Presentation

forum

Visible to the public The best Packing Tricks for the Perfect Relocation

Packing should be done properly if you want the best moving without the damages. There is no doubt that many things are there to be taken care of to make the transit perfect. But if the goods are not properly organized and packed, then no matter how the rest things will be, the problems you have to face.

file

Visible to the public What Blockchain Got Right, No Really

file

Visible to the public Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It

In spite of significant effort by the security community, the number of vulnerabilities reported in production systems has continued to increase. Automated vulnerability identification provides a promising path forward, minimizing the human effort and expertise needed. For example, recent developments in fuzzing to find memory errors or static and dynamic analyses to find improper uses of sanitizers have proven useful at finding large numbers of vulnerabilities quickly. However, the potential impact of these techniques remains an open question.

file

Visible to the public Checked C: Safe C, Incrementally

Vulnerabilities that compromise memory safety are at the heart of many attacks. Spatial safety, one aspect of memory safety, is ensured when any pointer dereference is always within the memory allocated to that pointer. Buffer overruns violate spatial safety, and still constitute a com-mon cause of vulnerability. During 2012-2018, buffer overruns were the source of 9.7% to 18.4% of CVEs re-ported in the NIST vulnerability database, constituting the leading single cause of CVEs.

file

Visible to the public Understanding Attestation: Analyzing Protocols that Use Quotes

Attestation protocols use digital signatures and other cryptographic values to convey evidence of hardware state, program code, and associated keys. They require hardware support such as Trusted Execution Environments or Trusted Platform Modules. Conclusions about attestations thus require reasoning about protocols, relevant hardware services, and possible behaviors of programs jointly.

file

Visible to the public Automating Avionics Certification activities using Formal Methods

Certification of avionics software is achieved by following a rigorous, prescriptive development process, defined in Software Considerations in Airborne Systems and Equipment Certification, commonly referred to as DO-178C .This process prescribes software development and verification activities that result in airworthy software. Developing compliant software that adheres to the standard is costly and time consuming; for the most-critical avionics software there are 69 objectives that must be satisfied.

file

Visible to the public Semantics-Driven Testing of the PKCS11 API

PKCS11 is an industry standard API for communicating with cryptographic devices such as hardware security modules (HSMs). PKCS11 is a security critical API, and so implementation errors can have serious consequences. However, the PKCS11 standard is large and complex, with 100 pages of documentation for almost 50 functions. As a result, it is very challenging for developers to avoid API implementation errors. This is the problem that our work addresses.