{"id":"https://openalex.org/W2856489528","doi":"https://doi.org/10.1109/infcomw.2018.8407011","title":"Towards best secure coding practice for implementing SSL/TLS","display_name":"Towards best secure coding practice for implementing SSL/TLS","publication_year":2018,"publication_date":"2018-04-01","ids":{"openalex":"https://openalex.org/W2856489528","doi":"https://doi.org/10.1109/infcomw.2018.8407011","mag":"2856489528"},"language":"en","primary_location":{"id":"doi:10.1109/infcomw.2018.8407011","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infcomw.2018.8407011","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016425560","display_name":"Mohannad Alhanahnah","orcid":"https://orcid.org/0000-0001-7108-3809"},"institutions":[{"id":"https://openalex.org/I114395901","display_name":"University of Nebraska\u2013Lincoln","ror":"https://ror.org/043mer456","country_code":"US","type":"education","lineage":["https://openalex.org/I114395901"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Mohannad Alhanahnah","raw_affiliation_strings":["Department of Computer Science and Engineering, University of Nebraska-Lincoln, Lincoln, NE, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, University of Nebraska-Lincoln, Lincoln, NE, USA","institution_ids":["https://openalex.org/I114395901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5042277127","display_name":"Qiben Yan","orcid":"https://orcid.org/0000-0001-6272-7668"},"institutions":[{"id":"https://openalex.org/I114395901","display_name":"University of Nebraska\u2013Lincoln","ror":"https://ror.org/043mer456","country_code":"US","type":"education","lineage":["https://openalex.org/I114395901"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qiben Yan","raw_affiliation_strings":["Department of Computer Science and Engineering, University of Nebraska-Lincoln, Lincoln, NE, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, University of Nebraska-Lincoln, Lincoln, NE, USA","institution_ids":["https://openalex.org/I114395901"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5016425560"],"corresponding_institution_ids":["https://openalex.org/I114395901"],"apc_list":null,"apc_paid":null,"fwci":0.4954,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.63044487,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8543564081192017},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.6596591472625732},{"id":"https://openalex.org/keywords/eavesdropping","display_name":"Eavesdropping","score":0.6230391263961792},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5486829280853271},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.509706974029541},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4868301749229431},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.4860732853412628},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.4688250720500946},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.44928503036499023},{"id":"https://openalex.org/keywords/public-key-infrastructure","display_name":"Public key infrastructure","score":0.4463827610015869},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.43040335178375244},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4220000207424164},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2559322118759155},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.23805788159370422},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.23760771751403809},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.16473248600959778},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.1209675669670105},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.11215698719024658}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8543564081192017},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.6596591472625732},{"id":"https://openalex.org/C2776788033","wikidata":"https://www.wikidata.org/wiki/Q320769","display_name":"Eavesdropping","level":2,"score":0.6230391263961792},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5486829280853271},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.509706974029541},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4868301749229431},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.4860732853412628},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.4688250720500946},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.44928503036499023},{"id":"https://openalex.org/C72648740","wikidata":"https://www.wikidata.org/wiki/Q658476","display_name":"Public key infrastructure","level":4,"score":0.4463827610015869},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.43040335178375244},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4220000207424164},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2559322118759155},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.23805788159370422},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.23760771751403809},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.16473248600959778},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.1209675669670105},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.11215698719024658},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/infcomw.2018.8407011","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infcomw.2018.8407011","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6399999856948853,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1517949462","https://openalex.org/W2045057497","https://openalex.org/W2092115639","https://openalex.org/W2103370348","https://openalex.org/W2181988055","https://openalex.org/W2672575173","https://openalex.org/W2759023773","https://openalex.org/W2766347289","https://openalex.org/W2767943400","https://openalex.org/W2952848714","https://openalex.org/W2964144088","https://openalex.org/W6685756630","https://openalex.org/W6765187293"],"related_works":["https://openalex.org/W4387918499","https://openalex.org/W2772112465","https://openalex.org/W4386360526","https://openalex.org/W2368710903","https://openalex.org/W2158905603","https://openalex.org/W2942655651","https://openalex.org/W571145082","https://openalex.org/W1576950832","https://openalex.org/W3131949917","https://openalex.org/W4360982406"],"abstract_inverted_index":{"Developers":[0],"often":[1],"make":[2],"mistakes":[3],"while":[4,158],"incorporating":[5],"SSL/TLS":[6,17,26,72,94,148],"functionality":[7],"in":[8,15,34,69,74,168],"their":[9,19,75],"applications":[10],"due":[11],"to":[12,29,49,66],"the":[13,42,45,60,88,137,143,164],"complication":[14],"implementing":[16],"and":[18,51,57,98,119,136],"fast":[20],"prototyping":[21],"requirement.":[22],"Insecure":[23],"implementations":[24,92],"of":[25,32,59,93,111,142,153],"are":[27],"subject":[28],"different":[30],"types":[31],"Man":[33],"The":[35,123,150],"Middle":[36],"(MiTM)":[37],"attacks,":[38,53],"which":[39],"ultimately":[40],"makes":[41],"communication":[43],"between":[44],"two":[46,90],"parties":[47],"vulnerable":[48,165],"eavesdropping":[50],"hijacking":[52],"thereby":[54],"violating":[55],"confidentiality":[56],"integrity":[58],"exchanged":[61],"information.":[62],"This":[63,107],"paper":[64],"aims":[65],"support":[67],"developers":[68],"detecting":[70],"insecure":[71,91,147],"implementation":[73],"codes":[76],"by":[77],"utilizing":[78],"a":[79,100],"low-cost":[80],"cross-language":[81],"static":[82],"analysis":[83],"tool":[84],"called":[85],"PMD.":[86],"In":[87],"end,":[89],"have":[95,125],"been":[96,126],"identified,":[97],"subsequently":[99],"new":[101],"PMD":[102],"rule":[103,108],"set":[104,109],"is":[105,156],"created.":[106],"consists":[110],"three":[112],"rules":[113,124],"for":[114],"addressing":[115],"hostname":[116],"validation":[117,121],"vulnerability":[118],"certificate":[120],"vulnerability.":[122],"evaluated":[127],"over":[128],"1,517":[129],"code":[130,144,166],"snippets":[131,145,167],"obtained":[132],"from":[133],"Stack":[134],"Overflow,":[135],"results":[138],"show":[139],"that":[140],"71%":[141],"contain":[146],"patterns.":[149],"detection":[151],"rate":[152],"our":[154],"approach":[155],"100%,":[157],"it":[159],"detects":[160],"165":[161],"violations":[162],"inside":[163],"total.":[169]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}