Vulnerability Abundance: A Formal Proof of Infinite Vulnerabilities in Code

We present a constructive proof that a single C program, the Vulnerability Factory, admits a countably infinite set of distinct, independently CVE-assignable software vulnerabilities. We formalise the argument using elementary set theory, verify it against MITRE's CVE Numbering Authority counting...

SecIC3: Customizing IC3 for Hardware Security Verification

Recent years have seen significant advances in using formal verification to check hardware security properties. Of particular practical interest are checking confidentiality and integrity of secrets, by checking that there is no information flow between the secrets and observable outputs. A...

Supporting Secured Integration of Microarchitectural Defenses

There has been a plethora of microarchitectural-level attacks leading to many proposed countermeasures. This has created an unexpected and unaddressed security issue where naive integration of those defenses can potentially lead to security vulnerabilities. This occurs when one defense changes an...

BASICS: Binary Analysis and Stack Integrity Checker System for Buffer Overflow Mitigation

Cyber-Physical Systems have played an essential role in our daily lives, providing critical services such as power and water, whose operability, availability, and reliability must be ensured. The C programming language, prevalent in CPS development, is crucial for system control where reliability...

Incentivizing Collaborative Breach Detection

Decoy passwords, or "honeywords," alert a site to its breach if they are ever entered in a login attempt on that site. However, an attacker can identify a user-chosen password from among the decoys, without risk of alerting the site to its breach, by performing credential stuffing, i.e., entering...

Model Checking the Security of the Lightning Network

Payment channel networks are an approach to improve the scalability of blockchain-based cryptocurrencies. The Lightning Network is a payment channel network built for Bitcoin that is already used in practice. Because the Lightning Network is used for transfer of financial value, its security in t...

HeapHopper - A Bounded Model Checking Framework For Heap-implementations

HeapHopper is a bounded model checking framework for Heap-implementations. Setup sudo apt update && sudo apt install build-essential python-dev virtualenvwrapper git clone https://github.com/angr/heaphopper.git && cd ./heaphopper mkvirtualenv -ppython2 heaphopper pip install -e . Required Package...

HPUX / 800 models / Old-styled exploit for cue

Hi there, One of the major problems I see with admins/security nowadays is that admin don't secure their host : they install patches ...which is slightly different. It reminds me of this very old advisory which was issued by HP in 1997 !!! about /usr/bin/cue : In the "Workarounds/Solution" sectio...