Abstract
A flaw was found in the Open SSL cryptography library in April 2014, known as the Heartbleed vulnerability that was implemented in the Transport Layer Security and Secure Socket Layer Protocols. This bug allowed the attacker to steal sensitive data from the victim’s memory servers. This vulnerability was present on many web servers and major sites, including Yahoo. Many servers could have a significant loss due to this. This research paper has discussed the Heartbleed vulnerability and proposed one solution to fix this for developer security. The Objective is to find a programmatic solution for heartbleed vulnerability to prevent the victim from losses. This proposed work has a major impact on authenticity and security while using open-source projects. This research paper will present a coding way of checking payload length before transferring the data to fix this bug.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Heartbleed Keeps Flowing - Open Source Security Melissa Iori (miori01)
Sachdeva, S., Mchome, S., Bhalla, S.: Web services security issues in healthcare applications. In: 2010 IEEE/ACIS 9th International Conference on Computer and Information Science, Yamagata, Japan, pp. 91–96. IEEE (2010). https://doi.org/10.1109/ICIS.2010.134
Sachdeva, S., Batra, S., Bhalla, S.: Evolving large scale healthcare applications using open standards. Health Policy Technol. 6, 410–425 (2017). https://doi.org/10.1016/j.hlpt.2017.10.001
Bug, T.H.: The heartbleed bug (2021)
Yapri, J., Hananto, R.: Leak in OpenSSL. Department of Information Technology, Swiss German University, Tangerang 15143, Indonesia
Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488 (2014)
Jain, L., Katarya, R., Sachdeva, S.: Opinion leader detection using whale optimization algorithm in online social network. Expert Syst. Appl. 142, 113016 (2020). https://doi.org/10.1016/j.eswa.2019.113016
Banks, J.: The Heartbleed bug: Insecurity repackaged, rebranded and resold. Crime Media Cult. 11(3), 259–279 (2015)
Kyatam, S., Alhayajneh, A., Hayajneh, T.: Heartbleed attacks implementation and vulnerability. In: 2017 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp. 1–6. IEEE (2017)
Carvalho, M., DeMott, J., Ford, R., Wheeler, D.A.: Heartbleed 101. IEEE Secur. Priv. 12(4), 63–67 (2014)
A technical view of theOpenSSL ‘Heartbleed’vulnerability A look at the memory leak in the OpenSSL Heartbeat implementation Bipin Chandra
Wheeler, D.A.: Preventing heartbleed. Computer 47(8), 80–83 (2014). https://doi.org/10.1109/MC.2014.217
Wang, J., et al.: Risk assessment of buffer “Heartbleed” overtead vulnerabilities. In: 2015 45th Annual IEEE IFIP International Conference on Dependable Systems and Networks. IEEE (2015)
Ghafoor, I., Jattala, I., Durrani, S., Tahir, C.M.: Analysis of OpenSSL heartbleed vulnerability for embedded systems. In: 17th IEEE International MultiTopic Conference 2014, pp. 314–319 (2014)
Carvalho, M., DeMott, J., Ford, R., Wheeler, D.A.: Heartbleed 101. IEEE Security Privacy 12(4), 63–67 (2014)
Wheeler, D.A.: How to Prevent the next Heartbleed, 2020-07-18 (originally 2014-04-29)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chugh, U., Chugh, A., Agarwal, P., Singh, S.P. (2023). A Programmatic Solution to Stop Heartbleed Bug Attack. In: Sachdeva, S., Watanobe, Y., Bhalla, S. (eds) Big Data Analytics in Astronomy, Science, and Engineering. BDA 2022. Lecture Notes in Computer Science, vol 13830. Springer, Cham. https://doi.org/10.1007/978-3-031-28350-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-28350-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28349-9
Online ISBN: 978-3-031-28350-5
eBook Packages: Computer ScienceComputer Science (R0)