English
Related papers

Related papers: A "Final" Security Bug

200 papers

We present LeJit, a template-based framework for testing Java just-in-time (JIT) compilers. Like recent template-based frameworks, LeJit executes a template -- a program with holes to be filled -- to generate concrete programs given as…

Software Engineering · Computer Science 2024-07-09 Zhiqiang Zang , Fu-Yao Yu , Aditya Thimmaiah , August Shi , Milos Gligoric

Our scientific knowledge is increasingly built on software output. User code which defines data analysis pipelines and computational models is essential for research in the natural and social sciences, but little is known about how to…

Software Engineering · Computer Science 2020-03-16 Maxwell Shinn

Kintsugi is a protocol for key recovery, allowing a user to regain access to end-to-end encrypted data after they have lost their device, but still have their (potentially low-entropy) password. Existing E2EE key recovery methods, such as…

Cryptography and Security · Computer Science 2025-07-30 Emilie Ma , Martin Kleppmann

Thanks to the advance of technology, all kinds of applications are becoming more complete and capable of performing complex tasks that save much of our time. But to perform these tasks, applications require that some personal information…

Cryptography and Security · Computer Science 2020-07-15 Guilherme Girotto , Avelino Francisco Zorzo

Zero-day vulnerabilities can be accidentally or maliciously placed in code and can remain in place for years. In this study, we address an aspect of their longevity by considering the likelihood that they will be discovered in the code…

Cryptography and Security · Computer Science 2018-09-03 Andrew J. Lohn

The problem of secure source coding with multiple terminals is extended by considering a remote source whose noisy measurements are the correlated random variables used for secure source reconstruction. The main additions to the problem…

Information Theory · Computer Science 2022-11-10 Onur Günlü , Rafael F. Schaefer , Holger Boche , H. Vincent Poor

Most blockchains cannot hide the binary code of programs (i.e., smart contracts) running on them. To conceal proprietary business logic and to potentially deter attacks, many smart contracts are closed-source and employ layers of…

Cryptography and Security · Computer Science 2025-09-09 Sen Yang , Kaihua Qin , Aviv Yaish , Fan Zhang

Key substitution vulnerable signature schemes are signature schemes that permit an intruder, given a public verification key and a signed message, to compute a pair of signature and verification keys such that the message appears to be…

Cryptography and Security · Computer Science 2007-10-31 Yannick Chevalier , Mounira Kourjieh

Code completion is a key feature of Integrated Development Environments (IDEs), aimed at predicting the next tokens a developer is likely to write, helping them write code faster and with less effort. Modern code completion approaches are…

Software Engineering · Computer Science 2024-03-25 Matteo Ciniselli , Alberto Martin-Lopez , Gabriele Bavota

Python is one of the most popular programming languages; as such, projects written in Python involve an increasing number of diverse security vulnerabilities. However, existing state-of-the-art analysis tools for Python only support a few…

Software Engineering · Computer Science 2026-01-22 Yoann Marquer , Domenico Bianculli , Lionel C. Briand

Code obfuscation is a popular approach to turn program comprehension and analysis harder, with the aim of mitigating threats related to malicious reverse engineering and code tampering. However, programming languages that compile to high…

Software Engineering · Computer Science 2019-01-16 Davide Pizzolotto , Mariano Ceccato

In this paper, we present an end-to-end view of IoT security and privacy and a case study. Our contribution is three-fold. First, we present our end-to-end view of an IoT system and this view can guide risk assessment and design of an IoT…

Cryptography and Security · Computer Science 2018-05-16 Zhen Ling , Kaizheng Liu , Yiling Xu , Chao Gao , Yier Jin , Cliff Zou , Xinwen Fu , Wei Zhao

Improper Input Validation (IIV) is a software vulnerability that occurs when a system does not safely handle input data. Even though IIV is easy to detect and fix, it still commonly happens in practice. In this paper, we study to what…

Software Engineering · Computer Science 2021-02-15 Larissa Braz , Enrico Fregnan , Gül Çalikli , Alberto Bacchelli

We explore an emerging threat model for end-to-end (E2E) encrypted applications: an adversary sends chosen messages to a target client, thereby "injecting" adversarial content into the application state. Such state is subsequently encrypted…

Cryptography and Security · Computer Science 2024-11-15 Andrés Fábrega , Carolina Ortega Pérez , Armin Namavari , Ben Nassi , Rachit Agarwal , Thomas Ristenpart

A timely software update is vital to combat the increasing security vulnerabilities. However, some software vendors may secretly patch their vulnerabilities without creating CVE entries or even describing the security issue in their change…

Cryptography and Security · Computer Science 2023-12-14 Xu He , Shu Wang , Pengbin Feng , Xinda Wang , Shiyu Sun , Qi Li , Kun Sun

Publishing private data on external servers incurs the problem of how to avoid unwanted disclosure of confidential data. We study a problem of confidentiality in extended disjunctive logic programs and show how it can be solved by extended…

Artificial Intelligence · Computer Science 2011-08-31 Katsumi Inoue , Chiaki Sakama , Lena Wiese

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for…

Cryptography and Security · Computer Science 2021-01-22 Vassilis Papaspirou , Leandros Maglaras , Mohamed Amine Ferrag , Ioanna Kantzavelou , Helge Janicke , Christos Douligeris

The number of vulnerabilities reported in open source software has increased substantially in recent years. Security patches provide the necessary measures to protect software from attacks and vulnerabilities. In practice, it is difficult…

Software Engineering · Computer Science 2024-01-17 Zhiyuan Pan , Xing Hu , Xin Xia , Xian Zhan , David Lo , Xiaohu Yang

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of…

Software Engineering · Computer Science 2021-02-23 Tiago Espinha Gasiba , Samra Hodzic , Ulrike Lechner , Maria Pinto-Albuquerque

Imperfect bit-and-basis encoders compromise the security of quantum key distribution (QKD) systems via modulation flaws, side channels and inter-pulse correlations, which invalidate standard security proofs. Existing results addressing such…

Quantum Physics · Physics 2026-02-02 Guillermo Currás-Lorenzo , Margarida Pereira , Go Kato , Marcos Curty , Kiyoshi Tamaki