{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T16:20:58Z","timestamp":1774369258866,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3637654","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"35-48","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["X-Ray-TLS: Transparent Decryption of TLS Sessions by Extracting Session Keys from Memory"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-8989-4391","authenticated-orcid":false,"given":"Florent","family":"Moriconi","sequence":"first","affiliation":[{"name":"EURECOM, Biot, France"},{"name":"AMADEUS, Villeneuve-Loubet, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0558-5015","authenticated-orcid":false,"given":"Olivier","family":"Levillain","sequence":"additional","affiliation":[{"name":"Samovar, Evry, France"},{"name":"T\u00e9l\u00e9com SudParis, Evry, France"},{"name":"Institut Polytechnique de Paris, Palaiseau, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0584-8732","authenticated-orcid":false,"given":"Aur\u00e9lien","family":"Francillon","sequence":"additional","affiliation":[{"name":"EURECOM, Biot, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0457-1436","authenticated-orcid":false,"given":"Raphael","family":"Troncy","sequence":"additional","affiliation":[{"name":"EURECOM, Biot, France"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"Alessandrod. [n.d.]. Snuffy. https:\/\/github.com\/alessandrod\/snuffy Accessed on 12-08-2023."},{"key":"e_1_3_2_2_2_1","unstructured":"Alessandrod. 2020. Intercepting Zoom's encrypted data with BPF. https:\/\/confused.ai\/posts\/intercepting-zoom-tls-encryption-bpf-uprobes Accessed on 12-08-2023."},{"key":"e_1_3_2_2_3_1","unstructured":"MITMproxy's authors. [n.d.]. MITMproxy. https:\/\/mitmproxy.org\/ Accessed on 12-08-2023."},{"key":"e_1_3_2_2_4_1","unstructured":"Avast. [n.d.]. Avast. https:\/\/www.avast.com Accessed on 12-08-2023."},{"key":"e_1_3_2_2_5_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2010","author":"Balzarotti Davide","year":"2010","unstructured":"Davide Balzarotti, Marco Cova, Christoph Karlberger, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2010. Efficient Detection of Split Personalities in Malware. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February - 3rd March 2010. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2010\/efficient-detection-split-personalities-malware"},{"key":"e_1_3_2_2_6_1","volume-title":"Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies. https:\/\/medium.com\/@alex.birsan\/dependency-confusion-4a5d60fec610 Accessed on 06-02-2023.","author":"Birsan Alex","year":"2021","unstructured":"Alex Birsan. 2021. Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies. https:\/\/medium.com\/@alex.birsan\/dependency-confusion-4a5d60fec610 Accessed on 06-02-2023."},{"key":"e_1_3_2_2_7_1","unstructured":"Cloudflare. [n.d.]. Cloudflare Radar. https:\/\/radar.cloudflare.com\/adoption-and-usage Accessed on 12-08-2023."},{"key":"e_1_3_2_2_8_1","unstructured":"Alex Computer. 2014. How does Akamai's 'secure heap' patch to OpenSSL work? https:\/\/blog.nullspace.io\/akamai-ssl-patch.html Accessed on 12-08-2023."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516697"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"crossref","unstructured":"V. Dukhovni and W. Hardaker. 2015. The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance. RFC 7671. RFC Editor.","DOI":"10.17487\/RFC7671"},{"key":"e_1_3_2_2_12_1","volume-title":"The Security Impact of HTTPS Interception. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Durumeric Zakir","year":"2017","unstructured":"Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson. 2017. The Security Impact of HTTPS Interception. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/security-impact-https-interception\/"},{"key":"e_1_3_2_2_13_1","unstructured":"David Eade. 2020. Avast Antitrack does not check validity of end web server certificates. https:\/\/www.davideade.com\/2020\/03\/avast-antitrack.html"},{"key":"e_1_3_2_2_14_1","unstructured":"Pavel Emelyanov. [n. d.]. Checkpoint\/Restore In Userspace or CRIU. https:\/\/criu.org\/"},{"key":"e_1_3_2_2_15_1","unstructured":"Pavel Emelyanov. 2013. mm: Ability to monitor task memory changes (v3). https:\/\/lwn.net\/Articles\/546966\/ Accessed on 12-08-2023."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"crossref","unstructured":"C. Evans C. Palmer and R. Sleevi. 2015. Public Key Pinning Extension for HTTP. RFC 7469. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc7469.txt","DOI":"10.17487\/RFC7469"},{"key":"e_1_3_2_2_17_1","unstructured":"Github. [n. d.]. Github Copilot - Your AI pair programmer. https:\/\/github.com\/features\/copilot Accessed on 12-08-2023."},{"key":"e_1_3_2_2_18_1","unstructured":"Google. [n.d.]. Further improving digital certificate security. https:\/\/security.googleblog.com\/2013\/12\/further-improving-digital-certificate.html Accessed on 12-08-2023."},{"key":"e_1_3_2_2_19_1","unstructured":"Google. [n. d.]. Google Chrome Privacy Notice. https:\/\/www.google.com\/chrome\/privacy\/ Accessed on 12-08-2023."},{"key":"e_1_3_2_2_20_1","unstructured":"Google. 2022. HTTPS encryption on the web. https:\/\/transparencyreport.google.com\/https\/overview Accessed on 12-05-2023."},{"key":"e_1_3_2_2_21_1","unstructured":"Brendan Gregg. [n.d.]. Linux Load Averages: Solving the Mystery. https:\/\/www.brendangregg.com\/blog\/2017-08-08\/linux-load-averages.html Accessed on 12-08-2023."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2999572.2999603"},{"key":"e_1_3_2_2_23_1","unstructured":"Internet Engineering Task Force (IETF). 2018. The Transport Layer Security (TLS) Protocol Version 1.3. https:\/\/datatracker.ietf.org\/doc\/rfc8446\/ Accessed on 12-08-2023."},{"key":"e_1_3_2_2_24_1","unstructured":"Nubeva inc. [n. d.]. Nubeva Session Key Intercept Supported Signatures. https:\/\/docs.nubeva.com\/en\/latest\/files\/Signatures.html#linux Accessed on 12-08-2023."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9000"},{"key":"e_1_3_2_2_26_1","unstructured":"Masami Hiramatsu Jim Keniston Prasanna S Panchamukhi. [n. d.]. Kernel Probes (Kprobes). https:\/\/docs.kernel.org\/trace\/kprobes.html Accessed on 12-08-2023."},{"key":"e_1_3_2_2_27_1","unstructured":"Linux kernel's authors. [n.d.]. Kernel TLS offload. https:\/\/docs.kernel.org\/networking\/tls-offload.html Accessed on 12-08-2023."},{"key":"e_1_3_2_2_28_1","volume-title":"Characterizing the Security of Github CI Workflows. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Koishybayev Igibek","year":"2022","unstructured":"Igibek Koishybayev, Aleksandr Nahapetyan, Raima Zachariah, Siddharth Muralee, Bradley Reaves, Alexandros Kapravelos, and Aravind Machiry. 2022. Characterizing the Security of Github CI Workflows. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2747--2763. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/koishybayev"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179304"},{"key":"e_1_3_2_2_30_1","unstructured":"Casey Lee. [n. d.]. Run your GitHub Actions locally. https:\/\/github.com\/nektos\/act"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1357010.1352625"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW59333.2023.00025"},{"key":"e_1_3_2_2_33_1","unstructured":"Mozilla. [n. d.]. NSS Key Log Format. https:\/\/firefox-source-docs.mozilla.org\/security\/nss\/legacy\/key_log_format\/index.html Accessed on 12-08-2023."},{"key":"e_1_3_2_2_34_1","volume-title":"TRESOR Runs Encryption Securely Outside RAM. In 20th USENIX Security Symposium","author":"M\u00fcller Tilo","year":"2011","unstructured":"Tilo M\u00fcller, Felix C. Freiling, and Andreas Dewald. 2011. TRESOR Runs Encryption Securely Outside RAM. In 20th USENIX Security Symposium, San Francisco, CA, USA, August 8--12, 2011, Proceedings. USENIX Association. http:\/\/static.usenix.org\/events\/sec11\/tech\/full_papers\/Muller.pdf"},{"key":"e_1_3_2_2_35_1","unstructured":"Netskope. [n. d.]. Netskope. https:\/\/www.netskope.com\/ Accessed on 12-08-2023."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3409183"},{"key":"e_1_3_2_2_37_1","volume-title":"Kaspersky: Local CA root is incorrectly protected. https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=989 Accessed on 12-08-23.","author":"Ormandy Tavis","year":"2016","unstructured":"Tavis Ormandy. 2016. Kaspersky: Local CA root is incorrectly protected. https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=989 Accessed on 12-08-23."},{"key":"e_1_3_2_2_38_1","volume-title":"Kaspersky: SSL interception differentiates certificates with a 32bit hash. https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=978 Accessed on 12-08-2023.","author":"Ormandy Tavis","year":"2016","unstructured":"Tavis Ormandy. 2016. Kaspersky: SSL interception differentiates certificates with a 32bit hash. https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=978 Accessed on 12-08-2023."},{"key":"e_1_3_2_2_39_1","unstructured":"Chris Palmer. [n. d.]. Intent To Deprecate And Remove: Public Key Pinning. https:\/\/groups.google.com\/a\/chromium.org\/g\/blink-dev\/c\/he9tr7p3rZ8\/m\/eNMwKPmUBAAJ"},{"key":"e_1_3_2_2_40_1","unstructured":"IO Visor Project. [n. d.]. BPF Compiler Collection (BCC). https:\/\/github.com\/iovisor\/bcc Accessed on 12-08-2023."},{"key":"e_1_3_2_2_41_1","volume-title":"Computer Security - ESORICS","author":"Rasoamanana Aina Toky","year":"2022","unstructured":"Aina Toky Rasoamanana, Olivier Levillain, and Herv\u00e9 Debar. 2022. Towards a Systematic and Automatic Use of State Machine Inference to Uncover Security Flaws and Fingerprint TLS Stacks. In Computer Security - ESORICS 2022, Vijayalakshmi Atluri, Roberto Di Pietro, Christian D. Jensen, and Weizhi Meng (Eds.). Springer Nature Switzerland, Cham, 637--657."},{"key":"e_1_3_2_2_42_1","unstructured":"rclone's authors. [n. d.]. Rclone's source code - obscure.go. https:\/\/github.com\/rclone\/rclone\/blob\/313493d51b390d7f73f0780d15bf31698f2a919a\/fs\/config\/obscure\/obscure.go#L17 Accessed on 12-08-2023."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561453"},{"key":"e_1_3_2_2_44_1","unstructured":"sslmate. [n. d.]. Timeline of Certificate Authority Failures. https:\/\/sslmate.com\/resources\/certificate_authority_failures Accessed on 12-08-2023."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2018.04.013"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2016.01.014"},{"key":"e_1_3_2_2_47_1","unstructured":"Wikipedia. [n. d.]. Comparison of TLS implementations. https:\/\/en.wikipedia.org\/wiki\/Comparison_of_TLS_implementations Accessed on 12-08-2023."}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","location":"Singapore Singapore","acronym":"ASIA CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637654","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:06Z","timestamp":1750290246000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637654"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":46,"alternative-id":["10.1145\/3634737.3637654","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3637654","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}