{"id":"https://openalex.org/W2906397449","doi":"https://doi.org/10.1109/ccst.2018.8585565","title":"Maximizing and Leveraging Behavioral Discrepancies in TLS Implementations using Response-Guided Differential Fuzzing","display_name":"Maximizing and Leveraging Behavioral Discrepancies in TLS Implementations using Response-Guided Differential Fuzzing","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2906397449","doi":"https://doi.org/10.1109/ccst.2018.8585565","mag":"2906397449"},"language":"en","primary_location":{"id":"doi:10.1109/ccst.2018.8585565","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccst.2018.8585565","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 International Carnahan Conference on Security Technology (ICCST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020684950","display_name":"Andreas Walz","orcid":"https://orcid.org/0000-0003-4485-5871"},"institutions":[{"id":"https://openalex.org/I913140155","display_name":"Offenburg University of Applied Sciences","ror":"https://ror.org/03zh5eq96","country_code":"DE","type":"education","lineage":["https://openalex.org/I913140155"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Andreas Walz","raw_affiliation_strings":["Institute of Reliable Embedded Systems and Communication Electronics (ivESK), Offenburg University of Applied Sciences, Offenburg, Germany"],"affiliations":[{"raw_affiliation_string":"Institute of Reliable Embedded Systems and Communication Electronics (ivESK), Offenburg University of Applied Sciences, Offenburg, Germany","institution_ids":["https://openalex.org/I913140155"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019197766","display_name":"Axel Sikora","orcid":"https://orcid.org/0000-0003-0878-2919"},"institutions":[{"id":"https://openalex.org/I913140155","display_name":"Offenburg University of Applied Sciences","ror":"https://ror.org/03zh5eq96","country_code":"DE","type":"education","lineage":["https://openalex.org/I913140155"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Axel Sikora","raw_affiliation_strings":["Institute of Reliable Embedded Systems and Communication Electronics (ivESK), Offenburg University of Applied Sciences, Offenburg, Germany"],"affiliations":[{"raw_affiliation_string":"Institute of Reliable Embedded Systems and Communication Electronics (ivESK), Offenburg University of Applied Sciences, Offenburg, Germany","institution_ids":["https://openalex.org/I913140155"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5020684950"],"corresponding_institution_ids":["https://openalex.org/I913140155"],"apc_list":null,"apc_paid":null,"fwci":0.8842,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.78548627,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"5"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.9076552391052246},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.8346213102340698},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8258201479911804},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.4426397979259491},{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.42671650648117065},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.41629162430763245},{"id":"https://openalex.org/keywords/computer-engineering","display_name":"Computer engineering","score":0.369948148727417},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.34577828645706177},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.17528384923934937},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.16254368424415588},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.1506878137588501}],"concepts":[{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.9076552391052246},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.8346213102340698},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8258201479911804},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.4426397979259491},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.42671650648117065},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.41629162430763245},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.369948148727417},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34577828645706177},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.17528384923934937},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.16254368424415588},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.1506878137588501},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/ccst.2018.8585565","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccst.2018.8585565","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 International Carnahan Conference on Security Technology (ICCST)","raw_type":"proceedings-article"},{"id":"pmh:oai:opus.hs-offenburg.de:3259","is_oa":false,"landing_page_url":"https://opus.hs-offenburg.de/frontdoor/index/index/docId/3259","pdf_url":null,"source":{"id":"https://openalex.org/S4377196587","display_name":"Opus-HSO (Offenburg University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I913140155","host_organization_name":"Offenburg University of Applied Sciences","host_organization_lineage":["https://openalex.org/I913140155"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"doc-type:conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W109452506","https://openalex.org/W348312514","https://openalex.org/W1425767035","https://openalex.org/W1495444061","https://openalex.org/W1769343819","https://openalex.org/W1975344666","https://openalex.org/W1976919795","https://openalex.org/W2002934700","https://openalex.org/W2026701697","https://openalex.org/W2054426341","https://openalex.org/W2064815039","https://openalex.org/W2070775894","https://openalex.org/W2098456636","https://openalex.org/W2101577935","https://openalex.org/W2266218113","https://openalex.org/W2279278072","https://openalex.org/W2414287720","https://openalex.org/W2532335977","https://openalex.org/W2533393700","https://openalex.org/W2605564737","https://openalex.org/W2640092413","https://openalex.org/W2672575173","https://openalex.org/W2701082322","https://openalex.org/W2765827436","https://openalex.org/W2768217564","https://openalex.org/W2792156287","https://openalex.org/W2795354477","https://openalex.org/W2952321600","https://openalex.org/W2964097210","https://openalex.org/W4210531213","https://openalex.org/W4238083723","https://openalex.org/W6604335577","https://openalex.org/W6611718138","https://openalex.org/W6664777274","https://openalex.org/W6745254730","https://openalex.org/W6764151711"],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W2766647240","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W3203597304","https://openalex.org/W4248424560","https://openalex.org/W3023977444","https://openalex.org/W4210660460","https://openalex.org/W2752178021"],"abstract_inverted_index":{"The":[0],"Transport":[1],"Layer":[2],"Security":[3],"(TLS)":[4],"protocol":[5],"is":[6,34,63,176,219],"a":[7,64,75,124,152,170],"cornerstone":[8],"of":[9,45,56,61,84,123,139,155],"secure":[10],"network":[11],"communication,":[12],"not":[13,136],"only":[14,137],"for":[15,24,48,81,198,222],"online":[16],"banking,":[17],"e-commerce,":[18],"and":[19,27,93,119,134,159,181,186,192,209,217,230,236],"social":[20],"media,":[21],"but":[22,141],"also":[23,142,211],"industrial":[25],"communication":[26],"cyber-physical":[28],"systems.":[29],"Unfortunately,":[30],"implementing":[31],"TLS":[32,50,86,95,104,117,140],"correctly":[33],"very":[35],"challenging,":[36],"as":[37,151],"becomes":[38],"evident":[39],"by":[40,73,121],"considering":[41],"the":[42,53,59,128,184],"high":[43,54],"frequency":[44],"bugfixes":[46],"filed":[47],"many":[49],"implementations.":[51,87],"Given":[52],"significance":[55],"TLS,":[57,199],"advancing":[58],"quality":[60],"implementations":[62,106,118,138,166],"sustained":[65],"pursuit.":[66],"We":[67,110,148],"strive":[68],"to":[69,132,143,168,178,206,227,233],"support":[70],"these":[71],"efforts":[72],"presenting":[74],"novel,":[76],"response-distribution":[77],"guided":[78],"fuzzing":[79],"algorithm":[80,89,113],"differential":[82],"testing":[83],"black-box":[85],"Our":[88,174],"generates":[90],"highly":[91],"diverse":[92],"mostly-valid":[94],"stimulation":[96],"messages,":[97],"which":[98],"evoke":[99],"more":[100,162],"behavioral":[101],"discrepancies":[102],"in":[103,183,212,225],"server":[105],"than":[107],"other":[108,213],"algorithms.":[109],"evaluate":[111],"our":[112,202,238],"using":[114],"37":[115],"different":[116],"discuss":[120],"means":[122],"case":[125],"study":[126],"how":[127],"resulting":[129],"data":[130,218],"allows":[131],"assess":[133],"improve":[135],"identify":[144],"underspecified":[145],"corner":[146],"cases.":[147],"introduce":[149],"suspiciousness":[150,172],"per-implementation":[153],"metric":[154],"anomalous":[156],"implementation":[157,190],"behavior":[158],"find":[160],"that":[161],"recent":[163],"or":[164],"bug-fixed":[165],"tend":[167],"have":[169],"lower":[171],"score.":[173],"contribution":[175],"complementary":[177],"existing":[179],"tools":[180],"approaches":[182],"area,":[185],"can":[187],"help":[188],"reveal":[189],"flaws":[191],"avoid":[193],"regression.":[194],"While":[195],"being":[196],"presented":[197],"we":[200],"expect":[201],"algorithm's":[203],"guidance":[204],"scheme":[205],"be":[207],"applicable":[208],"useful":[210],"contexts.":[214],"Source":[215],"code":[216],"made":[220],"available":[221],"fellow":[223],"researchers":[224],"order":[226],"stimulate":[228],"discussions":[229],"invite":[231],"others":[232],"benefit":[234],"from":[235],"advance":[237],"work.":[239]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}