English
Related papers

Related papers: Detile: Fine-Grained Information Leak Detection in…

200 papers

Speculative execution attacks undermine the security of constant-time programming, the standard technique used to prevent microarchitectural side channels in security-sensitive software such as cryptographic code. Constant-time code must…

Cryptography and Security · Computer Science 2023-12-18 Rutvik Choudhary , Alan Wang , Zirui Neil Zhao , Adam Morrison , Christopher W. Fletcher

Memory leaks are prevalent in various real-world software projects, thereby leading to serious attacks like denial-of-service. Though prior methods for detecting memory leaks made significant advance, they often suffer from low accuracy and…

Cryptography and Security · Computer Science 2025-04-08 Hongliang Liang , Luming Yin , Guohao Wu , Yuxiang Li , Qiuping Yi , Lei Wang

Memory-safety issues and information leakage are known to be depressingly common. We consider the compositional static detection of these kinds of vulnerabilities in first-order C-like programs. Indeed the latter are relational hyper-safety…

Programming Languages · Computer Science 2023-08-22 Toby Murray , Pengbo Yan , Gidon Ernst

Large Language Models for Code (LLMs4Code) have achieved strong performance in code generation, but recent studies reveal that they may memorize and leak sensitive information contained in training data, posing serious privacy risks. To…

Cryptography and Security · Computer Science 2026-01-29 Shanzhi Gu , Zhaoyang Qu , Ruotong Geng , Mingyang Geng , Shangwen Wang , Chuanfu Xu , Haotian Wang , Zhipeng Lin , Dezun Dong

Maintaining confidential information control in software is a persistent security problem where failure means secrets can be revealed via program behaviors. Information flow control techniques traditionally have been based on static or…

Software Engineering · Computer Science 2021-08-30 Ibrahim Mesecan , Daniel Blackwell , David Clark , Myra B. Cohen , Justyna Petke

One of the most significant challenges in the field of software code auditing is the presence of vulnerabilities in software source code. Every year, more and more software flaws are discovered, either internally in proprietary code or…

Cryptography and Security · Computer Science 2023-06-16 Mst Shapna Akter , Hossain Shahriar , Juan Rodriguez Cardenas , Sheikh Iqbal Ahamed , Alfredo Cuzzocrea

Spectre attacks disclosed in early 2018 expose data leakage scenarios via cache side channels. Specifically, speculatively executed paths due to branch mis-prediction may bring secret data into the cache which are then exposed via cache…

Cryptography and Security · Computer Science 2020-05-26 Guanhua Wang , Sudipta Chattopadhyay , Arnab Kumar Biswas , Tulika Mitra , Abhik Roychoudhury

In software development environments, code quality is crucial. This study aims to assist Machine Learning (ML) engineers in enhancing their code by identifying and correcting Data Leakage issues within their models. Data Leakage occurs when…

Software Engineering · Computer Science 2025-09-22 Owen Truong , Terrence Zhang , Arnav Marchareddy , Ryan Lee , Jeffery Busold , Michael Socas , Eman Abdullah AlOmar

Attacks like Spectre abuse speculative execution, one of the key performance optimizations of modern CPUs. Recently, several testing tools have emerged to automatically detect speculative leaks in commercial (black-box) CPUs. However, the…

Cryptography and Security · Computer Science 2023-01-19 Oleksii Oleksenko , Marco Guarnieri , Boris Köpf , Mark Silberstein

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control…

Programming Languages · Computer Science 2021-03-04 Sandip Ghosal , R. K. Shyamasundar

The increasing complexity of modern software systems exacerbates the prevalence of security vulnerabilities, posing risks of severe breaches and substantial economic loss. Consequently, robust code vulnerability detection is essential for…

Cryptography and Security · Computer Science 2025-10-09 Zhiyuan Wei , Xiaoxuan Yang , Jing Sun , Zijian Zhang

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

Protecting sensitive information from unauthorized disclosure is a major concern of every organization. As an organizations employees need to access such information in order to carry out their daily work, data leakage detection is both an…

Cryptography and Security · Computer Science 2013-02-11 Yuri Shapira , Bracha Shapira , Asaf Shabtai

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

The recent discovery of the Spectre and Meltdown attacks represents a watershed moment not just for the field of Computer Security, but also of Programming Languages. This paper explores speculative side-channel attacks and their…

Programming Languages · Computer Science 2019-02-15 Ross Mcilroy , Jaroslav Sevcik , Tobias Tebbi , Ben L. Titzer , Toon Verwaest

Side-channel attacks on memory (SCAM) exploit unintended data leaks from memory subsystems to infer sensitive information, posing significant threats to system security. These attacks exploit vulnerabilities in memory access patterns, cache…

Cryptography and Security · Computer Science 2025-05-09 MD Mahady Hassan , Shanto Roy , Reza Rahaeimehr

Webshell is a type of backdoor, and web applications are widely exposed to webshell injection attacks. Therefore, it is important to study webshell detection techniques. In this study, we propose a webshell detection method. We first…

Cryptography and Security · Computer Science 2025-02-28 Zhiqiang Wang , Haoyu Wang , Lu Hao

Spectre intrusions exploit speculative execution design vulnerabilities in modern processors. The attacks violate the principles of isolation in programs to gain unauthorized private user information. Current state-of-the-art detection…

Cryptography and Security · Computer Science 2022-10-27 Chidera Biringa , Gaspard Baye , Gökhan Kul

Identifying features that leak information about sensitive attributes is a key challenge in the design of information obfuscation mechanisms. In this paper, we propose a framework to identify information-leaking features via information…

Information Theory · Computer Science 2019-10-21 Hsiang Hsu , Shahab Asoodeh , Flavio du Pin Calmon

We consider the problem of specifying and proving the security of non-trivial, concurrent programs that intentionally leak information. We present a method that decomposes the problem into (a) proving that the program only leaks information…

Cryptography and Security · Computer Science 2023-09-08 Toby Murray , Mukesh Tiwari , Gidon Ernst , David A. Naumann
‹ Prev 1 2 3 10 Next ›