English
Related papers

Related papers: SNITCH: Dynamic Dependent Information Flow Analysi…

200 papers

Background: Static Application Security Testing (SAST) tools purport to assist developers in detecting security issues in source code. These tools typically use rule-based approaches to scan source code for security vulnerabilities.…

Software Engineering · Computer Science 2021-07-19 Roland Croft , Dominic Newlands , Ziyu Chen , M. Ali Babar

Speculative execution enhances processor performance by predicting intermediate results and executing instructions based on these predictions. However, incorrect predictions can lead to security vulnerabilities, as speculative instructions…

Cryptography and Security · Computer Science 2026-04-01 Xaver Fabian , Marco Guarnieri , Boris Köpf , Jose F. Morales , Marco Patrignani , Jan Reineke , Andres Sanchez

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test.…

Software Engineering · Computer Science 2026-02-24 Harrison Green , Fraser Brown , Claire Le Goues

Dependencies between modules can trigger ripple effects when changes are made, making maintenance complex and costly, so minimizing these dependencies is crucial. Consequently, understanding what drives dependencies is important. One…

Software Engineering · Computer Science 2026-03-05 Zushuai Zhang , Elliott Wen , Ewan Tempero

To ensure the quality of software systems, software engineers can make use of a variety of quality assurance approaches, such as software testing, modern code review, automated static analysis, and build automation. Each of these quality…

Software Engineering · Computer Science 2026-04-21 Ali Khatami , Andy Zaidman

Software-defined networking (SDN) has become a fundamental technology for data centers and 5G networks. In an SDN network, routing and traffic management decisions are made by a centralized controller and communicated to switches via a…

Networking and Internet Architecture · Computer Science 2020-10-23 Michael Sjoholmsierchio , Britta Hale , Daniel Lukaszewski , Geoffrey G. Xie

Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has had profound effects on society--smart homes, personal monitoring devices, enhanced…

Cryptography and Security · Computer Science 2018-02-26 Z. Berkay Celik , Leonardo Babun , Amit K. Sikder , Hidayet Aksu , Gang Tan , Patrick McDaniel , A. Selcuk Uluagac

Security analysis is an essential activity in security engineering to identify potential system vulnerabilities and achieve security requirements in the early design phases. Due to the increasing complexity of modern systems, traditional…

Cryptography and Security · Computer Science 2021-02-10 Jinghua Yu , Stefan Wagner , Feng Luo

Predicting program behavior without execution is a critical task in software engineering. Existing models often fall short in capturing the dynamic dependencies among program elements. To address this, we present CodeFlow, a novel machine…

Software Engineering · Computer Science 2025-02-11 Cuong Chi Le , Hoang Nhat Phan , Huy Nhat Phan , Tien N. Nguyen , Nghi D. Q. Bui

Context: Security smells are recurring coding patterns that are indicative of security weakness, and require further inspection. As infrastructure as code (IaC) scripts, such as Ansible and Chef scripts, are used to provision cloud-based…

Cryptography and Security · Computer Science 2020-06-23 Akond Rahman , Md. Rayhanur Rahman , Chris Parnin , Laurie Williams

Side-channel attacks that leak sensitive information through a computing device's interaction with its physical environment have proven to be a severe threat to devices' security, particularly when adversaries have unfettered physical…

Cryptography and Security · Computer Science 2021-06-15 Ileana Buhan , Lejla Batina , Yuval Yarom , Patrick Schaumont

In the domain of Software Engineering, program analysis and understanding has been considered to be a very challenging task since decade, as it demands dedicated time and efforts. The analysis of source code may occasionally be…

Software Engineering · Computer Science 2019-05-01 Safeeullah Soomro , Mohammad Riyaz Belgaum , Zainab Alansari , Mahdi H Miraz

Information flow security is classically formulated in terms of the absence of illegal information flows, with respect to a security setting consisting of a single flow policy that specifies what information flows should be permitted in the…

Programming Languages · Computer Science 2019-01-09 Ana Almeida Matos , Jan Cederquist

Observational determinism is a security property that characterizes secure information flow for multithreaded programs. Most of the methods that have been used to verify observational determinism are based on either type systems or…

Programming Languages · Computer Science 2016-03-14 Elaheh Ghassabani , Mohammad Abdollahi Azgomi

Runtime introspection of dependencies, i.e., the ability to observe which dependencies are currently used during program execution, is fundamental for Software Supply Chain security. Yet, Java has no support for it. We solve this problem…

Software Engineering · Computer Science 2026-04-15 Serena Cofano , Daniel Williams , Aman Sharma , Martin Monperrus

Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities to support the security and reliability of software applications. Interestingly, several studies have suggested that alternative solutions may be…

Software Engineering · Computer Science 2024-03-15 Matteo Esposito , Valentina Falaschi , Davide Falessi

Maintaining confidential information control in software is a persistent security problem where failure means secrets can be revealed via program behaviors. Information flow control techniques traditionally have been based on static or…

Software Engineering · Computer Science 2021-08-30 Ibrahim Mesecan , Daniel Blackwell , David Clark , Myra B. Cohen , Justyna Petke

Information flow type systems enforce the security property of noninterference by detecting unauthorized data flows at compile-time. However, they require precise type annotations, making them difficult to use in practice as much of the…

Programming Languages · Computer Science 2021-02-10 Abhishek Bichhawat , McKenna McCall , Limin Jia

We investigate the stability problem for discrete-time stochastic switched linear systems under the specific scenarios where information about the switching patterns and the probability of switches are not available. Our analysis focuses on…

Systems and Control · Computer Science 2018-04-23 Ahmet Cetinkaya , Hideaki Ishii , Tomohisa Hayakawa

Knowing what sensitive resources a dependency could potentially access would help developers assess the risk of a dependency before selection. One way to get an understanding of the potential sensitive resource usage by a dependency is…

Cryptography and Security · Computer Science 2025-03-19 Imranur Rahman , Ranidya Paramitha , Henrik Plate , Dominik Wermke , Laurie Williams
‹ Prev 1 4 5 6 7 8 10 Next ›