English
Related papers

Related papers: Survey of Methods for Automated Code-Reuse Exploit…

200 papers

Large language models (LLMs) for automatic code generation have achieved breakthroughs in several programming tasks. Their advances in competition-level programming problems have made them an essential pillar of AI-assisted pair…

Cryptography and Security · Computer Science 2023-10-24 Hossein Hajipour , Keno Hassler , Thorsten Holz , Lea Schönherr , Mario Fritz

Retrieval-Augmented Generation (RAG) significantly mitigates the hallucinations and domain knowledge deficiency in large language models by incorporating external knowledge bases. However, the multi-module architecture of RAG introduces…

Cryptography and Security · Computer Science 2026-03-24 Yanming Mu , Hao Hu , Feiyang Li , Qiao Yuan , Jiang Wu , Zichuan Liu , Pengcheng Liu , Mei Wang , Hongwei Zhou , Yuling Liu

The increasing complexity and volume of software systems have heightened the importance of identifying and mitigating security vulnerabilities. The existing software vulnerability datasets frequently fall short in providing comprehensive,…

Cryptography and Security · Computer Science 2026-04-06 Murtuza Shahzad , Joseph Wilson , Ibrahim Al Azher , Hamed Alhoori , Mona Rahimi

Proof-of-concept exploits help demonstrate software vulnerability beyond doubt and communicate attacks to non-experts. But exploits can be configuration-specific, for example when in Security APIs, where keys are set up specifically for the…

Cryptography and Security · Computer Science 2024-10-03 Robert Künnemann , Julian Biehl

As emerging software vulnerabilities continuously threaten enterprises and Internet services, there is a critical need for improved security research capabilities. This paper introduces the Security Exploit Telemetry Collection (SETC)…

Cryptography and Security · Computer Science 2024-12-17 Ryan Holeman , John Hastings , Varghese Mathew Vaidyan

A code generator systematically transforms compact models to detailed code. Today, code generation is regarded as an integral part of model-driven development (MDD). Despite its relevance, the development of code generators is an inherently…

Software Engineering · Computer Science 2015-09-09 Alexander Roth , Bernhard Rumpe

Code-reuse attacks have become a kind of common attack method, in which attackers use the existing code in the program to hijack the control flow. Most existing defenses focus on control flow integrity (CFI), code randomization, and…

Cryptography and Security · Computer Science 2023-03-23 Xiaoqi Song , Wenjie Lv , Haipeng Qu , Lingyun Ying

High-quality datasets of real-world vulnerabilities and their corresponding verifiable exploits are crucial resources in software security research. Yet such resources remain scarce, as their creation demands intensive manual effort and…

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin

"Vibe coding," in which developers delegate code generation to AI assistants and accept the output with little manual review, has gained rapid adoption in production settings. On March 31, 2026, Anthropic's Claude Code CLI shipped a 59.8 MB…

Cryptography and Security · Computer Science 2026-04-02 Ying Xie

Generating software from abstract models is a prime activity in model-drivenengineering. Adaptable and extendable code generators are important to address changing technologies as well as user needs. However, theyare less established, as…

Software Engineering · Computer Science 2016-06-10 Timo Greifenberg , Klaus Müller , Alexander Roth , Bernhard Rumpe , Christoph Schulze , Andreas Wortmann

Open-source libraries are widely used in modern software development, introducing significant security vulnerabilities. While static analysis tools can identify potential vulnerabilities at scale, they often generate overwhelming reports…

Software Engineering · Computer Science 2026-04-08 Siyi Chen , Tianhan Luo , Shijian Wu , Xiangyu Liu , Yilin Zhou , Qi Li , Wenyuan Xu

For many compiled languages, source-level types are erased very early in the compilation process. As a result, further compiler passes may convert type-safe source into type-unsafe machine code. Type-unsafe idioms in the original source and…

Programming Languages · Computer Science 2016-03-22 Matthew Noonan , Alexey Loginov , David Cok

Retrieval-Augmented Generation (RAG) has become a cornerstone of knowledge-intensive applications, including enterprise chatbots, healthcare assistants, and agentic memory management. However, recent studies show that knowledge-extraction…

Cryptography and Security · Computer Science 2026-02-13 Zhisheng Qi , Utkarsh Sahu , Li Ma , Haoyu Han , Ryan Rossi , Franck Dernoncourt , Mahantesh Halappanavar , Nesreen Ahmed , Yushun Dong , Yue Zhao , Yu Zhang , Yu Wang

Nearly all modern software suffers from bloat that negatively impacts its performance and security. To combat this problem, several automated techniques have been proposed to debloat software. A key metric used in many of these works to…

Cryptography and Security · Computer Science 2020-01-17 Michael D. Brown , Santosh Pande

Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior…

Cryptography and Security · Computer Science 2025-11-17 Alireza Lotfi , Charalampos Katsis , Elisa Bertino

Fine-grained Address Space Randomization has been considered as an effective protection against code reuse attacks such as ROP/JOP. However, it only employs a one-time randomization, and such a limitation has been exploited by recent…

Cryptography and Security · Computer Science 2015-07-13 Ping Chen , Jun Xu , Jun Wang , Peng Liu

AI agents are rapidly gaining capabilities that could significantly reshape cybersecurity, making rigorous evaluation urgent. A critical capability is exploitation: turning a vulnerability, which is not yet an attack, into a concrete…

In software development, the predominant emphasis on functionality often supersedes security concerns, a trend gaining momentum with AI-driven automation tools like GitHub Copilot. These tools significantly improve developers' efficiency in…

Java (de)serialization is prone to causing security-critical vulnerabilities that attackers can invoke existing methods (gadgets) on the application's classpath to construct a gadget chain to perform malicious behaviors. Several techniques…

Cryptography and Security · Computer Science 2023-04-05 Sicong Cao , Xiaobing Sun , Xiaoxue Wu , Lili Bo , Bin Li , Rongxin Wu , Wei Liu , Biao He , Yu Ouyang , Jiajia Li