skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Build It, Break It, Fix It: Contesting Secure Development
Award ID(s):
1801545
PAR ID:
10175918
Author(s) / Creator(s):
; ; ; ; ; ; ;
Date Published:
Journal Name:
ACM Transactions on Privacy and Security
Volume:
23
Issue:
2
ISSN:
2471-2566
Page Range / eLocation ID:
1 to 36
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, Journal of the American Statistical Association)
  2. (, USENIX Security Symposium)
    null (Ed.)
    Secure software development is a challenging task requiring consideration of many possible threats and mitigations.This paper investigates how and why programmers, despite a baseline of security experience, make security-relevant errors.To do this, we conducted an in-depth analysis of 94 submissions to a secure-programming contest designed to mimic real-world constraints: correctness, performance, and security.In addition to writing secure code, participants were asked to search for vulnerabilities in other teams’ programs; in total, teams submitted 866 exploits against the submissions we considered. Over an intensive six-month period, we used iterative open coding to manually, but systematically, characterize each submitted project and vulnerability (including vulnerabilities we identified ourselves). We labeled vulnerabilities by type, attacker control allowed, and ease of exploitation,and projects according to security implementation strategy.Several patterns emerged. For example, simple mistakes were least common: only 21% of projects introduced such an error.Conversely, vulnerabilities arising from a misunderstanding of security concepts were significantly more common, appearing in 78% of projects. Our results have implications for improving secure-programming APIs, API documentation,vulnerability-finding tools, and security education. 
    more » « less
  3. (, USENIX Security Symposium)
    Secure software development is a challenging task requiring consideration of many possible threats and mitigations. This paper investigates how and why programmers, despite a baseline of security experience, make security-relevant errors. To do this, we conducted an in-depth analysis of 94 submissions to a secure-programming contest designed to mimic real-world constraints: correctness, performance, and security. In addition to writing secure code, participants were asked to search for vulnerabilities in other teams’ programs; in total, teams submitted 866 exploits against the submissions we considered. Over an intensive six-month period, we used iterative open coding to manually, but systematically, characterize each submitted project and vulnerability (including vulnerabilities we identified ourselves). We labeled vulnerabilities by type, attacker control allowed, and ease of exploitation, and projects according to security implementation strategy. Several patterns emerged. For example, simple mistakes were least common: only 21% of projects introduced such an error. Conversely, vulnerabilities arising from a misunderstanding of security concepts were significantly more common, appearing in 78% of projects. Our results have implications for improving secure-programming APIs, API documentation, vulnerability-finding tools, and security education. 
    more » « less
  4. ; ; (, Zenodo)
    Releasing on Zenodo 
    more » « less
  5. ; ; ; (, Frontiers for Young Minds)
    You can print anything... or can you? 3D printing is an exciting new technology that promises to very quickly create anything people can design. Scientists who want to make soft robots, like Baymax from Big Hero 6TM, are excited about 3D printers. Our team uses 3D printing to make molds to produce soft robots. Molding is like using a muffin tin to make cupcakes. But can you make anything with 3D printing or are there times when 3D-printed molds do not work? Just like a cupcake liner, 3D-printed molds leave ridges, like a Ruffles potato chip, in soft robots. These ridges are a weak point where cracks can form, causing the robot to pop like a balloon. To prevent this, we sometimes need to make our robots using very smooth molds made from metal. This article talks about when and how 3D printing is useful in making soft robots. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email