English
Related papers

Related papers: SNITCH: Dynamic Dependent Information Flow Analysi…

200 papers

Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this…

Cryptography and Security · Computer Science 2014-01-22 Abhishek Bichhawat , Vineet Rajani , Deepak Garg , Christian Hammer

With the increasing adoption of Continuous Integration and Continuous Deployment pipelines, securing software supply chains has become a critical challenge for modern DevOps teams. This study addresses these challenges by applying a…

Software Engineering · Computer Science 2025-06-10 Sowmiya Dhandapani

Secure software architecture is increasingly important in a data-driven world. When security is neglected sensitive information might leak through unauthorized access. To mitigate this software architects needs tools and methods to quantify…

Software Engineering · Computer Science 2024-01-17 Rasmus Carl Rønneberg

Despite its ever-increasing impact, security is not considered as a design objective in commercial electronic design automation (EDA) tools. This results in vulnerabilities being overlooked during the software-hardware design process.…

Cryptography and Security · Computer Science 2023-08-08 Lennart M. Reimann , Jonathan Wiesner , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

Timing side-channels are an important threat to cryptography that still needs to be addressed in implementations, and the advent of post-quantum cryptography raises this issue because the lattice-based schemes may produce secret-dependent…

Cryptography and Security · Computer Science 2025-12-30 Aayush Mainali , Sirjan Ghimire

Infrastructure as Code (IaC) is the process of managing IT infrastructure via programmable configuration files (also called IaC scripts). Like other software artifacts, IaC scripts may contain security smells, which are coding patterns that…

Cryptography and Security · Computer Science 2022-09-08 Nuno Saavedra , João F. Ferreira

More and more distributed software systems are being developed and deployed today. Like other software, distributed software systems also need very strong quality assurance support. Distributed software is often very large/complex, has…

Distributed, Parallel, and Cluster Computing · Computer Science 2023-03-08 Xiaoqin Fu

Third-party libraries like Log4j accelerate software application development but introduce substantial risk. Vulnerabilities in these libraries have led to Software Supply Chain (SSC) attacks that compromised resources within the host…

Cryptography and Security · Computer Science 2024-12-23 Paschal C. Amusuo , Kyle A. Robinson , Tanmay Singla , Huiyun Peng , Aravind Machiry , Santiago Torres-Arias , Laurent Simon , James C. Davis

Synchronous reactive data flow is a paradigm that provides a high-level abstract programming model for embedded and cyber-physical systems, including the locally synchronous components of IoT systems. Security in such systems is severely…

Programming Languages · Computer Science 2022-01-04 Sanjiva Prasad , R. Madhukar Yerraguntla , Subodh Sharma

Pushed by market forces, software development has become fast-paced. As a consequence, modern development projects are assembled from 3rd-party components. Security & privacy assurance techniques once designed for large, controlled updates…

Software Engineering · Computer Science 2021-03-08 Ivan Pashchenko , Riccardo Scandariato , Antonino Sabetta , Fabio Massacci

On average, 71% of the code in typical Java projects comes from open-source software (OSS) dependencies, making OSS dependencies the dominant component of modern software code bases. This high degree of OSS reliance comes with a…

Software Engineering · Computer Science 2025-10-23 Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Jonas Klauke , Eric Bodden

The enormous amount of code required to design modern hardware implementations often leads to critical vulnerabilities being overlooked. Especially vulnerabilities that compromise the confidentiality of sensitive data, such as cryptographic…

Cryptography and Security · Computer Science 2021-12-23 Lennart M. Reimann , Luca Hanel , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential information leakage in Android applications. To this end, we design a…

Programming Languages · Computer Science 2017-09-28 Hongxu Chen , Alwen Tiu , Zhiwu Xu , Yang Liu

Dynamic taint tracking is the process of assigning label to variables in a program and then tracking the flow of the labels as the program executes. Dynamic taint tracking for java applications is achieved by instrumenting the application…

Cryptography and Security · Computer Science 2024-12-02 Manoj RameshChandra Thakur

Security policies are naturally dynamic. Reflecting this, there has been a growing interest in studying information-flow properties which change during program execution, including concepts such as declassification, revocation, and…

Cryptography and Security · Computer Science 2015-01-13 Bart van Delft , Sebastian Hunt , David Sands

We present a deductive approach for the analysis of secure information flows with support for fine-grained policies that include declassifications in the form of delimited information release. By explicitly tracking the dependencies of…

Logic in Computer Science · Computer Science 2015-09-15 Bart van Delft , Richard Bubel

Software testing is one of the very important Quality Assurance (QA) components. A lot of researchers deal with the testing process in terms of tester motivation and how tests should or should not be written. However, it is not known from…

Software Engineering · Computer Science 2022-01-04 Matej Madeja , Jaroslav Porubän , Michaela Bačíková , Matúš Sulír , Ján Juhár , Sergej Chodarev , Filip Gurbáľ

Open-source software (OSS) dependencies introduce systemic risks that are difficult to manage at scale. Existing Software Composition Analysis (SCA) and reachability tools generate severe alert fatigue by treating risk as an intrinsic…

Software Engineering · Computer Science 2026-05-04 Henry Ruckman-Utting , Vrushal Nedungadi , Taiga Okuma , LeTian Wang , Stephen Ehebald , Mohammad A. Tayebi

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud

The dependency core calculus (DCC), a simple extension of the computational lambda calculus, captures a common notion of dependency that arises in many programming language settings. This notion of dependency is closely related to the…

Programming Languages · Computer Science 2010-04-09 Avik Chaudhuri