Tanya Sharma

Sarika Mishra, Ayan Biswas, Satyajeet Patil et al.

Free space quantum communication assumes importance as it is a precursor for satellite-based quantum communication needed for secure key distribution over longer distances. Prepare and measure protocols like BB84 consider the satellite as a trusted device, which is fraught with security threat looking at the current trend for satellite-based optical communication. Therefore, entanglement-based protocols must be preferred, so that one can consider the satellite as an untrusted device too. The current work reports the implementation of BBM92 protocol, an entanglement-based QKD protocol over 200 m distance using an indigenous facility developed at Physical Research Laboratory (PRL), Ahmedabad, India. Our results show the effect of atmospheric aerosols on sift key rate, and eventually, secure key rate. Such experiments are important to validate the models to account for the atmospheric effects on the key rates achieved through satellite-based QKD.

Raveendra Kumar Medicherla, Malathy Nagalakshmi, Tanya Sharma et al.

Buffer-overruns are a prevalent vulnerability in software libraries and applications. Fuzz testing is one of the effective techniques to detect vulnerabilities in general. Greybox fuzzers such as AFL automatically generate a sequence of test inputs for a given program using a fitness-guided search process. A recently proposed approach in the literature introduced a buffer-overrun specific fitness metric called "headroom", which tracks how close each generated test input comes to exposing the vulnerabilities. That approach showed good initial promise, but is somewhat imprecise and expensive due to its reliance on conservative points-to analysis. Inspired by the approach above, in this paper we propose a new ground-up approach for detecting buffer-overrun vulnerabilities. This approach uses an extended version of ASAN (Address Sanitizer) that runs in parallel with the fuzzer, and reports back to the fuzzer test inputs that happen to come closer to exposing buffer-overrun vulnerabilities. The ASAN-style instrumentation is precise as it has no dependence on points-to analysis. We describe in this paper our approach, as well as an implementation and evaluation of the approach.