English
Related papers

Related papers: SpellBound: Defending Against Package Typosquattin…

200 papers

IT systems are facing an increasing number of security threats, including advanced persistent attacks and future quantum-computing vulnerabilities. The move towards crypto-agility and post-quantum cryptography (PQC) requires a reliable…

Cryptography and Security · Computer Science 2026-03-23 Eduard Hirsch , Kristina Raab , Tobias J. Bauer , Daniel Loebenberger

Many software products are composed of components integrated from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve supply chain…

Software Engineering · Computer Science 2025-03-31 Kelechi G. Kalu , Tanya Singla , Chinenye Okafor , Santiago Torres-Arias , James C. Davis

Open-source code is pervasive. In this setting, embedded vulnerabilities are spreading to downstream software at an alarming rate. While such vulnerabilities are generally identified and addressed rapidly, inconsistent maintenance policies…

Cryptography and Security · Computer Science 2024-11-27 Xunzhu Tang , Zhenghan Chen , Kisub Kim , Haoye Tian , Saad Ezzini , Jacques Klein

Creative coding tasks are often exploratory in nature. When producing digital artwork, artists usually begin with a high-level semantic construct such as a "stained glass filter" and programmatically implement it by varying code parameters…

Software Engineering · Computer Science 2023-08-14 Tyler Angert , Miroslav Ivan Suzara , Jenny Han , Christopher Lawrence Pondoc , Hariharan Subramonyam

Security threats like prompt injection attacks pose significant risks to applications that integrate Large Language Models (LLMs), potentially leading to unauthorized actions such as API misuse. Unlike previous approaches that aim to detect…

Cryptography and Security · Computer Science 2025-04-01 Shih-Han Chan

The package manager (PM) is crucial to most technology stacks, acting as a broker to ensure that a verified dependency package is correctly installed, configured, or removed from an application. Diversity in technology stacks has led to…

Software Engineering · Computer Science 2023-02-15 Syful Islam , Raula Gaikovina Kula , Christoph Treude , Bodin Chinthanet , Takashi Ishio , Kenichi Matsumoto

CPUs provide isolation mechanisms like virtualization and privilege levels to protect software. Yet these focus on architectural isolation while typically overlooking microarchitectural side channels, exemplified by Meltdown and Foreshadow.…

Cryptography and Security · Computer Science 2025-07-09 Oleksii Oleksenko , Flavien Solt , Cédric Fournet , Jana Hofmann , Boris Köpf , Stavros Volos

Jailbreak attacks cause large language models (LLMs) to generate harmful, unethical, or otherwise objectionable content. Evaluating these attacks presents a number of challenges, which the current collection of benchmarks and evaluation…

Software signing is the most robust method for ensuring the integrity and authenticity of components in a software supply chain. Legacy key-managed signing tools (e.g., OpenPGP) burdened practitioners with key management and signer…

Software Engineering · Computer Science 2026-04-16 Kelechi G. Kalu , Sofia Okorafor , Tanmay Singla , Sophie Chen , Santiago Torres-Arias , James C. Davis

As the pre-trained language models (PLMs) continue to grow, so do the hardware and data requirements for fine-tuning PLMs. Therefore, the researchers have come up with a lighter method called \textit{Prompt Learning}. However, during the…

Computation and Language · Computer Science 2022-09-07 Yundi Shi , Piji Li , Changchun Yin , Zhaoyang Han , Lu Zhou , Zhe Liu

While large language models (LLMs) exhibit remarkable capabilities across a wide range of tasks, they pose potential safety concerns, such as the ``jailbreak'' problem, wherein malicious instructions can manipulate LLMs to exhibit…

Computation and Language · Computer Science 2024-03-05 Yue Deng , Wenxuan Zhang , Sinno Jialin Pan , Lidong Bing

Smart contracts are self-executing programs that manage financial transactions on blockchain networks. Developers commonly rely on third-party code libraries to improve both efficiency and security. However, improper use of these libraries…

Software Engineering · Computer Science 2026-04-02 Yishun Wang , Wenkai Li , Xiaoqi Li , Zongwei Li , Lei Xie , Yuqing Zhang

Trojanized software packages used in software supply chain attacks constitute an emerging threat. Unfortunately, there is still a lack of scalable approaches that allow automated and timely detection of malicious software packages and thus…

Cryptography and Security · Computer Science 2021-03-22 Marc Ohm , Lukas Kempf , Felix Boes , Michael Meier

Repackaging is a serious threat to the Android ecosystem as it deprives app developers of their benefits, contributes to spreading malware on users' devices, and increases the workload of market maintainers. In the space of six years, the…

Software Engineering · Computer Science 2018-11-22 Li Li , Tegawendé Bissyandé , Jacques Klein

The emerging capabilities of large language models (LLMs) have sparked concerns about their immediate potential for harmful misuse. The core approach to mitigate these concerns is the detection of harmful queries to the model. Current…

Computation and Language · Computer Science 2025-12-10 Sahil Verma , Keegan Hines , Jeff Bilmes , Charlotte Siska , Luke Zettlemoyer , Hila Gonen , Chandan Singh

Counterfeit apps impersonate existing popular apps in attempts to misguide users to install them for various reasons such as collecting personal information or spreading malware. Many counterfeits can be identified once installed, however…

Cryptography and Security · Computer Science 2020-06-04 Naveen Karunanayake , Jathushan Rajasegaran , Ashanie Gunathillake , Suranga Seneviratne , Guillaume Jourjon

The rise of large language models (LLMs) has enabled the generation of highly persuasive spam reviews that closely mimic human writing. These reviews pose significant challenges for existing detection systems and threaten the credibility of…

Computation and Language · Computer Science 2026-04-21 Xin Liu , Rongwu Xu , Xinyi Jia , Jason Liao , Jiao Sun , Ling Huang , Wei Xu

Backdoor attacks have emerged as a prominent threat to natural language processing (NLP) models, where the presence of specific triggers in the input can lead poisoned models to misclassify these inputs to predetermined target classes.…

Cryptography and Security · Computer Science 2023-10-30 Lu Yan , Zhuo Zhang , Guanhong Tao , Kaiyuan Zhang , Xuan Chen , Guangyu Shen , Xiangyu Zhang

A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Recent years saw a number of supply chain attacks that leverage the…

Cryptography and Security · Computer Science 2020-05-20 Marc Ohm , Henrik Plate , Arnold Sykosch , Michael Meier

Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects…

Cryptography and Security · Computer Science 2022-11-15 Alexander Krause , Jan H. Klemmer , Nicolas Huaman , Dominik Wermke , Yasemin Acar , Sascha Fahl