English
Related papers

Related papers: Survey of Methods for Automated Code-Reuse Exploit…

200 papers

This report presents a taxonomy of vulnerabilities created as a part of an effort to develop a framework for deriving verification and validation strategies to assess software security. This taxonomy is grounded in a theoretical model of…

Cryptography and Security · Computer Science 2007-05-23 Anil Bazaz , James D. Arthur

Currently, while software engineers write code for various modules, quite often, various types of errors - coding, logic, semantic, and others (most of which are not caught by compilation and other tools) get introduced. Some of these bugs…

Software Engineering · Computer Science 2020-04-28 Anshul Tanwar , Krishna Sundaresan , Parmesh Ashwath , Prasanna Ganesan , Sathish Kumar Chandrasekaran , Sriram Ravi

Privacy and security are central to the design of information systems endowed with sound data protection and cyber resilience capabilities. Still, developers often struggle to incorporate these properties into software projects as they…

Software Engineering · Computer Science 2025-03-04 Nicolás E. Díaz Ferreyra , Sirine Khelifi , Nalin Arachchilage , Riccardo Scandariato

Software component reuse is the software engineering practice of developing new software products from existing components. A reuse library or component reuse repository organizes stores and manages reusable components. This paper describes…

Software Engineering · Computer Science 2010-07-30 P. Shireesha , S. S. V. N. Sharma

Storage codes are used to ensure reliable storage of data in distributed systems. Here we consider functional repair codes, where individual storage nodes that fail may be repaired efficiently and the ability to recover original data and to…

Discrete Mathematics · Computer Science 2018-09-24 Siaw-Lynn Ng , Maura B. Paterson

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta

Software vulnerabilities affect all businesses and research is being done to avoid, detect or repair them. In this article, we contribute a new technique for automatic vulnerability fixing. We present a system that uses the rich software…

Software Engineering · Computer Science 2019-12-09 Zimin Chen , Steve Kommrusch , Martin Monperrus

Identifying vulnerable code is a precautionary measure to counter software security breaches. Tedious expert effort has been spent to build static analyzers, yet insecure patterns are barely fully enumerated. This work explores a deep…

Artificial Intelligence · Computer Science 2021-09-09 Yufan Zhuang , Sahil Suneja , Veronika Thost , Giacomo Domeniconi , Alessandro Morari , Jim Laredo

Generative Pre-Trained Transformer models have been shown to be surprisingly effective at a variety of natural language processing tasks -- including generating computer code. We evaluate the effectiveness of open source GPT models for the…

Cryptography and Security · Computer Science 2024-08-02 Elijah Pelofske , Vincent Urias , Lorie M. Liebrock

Large Language Models (LLMs) can generate code but often introduce security vulnerabilities, logical inconsistencies, and compilation errors. Prior work demonstrates that LLMs benefit substantially from structured feedback, static analysis,…

Cryptography and Security · Computer Science 2026-01-05 Vidyut Sriram , Sawan Pandita , Achintya Lakshmanan , Aneesh Shamraj , Suman Saha

Through systematic experiments on long-context generation, we observe a damaging failure mode in which decoding can collapse into persistent repetition loops. We find that this degeneration is driven by collapsed attention patterns, where a…

Artificial Intelligence · Computer Science 2026-04-14 Dongjie Xu , Hao Wu , Weijie Shi , Yue Cui , Yuanjun Liu , Jiawei Li , Haolun Ma , An Liu , Jia Zhu , Jiajie Xu

Prototype pollution is a recent vulnerability that affects JavaScript code, leading to high impact attacks such as arbitrary code execution. The vulnerability is rooted in JavaScript's prototype-based inheritance, enabling attackers to…

Cryptography and Security · Computer Science 2024-07-16 Eric Cornelissen , Mikhail Shcherbakov , Musard Balliu

Retrieval-Augmented Code Generation (RACG) leverages external knowledge to enhance Large Language Models (LLMs) in code synthesis, improving the functional correctness of the generated code. However, existing RACG systems largely overlook…

Cryptography and Security · Computer Science 2025-04-24 Bo Lin , Shangwen Wang , Yihao Qin , Liqian Chen , Xiaoguang Mao

Software vulnerabilities in source code pose serious cybersecurity risks, prompting a shift from traditional detection methods (e.g., static analysis, rule-based matching) to AI-driven approaches. This study presents a systematic review of…

Software Engineering · Computer Science 2025-06-13 Samiha Shimmi , Hamed Okhravi , Mona Rahimi

The wide-spread adoption of system defenses such as the randomization of code, stack, and heap raises the bar for code-reuse attacks. Thus, attackers utilize a scripting engine in target programs like a web browser to prepare the code-reuse…

Cryptography and Security · Computer Science 2020-07-07 Jannik Pewny , Philipp Koppe , Thorsten Holz

Microarchitectural security verification of software has seen the emergence of two broad classes of approaches. The first is based on semantic security properties (e.g., non-interference) which are verified for a given program and a…

Cryptography and Security · Computer Science 2024-06-11 Adwait Godbole , Yatin A. Manerkar , Sanjit A. Seshia

Prototype pollution is a dangerous vulnerability affecting prototype-based languages like JavaScript and the Node.js platform. It refers to the ability of an attacker to inject properties into an object's root prototype at runtime and…

Cryptography and Security · Computer Science 2022-11-14 Mikhail Shcherbakov , Musard Balliu , Cristian-Alexandru Staicu

Malware detectors based on machine learning (ML) have been shown to be susceptible to adversarial malware examples. However, current methods to generate adversarial malware examples still have their limits. They either rely on detailed…

Cryptography and Security · Computer Science 2023-08-22 Daniel Gibert , Jordi Planes , Quan Le , Giulio Zizzo

The increasing use of generative Artificial Intelligence (AI) in modern software engineering, particularly Large Language Models (LLMs) for code generation, has transformed professional software development by boosting productivity and…

Software Engineering · Computer Science 2025-07-31 Sabrina Kaniewski , Dieter Holstein , Fabian Schmidt , Tobias Heer

This paper presents an underlying framework for both automating and accelerating malware classification, more specifically, mapping malicious executables to known Advanced Persistent Threat (APT) groups. The main feature of this analysis is…

Cryptography and Security · Computer Science 2025-04-23 Noah Subedar , Taeui Kim , Saathwick Venkataramalingam