{"id":"https://openalex.org/W3196322064","doi":"https://doi.org/10.1109/tdsc.2021.3108031","title":"From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations in C/C++","display_name":"From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations in C/C++","publication_year":2021,"publication_date":"2021-08-27","ids":{"openalex":"https://openalex.org/W3196322064","doi":"https://doi.org/10.1109/tdsc.2021.3108031","mag":"3196322064"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2021.3108031","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3108031","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028738303","display_name":"Sazzadur Rahaman","orcid":"https://orcid.org/0000-0002-1258-6470"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sazzadur Rahaman","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076081056","display_name":"Haipeng Cai","orcid":"https://orcid.org/0000-0002-5224-9970"},"institutions":[{"id":"https://openalex.org/I72951846","display_name":"Washington State University","ror":"https://ror.org/05dk0ce17","country_code":"US","type":"education","lineage":["https://openalex.org/I72951846"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haipeng Cai","raw_affiliation_strings":["School of Electrical Engineering and Computer Science, Washington State University, Pullman, WA, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering and Computer Science, Washington State University, Pullman, WA, USA","institution_ids":["https://openalex.org/I72951846"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070136662","display_name":"Omar Chowdhury","orcid":"https://orcid.org/0000-0002-1356-6279"},"institutions":[{"id":"https://openalex.org/I126307644","display_name":"University of Iowa","ror":"https://ror.org/036jqmy94","country_code":"US","type":"education","lineage":["https://openalex.org/I126307644"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Omar Chowdhury","raw_affiliation_strings":["Department of Computer Science, The University of Iowa, Iowa City, IA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, The University of Iowa, Iowa City, IA, USA","institution_ids":["https://openalex.org/I126307644"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034366344","display_name":"Danfeng Yao","orcid":"https://orcid.org/0000-0001-8969-2792"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Danfeng Yao","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5028738303"],"corresponding_institution_ids":["https://openalex.org/I859038795"],"apc_list":null,"apc_paid":null,"fwci":0.9142,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.74306964,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"19","issue":"6","first_page":"3790","last_page":"3803"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.7930189371109009},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7925642728805542},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.6733720898628235},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.6677460670471191},{"id":"https://openalex.org/keywords/property","display_name":"Property (philosophy)","score":0.5754598379135132},{"id":"https://openalex.org/keywords/compile-time","display_name":"Compile time","score":0.5472748279571533},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.537877082824707},{"id":"https://openalex.org/keywords/cryptographic-primitive","display_name":"Cryptographic primitive","score":0.5346251130104065},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.5257965922355652},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4888543486595154},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.2980446517467499}],"concepts":[{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.7930189371109009},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7925642728805542},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.6733720898628235},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.6677460670471191},{"id":"https://openalex.org/C189950617","wikidata":"https://www.wikidata.org/wiki/Q937228","display_name":"Property (philosophy)","level":2,"score":0.5754598379135132},{"id":"https://openalex.org/C200833197","wikidata":"https://www.wikidata.org/wiki/Q333707","display_name":"Compile time","level":3,"score":0.5472748279571533},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.537877082824707},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.5346251130104065},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.5257965922355652},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4888543486595154},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2980446517467499},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2021.3108031","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3108031","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6296952160","display_name":null,"funder_award_id":"CNS 1657124","funder_id":"https://openalex.org/F4320335353","funder_display_name":"National Science Foundation of Sri Lanka"},{"id":"https://openalex.org/G8855059253","display_name":null,"funder_award_id":"ONR-N00014-17-1-2498","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320335353","display_name":"National Science Foundation of Sri Lanka","ror":"https://ror.org/010xaa060"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":69,"referenced_works":["https://openalex.org/W1112477","https://openalex.org/W50107694","https://openalex.org/W1222699389","https://openalex.org/W1479871422","https://openalex.org/W1495444061","https://openalex.org/W1517949462","https://openalex.org/W1519351129","https://openalex.org/W1560720671","https://openalex.org/W1565745194","https://openalex.org/W1592889082","https://openalex.org/W1673604584","https://openalex.org/W1710734607","https://openalex.org/W1769343819","https://openalex.org/W1809974132","https://openalex.org/W1857692135","https://openalex.org/W1873601359","https://openalex.org/W1892798954","https://openalex.org/W2001759130","https://openalex.org/W2008810193","https://openalex.org/W2017025011","https://openalex.org/W2042923641","https://openalex.org/W2048715902","https://openalex.org/W2060692877","https://openalex.org/W2071929572","https://openalex.org/W2089745089","https://openalex.org/W2092115639","https://openalex.org/W2134101189","https://openalex.org/W2145994642","https://openalex.org/W2159840470","https://openalex.org/W2163005041","https://openalex.org/W2166093784","https://openalex.org/W2189153846","https://openalex.org/W2296151933","https://openalex.org/W2357927175","https://openalex.org/W2460965380","https://openalex.org/W2469403219","https://openalex.org/W2532335977","https://openalex.org/W2532945044","https://openalex.org/W2536707834","https://openalex.org/W2538893033","https://openalex.org/W2561521908","https://openalex.org/W2585582603","https://openalex.org/W2604331051","https://openalex.org/W2612529343","https://openalex.org/W2613948935","https://openalex.org/W2650293344","https://openalex.org/W2672575173","https://openalex.org/W2698406033","https://openalex.org/W2765671202","https://openalex.org/W2766347289","https://openalex.org/W2767943400","https://openalex.org/W2889520921","https://openalex.org/W2984297109","https://openalex.org/W2985320478","https://openalex.org/W3032745429","https://openalex.org/W4240951837","https://openalex.org/W6600040955","https://openalex.org/W6627779323","https://openalex.org/W6633554152","https://openalex.org/W6635541736","https://openalex.org/W6637027414","https://openalex.org/W6637688222","https://openalex.org/W6639227227","https://openalex.org/W6679724985","https://openalex.org/W6718621806","https://openalex.org/W6720167844","https://openalex.org/W6735997632","https://openalex.org/W6754500961","https://openalex.org/W6778845718"],"related_works":["https://openalex.org/W1504651774","https://openalex.org/W2740990710","https://openalex.org/W2086733238","https://openalex.org/W2997728681","https://openalex.org/W2065995359","https://openalex.org/W3196322064","https://openalex.org/W7434907","https://openalex.org/W1797934246","https://openalex.org/W3032099754","https://openalex.org/W3144491145"],"abstract_inverted_index":{"Cryptographic":[0],"protocols":[1],"are":[2],"often":[3,13],"expected":[4],"to":[5,19,42,68,84,91,180,216],"be":[6,66,104,159],"provably":[7],"secure.":[8],"However,":[9],"this":[10],"security":[11,236],"guarantee":[12],"falls":[14],"short":[15],"in":[16,62,161],"practice":[17],"due":[18],"various":[20],"implementation":[21,45,124],"flaws.":[22,117,220],"We":[23,95,118,166,191,221],"propose":[24],"a":[25,86,141,169],"new":[26,235],"paradigm":[27,136],"called":[28,171],"<italic":[29,72],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[30,73,173,197,211,225],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">cryptographic":[31],"program":[32,40,79],"analysis":[33,41,179],"(CPA)</i>":[34],"which":[35,175,233],"prescribes":[36],"the":[37,54,69,115,134,155,193,245],"use":[38],"of":[39,53,59,71,76,99,114,137,154,163,185,195,247],"detect":[43],"these":[44,60,100],"flaws":[46,61,125],"at":[47,106,189],"compile":[48],"time.":[49],"The":[50,238],"principal":[51],"insight":[52],"CPA":[55],"is":[56,82,89],"that":[57,81,97,108,152,209],"many":[58],"cryptographic":[63,87,123,187,203],"implementations":[64,188],"can":[65,103,109,158],"mapped":[67],"violation":[70],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">meta-level":[74],"properties</i>":[75],"implementations.":[77],"A":[78],"property":[80,88,183],"necessary":[83],"realize":[85],"referred":[90],"as":[92,111],"meta-level":[93,101,130,156,182],"property.":[94],"show":[96,151],"violations":[98,184],"properties":[102,157],"identified":[105],"compile-time":[107],"serve":[110],"sufficient":[112],"evidence":[113],"encompassing":[116],"investigated":[119],"existing":[120],"literature":[121],"on":[122,145,227,241],"and":[126,150,207,231],"derived":[127],"25":[128],"corresponding":[129],"properties.":[131],"To":[132],"instantiate":[133],"abstract":[135],"CPA,":[138],"we":[139],"develop":[140,168],"specification":[142],"language":[143],"based":[144],"deterministic":[146],"finite":[147],"automaton":[148],"(DFA)":[149],"most":[153],"expressed":[160],"terms":[162],"our":[164,248],"language.":[165],"then":[167],"tool":[170],"<sc":[172,196,210,224],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">TaintCrypt</small>":[174,198,212,226],"uses":[176],"static":[177],"taint":[178],"identify":[181],"C/C++":[186,202],"compile-time.":[190],"demonstrate":[192],"efficacy":[194],"by":[199],"analyzing":[200],"open-source":[201],"libraries":[204],"(e.g.,":[205],"OpenSSL)":[206],"observe":[208],"could":[213],"have":[214],"helped":[215],"avoid":[217],"several":[218],"high-profile":[219],"also":[222],"evaluated":[223],"5":[228],"popular":[229],"applications":[230],"libraries,":[232],"generated":[234],"insights.":[237],"experimental":[239],"evaluation":[240],"large-scale":[242],"projects":[243],"indicates":[244],"scalability":[246],"approach.":[249]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}