English
Related papers

Related papers: Memory Error Detection in Security Testing

200 papers

Code vulnerability detection (CVD) is essential for addressing and preventing system security issues, playing a crucial role in ensuring software security. Previous learning-based vulnerability detection methods rely on either fine-tuning…

Computation and Language · Computer Science 2025-01-07 Xuefeng Jiang , Lvhua Wu , Sheng Sun , Jia Li , Jingjing Xue , Yuwei Wang , Tingting Wu , Min Liu

Symbolic analysis of security exploits in smart contracts has demonstrated to be valuable for analyzing predefined vulnerability properties. While some symbolic tools perform complex analysis steps, they require a predetermined invocation…

Cryptography and Security · Computer Science 2019-06-10 Wesley Joon-Wie Tann , Xing Jie Han , Sourav Sen Gupta , Yew-Soon Ong

Synchronization is the Achilles heel of concurrent programs. Synchronization requirement is often used to ensure that the execution of the concurrent program can be serialized. Without synchronization requirement, a program suffers from…

Distributed, Parallel, and Cluster Computing · Computer Science 2022-10-10 Duong Nguyen , Arya Tanmay Gupta , Sandeep S. Kulkarni

Automatic detection of software bugs is a critical task in software security. Many static tools that can help detect bugs have been proposed. While these static bug detectors are mainly evaluated on general software projects call into…

Software Engineering · Computer Science 2023-07-11 Nima Shiri harzevili , Jiho Shin , Junjie Wang , Song Wang , Nachiappan Nagappan

With an increasing number of value-flow properties to check, existing static program analysis still tends to have scalability issues when high precision is required. We observe that the key design flaw behind the scalability problem is that…

Software Engineering · Computer Science 2019-12-17 Qingkai Shi , Rongxin Wu , Gang Fan , Charles Zhang

Static analysis is one of the most widely adopted techniques to find software bugs before code is put in production. Designing and implementing effective and efficient static analyses is difficult and requires high expertise, which results…

Software Engineering · Computer Science 2019-06-04 Andrew Habib , Michael Pradel

As the number of Common Vulnerabilities and Exposures (CVE) continues to grow exponentially, security teams face increasingly difficult decisions about prioritization. Current approaches using Common Vulnerability Scoring System (CVSS)…

Cryptography and Security · Computer Science 2026-03-05 Naoyuki Shimizu , Masaki Hashimoto

Static malware analysis is well-suited to endpoint anti-virus systems as it can be conducted quickly by examining the features of an executable piece of code and matching it to previously observed malicious code. However, static code…

Cryptography and Security · Computer Science 2018-06-19 Matilda Rhode , Pete Burnap , Kevin Jones

Continuous Integration (CI) encompasses a set of widely adopted practices that enhance software development. However, there are indications that developers may not adequately monitor CI practices. Hence, this paper explores developers'…

Software Engineering · Computer Science 2025-06-10 Jadson Santos , Daniel Alencar da Costa , Shane McIntosh , Uirá Kulesza

CodeChecker is an open source project that integrates different static analysis tools such as the Clang Static Analyzer and Clang-Tidy into the build systems, continuous integration loops, and development workflows of C++ programmers. It…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Richard Szalay , Zoltan Porkolab , Gyorgy Orban , Daniel Krupp

Owing to the continued use of C (and C++), spatial safety violations (e.g., buffer overflows) still constitute one of today's most dangerous and prevalent security vulnerabilities. To combat these violations, Checked C extends C with…

Programming Languages · Computer Science 2022-03-28 Aravind Machiry , John Kastner , Matt McCutchen , Aaron Eline , Kyle Headley , Michael Hicks

We present a static analysis by Abstract Interpretation to check for run-time errors in parallel and multi-threaded C programs. Following our work on Astr\'ee, we focus on embedded critical programs without recursion nor dynamic memory…

Programming Languages · Computer Science 2019-03-14 Antoine Miné

Language models exhibit human-like cognitive vulnerabilities, such as emotional framing, that escape traditional behavioral alignment. We present CCS-7 (Cognitive Cybersecurity Suite), a taxonomy of seven vulnerabilities grounded in human…

Cryptography and Security · Computer Science 2025-08-15 Yuksel Aydin

The main stretch in the paper is buffer overflow anomaly occurring in major source codes, designed in various programming language. It describes the various as to how to improve your code and increase its strength to withstand security…

Cryptography and Security · Computer Science 2012-08-17 Manas Gaur

Despite decades of efforts to resolve, memory safety violations are still persistent and problematic in modern systems. Various defense mechanisms have been proposed, but their deployment in real systems remains challenging because of…

Hardware Architecture · Computer Science 2023-08-08 Yonghae Kim , Anurag Kar , Jaewon Lee , Jaekyu Lee , Hyesoon Kim

This paper presents a method to automatically fix implicit data loss warnings in large C++ projects using Large Language Models (LLMs). Our approach uses the Language Server Protocol (LSP) to gather context, Tree-sitter to extract relevant…

Software Engineering · Computer Science 2026-01-22 Chansong You , Hyun Deok Choi , Jingun Hong

Static Analysis Tools (SATs) are central to security engineering activities, as they enable early identification of code weaknesses without requiring execution. However, their effectiveness is often limited by high false-positive rates and…

Cryptography and Security · Computer Science 2026-02-04 Nicolás E. Díaz Ferreyra , Moritz Mock , Max Kretschmann , Barbara Russo , Mojtaba Shahin , Mansooreh Zahedi , Riccardo Scandariato

LLM-based vulnerability detectors are increasingly deployed in CI/CD security gating, yet their resilience to evasion under syntax- and compilation-preserving edits remains poorly understood. We evaluate five attack variants spanning four…

Cryptography and Security · Computer Science 2026-05-07 Luze Sun , Alina Oprea , Eric Wong

Symbolic execution detects vulnerabilities with precision, but applying it to large codebases requires harnesses that set up symbolic state, model dependencies, and specify assertions. Writing these harnesses has traditionally been a manual…

Cryptography and Security · Computer Science 2026-04-09 Md Shafiuzzaman , Achintya Desai , Wenbo Guo , Tevfik Bultan

Trusted execution environments (TEEs) provide an environment for running workloads in the cloud without having to trust cloud service providers, by offering additional hardware-assisted security guarantees. However, main memory encryption…

Cryptography and Security · Computer Science 2023-09-25 Jan Wichelmann , Anna Pätschke , Luca Wilke , Thomas Eisenbarth
‹ Prev 1 4 5 6 7 8 10 Next ›