{"id":"https://openalex.org/W2672575173","doi":"https://doi.org/10.1109/sp.2017.46","title":"HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL/TLS Implementations","display_name":"HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL/TLS Implementations","publication_year":2017,"publication_date":"2017-05-01","ids":{"openalex":"https://openalex.org/W2672575173","doi":"https://doi.org/10.1109/sp.2017.46","mag":"2672575173"},"language":"en","primary_location":{"id":"doi:10.1109/sp.2017.46","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp.2017.46","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078080329","display_name":"Suphannee Sivakorn","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Suphannee Sivakorn","raw_affiliation_strings":["Department of Computer Science, Columbia University, New York, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Columbia University, New York, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085271339","display_name":"George Argyros","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"George Argyros","raw_affiliation_strings":["Department of Computer Science, Columbia University, New York, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Columbia University, New York, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007048525","display_name":"Kexin Pei","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kexin Pei","raw_affiliation_strings":["Department of Computer Science, Columbia University, New York, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Columbia University, New York, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023057383","display_name":"Angelos D. Keromytis","orcid":"https://orcid.org/0000-0003-3815-5932"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Angelos D. Keromytis","raw_affiliation_strings":["Department of Computer Science, Columbia University, New York, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Columbia University, New York, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016425387","display_name":"Suman Jana","orcid":"https://orcid.org/0000-0002-9850-2169"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Suman Jana","raw_affiliation_strings":["Department of Computer Science, Columbia University, New York, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Columbia University, New York, USA","institution_ids":["https://openalex.org/I78577930"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I78577930"],"apc_list":null,"apc_paid":null,"fwci":12.2546,"has_fulltext":false,"cited_by_count":73,"citation_normalized_percentile":{"value":0.98771895,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"521","last_page":"538"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12072","display_name":"Machine Learning and Algorithms","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9933000206947327,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8376554846763611},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.562605082988739},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.5465242862701416},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.38314780592918396},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.35873886942863464},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.29958605766296387},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.23537999391555786}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8376554846763611},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.562605082988739},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.5465242862701416},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.38314780592918396},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.35873886942863464},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.29958605766296387},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.23537999391555786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp.2017.46","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp.2017.46","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","score":0.4300000071525574,"display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W122693075","https://openalex.org/W1517949462","https://openalex.org/W1520252399","https://openalex.org/W1560720671","https://openalex.org/W1587497712","https://openalex.org/W1769343819","https://openalex.org/W1802141165","https://openalex.org/W1809974132","https://openalex.org/W1926951188","https://openalex.org/W1938383858","https://openalex.org/W1972505764","https://openalex.org/W1976919795","https://openalex.org/W1989445634","https://openalex.org/W1994584977","https://openalex.org/W2039529128","https://openalex.org/W2054426341","https://openalex.org/W2103370348","https://openalex.org/W2105394284","https://openalex.org/W2137837392","https://openalex.org/W2145994642","https://openalex.org/W2146752727","https://openalex.org/W2163005041","https://openalex.org/W2500302530","https://openalex.org/W2532335977","https://openalex.org/W2533393700","https://openalex.org/W6633554152","https://openalex.org/W6638340054","https://openalex.org/W6638489149"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2336008669","https://openalex.org/W2952321600","https://openalex.org/W2376932109","https://openalex.org/W2058269521","https://openalex.org/W1452942402","https://openalex.org/W2382290278"],"abstract_inverted_index":{"SSL/TLS":[0,17,37,124,282],"is":[1,41,76,129,198,236],"the":[2,22,26,32,36,46,52,59,62,67,71,83,161,182,189,206,214,228,238,264,273,317,329,333,347],"most":[3],"commonly":[4],"deployed":[5],"family":[6],"of":[7,16,25,35,45,61,66,85,139,184,191,280,291,328,339],"protocols":[8],"for":[9,122,200,208,241],"securing":[10],"network":[11],"communications.":[12],"The":[13,230],"security":[14],"guarantees":[15],"are":[18,342],"critically":[19],"dependent":[20],"on":[21,131,304],"correct":[23],"validation":[24,48],"X.509":[27,72],"server":[28,63],"certificates":[29,143],"presented":[30],"during":[31],"handshake":[33],"stage":[34],"protocol.":[38],"Hostname":[39,74],"verification":[40,75,105,126,275,336],"a":[42,77,108,117,137,145,151,175,192,196,201,242,247,278,288],"critical":[43,343],"component":[44],"certificate":[47,140,166,202,244],"process":[49,80],"that":[50,180,187,237,262,300],"verifies":[51],"remote":[53],"server's":[54],"identity":[55],"by":[56,210,221,321],"checking":[57,222],"if":[58],"hostname":[60,104,125,274,335],"matches":[64],"any":[65],"names":[68],"present":[69,107,115],"in":[70,154,277,287,332],"certificate.":[73,194],"highly":[78],"complex":[79],"due":[81],"to":[82,150,156,173,257,271,351],"presence":[84],"numerous":[86],"features":[87],"and":[88,99,284,296,344],"corner":[89],"cases":[90],"such":[91],"as":[92],"wildcards,":[93],"IP":[94],"addresses,":[95],"international":[96],"domain":[97],"names,":[98],"so":[100],"forth.":[101],"Therefore,":[102,250],"testing":[103,120],"implementations":[106,219,276,349],"challenging":[109],"task.":[110],"In":[111],"this":[112],"paper,":[113],"we":[114,251,323],"HVLearn,":[116,322],"novel":[118],"black-box":[119],"framework":[121],"analyzing":[123],"implementations,":[127],"which":[128],"based":[130],"automata":[132,170,254],"learning":[133,171,255],"algorithms.":[134],"HVLearn":[135,168,204,270,301],"utilizes":[136],"number":[138,279],"templates,":[141],"i.e.,":[142],"with":[144,213],"common":[146],"name":[147],"(CN)":[148],"set":[149,183,290],"specific":[152],"pattern,":[153],"order":[155],"test":[157],"different":[158],"rules":[159,225],"from":[160,217,227],"corresponding":[162,265],"specification.":[163,229],"For":[164],"each":[165],"template,":[167,203],"uses":[169],"algorithms":[172],"infer":[174,259],"Deterministic":[176],"Finite":[177],"Automaton":[178],"(DFA)":[179],"describes":[181],"all":[185],"hostnames":[186,240],"match":[188],"CN":[190],"given":[193,243],"Once":[195],"model":[197,207],"inferred":[199,215,320],"checks":[205],"bugs":[209],"finding":[211],"discrepancies":[212],"models":[216,261,319],"other":[218],"or":[220],"against":[223],"regular-expression-based":[224],"derived":[226],"key":[231],"insight":[232],"behind":[233],"our":[234],"approach":[235],"acceptable":[239],"template":[245],"form":[246],"regular":[248,266],"language.":[249,267],"can":[252,302,345],"leverage":[253],"techniques":[256],"efficiently":[258],"DFA":[260,318],"accept":[263],"We":[268,298],"use":[269],"analyze":[272],"popular":[281],"libraries":[283],"applications":[285],"written":[286],"diverse":[289],"languages":[292],"like":[293],"C,":[294],"Python,":[295],"Java.":[297],"demonstrate":[299],"achieve":[303],"average":[305],"11.21%":[306],"higher":[307],"code":[308],"coverage":[309],"than":[310],"existing":[311],"black/gray-box":[312],"fuzzing":[313],"techniques.":[314],"By":[315],"comparing":[316],"found":[324],"8":[325],"unique":[326],"violations":[327,341],"RFC":[330],"specifications":[331],"tested":[334],"implementations.":[337],"Several":[338],"these":[340],"render":[346],"affected":[348],"vulnerable":[350],"active":[352],"man-in-the-middle":[353],"attacks.":[354]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":11},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":11},{"year":2018,"cited_by_count":12},{"year":2017,"cited_by_count":5}],"updated_date":"2026-07-01T08:55:40.977307","created_date":"2025-10-10T00:00:00"}
