Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Opaque Wrappers and Patching: Negative Results

Published

Author(s)

Paul E. Black, Monika Singh

Abstract

When a patch is released for buggy software, bad actors may be able to analyze the patch and create an attack on unpatched machines. A wrapper could block attacking inputs, but it, too, gives attackers critical information. An opaque wrapper hides such information if it can be implemented. Hashing and Bloom filters can only implement opaque wrappers in very special circumstances. We describe Zero-Knowledge Proofs, Fully Homomorphic Encryption, and Oblivious Transfer Protocols to show that they cannot help, either. Although we see no way to implement general opaque wrappers, we hope this idea spurs research.
Citation
Computer (IEEE Computer)
Volume
52
Issue
12

Keywords

Opaque wrapper, Bloom filter, information hiding, software patching, zero-day bugs, cybersecurity.

Citation

Black, P. and Singh, M. (2019), Opaque Wrappers and Patching: Negative Results, Computer (IEEE Computer), [online], https://doi.org/10.1109/MC.2019.2936071 (Accessed October 12, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created November 21, 2019, Updated May 4, 2021