English
Related papers

Related papers: Chaff Bugs: Deterring Attackers by Making Software…

200 papers

The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program…

Cryptography and Security · Computer Science 2018-06-13 Dokyung Song , Julian Lettner , Prabhu Rajasekaran , Yeoul Na , Stijn Volckaert , Per Larsen , Michael Franz

Software is everywhere, from mission critical systems such as industrial power stations, pacemakers and even household appliances. This growing dependence on technology and the increasing complexity software has serious security…

Cryptography and Security · Computer Science 2018-08-08 Teresa Nicole Brooks

We propose a novel approach to improving software security called Cryptographic Path Hardening, which is aimed at hiding security vulnerabilities in software from attackers through the use of provably secure and obfuscated cryptographic…

Software Engineering · Computer Science 2012-02-03 Vijay Ganesh , Michael Carbin , Martin Rinard

As bug-finding methods improve, bug-fixing capabilities are exceeded, resulting in an accumulation of potential vulnerabilities. There is thus a need for efficient and precise bug prioritization based on exploitability. In this work, we…

Cryptography and Security · Computer Science 2025-04-02 Guilhem Lacombe , Sébastien Bardin

Choice architecture describes the design by which choices are presented to people. Nudges are an aspect intended to make "good" outcomes easy, such as using password meters to encourage strong passwords. Sludge, on the contrary, is friction…

Cryptography and Security · Computer Science 2022-12-01 Josiah Dykstra , Kelly Shortridge , Jamie Met , Douglas Hough

Determining whether a configurable software system has a performance bug or it was misconfigured is often challenging. While there are numerous debugging techniques that can support developers in this task, there is limited empirical…

Software Engineering · Computer Science 2022-03-22 Miguel Velez , Pooyan Jamshidi , Norbert Siegmund , Sven Apel , Christian Kästner

The continuous increase in malware samples, both in sophistication and number, presents many challenges for organizations and analysts, who must cope with thousands of new heterogeneous samples daily. This requires robust methods to quickly…

Cryptography and Security · Computer Science 2025-03-26 Theodoros Apostolopoulos , Vasilios Koutsokostas , Nikolaos Totosis , Constantinos Patsakis , Georgios Smaragdakis

Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an…

Cryptography and Security · Computer Science 2024-05-03 Peter Mell , Irena Bojanova , Carlos Galhardo

Programmers often use an iterative process of hypothesis generation ("perhaps this function is called twice?") and hypothesis testing ("let's count how many times this breakpoint fires") to understand the behavior of unfamiliar or…

Programming Languages · Computer Science 2026-04-14 Shardul Chiplunkar , Clément Pit-Claudel

For a number of years, many websites have used CAPTCHAs to filter out interactions by bots. However, attackers have found ways to circumvent CAPTCHAs by programming bots to solve or bypass them, or even relay them for humans to solve. In…

Cryptography and Security · Computer Science 2017-04-11 Nasser Mohammed Al-Fannah

Software bugs cost the global economy billions of dollars each year and take up ~50% of the development time. Once a bug is reported, the assigned developer attempts to identify and understand the source code responsible for the bug and…

Software Engineering · Computer Science 2023-08-24 Parvez Mahbub , Mohammad Masudur Rahman , Ohiduzzaman Shuvo , Avinash Gopal

Fuzzing is utilized for testing software and systems for cybersecurity risk via the automated adaptation of inputs. It facilitates the identification of software bugs and misconfigurations that may create vulnerabilities, cause abnormal…

Cryptography and Security · Computer Science 2023-06-08 Jack Hance , Jeremy Straub

Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used…

Cryptography and Security · Computer Science 2017-10-18 Gaurav Misra , Nalin Asanka Gamagedara Arachchilage , Shlomo Berkovsky

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of…

Software Engineering · Computer Science 2021-02-23 Tiago Espinha Gasiba , Samra Hodzic , Ulrike Lechner , Maria Pinto-Albuquerque

In cybersecurity, attackers range from brash, unsophisticated script kiddies and cybercriminals to stealthy, patient advanced persistent threats. When modeling these attackers, we can observe that they demonstrate different risk-seeking and…

Cryptography and Security · Computer Science 2021-09-27 Erick Galinkin , John Carter , Spiros Mancoridis

The internet landscape is growing and at the same time becoming more heterogeneous. Services are performed via computers and networks, critical data is stored digitally. This enables freedom for the user, and flexibility for operators. Data…

Cryptography and Security · Computer Science 2020-12-17 Simon D Duque Anton , Daniel Fraunholz , Daniel Schneider

Malware are becoming a major problem to every individual and organization in the cyber world. They are advancing in sophistication in many ways. Besides their advanced abilities to penetrate and stay evasive against detection and…

Cryptography and Security · Computer Science 2018-01-09 Jonathan Pan

We propose a framework for cyber risk assessment and mitigation which models attackers as formal planners and defenders as interdicting such plans. We illustrate the value of plan interdiction problems by first modeling network cyber risk…

Cryptography and Security · Computer Science 2018-11-16 Yevgeniy Vorobeychik , Michael Pritchard

Malware classifiers are subject to training-time exploitation due to the need to regularly retrain using samples collected from the wild. Recent work has demonstrated the feasibility of backdoor attacks against malware classifiers, and yet…

Cryptography and Security · Computer Science 2022-02-14 Limin Yang , Zhi Chen , Jacopo Cortellazzi , Feargus Pendlebury , Kevin Tu , Fabio Pierazzi , Lorenzo Cavallaro , Gang Wang

Pointers are a powerful, but dangerous feature provided by the C and C++ programming languages, and incorrect use of pointers is a common source of bugs and security vulnerabilities. Making secure software is crucial, as vulnerabilities…

Formal Languages and Automata Theory · Computer Science 2024-11-01 Vlad-Alexandru Teodorescu , Dorel Lucanu