English
Related papers

Related papers: SNITCH: Dynamic Dependent Information Flow Analysi…

200 papers

Confidential virtual machines (CVMs) based on trusted execution environments (TEEs) enable new privacy-preserving solutions. Yet, they leave side-channel leakage outside their threat model, shifting the responsibility of mitigating such…

Cryptography and Security · Computer Science 2025-12-15 Ruiyi Zhang , Albert Cheu , Adria Gascon , Daniel Moghimi , Phillipp Schoppmann , Michael Schwarz , Octavian Suciu

As computing systems become increasingly advanced and as users increasingly engage themselves in technology, security has never been a greater concern. In malware detection, static analysis, the method of analyzing potentially malicious…

Cryptography and Security · Computer Science 2018-05-22 Chan Woo Kim

This paper elaborates the use of static source code analysis in the context of data protection. The topic is important for software engineering in order for software developers to improve the protection of personal data during software…

Software Engineering · Computer Science 2020-03-24 Kalle Hjerppe , Jukka Ruohonen , Ville Leppänen

Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect…

Cryptography and Security · Computer Science 2022-10-11 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais , Serena Elisa Ponta

The cloud model's dependence on massive parallelism and resource sharing exacerbates the security challenge of timing side-channels. Timing Information Flow Control (TIFC) is a novel adaptation of IFC techniques that may offer a way to…

Cryptography and Security · Computer Science 2012-05-18 Bryan Ford

Static Application Security Testing (SAST) enables organizations to detect vulnerabilities in code early; however, major SAST platforms do not include visual aids and present little insight on correlations between tainted data chains. We…

Cryptography and Security · Computer Science 2025-05-23 Naeem Budhwani , Mohammad Faghani , Hayden Richard

The paradigm shift of enabling extensive intercommunication between the Operational Technology (OT) and Information Technology (IT) devices allows vulnerabilities typical to the IT world to propagate to the OT side. Therefore, the security…

Cryptography and Security · Computer Science 2022-12-09 Prashant Hari Narayan Rajput , Constantine Doumanidis , Michail Maniatakos

Information flow analysis checks whether certain pieces of (confidential) data may affect the results of computations in unwanted ways and thus leak information. Dynamic information flow analysis adds instrumentation code to the target…

Programming Languages · Computer Science 2016-07-11 Gergö Barany

Test Impact Analysis is an approach to obtain a subset of tests impacted by code changes. This approach is mainly applied to unit testing where the link between the code and its associated tests is easy to obtain. On the integration level,…

Software Engineering · Computer Science 2022-11-16 Muzammil Shahbaz

Dynamic taint analysis (DTA) has been widely used in various security-relevant scenarios that need to track the runtime information flow of programs. Dynamic binary instrumentation (DBI) is a prevalent technique in achieving effective…

Cryptography and Security · Computer Science 2021-11-09 Xiao Kan , Cong Sun , Shen Liu , Yongzhe Huang , Gang Tan , Siqi Ma , Yumei Zhang

Constant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does…

Cryptography and Security · Computer Science 2023-06-22 Cristian Ene , Laurent Mounier , Marie-Laure Potet

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research…

Cryptography and Security · Computer Science 2025-09-03 Eric Cornelissen , Musard Balliu

Mobile and IoT applications have greatly enriched our daily life by providing convenient and intelligent services. However, these smart applications have been a prime target of adversaries for stealing sensitive data. It poses a crucial…

Cryptography and Security · Computer Science 2021-06-10 Ning Xi , Chao Chen , Jun Zhang , Cong Sun , Shigang Liu , Pengbin Feng , Jianfeng Ma

Open-source software (OSS) dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on…

Software Engineering · Computer Science 2026-02-02 Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Jonas Klauke , Eric Bodden

A Java File Security System (JFSS) [1] has been developed by us. That is an ecrypted file system. It is developed by us because there are so many file data breaches in the past and current history and they are going to increase day by day…

Software Engineering · Computer Science 2013-12-09 Brijender Kahanwal , Tejinder Pal Singh

Software-defined Internet-of-Things networking (SDIoT) greatly simplifies the network monitoring in large-scale IoT networks by per-flow sampling, wherein the controller keeps track of all the active flows in the network and samples the IoT…

Systems and Control · Electrical Eng. & Systems 2021-05-06 Yulin Shao , Soung Chang Liew , He Chen , Yuyang Du

In the last years Node.js has emerged as a framework particularly suitable for implementing lightweight IoT applications, thanks to its underlying asynchronous event-driven, non blocking I/O model. However, verifying the correctness of…

Programming Languages · Computer Science 2018-02-07 Davide Ancona , Luca Franceschini , Giorgio Delzanno , Maurizio Leotta , Marina Ribaudo , Filippo Ricca

The main stretch in the paper is buffer overflow anomaly occurring in major source codes, designed in various programming language. It describes the various as to how to improve your code and increase its strength to withstand security…

Cryptography and Security · Computer Science 2012-08-17 Manas Gaur

Modern software supply chains face an increasing threat from malicious code hidden in trusted components such as browser extensions, IDE extensions, and open-source packages. This paper introduces JavaSith, a novel client-side framework for…

Cryptography and Security · Computer Science 2025-05-28 Avihay Cohen

To detect and fix bugs and security vulnerabilities, software companies use static analysis as part of the development process. However, static analysis code itself is also prone to bugs. To ensure a consistent level of precision, as…

Software Engineering · Computer Science 2018-01-16 Lisa Nguyen Quang Do , Stefan Krüger , Patrick Hill , Karim Ali , Eric Bodden