Maxwell Bland scite author profile

Maxwell Bland

5Publications

10Citation Statements Received

32Citation Statements Given

How they've been cited

How they cite others

Affiliations

University of Illinois Urbana-Champaign, University of California, San Diego

Publications

Order By: Most citations

Lazy counterfactual symbolic execution

Hallahan

Xue

Bland

et al. 2019

View full text Add to dashboard Cite

We present counterfactual symbolic execution, a new approach that produces counterexamples that localize the causes of failure of static verification. First, we develop a notion of symbolic weak head normal form and use it to define lazy symbolic execution reduction rules for non-strict languages like Haskell. Second, we introduce counterfactual branching, a new method to identify places where verification fails due to imprecise specifications (as opposed to incorrect code). Third, we show how to use counterfactual symbolic execution to localize refinement type errors, by translating refinement types into assertions. We implement our approach in a new Haskell symbolic execution engine, G2, and evaluate it on a corpus of 7550 errors gathered from users of the LiquidHaskell refinement type system. We show that for 97.7% of these errors, G2 is able to quickly find counterexamples that show how the code or specifications must be fixed to enable verification. CCS Concepts • Theory of computation → Abstraction; • Computing methodologies → Symbolic and algebraic manipulation.

show abstract

Hacking Health Level 7 Protocol: a man-in-the-middle proof of concept attack (Preprint)

Bland¹,

Goebel²,

Tully³

et al. 2020

Preprint

View full text Add to dashboard Cite

UNSTRUCTURED Health Level 7 (HL7) is a ubiquitous protocol in healthcare infrastructure, used to interface a variety of systems. HL7 lacks encryption at the level of the protocol, and is thus vulnerable to attacks that modify message contents. We describe a sophisticated man-in-the-middle attack that injects misinformation into clinical workflow that can cause patient harm.

show abstract

SmartNIC Performance Isolation with FairNIC

Grant

Yelam

Bland

et al. 2020

View full text Add to dashboard Cite

Story Beyond the Eye: Glyph Positions Break PDF Text Redaction

Bland

Iyer

Levchenko

2023

PoPETs

View full text Add to dashboard Cite

In this work we find that many current redactions of PDF text are insecure due to non-redacted character positioning information. In particular, subpixel-sized horizontal shifts in redacted and non-redacted characters can be recovered and used to effectively deredact first and last names. Unfortunately these findings affect redactions where the text underneath the black box is removed from the PDF. We demonstrate these findings by performing a comprehensive vulnerability assessment of common PDF redaction types. We examine 11 popular PDF redaction tools, including Adobe Acrobat, and find that they leak information about redacted text. We also effectively deredact hundreds of real-world PDF redactions, including those found in OIG investigation reports and FOIA responses. To correct the problem, we have released open source algorithms to fix vulnerable redactions and reduce the amount of information leaked by nonexcising redactions (where the text underneath the redaction is copy-pastable). We have also notified the developers of the studied redaction tools. We have notified the Office of Inspector General, the Free Law Project, PACER, Adobe, Microsoft, and the US Department of Justice. We are working with several of these groups to prevent our discoveries from being used for malicious purposes.

show abstract

G2

Hallahan¹,

Xue²,

Bland³

et al. 2019

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Maxwell Bland

Lazy counterfactual symbolic execution

Hacking Health Level 7 Protocol: a man-in-the-middle proof of concept attack (Preprint)

SmartNIC Performance Isolation with FairNIC

Story Beyond the Eye: Glyph Positions Break PDF Text Redaction

G2

Contact Info

Product

Resources

About