English
Related papers

Related papers: A "Final" Security Bug

200 papers
Double Public Key Signing Function Oracle Attack on EdDSA Software Implementations

EdDSA is a standardised elliptic curve digital signature scheme introduced to overcome some of the issues prevalent in the more established ECDSA standard. Due to the EdDSA standard specifying that the EdDSA signature be deterministic, if…

Cryptography and Security · Computer Science 2023-10-11 Sam Grierson , Konstantinos Chalkias , William J Buchanan , Leandros Maglaras
On the Pitfalls of End-to-End Encrypted Communications: A Study of Remote Key-Fingerprint Verification

Many widely used Internet messaging and calling apps, such as WhatsApp, Viber, Telegram, and Signal, have deployed an end-to-end encryption functionality. To defeat potential MITM attackers against the key exchange protocol, the approach…

Cryptography and Security · Computer Science 2017-07-18 Maliheh Shirvanian , Nitesh Saxena , Jesvin James George
Time to Separate from StackOverflow and Match with ChatGPT for Encryption

Cryptography is known as a challenging topic for developers. We studied StackOverflow posts to identify the problems that developers encounter when using Java Cryptography Architecture (JCA) for symmetric encryption. We investigated…

Cryptography and Security · Computer Science 2024-06-11 Ehsan Firouzi , Mohammad Ghafari
Secure Coding Practices in Java: Challenges and Vulnerabilities

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty
Did You Remember to Test Your Tokens?

Authentication is a critical security feature for confirming the identity of a system's users, typically implemented with help from frameworks like Spring Security. It is a complex feature which should be robustly tested at all stages of…

Software Engineering · Computer Science 2020-06-26 Danielle Gonzalez , Michael Rath , Mehdi Mirakhorli
Understanding Typing-Related Bugs in Solidity Compiler

The correctness of the Solidity compiler is crucial for ensuring the security of smart contracts. However, the implementation complexity of its type system often introduces elusive defects. This paper presents the first systematic empirical…

Software Engineering · Computer Science 2025-12-23 Lantian Li , Yue Pan , Dan Wang , Jingwen Wu , Zhongxing Yu
To what extent can we analyze Kotlin programs using existing Java taint analysis tools? (Extended Version)

As an alternative to Java, Kotlin has gained rapid popularity since its introduction and has become the default choice for developing Android apps. However, due to its interoperability with Java, Kotlin programs may contain almost the same…

Programming Languages · Computer Science 2022-08-01 Ranjith Krishnamurthy , Goran Piskachev , Eric Bodden
Wink: Deniable Secure Messaging

End-to-end encrypted (E2EE) messaging is an essential first step in providing message confidentiality. Unfortunately, all security guarantees of end-to-end encryption are lost when keys or plaintext are disclosed, either due to device…

Cryptography and Security · Computer Science 2023-06-13 Anrin Chakraborti , Darius Suciu , Radu Sion
When a Patch is Not Enough - HardFails: Software-Exploitable Hardware Bugs

In this paper, we take a deep dive into microarchitectural security from a hardware designer's perspective by reviewing the existing approaches to detect hardware vulnerabilities during the design phase. We show that a protection gap…

Cryptography and Security · Computer Science 2018-12-04 Ghada Dessouky , David Gens , Patrick Haney , Garrett Persyn , Arun Kanuparthi , Hareesh Khattri , Jason M. Fung , Ahmad-Reza Sadeghi , Jeyavijayan Rajendran
GitHub's Copilot Code Review: Can AI Spot Security Flaws Before You Commit?

As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review…

Software Engineering · Computer Science 2025-09-18 Amena Amro , Manar H. Alalfi
Early Detection of Security-Relevant Bug Reports using Machine Learning: How Far Are We?

Bug reports are common artefacts in software development. They serve as the main channel for users to communicate to developers information about the issues that they encounter when using released versions of software programs. In the…

Software Engineering · Computer Science 2021-12-21 Arthur D. Sawadogo , Quentin Guimard , Tegawendé F. Bissyandé , Abdoul Kader Kaboré , Jacques Klein , Naouel Moha
The Last Mile: High-Assurance and High-Speed Cryptographic Implementations

We develop a new approach for building cryptographic implementations. Our approach goes the last mile and delivers assembly code that is provably functionally correct, protected against side-channels, and as efficient as hand-written…

Cryptography and Security · Computer Science 2019-04-10 José Bacelar Almeida , Manuel Barbosa , Gilles Barthe , Benjamin Grégoire , Adrien Koutsos , Vincent Laporte , Tiago Oliveira , Pierre-Yves Strub
JFinder: A Novel Architecture for Java Vulnerability Identification Based Quad Self-Attention and Pre-training Mechanism

Software vulnerabilities pose significant risks to computer systems, impacting our daily lives, productivity, and even our health. Identifying and addressing security vulnerabilities in a timely manner is crucial to prevent hacking and data…

Cryptography and Security · Computer Science 2023-08-01 Jin Wang , Zishan Huang , Hui Xiao , Yinhao Xiao
Verifying Functional Correctness Properties At the Level of Java Bytecode

The breakneck evolution of modern programming languages aggravates the development of deductive verification tools, which struggle to timely and fully support all new language features. To address this challenge, we present ByteBack: a…

Programming Languages · Computer Science 2024-10-03 Marco Paganoni , Carlo A. Furia
Decentralized Certificate Authorities

The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its…

Cryptography and Security · Computer Science 2017-10-11 Bargav Jayaraman , Hannah Li , David Evans
The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects

Public development processes are a key characteristic of open source projects. However, fixes for vulnerabilities are usually discussed privately among a small group of trusted maintainers, and integrated without prior public involvement.…

Software Engineering · Computer Science 2020-09-08 Ralf Ramsauer , Lukas Bulwahn , Daniel Lohmann , Wolfgang Mauerer
Jif: Language-based Information-flow Security in Java

In this report, we examine Jif, a Java extension which augments the language with features related to security. Jif adds support for security labels to Java's type system such that the developer can specify confidentiality and integrity…

Programming Languages · Computer Science 2014-12-31 Kyle Pullicino
GitBug-Java: A Reproducible Benchmark of Recent Java Bugs

Bug-fix benchmarks are essential for evaluating methodologies in automatic program repair (APR) and fault localization (FL). However, existing benchmarks, exemplified by Defects4J, need to evolve to incorporate recent bug-fixes aligned with…

Software Engineering · Computer Science 2024-11-04 André Silva , Nuno Saavedra , Martin Monperrus
On the Security of SSH Client Signatures

Administrators and developers use SSH client keys and signatures for authentication, for example, to access internet backbone servers or to commit new code on platforms like GitHub. However, unlike servers, SSH clients cannot be measured…

Cryptography and Security · Computer Science 2025-09-12 Fabian Bäumer , Marcus Brinkmann , Maximilian Radoy , Jörg Schwenk , Juraj Somorovsky
EvilCoder: Automated Bug Insertion

The art of finding software vulnerabilities has been covered extensively in the literature and there is a huge body of work on this topic. In contrast, the intentional insertion of exploitable, security-critical bugs has received little…

Cryptography and Security · Computer Science 2020-07-07 Jannik Pewny , Thorsten Holz
‹ Prev 1 2 3 10 Next ›