Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleApril 2023
Automatically Identifying CVE Affected Versions With Patches and Developer Logs
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 2March-April 2024, Pages 905–919https://doi.org/10.1109/TDSC.2023.3264567While vulnerability databases are important sources of information for software security, it is known that information in these databases is inconsistent. How to rectify these incorrect data is a challenging issue. In this article, we employ developer ...
- research-articleMarch 2023
Testing the Resilience of MEC-Based IoT Applications Against Resource Exhaustion Attacks
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 2March-April 2024, Pages 804–818https://doi.org/10.1109/TDSC.2023.3263137Multi-access Edge Computing (MEC) is an emerging computing model that provides the necessary on-demand resources and services to the edge of the network, ensuring powerful computing, storage capacity, mobility, location, and context awareness support to ...
- research-articleMarch 2023
HCA: Hashchain-Based Consensus Acceleration Via Re-Voting
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 2March-April 2024, Pages 775–788https://doi.org/10.1109/TDSC.2023.3262283In the context of consortium blockchain, consensus protocols set permission mechanisms to maintain a relatively fixed group of participants. They can easily use distributed consistent algorithms for achieving deterministic and efficient consensus and ...
- research-articleMarch 2023
A Compositional Semantics of Boolean-Logic Driven Markov Processes
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 2March-April 2024, Pages 701–716https://doi.org/10.1109/TDSC.2023.3261270Boolean-logic driven Markov processes (BDMPs) is a prominent dynamic extension of static fault trees to model repairable and complex dynamic systems. While BDMPs are intensively used in an industrial context for dependability analysis of energy systems, ...
- research-articleMarch 2023
Bounds and Protocols for Graph-Based Distributed Secret Sharing
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 434–448https://doi.org/10.1109/TDSC.2023.3261239Distributed Secret Sharing is a (multi) secret sharing model in which the shares are distributed over storage nodes of a network and each participant is able to reconstruct a specific secret by accessing a subset of the storage nodes. In this work, we ...
-
- research-articleMarch 2023
On the Complexity of the Web’s PKI: Evaluating Certificate Validation of Mobile Browsers
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 419–433https://doi.org/10.1109/TDSC.2023.3255869Digital certificates are frequently used to secure communications between users and web servers. Critical to the Web’s PKI is the secure validation of digital certificates. Nonetheless, certificate validation itself is complex and error-prone. ...
- research-articleMarch 2023
Ambush From All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 403–418https://doi.org/10.1109/TDSC.2023.3253572The continuous integration and continuous deployment (CI/CD) pipelines are widely adopted on Internet hosting platforms, such as GitHub. However, current CI/CD pipelines suffer from malicious code and severe vulnerabilities. Even worse, people have not ...
- research-articleMarch 2023
Multiple Targets Directed Greybox Fuzzing
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 325–339https://doi.org/10.1109/TDSC.2023.3253120Directed greybox fuzzing (DGF) can quickly discover or reproduce bugs in programs by seeking to reach a program location or explore some locations in order. However, due to their static stage division and coarse-grained energy scheduling, prior DGF tools ...
- research-articleMarch 2023
Generative Pre-Trained Transformer-Based Reinforcement Learning for Testing Web Application Firewalls
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 309–324https://doi.org/10.1109/TDSC.2023.3252523Web Application Firewalls (WAFs) are widely deployed to protect key web applications against multiple security threats, so it is important to test WAFs regularly to prevent attackers from bypassing them easily. Machine-learning-based black-box WAF testing ...
- research-articleMarch 2023
CacheIEE: Cache-Assisted Isolated Execution Environment on ARM Multi-Core Platforms
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 254–269https://doi.org/10.1109/TDSC.2023.3251418ARM TrustZone technology has been widely used to create Trusted Execution Environments (TEEs) for enhancing the security of applications. However, the increasing number of installed security-sensitive applications in the secure world will inevitably ...
- research-articleMarch 2023
Gringotts: An Encrypted Version Control System With Less Trust on Servers
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 2March-April 2024, Pages 668–684https://doi.org/10.1109/TDSC.2023.3251365Version Control System (VCS) plays an essential role in software supply chain, as it manages code projects and enables efficient collaboration. For a private repository, where source code is a high-profile asset and needs to be protected, VCS’ ...
- research-articleFebruary 2023
ADSA – Association-Driven Safety Analysis to Expose Unknown Safety Issues
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 216–228https://doi.org/10.1109/TDSC.2023.3248606Autonomous systems are susceptible to unknown safety issues due to overlooked dependencies among components of the system and the entities that are part of its operating environment. The current safety analysis techniques aids in identifying known safety ...
- research-articleFebruary 2023
G-Fuzz: A Directed Fuzzing Framework for gVisor
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 168–185https://doi.org/10.1109/TDSC.2023.3244825gVisor is a Google-published application-level kernel for containers. As gVisor is lightweight and has sound isolation, it has been widely used in many IT enterprises [1], [2], [3]. When a new vulnerability of the upstream gVisor is found, it is important ...
- research-articleFebruary 2023
The Potential Harm of Email Delivery: Investigating the HTTPS Configurations of Webmail Services
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 125–138https://doi.org/10.1109/TDSC.2023.3246600Webmail, protected by the HTTPS protocol, only works correctly if both the server and client implement HTTPS-related features without vulnerability. Nevertheless, the deployment situation of these features in the webmail world is still unclear. To this ...
- research-articleFebruary 2023
Towards Unveiling Exploitation Potential With Multiple Error Behaviors for Kernel Bugs
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 93–109https://doi.org/10.1109/TDSC.2023.3246170Nowadays, fuzz testing has significantly expedited the vulnerability discovery of Linux kernel. Security analysts use the manifested error behaviors to infer the exploitability of one bug and thus prioritize the patch development. However, only using an ...
- research-articleFebruary 2023
Generic Soft Error Data and Control Flow Error Detection by Instruction Duplication
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 78–92https://doi.org/10.1109/TDSC.2023.3245842Transient faults or soft errors are considered one of the most daunting reliability challenges for microprocessors. Software solutions for soft error protection are attractive because they can provide flexible and effective error protection. For instance, ...
- research-articleFebruary 2023
<monospace>TAICHI</monospace>: Transform Your Secret Exploits Into Mine From a Victim's Perspective
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 20, Issue 6Nov.-Dec. 2023, Pages 5278–5292https://doi.org/10.1109/TDSC.2022.3191693Acquiring and analyzing exploits, which take advantage of vulnerabilities to conduct malicious actions, are crucial for victims (and defenders) when responding to system compromising incidents. However, exploits are sensitive and valuable assets that are ...
- research-articleFebruary 2023
<sc>APTSHIELD</sc>: A Stable, Efficient and Real-Time APT Detection System for Linux Hosts
- Tiantian Zhu,
- Jinkai Yu,
- Chunlin Xiong,
- Wenrui Cheng,
- Qixuan Yuan,
- Jie Ying,
- Tieming Chen,
- Jiabo Zhang,
- Mingqi Lv,
- Yan Chen,
- Ting Wang,
- Yuan Fan
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 20, Issue 6Nov.-Dec. 2023, Pages 5247–5264https://doi.org/10.1109/TDSC.2023.3243667Advanced Persistent Threat (APT) attacks have caused massive financial loss worldwide. Researchers thereby have proposed a series of solutions to detect APT attacks, such as dynamic/static code analysis, traffic detection, sandbox technology, endpoint ...
- research-articleFebruary 2023
Hybrid Knowledge and Data Driven Synthesis of Runtime Monitors for Cyber-Physical Systems
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 1Jan.-Feb. 2024, Pages 12–30https://doi.org/10.1109/TDSC.2023.3242653Recent advances in sensing and computing technology have led to the proliferation of Cyber-Physical Systems (CPS) in safety-critical domains. However, the increasing device complexity, shrinking technology sizes, and shorter time to market have resulted ...
- research-articleJanuary 2023
Pervasive Micro Information Flow Tracking
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 20, Issue 6Nov.-Dec. 2023, Pages 4957–4975https://doi.org/10.1109/TDSC.2023.3238547Detection of advanced security attacks that exploit zero-day vulnerabilities or application-specific logic loopholes has been challenging due to the lack of attack signatures or substantial deviations in the overall system behavior. One has to zoom in to ...