English
Related papers

Related papers: Build It, Break It, Fix It: Contesting Secure Deve…

200 papers

Typical security contests focus on breaking or mitigating the impact of buggy systems. We present the Build-it Break-it Fix-it BIBIFI contest which aims to assess the ability to securely build software not just break it. In BIBIFI teams…

Cryptography and Security · Computer Science 2018-08-31 Andrew Ruef , Michael Hicks , James Parker , Dave Levin , Michelle L. Mazurek , Piotr Mardziel

We consider repair tasks: given a critic (e.g., compiler) that assesses the quality of an input, the goal is to train a fixer that converts a bad example (e.g., code with syntax errors) into a good one (e.g., code with no syntax errors).…

Machine Learning · Computer Science 2021-06-23 Michihiro Yasunaga , Percy Liang

The correctness of complex software depends on the correctness of both the source code and the compilers that generate corresponding binary code. Compilers must do more than preserve the semantics of a single source file: they must ensure…

Programming Languages · Computer Science 2024-09-04 Luke Geeson , James Brotherston , Wilco Dijkstra , Alastair F. Donaldson , Lee Smith , Tyler Sorensen , John Wickerson

According to a recent survey with more than 4000 software developers, less than half of developers can spot security holes. As a result, software products present a low-security quality expressed by vulnerabilities that can be exploited by…

Software Engineering · Computer Science 2021-01-07 Tiago Espinha Gasiba , Ulrike Lechner , Maria Pinto-Albuquerque , Alae Zouitni

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of…

Software Engineering · Computer Science 2021-02-23 Tiago Espinha Gasiba , Samra Hodzic , Ulrike Lechner , Maria Pinto-Albuquerque

Build verifiability refers to the property that the build of a software system can be verified by independent third parties and it is crucial for the trustworthiness of a software system. Various efforts towards build verifiability have…

Software Engineering · Computer Science 2022-02-15 Jiawen Xiong , Yong Shi , Boyuan Chen , Filipe R. Cogo , Zhen Ming , Jiang

In this paper, we take a deep dive into microarchitectural security from a hardware designer's perspective by reviewing the existing approaches to detect hardware vulnerabilities during the design phase. We show that a protection gap…

A Bug Inducing Commit (BIC) is a code change that introduces a bug into the codebase. Although the abnormal or unexpected behavior caused by the bug may not manifest immediately, it will eventually lead to program failures further down the…

Software Engineering · Computer Science 2025-02-20 Gabin An , Jinsu Choi , Jingun Hong , Naryeong Kim , Shin Yoo

Unsafe Rust code is necessary for interoperability with C/C++ libraries and implementing low-level data structures, but it can cause memory safety violations in otherwise memory-safe Rust programs. Sanitizers can catch such memory errors at…

Programming Languages · Computer Science 2025-10-24 Oliver Braunsdorf , Tim Lange , Konrad Hohentanner , Julian Horsch , Johannes Kinder

Continuous Integration (CI) implies that a whole developer team works together on the mainline of a software project. CI systems automate the builds of a software. Sometimes a developer checks in code, which breaks the build. A broken build…

Software Engineering · Computer Science 2017-03-30 Klérisson V. R. Paixão , Crícia Z. Felício , Fernanda M. Delfim , Marcelo de A. Maia

Atomicity violation is one of the most serious types of bugs in concurrent programs. Synchronizations are commonly used to enforce atomicity. However, it is very challenging to place synchronizations correctly and sufficiently due to…

Software Engineering · Computer Science 2025-04-24 Zhuang Li , Qiuping Yi , Jeff Huang

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the…

Cryptography and Security · Computer Science 2019-11-26 Nathan Burow , Scott A. Carr , Joseph Nash , Per Larsen , Michael Franz , Stefan Brunthaler , Mathias Payer

Large language models can generate useful code from natural language, but their outputs come without correctness guarantees. Verifiable code generation offers a path beyond testing by requiring models to produce not only executable code,…

Software Engineering · Computer Science 2026-05-12 Zichen Xie , Mrigank Pawagi , Yuxin Liu , Aaditi Rai , Lize Shao , John Berberian , Sicong Che , Wenxi Wang

Software is used in critical applications in our day-to-day life and it is important to ensure its correctness. One popular approach to assess correctness is to evaluate software on tests. If a test fails, it indicates a fault in the…

Software Engineering · Computer Science 2025-04-01 Max Hort , Leon Moonen

To broaden participation, competitive programming contests may include beginner-level problems that do not require knowledge of advanced Computer Science concepts (e.g., algorithms and data structures). However, since most participants have…

Computers and Society · Computer Science 2024-05-27 Mrigank Pawagi , Viraj Kumar

When Computer Science (CS) students try to use or extend open-source software (OSS) projects, they often encounter the common challenge of OSS failing to build on their local machines. Even though OSS often provides ready-to-build packages,…

Software Engineering · Computer Science 2025-02-25 Sunzhou Huang , Na Meng , Xueqing Liu , Xiaoyin Wang

The open-source Helix++ project improves the security posture of computing platforms by applying cutting-edge cybersecurity techniques to diversify and harden software automatically. A distinguishing feature of Helix++ is that it does not…

Cryptography and Security · Computer Science 2023-04-12 Jack W. Davidson , Jason D. Hiser , Anh Nguyen-Tuong

The most important security benefit of software memory safety is easy to state: for C and C++ software, attackers can exploit most bugs and vulnerabilities to gain full, unfettered control of software behavior, whereas this is not true for…

Cryptography and Security · Computer Science 2025-03-28 Úlfar Erlingsson

Security is a requirement of utmost importance to produce high-quality software. However, there is still a considerable amount of vulnerabilities being discovered and fixed almost weekly. We hypothesize that developers affect the…

Software Engineering · Computer Science 2021-09-14 Sofia Reis , Rui Abreu , Luis Cruz

The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program…

Cryptography and Security · Computer Science 2018-06-13 Dokyung Song , Julian Lettner , Prabhu Rajasekaran , Yeoul Na , Stijn Volckaert , Per Larsen , Michael Franz
‹ Prev 1 2 3 10 Next ›