English
Related papers

Related papers: Continuous Flow Analysis to Detect Security Proble…

200 papers

Programmers of cryptographic applications written in C need to avoid common mistakes such as sending private data over public channels, modifying trusted data with untrusted functions, or improperly ordering protocol steps. These secrecy,…

Cryptography and Security · Computer Science 2019-07-04 Darion Cassel , Yan Huang , Limin Jia

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Reliable numerical computations are central to scientific computing, but the floating-point arithmetic that enables large-scale models is error-prone. Numeric exceptions are a common occurrence and can propagate through code, leading to…

Programming Languages · Computer Science 2024-03-26 Taylor Allred , Xinyi Li , Ashton Wiersdorf , Ben Greenman , Ganesh Gopalakrishnan

Information flow analysis has largely ignored the setting where the analyst has neither control over nor a complete model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the…

Cryptography and Security · Computer Science 2014-05-13 Michael Carl Tschantz , Amit Datta , Anupam Datta , Jeannette M. Wing

Compile-time information flow analysis has been a promising technique for protecting confidentiality and integrity of private data. In the last couple of decades, a large number of information flow security tools in the form of run-time…

Programming Languages · Computer Science 2021-03-11 Sandip Ghosal , R. K. Shyamasundar

We introduce knowledge flow analysis, a simple and flexible formalism for checking cryptographic protocols. Knowledge flows provide a uniform language for expressing the actions of principals, assump- tions about intruders, and the…

Cryptography and Security · Computer Science 2007-05-23 Marten van Dijk , Emina Torlak , Blaise Gassend , Srinivas Devadas

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

The current hardware landscape and application scale is driving performance engineers towards writing bespoke optimizations. Verifying such optimizations, and generating minimal failing cases, is important for robustness in the face of…

Software Engineering · Computer Science 2023-06-29 Philipp Schaad , Timo Schneider , Tal Ben-Nun , Alexandru Calotoiu , Alexandros Nikolaos Ziogas , Torsten Hoefler

Fine grained information flow monitoring can in principle address a wide range of security and privacy goals, for example in web applications. But it is very difficult to achieve sound monitoring with acceptable runtime cost and sufficient…

Cryptography and Security · Computer Science 2016-05-11 Mounir Assaf , David A. Naumann

Security and distributed infrastructure are two of the most common requirements for big data software. But the security features of the big data platforms are still premature. It is critical to identify, modify, test and execute some of the…

Cryptography and Security · Computer Science 2016-11-24 Santosh Aditham , Nagarajan Ranganathan

In languages like C, buffer overflows are widespread. A common mitigation technique is to use tools that detect them during execution and abort the program to prevent the leakage of data or the diversion of control flow. However, for server…

Cryptography and Security · Computer Science 2018-11-26 Manuel Rigger , Daniel Pekarek , Hanspeter Mössenböck

In this paper we describe a method for verifying secure information flow of programs, where apart from direct and indirect flows a secret information can be leaked through covert timing channels. That is, no two computations of a program…

Programming Languages · Computer Science 2013-07-18 Aleksandar S. Dimovski

In this paper we present the design and implementation, as well as a use case, of a tool for workflow analysis. The tool provides an assistant for the specification of properties of a workflow model. The specification language for property…

Software Engineering · Computer Science 2014-01-07 Germán Regis , Fernando Villar , Nicolás Ricci

Static analysis is widely used for software assurance. However, static analysis tools can report an overwhelming number of warnings, many of which are false positives. Applying static analysis to a new version, a large number of warnings…

Software Engineering · Computer Science 2023-05-05 Xiuyuan Guo , Ashwin Kallingal Joshy , Benjamin Steenhoek , Wei Le , Lori Flynn

Context: In C, low-level errors, such as buffer overflow and use-after-free, are a major problem, as they cause security vulnerabilities and hard-to-find bugs. C lacks automatic checks, and programmers cannot apply defensive programming…

Programming Languages · Computer Science 2017-12-05 Manuel Rigger , Rene Mayrhofer , Roland Schatz , Matthias Grimmer , Hanspeter Mössenböck

Despite its ever-increasing impact, security is not considered as a design objective in commercial electronic design automation (EDA) tools. This results in vulnerabilities being overlooked during the software-hardware design process.…

Cryptography and Security · Computer Science 2023-08-08 Lennart M. Reimann , Jonathan Wiesner , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

In contemporary Electronic Design Automation (EDA) tools, security often takes a backseat to the primary goals of power, performance, and area optimization. Commonly, the security analysis is conducted by hand, leading to vulnerabilities in…

Cryptography and Security · Computer Science 2024-02-07 Lennart M. Reimann , Anshul Prashar , Chiara Ghinami , Rebecca Pelke , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control…

Programming Languages · Computer Science 2021-03-04 Sandip Ghosal , R. K. Shyamasundar

Just like other software, spreadsheets can contain significant faults. Static analysis is an accepted and well-established technique in software engineering known for its capability to discover faults. In recent years, a growing number of…

Software Engineering · Computer Science 2014-01-30 Daniel Kulesz , Jan-Peter Ostberg