English
Related papers

Related papers: Finding Security Vulnerabilities in Network Protoc…

200 papers

The high rate of false alarms from static analysis tools and Large Language Models (LLMs) complicates vulnerability detection in Solidity Smart Contracts, demanding methods that can formally or empirically prove the presence of defects.…

Software Engineering · Computer Science 2025-09-17 Ştefan-Claudiu Susan , Andrei Arusoaie , Dorel Lucanu

Greybox fuzzing has been widely used in stateless programs and has achieved great success. However, most state-of-the-art greybox fuzzers generally have the problems of slow speed and shallow state depth coverage in the process of fuzzing…

Cryptography and Security · Computer Science 2022-02-18 Junqiang Li , Senyi Li , Gang Sun , Ting Chen , Hongfang Yu

Inferring protocol formats is critical for many security applications. However, existing format-inference techniques often miss many formats, because almost all of them are in a fashion of dynamic analysis and rely on a limited number of…

Cryptography and Security · Computer Science 2023-05-22 Qingkai Shi , Junyang Shao , Yapeng Ye , Mingwei Zheng , Xiangyu Zhang

As the complexity of modern processors has increased over the years, developing effective verification strategies to identify bugs prior to manufacturing has become critical. Undiscovered micro-architectural bugs in processors can manifest…

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs,…

Software Engineering · Computer Science 2020-09-14 Dongdong She , Rahul Krishna , Lu Yan , Suman Jana , Baishakhi Ray

BusyBox, an open-source software bundling over 300 essential Linux commands into a single executable, is ubiquitous in Linux-based embedded devices. Vulnerabilities in BusyBox can have far-reaching consequences, affecting a wide array of…

Software Engineering · Computer Science 2025-03-26 Asmita , Yaroslav Oliinyk , Michael Scott , Ryan Tsang , Chongzhou Fang , Houman Homayoun

SpecFuzz is the first tool that enables dynamic testing for speculative execution vulnerabilities (e.g., Spectre). The key is a novel concept of speculation exposure: The program is instrumented to simulate speculative execution in software…

Cryptography and Security · Computer Science 2020-03-11 Oleksii Oleksenko , Bohdan Trach , Mark Silberstein , Christof Fetzer

We present a new and practical framework for security verification of secure architectures. Specifically, we break the verification task into external verification and internal verification. External verification considers the external…

Cryptography and Security · Computer Science 2018-07-06 Jakub Szefer , Tianwei Zhang , Ruby B. Lee

Consider the problem of verifying security properties of a cryptographic protocol coded in C. We propose an automatic solution that needs neither a pre-existing protocol description nor manual annotation of source code. First, symbolically…

Cryptography and Security · Computer Science 2011-07-07 Mihhail Aizatulin , Andrew D. Gordon , Jan Jürjens

Protocol detection is the process of determining the application layer protocol in the context of network security monitoring, which requires a timely and precise decision to enable protocol-specific deep packet inspection. This task has…

Networking and Internet Architecture · Computer Science 2019-12-10 Jan Grashöfer , Christian Titze , Hannes Hartenstein

Modern CPUs are black boxes, proprietary, and increasingly characterized by sophisticated microarchitectural flaws that evade traditional analysis. While some of these critical vulnerabilities have been uncovered through cumbersome manual…

Cryptography and Security · Computer Science 2026-01-09 Johannes Lenzen , Mohamadreza Rostami , Lichao Wu , Ahmad-Reza Sadeghi

WebAssembly binaries are often compiled from memory-unsafe languages, such as C and C++. Because of WebAssembly's linear memory and missing protection features, e.g., stack canaries, source-level memory vulnerabilities are exploitable in…

Cryptography and Security · Computer Science 2021-11-01 Daniel Lehmann , Martin Toldam Torp , Michael Pradel

Fuzzing is a security testing methodology effective in finding bugs. In a nutshell, a fuzzer sends multiple slightly malformed messages to the software under test, hoping for crashes or weird system behaviour. The methodology is relatively…

Cryptography and Security · Computer Science 2023-01-09 Cristian Daniele , Seyed Behnam Andarzian , Erik Poll

Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become more of an exciting target for…

Cryptography and Security · Computer Science 2021-03-11 Christof Ferreira Torres , Antonio Ken Iannillo , Arthur Gervais , Radu State

4G and 5G represent the current cellular communication standards utilized daily by billions of users for various applications. Consequently, ensuring the security of 4G and 5G network implementations is critically important. This paper…

Cryptography and Security · Computer Science 2024-10-29 Ilja Siroš , Dave Singelée , Bart Preneel

Distributed SDN (Software-Defined Networking) controllers have rapidly become an integral element of Wide Area Networks (WAN), particularly within SD-WAN, providing scalability and fault-tolerance for expansive network infrastructures.…

Cryptography and Security · Computer Science 2025-10-20 Jinwoo Kim , Minjae Seo , Eduard Marin , Seungsoo Lee , Jaehyun Nam , Seungwon Shin

Zero-knowledge proofs (ZKPs) have evolved from a theoretical cryptographic concept into a powerful tool for implementing privacy-preserving and verifiable applications without requiring trust assumptions. Despite significant progress in the…

Cryptography and Security · Computer Science 2025-05-01 Stefanos Chaliasos , Imam Al-Fath , Alastair Donaldson

The Resource Public Key Infrastructure (RPKI) has become essential to secure inter-domain routing. Despite its critical role, RPKI software remains largely untested beyond shallow parsing. Existing fuzzers, like AFL++ or libFuzzer, do not…

Cryptography and Security · Computer Science 2026-05-27 Haya Schulmann , Niklas Vogel

Processor designs rely on iterative modifications and reuse well-established designs. However, this reuse of prior designs also leads to similar vulnerabilities across multiple processors. As processors grow increasingly complex with…

Cryptography and Security · Computer Science 2025-12-09 Chen Chen , Zaiyan Xu , Mohamadreza Rostami , David Liu , Dileep Kalathil , Ahmad-Reza Sadeghi , Jeyavijayan Rajendran

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise…

Software Engineering · Computer Science 2026-01-21 Chi Thien Tran