English
Related papers

Related papers: Enforcing Secure Object Initialization in Java

200 papers

Modern software development reuses code by importing libraries as dependencies. Software projects typically include an average of 36 dependencies, with 80% being transitive, meaning they are dependencies of dependencies. Recent research…

Software Engineering · Computer Science 2025-10-24 Jonas Klauke , Tom Ohlmer , Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Eric Bodden

Android is nowadays the most popular operating system in the world, not only in the realm of mobile devices, but also when considering desktop and laptop computers. Such a popularity makes it an attractive target for security attacks, also…

Iteration is a programming operation that traditionally refers to visiting the elements of a data structure in sequence. However, modern programming systems such as Rust, Java, and C# generalise iteration far beyond the traditional use…

Logic in Computer Science · Computer Science 2022-10-19 Aurel Bílý , Jonas Hansen , Peter Müller , Alexander J. Summers

Security verification of communication protocols in industrial and safety-critical systems is challenging because implementations are often proprietary, accessible only as black boxes, and too complex for manual modeling. As a result,…

Cryptography and Security · Computer Science 2026-03-02 Stefan Marksteiner , Mikael Sjödin , Marjan Sirjani

Previous work has shown that early resolution of issues detected by static code analyzers can prevent major costs later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to…

Existing program verifiers can prove advanced properties about security protocol implementations, but are difficult to scale to large codebases because of the manual effort required. We develop a novel methodology called *Diodon* that…

Cryptography and Security · Computer Science 2025-11-20 Linard Arquint , Samarth Kishor , Jason R. Koenig , Joey Dodds , Daniel Kroening , Peter Müller

Object-oriented programming laws have been proposed in the context of languages that are not combined with a behavioral interface specification language (BISL). The strong dependence between source-code and interface specifications may…

Logic in Computer Science · Computer Science 2010-04-08 Gabriel Falconieri Freitas , Márcio Cornélio , Tiago Massoni , Rohit Gheyi

Our lives become increasingly dependent on safety- and security-critical systems, so formal techniques are advocated for engineering such systems. One of such techniques is validation obligations that enable formalizing requirements early…

Logic in Computer Science · Computer Science 2022-07-08 Sebastian Stock , Atif Mashkoor , Alexander Egyed

The recent release of Solidity 0.5 introduced a new type to prevent Ether transfers to smart contracts that are not supposed to receive money. Unfortunately, the compiler fails in enforcing the guarantees this type intended to convey, hence…

Programming Languages · Computer Science 2019-07-08 Silvia Crafa , Matteo Di Pirro

Software security is of utmost importance for most software systems. Developers must systematically select, plan, design, implement, and especially, maintain and evolve security features -- functionalities to mitigate attacks or protect…

Software Engineering · Computer Science 2025-09-30 Kevin Hermann , Sven Peldszus , Jan-Philipp Steghöfer , Thorsten Berger

Formal methods provide systematic and rigorous techniques for software development. We strongly believe that they must be taught in computer science curricula. In this paper we present the pedagogic rationale and the concrete implementation…

Logic in Computer Science · Computer Science 2021-11-17 Salwa Souaf , Frédéric Loulergue

Finding and fixing bugs are time-consuming activities in software development. Spectrum-based fault localization aims to identify the faulty position in source code based on the execution trace of test cases. Failing test cases and their…

Software Engineering · Computer Science 2018-07-06 Jifeng Xuan , Martin Monperrus

Information flow type systems enforce the security property of noninterference by detecting unauthorized data flows at compile-time. However, they require precise type annotations, making them difficult to use in practice as much of the…

Programming Languages · Computer Science 2021-02-10 Abhishek Bichhawat , McKenna McCall , Limin Jia

Often, security is considered in an advanced stage of the implementation of a system, rather than integrating it into the system design. This leads to less secure systems, as the security mechanisms are only applied as an afterthought and…

Cryptography and Security · Computer Science 2014-08-13 Michael Tänzer

Developing automated and smart software vulnerability detection models has been receiving great attention from both research and development communities. One of the biggest challenges in this area is the lack of code samples for all…

Software Engineering · Computer Science 2023-03-14 Khadija Hanifi , Ramin F Fouladi , Basak Gencer Unsalver , Goksu Karadag

As an alternative to Java, Kotlin has gained rapid popularity since its introduction and has become the default choice for developing Android apps. However, due to its interoperability with Java, Kotlin programs may contain almost the same…

Programming Languages · Computer Science 2022-08-01 Ranjith Krishnamurthy , Goran Piskachev , Eric Bodden

Automated tests play an important role in software evolution because they can rapidly detect faults introduced during changes. In practice, code-coverage metrics are often used as criteria to evaluate the effectiveness of test suites with…

Software Engineering · Computer Science 2016-11-23 Rainer Niedermayr , Elmar Juergens , Stefan Wagner

Numeric truncation is a widely spread error in software written in languages with static data typing, such as C/C++ or Java. It occurs when the significant bits of the value with a bigger type size are truncated during value conversion to…

Cryptography and Security · Computer Science 2024-05-06 Timofey Mezhuev , Ilay Kobrin , Alexey Vishnyakov , Daniil Kuts

The Java virtual machine and the .NET common language runtime feature an access control mechanism specified operationally in terms of run-time stack inspection. We give a denotational semantics in "eager" form, and show that it is…

Programming Languages · Computer Science 2013-09-23 Anindya Banerjee , David A. Naumann

Ensuring the correctness of distributed system implementations remains a challenging and largely unaddressed problem. In this paper we present a protocol that can be used to certify the safety of consensus implementations. Our proposed…

Distributed, Parallel, and Cluster Computing · Computer Science 2019-03-11 Aurojit Panda