English
Related papers

Related papers: A "Final" Security Bug

200 papers

Previous work has shown that taint analyses are only useful if correctly customized to the context in which they are used. Existing domain-specific languages (DSLs) allow such customization through the definition of deny-listing data-flow…

Programming Languages · Computer Science 2022-04-08 Goran Piskachev , Johannes Späth , Ingo Budde , Eric Bodden

Attacks on Internet routing are typically viewed through the lens of availability and confidentiality, assuming an adversary that either discards traffic or performs eavesdropping. Yet, a strategic adversary can use routing attacks to…

Networking and Internet Architecture · Computer Science 2020-08-13 Yixin Sun , Maria Apostolaki , Henry Birge-Lee , Laurent Vanbever , Jennifer Rexford , Mung Chiang , Prateek Mittal

Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration…

Software Engineering · Computer Science 2021-11-29 Roland Croft , Yongzheng Xie , Mansooreh Zahedi , M. Ali Babar , Christoph Treude

Cache side-channel attacks exhibit severe threats to software security and privacy, especially for cryptosystems. In this paper, we propose CaType, a novel refinement type-based tool for detecting cache side channels in crypto software.…

Cryptography and Security · Computer Science 2022-10-20 Ke Jiang , Yuyan Bao , Shuai Wang , Zhibo Liu , Tianwei Zhang

While Ethereum's discovery protocols (Discv4/ Discv5) incorporate robust cryptographic designs to protect user privacy, real-world deployment reveals critical vulnerabilities when users deviate from security guidelines. In this paper, we…

Cryptography and Security · Computer Science 2025-07-03 Chenyu Li , Xueping Liang , Xiaorui Gong , Xiu Zhang

Authentication in TLS is predominately carried out with X.509 digital certificates issued by certificate authorities (CA). The centralized nature of current public key infrastructures, however, comes along with severe risks, such as single…

Cryptography and Security · Computer Science 2025-01-14 Sandro Rodriguez Garzon , Dennis Natusch , Artur Philipp , Axel Küpper , Hans Joachim Einsiedler , Daniela Schneider

Deductive verification of software has not yet found its way into industry, as complexity and scalability issues require highly specialized experts. The long-term perspective is, however, to develop verification tools aiding industrial…

Programming Languages · Computer Science 2018-11-28 Alexander Knüppel , Thomas Thüm , Carsten Pardylla , Ina Schaefer

Scan chains provide increased controllability and observability for testing digital circuits. The increased testability, however, can also be a source of information leakage for sensitive designs. The state-of-the-art defenses to secure…

Cryptography and Security · Computer Science 2021-02-01 Dake Chen , Chunxiao Lin , Peter A. Beerel

Implementations of cryptographic libraries have been scrutinized for secret-dependent execution behavior exploitable by microarchitectural side-channel attacks. To prevent unintended leakages, most libraries moved to constant-time…

Cryptography and Security · Computer Science 2023-04-25 Florian Sieck , Sebastian Berndt , Jan Wichelmann , Thomas Eisenbarth

Modern hardware systems are composed of a variety of third-party Intellectual Property (IP) cores to implement their overall functionality. Since hardware design is a globalized process involving various (untrusted) stakeholders, a secure…

Cryptography and Security · Computer Science 2022-11-17 Julian Speith , Florian Schweins , Maik Ender , Marc Fyrbiak , Alexander May , Christof Paar

Existing logic-locking attacks are known to successfully decrypt functionally correct key of a locked combinational circuit. It is possible to extend these attacks to real-world Silicon-based Intellectual Properties (IPs, which are…

Cryptography and Security · Computer Science 2021-02-18 Seetal Potluri , Aydin Aysu , Akash Kumar

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe…

Software Engineering · Computer Science 2026-01-05 Victor Wen , Zedong Peng

In this paper, I describe a recent practical experience where JUnit was used for testing security bugs in addition to functional bugs. Perl scripts were also used during the exploration phase. The application being tested was mature, but…

Software Engineering · Computer Science 2021-06-15 Julian Harty

The FIDO2 protocol aims to strengthen or replace password authentication using public-key cryptography. FIDO2 has primarily focused on defending against attacks from afar by remote attackers that compromise a password or attempt to phish…

Cryptography and Security · Computer Science 2023-08-08 Tarun Kumar Yadav , Kent Seamons

To enhance the compatibility in the version control of Java Third-party Libraries (TPLs), Maven adopts Semantic Versioning (SemVer) to standardize the underlying meaning of versions, but users could still confront abnormal execution and…

Software Engineering · Computer Science 2022-09-02 Lyuye Zhang , Chengwei Liu , Zhengzi Xu , Sen Chen , Lingling Fan , Bihuan Chen , Yang Liu

The root extraction problem in braid groups is the following: given a braid $\beta \in \mathcal{B}_n$ and a number $k\in \mathbb{N}$, find $\alpha\in \mathcal{B}_n$ such that $\alpha^k=\beta$. In the last decades, many cryptosystems such as…

Cryptography and Security · Computer Science 2022-03-31 María Cumplido , Delaram Kahrobaei , Marialaura Noce

Smart contracts are Turing-complete programs running on the blockchain. They cannot be modified, even when bugs are detected. The Selfdestruct function is the only way to destroy a contract on the blockchain system and transfer all the…

Software Engineering · Computer Science 2020-10-07 Jiachi Chen

The 2019 edition of Stack Overflow developer survey highlights that, for the first time, Python outperformed Java in terms of popularity. The gap between Python and Java further widened in the 2020 edition of the survey. Unfortunately,…

Just-in-Time (JIT) compilers are used by many modern programming systems in order to improve performance. Bugs in JIT compilers provide exploitable security vulnerabilities and debugging them is difficult as they are large, complex, and…

Programming Languages · Computer Science 2021-07-02 HeuiChan Lim , Stephen Kobourov

An unsolved challenge in distributed or federated learning is to effectively mitigate privacy risks without slowing down training or reducing accuracy. In this paper, we propose TextHide aiming at addressing this challenge for natural…

Computation and Language · Computer Science 2020-10-14 Yangsibo Huang , Zhao Song , Danqi Chen , Kai Li , Sanjeev Arora