{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T14:09:35Z","timestamp":1758809375088},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319241258"},{"type":"electronic","value":"9783319241265"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-24126-5_5","type":"book-chapter","created":{"date-parts":[[2015,9,24]],"date-time":"2015-09-24T08:09:59Z","timestamp":1443082199000},"page":"75-94","source":"Crossref","is-referenced-by-count":2,"title":["Improving Application Security through TLS-Library Redesign"],"prefix":"10.1007","author":[{"given":"Leo St.","family":"Amour","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"W. Michael","family":"Petullo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,11,13]]},"reference":[{"unstructured":"Fedora system-wide crypto policy (accessed Mach 22, (2014), http:\/\/fedoraproject.org\/wiki\/Changes\/CryptoPolicy","key":"5_CR1"},{"unstructured":"Barnes, R.L.: DANE: Taking TLS authentication to the next level using DNSSEC. IETF Journal, October 2011. http:\/\/www.internetsociety.org\/articles\/dane-taking-tls-authentication-next-level-using-dnssec (accessed June 22, 2015)","key":"5_CR2"},{"key":"5_CR3","doi-asserted-by":"crossref","first-page":"394","DOI":"10.1145\/2660267.2660338","volume-title":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014","author":"A. Bates","year":"2014","unstructured":"Bates, A., Pletcher, J., Nichols, T., Hollembaek, B., Tian, D., Butler, K.R., Alkhelaifi, A.: Securing SSL certificate verification through dynamic linking. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 394\u2013405. ACM, New York (2014)"},{"unstructured":"Beck, B.: LibreSSL: The first 30 days and the future. In: presentation at the 11th BSDCan Conference, May 2014","key":"5_CR4"},{"unstructured":"Bernstein, D.J.: CurveCP: Usable security for the Internet. CurveCP: Usable security for the Internet. http:\/\/curvecp.org (accessed July 9, 2015)","key":"5_CR5"},{"key":"5_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-642-33481-8_9","volume-title":"Progress in Cryptology \u2013 LATINCRYPT 2012","author":"D.J. Bernstein","year":"2012","unstructured":"Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol.\u00a07533, pp. 159\u2013176. Springer, Heidelberg (2012)"},{"doi-asserted-by":"crossref","unstructured":"Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.Y., Zinzindohoue, J.K.: A messy state of the union: Taming the composite state machines of TLS. In: Proc. IEEE Symp. Security and Privacy. IEEE Computer Society Press, Washington, DC, May 2015","key":"5_CR7","DOI":"10.1109\/SP.2015.39"},{"doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Lavaud, A., Fournet, C., Pironti, A., Strub, P.: Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS. In: Proc. IEEE Symp. Security and Privacy, pp. 98\u2013113. IEEE Computer Society Press, Washington, DC, May 2014","key":"5_CR8","DOI":"10.1109\/SP.2014.14"},{"unstructured":"Bittau, A., Hamburg, M., Handley, M., Mazi\u00e8res, D., Boneh, D.: The case for ubiquitous transport-level encryption. In: Proceedings of the 19th USENIX Security Symposium. USENIX Association, Berkeley, August 2010","key":"5_CR9"},{"key":"5_CR10","first-page":"3","volume-title":"Proc. of the USENIX Security Symposium","author":"R. Cox","year":"2002","unstructured":"Cox, R., Grosse, E., Pike, R., Presotto, D., Quinlan, S.: Security in Plan 9. In: Proc. of the USENIX Security Symposium, pp. 3\u201316. USENIX Association, Berkeley (2002)"},{"key":"5_CR11","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1145\/2504730.2504755","volume-title":"Proceedings of the 2013 Conference on Internet Measurement, IMC 2013","author":"Z. Durumeric","year":"2013","unstructured":"Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the HTTPS certificate ecosystem. In: Proceedings of the 2013 Conference on Internet Measurement, IMC 2013, pp. 291\u2013304. ACM, New York (2013)"},{"key":"5_CR12","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1145\/2382196.2382205","volume-title":"Proceedings of the 2012 ACM Conference on Computer and Communications Security","author":"S. Fahl","year":"2012","unstructured":"Fahl, S., Harbach, M., Muders, T., Smith, M., Baumg\u00e4rtner, L., Freisleben, B.: Why eve and mallory love android: an analysis of android SSL (in)security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 50\u201361. ACM, New York (2012)"},{"key":"5_CR13","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1145\/2508859.2516655","volume-title":"Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013","author":"S. Fahl","year":"2013","unstructured":"Fahl, S., Harbach, M., Perl, H., Koetter, M., Smith, M.: Rethinking SSL development in an appified world. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 49\u201360. ACM, New York (2013)"},{"unstructured":"Electronic\u00a0Frontier Foundation: HTTPS everywhere. https:\/\/www.eff.org\/https-everywhere (accessed August 26, 2013)","key":"5_CR14"},{"key":"5_CR15","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1145\/2382196.2382204","volume-title":"Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012","author":"M. Georgiev","year":"2012","unstructured":"Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 38\u201349. ACM, New York (2012)"},{"doi-asserted-by":"crossref","unstructured":"Guan, L., Lin, J., Luo, B., Jing, J., Wang, J.: Protecting private keys against memory disclosure attacks using hardware transactional memory. In: Proc. IEEE Symp. Security and Privacy. IEEE Computer Society Press, Washington, DC, May 2015","key":"5_CR16","DOI":"10.1109\/SP.2015.8"},{"doi-asserted-by":"crossref","unstructured":"He, B., Rastogi, V., Cao, Y., Chen, Y., Venkatakrishnan, V., Yang, R., Zhang, Z.: Vetting SSL usage in applications with SSLint. In: Proc. IEEE Symp. Security and Privacy. IEEE Computer Society Press, Washington, DC, May 2015","key":"5_CR17","DOI":"10.1109\/SP.2015.38"},{"unstructured":"Hoffman, P., Schlyter, J.: RFC 6698: The DNS-based Authentication of Named Entities (DANE) Transport Layer Security (TLS) protocol: TLSA, August 2012. http:\/\/www.ietf.org\/rfc\/rfc6698.txt (accessed June 22, 2015), status: PROPOSED STANDARD","key":"5_CR18"},{"unstructured":"IOerror: DigiNotar damage disclosure. The Tor Blog, September 2011. https:\/\/blog.torproject.org\/blog\/diginotar-damage-disclosure (accessed May 20, 2015)","key":"5_CR19"},{"unstructured":"Kneschke, J., et al.: lighttpd. http:\/\/www.lighttpd.net\/ (accessed Jun 22, 2015)","key":"5_CR20"},{"issue":"12","key":"5_CR21","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1109\/MC.2011.367","volume":"44","author":"N. Leavitt","year":"2011","unstructured":"Leavitt, N.: Internet security under attack: The undermining of digital certificates. Computer\u00a044(12), 17\u201320 (2011)","journal-title":"Computer"},{"unstructured":"Marlinspike, M.: Null-prefix attacks against SSL\/TLS certificates. Presentation at Black Hat USA, July 2009. http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/MARLINSPIKE\/BHUSA09-Marlinspike-DefeatSSL-PAPER1.pdf (accessed June 22, 2015)","key":"5_CR22"},{"key":"5_CR23","first-page":"133","volume-title":"Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, CoNEXT 2014","author":"D. Naylor","year":"2014","unstructured":"Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munaf\u00f2, M., Papagiannaki, K., Steenkiste, P.: The cost of the \u2018S\u2019 in HTTPS. In: Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, CoNEXT 2014, pp. 133\u2013140. ACM, New York (2014)"},{"unstructured":"NIST National Vulnerability Database: CVE-2014-0160, Decembe 2013. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-0160 (accessed April 15, 2014)","key":"5_CR24"},{"unstructured":"OpenBSD manual pages: imsg_init(3). http:\/\/www.openbsd.org\/cgi-bin\/man.cgi\/OpenBSD-current\/man3\/imsg_init.3 (accessed July 8, 2015)","key":"5_CR25"},{"unstructured":"Petullo, W.M., Solworth, J.A.: Simple-to-use, secure-by-design networking in Ethos. In: Proceedings of the Sixth European Workshop on System Security, EUROSEC 2013. ACM, New York, April 2013","key":"5_CR26"},{"doi-asserted-by":"crossref","unstructured":"Petullo, W.M., Zhang, X., Solworth, J.A., Bernstein, D.J., Lange, T.: MinimaLT: Minimal-latency networking through better security. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013. ACM, New York, Novembe 2013","key":"5_CR27","DOI":"10.1145\/2508859.2516737"},{"unstructured":"Provos, N., Friedl, M., Honeyman, P.: Preventing privilege escalation. In: Proc. of the USENIX Security Symposium, pp. 231\u2013242. USENIX Association, Berkeley, August 2003","key":"5_CR28"},{"unstructured":"Schmidt, S.: Introducing s2n, a new open source TLS implementation. Amazon Web Services Security Blog, June 2015. https:\/\/blogs.aws.amazon.com\/security\/post\/TxCKZM94ST1S6Y\/Introducing-s2n-a-New-Open-Source-TLS-Implementation (accessed July 1, 2015)","key":"5_CR29"},{"unstructured":"Scrivano, G., et al.: wget. http:\/\/www.gnu.org\/software\/wget\/ (accessed June 22, 2015)","key":"5_CR30"},{"key":"5_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1007\/978-3-642-27576-0_20","volume-title":"Financial Cryptography and Data Security","author":"C. Soghoian","year":"2012","unstructured":"Soghoian, C., Stamm, S.: Certified lies: Detecting and defeating government interception attacks against SSL (Short paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol.\u00a07035, pp. 250\u2013259. Springer, Heidelberg (2012)"},{"doi-asserted-by":"crossref","unstructured":"Vratonjic, N., Freudiger, J., Bindschaedler, V., Hubaux, J.P.: The inconvenient truth about web certificates. In: Proceedings of the 10th Workshop on the Economics of Information Security (June 2011)","key":"5_CR32","DOI":"10.1007\/978-1-4614-1981-5_5"},{"key":"5_CR33","first-page":"37","volume-title":"Proc. of the USENIX Security Symposium","author":"T. Ylonen","year":"1996","unstructured":"Ylonen, T.: SSH\u2014secure login connections over the Internet. In: Proc. of the USENIX Security Symposium, pp. 37\u201342. USENIX Association, San Jose (1996)"},{"key":"5_CR34","volume-title":"The Official PGP Users Guide","author":"P.R. Zimmermann","year":"1995","unstructured":"Zimmermann, P.R.: The Official PGP Users Guide. MIT Press, Boston (1995)"}],"container-title":["Lecture Notes in Computer Science","Security, Privacy, and Applied Cryptography Engineering"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-24126-5_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,22]],"date-time":"2022-05-22T05:47:30Z","timestamp":1653198450000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-24126-5_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319241258","9783319241265"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-24126-5_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}