{"id":"https://openalex.org/W2054426341","doi":"https://doi.org/10.1145/2786805.2786835","title":"Guided differential testing of certificate validation in SSL/TLS implementations","display_name":"Guided differential testing of certificate validation in SSL/TLS implementations","publication_year":2015,"publication_date":"2015-08-26","ids":{"openalex":"https://openalex.org/W2054426341","doi":"https://doi.org/10.1145/2786805.2786835","mag":"2054426341"},"language":"en","primary_location":{"id":"doi:10.1145/2786805.2786835","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2786805.2786835","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100436579","display_name":"Yuting Chen","orcid":"https://orcid.org/0009-0000-9300-4606"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yuting Chen","raw_affiliation_strings":["Shanghai Jiao Tong University, China","[Shanghai Jiao Tong University, China]"],"affiliations":[{"raw_affiliation_string":"Shanghai Jiao Tong University, China","institution_ids":["https://openalex.org/I183067930"]},{"raw_affiliation_string":"[Shanghai Jiao Tong University, China]","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077610917","display_name":"Zhendong Su","orcid":"https://orcid.org/0000-0002-2970-1391"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhendong Su","raw_affiliation_strings":["University of California at Davis, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Davis, USA","institution_ids":["https://openalex.org/I84218800"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5100436579"],"corresponding_institution_ids":["https://openalex.org/I183067930"],"apc_list":null,"apc_paid":null,"fwci":9.9551,"has_fulltext":false,"cited_by_count":80,"citation_normalized_percentile":{"value":0.98116245,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"793","last_page":"804"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8266018033027649},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.5486323833465576},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.5472426414489746},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.43483322858810425},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.4163161814212799},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33030030131340027},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2791235148906708},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.20801469683647156},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.17392772436141968},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15467017889022827}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8266018033027649},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.5486323833465576},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.5472426414489746},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.43483322858810425},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.4163161814212799},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33030030131340027},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2791235148906708},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.20801469683647156},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.17392772436141968},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15467017889022827}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2786805.2786835","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2786805.2786835","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","score":0.46000000834465027,"display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W109452506","https://openalex.org/W1527037001","https://openalex.org/W1548806133","https://openalex.org/W1710734607","https://openalex.org/W1758578440","https://openalex.org/W1901056106","https://openalex.org/W1920390248","https://openalex.org/W1926951188","https://openalex.org/W1965194038","https://openalex.org/W1976919795","https://openalex.org/W1990414292","https://openalex.org/W1993760289","https://openalex.org/W2007574363","https://openalex.org/W2034333363","https://openalex.org/W2045002843","https://openalex.org/W2056760934","https://openalex.org/W2068996677","https://openalex.org/W2085768358","https://openalex.org/W2096449544","https://openalex.org/W2097305086","https://openalex.org/W2100314538","https://openalex.org/W2107709519","https://openalex.org/W2108207895","https://openalex.org/W2114398364","https://openalex.org/W2122128531","https://openalex.org/W2145994642","https://openalex.org/W2151704521","https://openalex.org/W2157083801","https://openalex.org/W2294628582","https://openalex.org/W2350778671","https://openalex.org/W4237492309","https://openalex.org/W4255975151","https://openalex.org/W4298051233","https://openalex.org/W6604335577","https://openalex.org/W6637297404","https://openalex.org/W6689810000"],"related_works":["https://openalex.org/W2120447654","https://openalex.org/W2977179488","https://openalex.org/W2144453115","https://openalex.org/W2128223750","https://openalex.org/W4238532390","https://openalex.org/W2188872161","https://openalex.org/W2002978035","https://openalex.org/W2961779879","https://openalex.org/W797688974","https://openalex.org/W2209382646"],"abstract_inverted_index":{"Certificate":[0],"validation":[1,69,112],"in":[2,17,231],"SSL/TLS":[3,200,255],"implementations":[4],"is":[5,11,74,130,168,245],"critical":[6],"for":[7,21,249],"Internet":[8,80],"security.":[9],"There":[10],"recent":[12],"strong":[13],"effort,":[14],"namely":[15],"frankencert,":[16],"automatically":[18],"synthesizing":[19],"certificates":[20,38,81,99,198],"stress-testing":[22],"certificate":[23,68,111],"validation.":[24],"Despite":[25],"its":[26],"early":[27],"promise,":[28],"it":[29,121,171],"remains":[30],"a":[31,58],"significant":[32,169],"challenge":[33,54],"to":[34,62,75,103,175,199,226,237],"generate":[35],"effective":[36,248],"test":[37,66,176],"as":[39,82,145,149,170],"they":[40],"are":[41,100,212],"structurally":[42],"complex":[43],"with":[44],"intricate":[45],"syntactic":[46],"and":[47,85,118,155,183,192,211,234,247],"semantic":[48],"constraints.":[49],"This":[50,166],"paper":[51],"tackles":[52],"this":[53],"by":[55,89,190],"introducing":[56],"mucert,":[57],"novel,":[59],"guided":[60],"technique":[61],"much":[63,173],"more":[64,132],"effectively":[65],"real-world":[67],"code.":[70],"Our":[71,124],"core":[72],"insight":[73],"(1)":[76],"leverage":[77],"easily":[78],"accessible":[79],"seed":[83],"certificates,":[84],"(2)":[86],"diversify":[87],"them":[88],"adapting":[90],"Markov":[91],"Chain":[92],"Monte":[93],"Carlo":[94],"(MCMC)":[95],"sampling.":[96],"The":[97],"diversified":[98],"then":[101],"used":[102],"reveal":[104],"discrepancies,":[105],"thus":[106],"potential":[107],"flaws,":[108],"among":[109],"different":[110],"implementations.":[113,256],"We":[114,180,241],"have":[115,181,203,224],"implemented":[116],"mucert":[117,129,244],"extensively":[119],"evaluated":[120],"against":[122],"frankencert.":[123,135],"experimental":[125],"results":[126],"show":[127],"that":[128,243],"significantly":[131],"cost-effective":[133],"than":[134,163],"Indeed,":[136],"1K":[137],"mucerts":[138,157],"(i.e.,":[139,152],"mucert-mutated":[140],"certificates)":[141],"yield":[142],"three":[143],"times":[144],"many":[146],"distinct":[147],"discrepancies":[148,187],"8M":[150],"frankencerts":[151],"frankencert-synthesized":[153],"certificates),":[154],"200":[156],"can":[158],"achieve":[159],"higher":[160],"code":[161],"coverage":[162],"100,000":[164],"frankencerts.":[165],"improvement":[167],"incurs":[172],"cost":[174],"each":[177],"generated":[178],"certificate.":[179],"analyzed":[182],"reported":[184,193,209,218],"20+":[185],"latent":[186],"(presumably":[188],"missed":[189],"frankencert),":[191],"an":[194],"additional":[195],"357":[196],"discrepancy-triggering":[197],"developers,":[201],"who":[202],"already":[204],"confirmed":[205],"some":[206],"of":[207,215,254],"our":[208,222],"issues":[210],"investigating":[213],"causes":[214],"all":[216],"the":[217,232,252],"discrepancies.":[219],"In":[220],"particular,":[221],"reports":[223],"led":[225],"bug":[227],"fixes,":[228],"active":[229],"discussions":[230],"community,":[233],"proposed":[235],"changes":[236],"relevant":[238],"IETF's":[239],"RFCs.":[240],"believe":[242],"practical":[246],"helping":[250],"improve":[251],"robustness":[253]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":6},{"year":2016,"cited_by_count":8}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}