English
Related papers

Related papers: SNITCH: Dynamic Dependent Information Flow Analysi…

200 papers

Smart contracts are frequently vulnerable to control-flow attacks based on confused deputies, reentrancy, and incorrect error handling. These attacks exploit the complexity of interactions among multiple possibly unknown contracts. Existing…

Cryptography and Security · Computer Science 2025-04-24 Siqiu Yao , Haobin Ni , Stephanie Ma , Noah Schiff , Andrew C. Myers , Ethan Cecchetti

Software supply chain attacks have become a significant threat as software development increasingly relies on contributions from multiple, often unverified sources. The code from unverified sources does not pose a threat until it is…

Cryptography and Security · Computer Science 2024-07-02 Aman Sharma , Martin Wittlinger , Benoit Baudry , Martin Monperrus

The problem of joint sequential detection and isolation is considered in the context of multiple, not necessarily independent, data streams. A multiple testing framework is proposed, where each hypothesis corresponds to a different subset…

Statistics Theory · Mathematics 2022-07-04 Anamitra Chaudhuri , Georgios Fellouris

The stack-based access control mechanism plays a fundamental role in the security architecture of Java and Microsoft CLR (common language runtime). It is enforced at runtime by inspecting methods in the current call stack for granted…

Cryptography and Security · Computer Science 2013-10-15 Xin Li , Hua Vy Le Thanh

We present Labeled Input Output in F* (LIO*), a verified framework that enforces information flow control (IFC) policies developed in F* and automatically extracted to C. Inspired by LIO, we encapsulated IFC policies into effects, but using…

Cryptography and Security · Computer Science 2020-04-29 Jean-Joseph Marty , Lucas Franceschino , Jean-Pierre Talpin , Niki Vazou

Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly…

Programming Languages · Computer Science 2013-02-14 Martin Lester , Luke Ong , Max Schaefer

Trusted execution environments like Intel SGX provide \emph{enclaves}, which offer strong security guarantees for applications. Running entire applications inside enclaves is possible, but this approach leads to a large trusted computing…

Cryptography and Security · Computer Science 2023-12-21 Peterson Yuhala , Pascal Felber , Hugo Guiroux , Jean-Pierre Lozi , Alain Tchana , Valerio Schiavoni , Gaël Thomas

DevOps describes a method to reorganize the way different disciplines in software engineering work together to speed up software delivery. However, the introduction of DevOps-methods to organisations is a complex task. A successful…

Identifying dependency call graphs of multilanguage software systems using static code analysis is challenging. The different languages used in developing today's systems often have different lexical, syntactical, and semantic rules that…

Static code analysis is a powerful approach to detect quality deficiencies such as performance bottlenecks, safety violations or security vulnerabilities already during a software system's implementation. Yet, as current software systems…

Software Engineering · Computer Science 2017-10-23 Eric Bodden

In contemporary Electronic Design Automation (EDA) tools, security often takes a backseat to the primary goals of power, performance, and area optimization. Commonly, the security analysis is conducted by hand, leading to vulnerabilities in…

Cryptography and Security · Computer Science 2024-02-07 Lennart M. Reimann , Anshul Prashar , Chiara Ghinami , Rebecca Pelke , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

Safety Critical Java (SCJ) is a profile of the Real-Time Specification for Java that brings to the safety-critical industry the possibility of using Java. SCJ defines three compliance levels: Level 0, Level 1 and Level 2. The SCJ…

Software Engineering · Computer Science 2018-05-29 Matt Luckcuck , Andy Wellings , Ana Cavalcanti

Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps). There exist several open-sourced and commercial security tools that automatically screen Java programs to…

Cryptography and Security · Computer Science 2021-12-09 Sharmin Afrose , Ya Xiao , Sazzadur Rahaman , Barton P. Miller , Danfeng , Yao

Programming languages are essential tools for developers, and their evolution plays a crucial role in supporting the activities of developers. One instance of programming language evolution is the introduction of syntactic sugars, which are…

Software Engineering · Computer Science 2024-02-05 David OBrien , Robert Dyer , Tien N. Nguyen , Hridesh Rajan

Existing innovation metrics inadequately capture software innovation, creating blind spots for researchers and policymakers seeking to understand and foster technological innovation in an increasingly software-defined economy. This paper…

Software Engineering · Computer Science 2025-07-01 Eva Maxfield Brown , Cailean Osborne , Peter Cihon , Moritz Böhmecke-Schwafert , Kevin Xu , Mirko Boehm , Knut Blind

Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows…

Cryptography and Security · Computer Science 2018-02-20 Mario Werner , Thomas Unterluggauer , David Schaffenrath , Stefan Mangard

As a result of decades of research, Windows malware detection is approached through a plethora of techniques. However, there is an ongoing mismatch between academia -- which pursues an optimal performances in terms of detection rate and low…

Cryptography and Security · Computer Science 2024-12-20 Andrea Ponte , Dmitrijs Trizna , Luca Demetrio , Battista Biggio , Ivan Tesfai Ogbu , Fabio Roli

Software logs are messages recorded during the execution of a software system that provide crucial run-time information about events and activities. Although software logs have a critical role in software maintenance and operation tasks,…

Software Engineering · Computer Science 2025-05-22 Roozbeh Aghili , Xingfang Wu , Foutse Khomh , Heng Li

Safely integrating third-party code in applications while protecting the confidentiality of information is a long-standing problem. Pure functional programming languages, like Haskell, make it possible to enforce lightweight…

Programming Languages · Computer Science 2019-04-18 Simon Gregersen , Søren Eller Thomsen , Aslan Askarov

Static program slicing is a fundamental software engineering technique for isolating code relevant to specific variables. While recent learning-based approaches using language models (LMs) show promise in automating slice prediction, they…

Software Engineering · Computer Science 2026-05-12 Pengfei He , Shaowei Wang , Tse-Hsun Chen , Muhammad Asaduzzaman