{"id":"https://openalex.org/W4224270324","doi":"https://doi.org/10.1145/3510416","title":"Coverage-directed Differential Testing of X.509 Certificate Validation in SSL/TLS Implementations","display_name":"Coverage-directed Differential Testing of X.509 Certificate Validation in SSL/TLS Implementations","publication_year":2022,"publication_date":"2022-04-19","ids":{"openalex":"https://openalex.org/W4224270324","doi":"https://doi.org/10.1145/3510416"},"language":"en","primary_location":{"id":"doi:10.1145/3510416","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3510416","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032053712","display_name":"Pengbo Nie","orcid":"https://orcid.org/0000-0002-3759-5242"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Pengbo Nie","raw_affiliation_strings":["Shanghai Jiao Tong University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016446062","display_name":"Chengcheng Wan","orcid":"https://orcid.org/0000-0001-9162-9688"},"institutions":[{"id":"https://openalex.org/I40347166","display_name":"University of Chicago","ror":"https://ror.org/024mw5h28","country_code":"US","type":"education","lineage":["https://openalex.org/I40347166"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chengcheng Wan","raw_affiliation_strings":["University of Chicago, United States"],"affiliations":[{"raw_affiliation_string":"University of Chicago, United States","institution_ids":["https://openalex.org/I40347166"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049659934","display_name":"Jiayu Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiayu Zhu","raw_affiliation_strings":["Shanghai Jiao Tong University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003783864","display_name":"Ziyi Lin","orcid":"https://orcid.org/0000-0001-9615-4968"},"institutions":[{"id":"https://openalex.org/I45928872","display_name":"Alibaba Group (China)","ror":"https://ror.org/00k642b80","country_code":"CN","type":"company","lineage":["https://openalex.org/I45928872"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ziyi Lin","raw_affiliation_strings":["Alibaba Group Inc., Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Alibaba Group Inc., Shanghai, China","institution_ids":["https://openalex.org/I45928872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010826834","display_name":"Yuting Chen","orcid":"https://orcid.org/0000-0002-4128-8966"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuting Chen","raw_affiliation_strings":["Shanghai Jiao Tong University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077610917","display_name":"Zhendong Su","orcid":"https://orcid.org/0000-0002-2970-1391"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Zhendong Su","raw_affiliation_strings":["ETH Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5032053712"],"corresponding_institution_ids":["https://openalex.org/I183067930"],"apc_list":null,"apc_paid":null,"fwci":1.0592,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.74827925,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"32","issue":"1","first_page":"1","last_page":"32"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13999","display_name":"Digital Rights Management and Security","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8366097211837769},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.6931846141815186},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.6085585951805115},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.6007221341133118},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.500410795211792},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.41996294260025024},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.23435479402542114},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.19680646061897278},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17777222394943237},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.10001921653747559}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8366097211837769},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.6931846141815186},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.6085585951805115},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.6007221341133118},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.500410795211792},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.41996294260025024},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.23435479402542114},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.19680646061897278},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17777222394943237},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.10001921653747559}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3510416","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3510416","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5899999737739563,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[{"id":"https://openalex.org/G3427093674","display_name":null,"funder_award_id":"62032004","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":51,"referenced_works":["https://openalex.org/W109452506","https://openalex.org/W1495444061","https://openalex.org/W1526710119","https://openalex.org/W1758578440","https://openalex.org/W1920390248","https://openalex.org/W1972978214","https://openalex.org/W1976919795","https://openalex.org/W1984074188","https://openalex.org/W2008128703","https://openalex.org/W2054426341","https://openalex.org/W2092382400","https://openalex.org/W2116876232","https://openalex.org/W2121895216","https://openalex.org/W2139685357","https://openalex.org/W2145994642","https://openalex.org/W2184880679","https://openalex.org/W2232962023","https://openalex.org/W2238866705","https://openalex.org/W2246483486","https://openalex.org/W2246618912","https://openalex.org/W2266218113","https://openalex.org/W2274779708","https://openalex.org/W2276785727","https://openalex.org/W2293224046","https://openalex.org/W2296489133","https://openalex.org/W2304800806","https://openalex.org/W2505952417","https://openalex.org/W2529475114","https://openalex.org/W2576566359","https://openalex.org/W2748075515","https://openalex.org/W2777430404","https://openalex.org/W2795354477","https://openalex.org/W2914452207","https://openalex.org/W2915352631","https://openalex.org/W3001307185","https://openalex.org/W4210531213","https://openalex.org/W4211072556","https://openalex.org/W4238239668","https://openalex.org/W4245537216","https://openalex.org/W4251988601","https://openalex.org/W4297927038","https://openalex.org/W4298051233","https://openalex.org/W4298358954","https://openalex.org/W4398231523","https://openalex.org/W6637297404","https://openalex.org/W6692854719","https://openalex.org/W6694349614","https://openalex.org/W6697854093","https://openalex.org/W6728554838","https://openalex.org/W6731897111","https://openalex.org/W6833780757"],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W3203597304","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4248424560","https://openalex.org/W3023977444","https://openalex.org/W2766647240","https://openalex.org/W4210660460","https://openalex.org/W1847785363"],"abstract_inverted_index":{"Secure":[0],"Sockets":[1],"Layer":[2],"(SSL)":[3],"and":[4,26,116,152,160,193,205,248],"Transport":[5],"Security":[6],"(TLS)":[7],"are":[8,135,227],"two":[9],"secure":[10,14],"protocols":[11],"for":[12,24],"creating":[13],"connections":[15],"over":[16],"the":[17,177,217,263,274],"Internet.":[18],"X.509":[19,68,258],"certificate":[20,69,99,123,146,267],"validation":[21,59,70,100,147,189,222,240,269],"is":[22,35,105,270],"important":[23],"security":[25],"needs":[27,72],"to":[28,73,93,106,121,138],"be":[29,74],"performed":[30],"before":[31],"an":[32],"SSL/TLS":[33,63,170,218],"connection":[34],"established.":[36],"Some":[37],"advanced":[38,163],"testing":[39,215],"techniques,":[40],"such":[41],"as":[42,77,113,195,197],"frankencert":[43,156,201],",":[44,89,157,159,202,204,207],"have":[45,245,250],"revealed,":[46],"through":[47],"randomly":[48],"mutating":[49],"Internet":[50,111],"accessible":[51,110],"certificates,":[52],"that":[53,262],"there":[54],"exist":[55],"unexpected,":[56],"sometimes":[57],"critical,":[58],"differences":[60],"among":[61,144],"different":[62,145],"implementations.":[64,148,171],"Despite":[65],"these":[66],"efforts,":[67],"still":[71],"thoroughly":[75],"tested":[76],"this":[78,84],"work":[79],"shows.":[80],"This":[81],"article":[82],"tackles":[83],"challenge":[85],"by":[86,200,230],"proposing":[87],"transcert":[88,151,180,185,231,256],"a":[90,127],"coverage-directed":[91],"technique":[92],"much":[94],"more":[95],"effectively":[96],"test":[97],"real-world":[98],"code.":[101],"Our":[102],"core":[103],"insight":[104],"(1)":[107],"leverage":[108],"easily":[109],"certificates":[112,115,134,259],"seed":[114],"(2)":[117],"use":[118],"code":[119],"coverage":[120],"direct":[122],"mutation":[124],"toward":[125],"generating":[126],"set":[128],"of":[129,179,216,225,239,243,266],"diverse":[130],"certificates.":[131,233],"The":[132,172,255],"generated":[133],"then":[136],"used":[137,169],"reveal":[139,261],"discrepancies,":[140],"thus":[141],"potential":[142],"flaws,":[143],"We":[149,234],"implement":[150],"evaluate":[153],"it":[154,209],"against":[155,220],"NEZHA":[158,203],"RFCcert":[161,206,212],"(three":[162],"fuzzing":[164],"techniques)":[165],"on":[166],"five":[167],"widely":[168,275],"evaluation":[173],"results":[174],"clearly":[175],"show":[176],"strengths":[178],":":[181],"During":[182],"10,000":[183],"iterations,":[184],"reveals":[186],"71":[187],"unique":[188],"differences,":[190,241],"12\u00d7,":[191],"1.4\u00d7,":[192],"7\u00d7":[194],"many":[196],"those":[198],"revealed":[199],"respectively;":[208],"also":[210,260],"supplements":[211],"in":[213,273],"conformance":[214],"implementations":[219],"120":[221],"rules,":[223],"85":[224],"which":[226,244],"exclusively":[228],"covered":[229],"-generated":[232,257],"identify":[235],"17":[236],"root":[237],"causes":[238],"all":[242],"been":[246,252],"confirmed":[247],"11":[249],"never":[251],"reported":[253],"previously.":[254],"primary":[264],"goal":[265],"chain":[268],"stated":[271],"ambiguously":[272],"adopted":[276],"public":[277],"key":[278],"infrastructure":[279],"standard":[280],"RFC":[281],"5280.":[282]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}