Concept

Security bug

Publications associées (14)

Secure Interface Design Leveraging Hardware/Software Support

Computer systems rely heavily on abstraction to manage the exponential growth of complexity across hardware and software. Due to practical considerations of compatibility between components of these complex systems across generations, developers have favou ...

EPFL2024

Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs

Mathias Josef Payer, Jianhao Xu

Compilers assure that any produced optimized code is semantically equivalent to the original code. However, even "correct" compilers may introduce security bugs as security properties go beyond translation correctness. Security bugs introduced by such corr ...

Berkeley2023

USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation

Mathias Josef Payer, Hui Peng

The Universal Serial Bus (USB) connects external devices to a host. This interface exposes the OS kernels and device drivers to attacks by malicious devices. Unfortunately, kernels and drivers were developed under a security model that implicitly trusts co ...

USENIX ASSOC2020

OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding

Bryan Alexander Ford, Linus Gasser, Eleftherios Kokoris Kogias, Philipp Svetolik Jovanovic, Nicolas Gailly

Designing a secure permissionless distributed ledger (blockchain) that performs on par with centralized payment processors, such as Visa, is a challenging task. Most existing distributed ledgers are unable to scale-out, i.e., to grow their total processing ...

2018

Asynchronous Byzantine Machine Learning (the case of SGD)

Rachid Guerraoui, Mahsa Taziki, El Mahdi El Mhamdi, Rhicheek Patra, Georgios Damaskinos

Asynchronous distributed machine learning solutions have proven very effective so far, but always assuming perfectly functioning workers. In practice, some of the workers can however exhibit Byzantine behavior, caused by hardware failures, software bugs, c ...

2018

Improving systems software security through program analysis and instrumentation

Volodymyr Kuznetsov

Security and reliability bugs are prevalent in systems software. Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management and type safety to programmers. This invites bugs that cause cra ...

EPFL2016

Clever Arbiters Versus Malicious Adversaries

Serge Vaudenay

When moving from known-input security to chosen-input security, some generic attacks sometimes become possible and must be discarded by a specific set of rules in the threat model. Similarly, common practices consist of fixing security systems, once an exp ...

Springer Berlin Heidelberg2016

Techniques for Identifying Elusive Corner-Case Bugs in Systems Software

Radu Banabic

Modern software is plagued by elusive corner-case bugs (e.g., security bugs). Because there are no scalable, automated ways of finding them, such bugs can remain hidden until software is deployed in production. This thesis proposes approaches to solve this ...

EPFL2015

Automated Debugging for Arbitrarily Long Executions

George Candea, Edouard Bugnion, Johannes Kinder, Cristian Zamfir, Baris Can Cengiz Kasikci

One of the most energy-draining and frustrating parts of software development is playing detective with elusive bugs. In this paper we argue that automated post-mortem debugging of failures is feasible for real, in-production systems with no runtime record ...

2013

BugSifter: A Generalized Accelerator for Flexible Instruction-Grain Monitoring

Babak Falsafi, Boris Robert Grot, Yusuf Onur Koçberber, Sotiria Fytraki, Evangelos Vlachos, Jennifer Bedke Sartor

Software robustness is an ever-challenging problem in the face of today's evolving software and hardware that has undergone recent shifts. Instruction-grain monitoring is a powerful approach for improved software robustness that affords comprehensive runti ...

2012

Graph Chatbot

Chattez avec Graph Search

Posez n’importe quelle question sur les cours, conférences, exercices, recherches, actualités, etc. de l’EPFL ou essayez les exemples de questions ci-dessous.

AVERTISSEMENT : Le chatbot Graph n'est pas programmé pour fournir des réponses explicites ou catégoriques à vos questions. Il transforme plutôt vos questions en demandes API qui sont distribuées aux différents services informatiques officiellement administrés par l'EPFL. Son but est uniquement de collecter et de recommander des références pertinentes à des contenus que vous pouvez explorer pour vous aider à répondre à vos questions.

Connectez-vous pour utiliser Chat avec Graph Search