Opaque Wrappers and Patching: Negative Results

Paul E. Black; Monika Singh

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Opaque Wrappers and Patching: Negative Results

Published

November 21, 2019

Author(s)

Paul E. Black, Monika Singh

Abstract

When a patch is released for buggy software, bad actors may be able to analyze the patch and create an attack on unpatched machines. A wrapper could block attacking inputs, but it, too, gives attackers critical information. An opaque wrapper hides such information if it can be implemented. Hashing and Bloom filters can only implement opaque wrappers in very special circumstances. We describe Zero-Knowledge Proofs, Fully Homomorphic Encryption, and Oblivious Transfer Protocols to show that they cannot help, either. Although we see no way to implement general opaque wrappers, we hope this idea spurs research.

Citation

Computer (IEEE Computer)

Volume

Issue

Pub Type

Journals

Download Paper

DOI Link

Keywords

Opaque wrapper, Bloom filter, information hiding, software patching, zero-day bugs, cybersecurity.

Software research and Cybersecurity

Citation

Black, P. and Singh, M. (2019), Opaque Wrappers and Patching: Negative Results, Computer (IEEE Computer), [online], https://doi.org/10.1109/MC.2019.2936071 (Accessed May 19, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created November 21, 2019, Updated May 4, 2021

Opaque Wrappers and Patching: Negative Results

Author(s)

Abstract

Download Paper

Keywords

Citation

Additional citation formats

Issues