English
Related papers

Related papers: A "Final" Security Bug

200 papers

Intel SGX (Software Guard Extension) is a promising TEE (trusted execution environment) technique that can protect programs running in user space from being maliciously accessed by the host operating system. Although it provides hardware…

Cryptography and Security · Computer Science 2022-08-24 Yang Chen , Jianfeng Jiang , Shoumeng Yan , Hui Xu

Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a static code analysis tool used in Oracle to find security vulnerabilities in…

Software Engineering · Computer Science 2022-01-04 Ya Xiao , Yang Zhao , Nicholas Allen , Nathan Keynes , Danfeng , Yao , Cristina Cifuentes

[Background] Previous research has shown that developers commonly misuse cryptography APIs. [Aim] We have conducted an exploratory study to find out how crypto APIs are used in open-source Java projects, what types of misuses exist, and why…

Cryptography and Security · Computer Science 2020-09-03 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz

During compilation from Java source code to bytecode, some information is irreversibly lost. In other words, compilation and decompilation of Java code is not symmetric. Consequently, the decompilation process, which aims at producing…

Software Engineering · Computer Science 2019-12-19 Nicolas Harrand , César Soto-Valero , Martin Monperrus , Benoit Baudry

Security is a critical issue of the modern file and storage systems, it is imperative to protect the stored data from unauthorized access. We have developed a file security system named as Java File Security System (JFSS) [1] that guarantee…

Operating Systems · Computer Science 2014-03-25 Brijender Kahanwal , Dr. Tejinder Pal Singh , Dr. R. K. Tuteja

In the second and third quarters of 2025, Google collaborated with Intel to conduct a security assessment of Intel Trust Domain Extensions (TDX), extending Google's previous review and covering major changes since Intel TDX Module 1.0 -…

Cryptography and Security · Computer Science 2026-02-13 Kirk Swidowski , Daniel Moghimi , Josh Eads , Erdem Aktas , Jia Ma

We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding standards such as Unicode to produce source code…

Cryptography and Security · Computer Science 2023-03-09 Nicholas Boucher , Ross Anderson

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

Security-critical tasks require proper isolation from untrusted software. Chip manufacturers design and include trusted execution environments (TEEs) in their processors to secure these tasks. The integrity and security of the software in…

Cryptography and Security · Computer Science 2017-07-19 Yue Chen , Yulong Zhang , Zhi Wang , Tao Wei

Previous research has shown that crypto APIs are hard for developers to understand and difficult for them to use. They consequently rely on unvalidated boilerplate code from online resources where security vulnerabilities are common. We…

Cryptography and Security · Computer Science 2019-08-06 Mohammadreza Hazhirpasand , Mohammad Ghafari , Stefan Krüger , Eric Bodden , Oscar Nierstrasz

Code agents are increasingly trusted to autonomously fix bugs on platforms such as GitHub, yet their security evaluation focuses almost exclusively on functional correctness. In this paper, we reveal a novel type of threat to real-world…

Cryptography and Security · Computer Science 2025-10-22 Yibo Peng , James Song , Lei Li , Xinyu Yang , Mihai Christodorescu , Ravi Mangal , Corina Pasareanu , Haizhong Zheng , Beidi Chen

Static analysis has established itself as a weapon of choice for detecting security vulnerabilities. Taint analysis in particular is a very general and powerful technique, where security policies are expressed in terms of forbidden flows,…

Cryptography and Security · Computer Science 2021-11-19 Saikat Dutta , Diego Garbervetsky , Shuvendu Lahiri , Max Schäfer

Security updates create a short but important window in which defenders and attackers can compare vulnerable and patched software. Yet in many operational settings, the most accessible artifacts are binary packages rather than source…

Cryptography and Security · Computer Science 2026-05-08 Isaac David , Arthur Gervais

The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an…

Cryptography and Security · Computer Science 2022-06-08 Raphael Hiesgen , Marcin Nawrocki , Thomas C. Schmidt , Matthias Wählisch

This paper presents the source code analysis of a file reader server socket program (connection-oriented sockets) developed in Java, to illustrate the identification, impact analysis and solutions to remove five important software security…

Cryptography and Security · Computer Science 2014-12-02 Natarajan Meghanathan

This paper presents an integrity checker of JAVA P2P distributed system with auto source code composition. JAVA distributed system must guarantee the integrity of program itself and the system components of JAVA virtual machine against…

Cryptography and Security · Computer Science 2016-10-31 Lican Huang

Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity…

Cryptography and Security · Computer Science 2023-03-27 Anna-Katharina Wickert , Lars Baumgärtner , Michael Schlichtig , Krishna Narasimhan , Mira Mezini

Copyright protection is a major issue in distributing digital content. On the other hand, improvements to usability are sought by content users. In this paper, we propose a secure {\it traitor tracing scheme against key exposure (TTaKE)}…

Cryptography and Security · Computer Science 2016-11-17 Kazuto Ogawa , Goichiro Hanaoka , Hideki Imai

The adoption of security protocols such as Transport Layer Security (TLS) has significantly improved the state of traffic encryption and integrity protection on the Internet. Despite rigorous analysis, vulnerabilities continue to emerge,…

Cryptography and Security · Computer Science 2025-01-30 Mariam Moustafa , Mohit Sethi , Tuomas Aura

Software engineers integrate third-party components into their applications. The resulting software supply chain is vulnerable. To reduce the attack surface, we can verify the origin of components (provenance) before adding them.…

Cryptography and Security · Computer Science 2025-01-31 Taylor R. Schorlemmer , Ethan H. Burmane , Kelechi G. Kalu , Santiago Torres-Arias , James C. Davis