systems need high-quality software to guarantee security and safety. We advocate that Bounded Model…

Cryptography and Security · Computer Science 2021-02-05 Thales Silva , Carmina Porto , Erickson Alves , Lucas Cordeiro , Herbert Rocha

Open source software vulnerabilities pose significant security risks to downstream applications. While vulnerability databases provide valuable information for mitigation, many security patches are released silently in new commits of OSS…

Software Engineering · Computer Science 2025-03-27 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Zhe Lang , David Lo , Shichao Lv , Dongliang Fang , Zhiqiang Shi , Limin Sun

Testing of network services represents one of the biggest challenges in cyber security. Because new vulnerabilities are detected on a regular basis, more research is needed. These faults have their roots in the software development cycle or…

Cryptography and Security · Computer Science 2018-03-29 Josip Bozic , Lina Marsso , Radu Mateescu , Franz Wotawa

Hardware flaws are permanent and potent: hardware cannot be patched once fabricated, and any flaws may undermine any software executing on top. Consequently, verification time dominates implementation time. The gold standard in hardware…

Hardware Architecture · Computer Science 2021-02-05 Timothy Trippel , Kang G. Shin , Alex Chernyakhovsky , Garret Kelly , Dominic Rizzo , Matthew Hicks

This thesis presents an automated method for verifying security properties of protocol implementations written in the C language. We assume that each successful run of a protocol follows the same path through the C code, justified by the…

Cryptography and Security · Computer Science 2020-01-06 Mihhail Aizatulin

In recent years, the increasing awareness of cybersecurity has led to a heightened focus on information security within hardware devices and products. Incorporating Trusted Execution Environments (TEEs) into product designs has become a…

Cryptography and Security · Computer Science 2025-07-14 Chun-I Fan , Li-En Chang , Cheng-Han Shie

Fuzzing is an effective technique for discovering software vulnerabilities by generating random test inputs and executing them against the target program. However, fuzzing large and complex programs remains challenging due to difficulties…

Cryptography and Security · Computer Science 2024-06-10 Dongdong She , Adam Storek , Yuchong Xie , Seoyoung Kweon , Prashast Srivastava , Suman Jana

Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Recently, researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are…

Cryptography and Security · Computer Science 2018-10-22 George Klees , Andrew Ruef , Benji Cooper , Shiyi Wei , Michael Hicks

Fuzzing is a widely used technique for detecting vulnerabilities in smart contracts, which generates transaction sequences to explore the execution paths of smart contracts. However, existing fuzzers are falling short in detecting…

Cryptography and Security · Computer Science 2025-11-18 Jie Chen , Liangmin Wang

Mutation testing can help minimize the delivery of faulty software. Therefore, it is a recommended practice for developing embedded software in safety-critical cyber-physical systems (CPS). However, state-of-the-art mutation testing…

Software Engineering · Computer Science 2025-07-04 Jaekwon Lee , Fabrizio Pastore , Lionel Briand

We present a new benchmark (ProFuzzBench) for stateful fuzzing of network protocols. The benchmark includes a suite of representative open-source network servers for popular protocols, and tools to automate experimentation. We discuss…

Cryptography and Security · Computer Science 2021-01-14 Roberto Natella , Van-Thuan Pham

Fuzzing has proven to be a highly effective approach to uncover software bugs over the past decade. After AFL popularized the groundbreaking concept of lightweight coverage feedback, the field of fuzzing has seen a vast amount of scientific…

The neural network has become an integral part of modern software systems. However, they still suffer from various problems, in particular, vulnerability to adversarial attacks. In this work, we present a novel program reasoning framework…

Artificial Intelligence · Computer Science 2023-03-27 Zi Wang , Somesh Jha , Krishnamurthy , Dvijotham