English
Related papers

Related papers: Chaff Bugs: Deterring Attackers by Making Software…

200 papers

Software developers attempt to reproduce software bugs to understand their erroneous behaviours and to fix them. Unfortunately, they often fail to reproduce (or fix) them, which leads to faulty, unreliable software systems. However, to…

Software Engineering · Computer Science 2021-08-12 Mohammad Masudur Rahman , Foutse Khomh , Marco Castelluccio

Debuggers are a popular reverse engineering and tampering tool. Self-debugging is an effective technique for applications to defend themselves against hostile debuggers. In penetration tests on state-of-the-art self-debugging, we observed…

Cryptography and Security · Computer Science 2020-11-02 Bert Abrath , Bart Coppens , Ilja Nevolin , Bjorn De Sutter

In this paper, we take a deep dive into microarchitectural security from a hardware designer's perspective by reviewing the existing approaches to detect hardware vulnerabilities during the design phase. We show that a protection gap…

Static analysis is one of the most widely adopted techniques to find software bugs before code is put in production. Designing and implementing effective and efficient static analyses is difficult and requires high expertise, which results…

Software Engineering · Computer Science 2019-06-04 Andrew Habib , Michael Pradel

Bug reports are common artefacts in software development. They serve as the main channel for users to communicate to developers information about the issues that they encounter when using released versions of software programs. In the…

Software Engineering · Computer Science 2021-12-21 Arthur D. Sawadogo , Quentin Guimard , Tegawendé F. Bissyandé , Abdoul Kader Kaboré , Jacques Klein , Naouel Moha

The most important security benefit of software memory safety is easy to state: for C and C++ software, attackers can exploit most bugs and vulnerabilities to gain full, unfettered control of software behavior, whereas this is not true for…

Cryptography and Security · Computer Science 2025-03-28 Úlfar Erlingsson

Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency. However, by…

Cryptography and Security · Computer Science 2017-01-18 Rock Stevens , Octavian Suciu , Andrew Ruef , Sanghyun Hong , Michael Hicks , Tudor Dumitraş

Recently, bug-bounty programs have gained popularity and become a significant part of the security culture of many organizations. Bug-bounty programs enable organizations to enhance their security posture by harnessing the diverse expertise…

Cryptography and Security · Computer Science 2023-02-27 Soodeh Atefi , Amutheezan Sivagnanam , Afiya Ayman , Jens Grossklags , Aron Laszka

In software development, fixing bugs is an important task that is time consuming and cost-sensitive. While many approaches have been proposed to automatically detect and patch software code, the strategies are limited to a set of identified…

Software Engineering · Computer Science 2015-07-22 Tegawendé F. Bissyandé

Software vulnerabilities enable exploitation by malicious hackers, compromising systems and data security. This paper examines bug bounty programs (BBPs) that incentivize ethical hackers to discover and responsibly disclose vulnerabilities…

Cryptography and Security · Computer Science 2024-04-29 Esther Gal-Or , Muhammad Zia Hydari , Rahul Telang

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin

In recent years, technology has advanced considerably with the introduction of many systems including advanced robotics, big data analytics, cloud computing, machine learning and many more. The opportunities to exploit the yet to come…

Cryptography and Security · Computer Science 2023-11-21 Sam Wen Ping , Jeffrey Cheok Jun Wah , Lee Wen Jie , Jeremy Bong Yong Han , Saira Muzafar

Fuzzing is a popular vulnerability automated testing method utilized by professionals and broader community alike. However, despite its abilities, fuzzing is a time-consuming, computationally expensive process. This is problematic for the…

Software Engineering · Computer Science 2023-07-25 Michael Wang , Michael Robinson

Research in cybersecurity may seem reactive, specific, ephemeral, and indeed ineffective. Despite decades of innovation in defense, even the most critical software systems turn out to be vulnerable to attacks. Time and again. Offense and…

Cryptography and Security · Computer Science 2024-09-04 Marcel Böhme

With the increasingly rapid development of new malicious computer software by bad faith actors, both commercial and research-oriented antivirus detectors have come to make greater use of machine learning tactics to identify such malware as…

Cryptography and Security · Computer Science 2021-12-07 Hamish Spencer , Wei Wang , Ruoxi Sun , Minhui Xue

Researchers have developed numerous debugging approaches to help programmers in the debugging process, but these approaches are rarely used in practice. In this paper, we investigate how programmers debug their code and what researchers…

Software Engineering · Computer Science 2021-03-24 Thomas Hirsch , Birgit Hofer

Double-fetch bugs are a special type of race condition, where an unprivileged execution thread is able to change a memory location between the time-of-check and time-of-use of a privileged execution thread. If an unprivileged attacker…

Cryptography and Security · Computer Science 2017-11-06 Michael Schwarz , Daniel Gruss , Moritz Lipp , Clémentine Maurice , Thomas Schuster , Anders Fogh , Stefan Mangard

CPU caches introduce variations into the execution time of programs that can be exploited by adversaries to recover private information about users or cryptographic keys. Establishing the security of countermeasures against this threat…

Cryptography and Security · Computer Science 2017-05-12 Goran Doychev , Boris Köpf

Considerable effort in software research and practice is spent on bugs. Finding, reporting, tracking, triaging, attempting to fix them automatically, detecting "bug smells" -these comprise a substantial portion of large projects' time and…

Software Engineering · Computer Science 2024-02-14 David Gray Widder , Claire Le Goues

The exploit or the Proof of Concept of the vulnerability plays an important role in developing superior vulnerability repair techniques, as it can be used as an oracle to verify the correctness of the patches generated by the tools.…

‹ Prev 1 2 3 10 Next ›