Advances in Secure Coding and Cryptography

The field of secure coding and cryptography is moving towards addressing the challenges of adopting and implementing secure coding practices and cryptographic techniques. Researchers are investigating the usability and effectiveness of secret management tools, highlighting the need for improved documentation and support to help developers securely manage sensitive information. Another area of focus is the security of version control systems, with studies analyzing the prevalence of history alterations in public repositories and introducing tools to detect and describe such changes. The security of cryptographic protocols, including SSH client signatures and post-quantum cryptography schemes, is also being scrutinized, with researchers identifying vulnerabilities and proposing countermeasures. Noteworthy papers include:

  • Altered Histories in Version Control System Repositories, which introduces GitHistorian, a tool to spot and describe history alterations in public Git repositories.
  • SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework, which presents a software-only universal forgery attack on SLH-DSA, highlighting the need for implementation hardening or hardware defenses against Rowhammer.

Sources

Extended Version: It Should Be Easy but... New Users Experiences and Challenges with Secret Management Tools

Altered Histories in Version Control System Repositories: Evidence from the Trenches

On the Security of SSH Client Signatures

Hardened CTIDH: Dummy-Free and Deterministic CTIDH

A Fault Analysis on SNOVA

SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework

Built with on top of