English
Related papers

Related papers: Survey of Methods for Automated Code-Reuse Exploit…

200 papers

Memory safety is a cornerstone of secure and robust software systems, as it prevents a wide range of vulnerabilities and exploitation techniques. Among these, we focus on Return-Oriented Programming (ROP). ROP works as such: the attacker…

Cryptography and Security · Computer Science 2023-11-03 Federico Cassano , Charles Bershatsky , Jacob Ginesin , Sasha Bashenko

Documenting the functionality of software units with code comments, e.g., Javadoc comments, is a common programmer best-practice in software engineering. This paper introduces a novel test generation technique that exploits the code-comment…

Software Engineering · Computer Science 2025-05-01 Giovanni Denaro , Luca Guglielmo

Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal.…

Reinforcement learning (RL) has proven itself as a powerful tool for the discovery of quantum circuits and quantum protocols. We have recently shown that including composite quantum gates -- referred to as ``gadgets'' -- in the action space…

Quantum Physics · Physics 2025-09-30 Oleg M. Yevtushenko , Florian Marquardt

AI-powered code generation models have been developing rapidly, allowing developers to expedite code generation and thus improve their productivity. These models are trained on large corpora of code (primarily sourced from public…

Software Engineering · Computer Science 2023-11-21 Vahid Majdinasab , Michael Joshua Bishop , Shawn Rasheed , Arghavan Moradidakhel , Amjed Tahir , Foutse Khomh

Large Vision-Language Models (LVLMs) undergo safety alignment to suppress harmful content. However, current defenses predominantly target explicit malicious patterns in the input representation, often overlooking the vulnerabilities…

Cryptography and Security · Computer Science 2026-03-11 Quanchen Zou , Moyang Chen , Zonghao Ying , Wenzhuo Xu , Yisong Xiao , Deyue Zhang , Dongdong Yang , Zhao Liu , Xiangzheng Zhang

In the life-cycle of software development, testing plays a crucial role in quality assurance. Proper testing not only increases code coverage and prevents regressions but it can also ensure that any potential vulnerabilities in the software…

Software Engineering · Computer Science 2025-06-16 Gábor Antal , Dénes Bán , Martin Isztin , Rudolf Ferenc , Péter Hegedűs

RISC-V is a recently developed open instruction set architecture gaining a lot of attention. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and…

Cryptography and Security · Computer Science 2023-07-25 Loïc Buckwell , Olivier Gilles , Daniel Gracia Pérez , Nikolai Kosmatov

With the widespread application of large language models in code generation, recent studies demonstrate that employing additional Chain-of-Thought generation models can significantly enhance code generation performance by providing explicit…

Software Engineering · Computer Science 2025-08-13 Naizhu Jin , Zhong Li , Tian Zhang , Qingkai Zeng

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

This paper focuses on Code Generation task that aims at generating relevant code fragments according to given natural language descriptions. In the process of software development, developers often encounter two scenarios. One is requested…

Software Engineering · Computer Science 2024-04-19 Zezhou Yang , Sirong Chen , Cuiyun Gao , Zhenhao Li , Ge Li , Michael Lyu

Large Language Models (LLMs) have become powerful tools for automated code generation. However, these models often overlook critical security practices, which can result in the generation of insecure code that contains…

Software Engineering · Computer Science 2025-07-01 Hao Yan , Swapneel Suhas Vaidya , Xiaokuan Zhang , Ziyu Yao

In recent years, the rise of AI-assisted code-generation tools has significantly transformed software development. While code generators have mainly been used to support conventional software development, their use will be extended to…

Software Engineering · Computer Science 2024-12-17 Simon Torka , Sahin Albayrak

Automatic program repair (APR) is crucial to reduce manual debugging efforts for developers and improve software reliability. While conventional search-based techniques typically rely on heuristic rules or a redundancy assumption to mine…

Software Engineering · Computer Science 2023-09-13 Weishi Wang , Yue Wang , Shafiq Joty , Steven C. H. Hoi

Pre-trained language models of code are now widely used in various software engineering tasks such as code generation, code completion, vulnerability detection, etc. This, in turn, poses security and reliability risks to these models. One…

Software Engineering · Computer Science 2024-11-01 Thanh-Dat Nguyen , Yang Zhou , Xuan Bach D. Le , Patanamon Thongtanunam , David Lo

Few-shot learning with large-scale, pre-trained language models is a powerful way to answer questions about code, e.g., how to complete a given code example, or even generate code snippets from scratch. The success of these models raises…

Software Engineering · Computer Science 2022-06-14 Patrick Bareiß , Beatriz Souza , Marcelo d'Amorim , Michael Pradel

Identifying vulnerabilities in the source code is essential to protect the software systems from cyber security attacks. It, however, is also a challenging step that requires specialized expertise in security and code representation. To…

Machine Learning · Computer Science 2022-02-08 Van-Anh Nguyen , Dai Quoc Nguyen , Van Nguyen , Trung Le , Quan Hung Tran , Dinh Phung

Despite recent advances, Large Language Models (LLMs) still generate vulnerable code. Retrieval-Augmented Generation (RAG) has the potential to enhance LLMs for secure code generation by incorporating external security knowledge. However,…

Cryptography and Security · Computer Science 2026-03-17 Jiahao Shi , Tianyi Zhang

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

As the complexity of modern systems increases, so does the importance of assessing their security posture through effective vulnerability management and threat modeling techniques. One powerful tool in the arsenal of cybersecurity…

Cryptography and Security · Computer Science 2024-08-13 Renascence Tarafder Prapty , Ashish Kundu , Arun Iyengar