English
Related papers

Related papers: Cerberus: Query-driven Scalable Vulnerability Dete…

200 papers

To address security vulnerabilities arising from third-party libraries, security researchers maintain databases monitoring and curating vulnerability reports. Application developers can identify vulnerable libraries by directly querying the…

Cryptography and Security · Computer Science 2023-11-20 Tianyu Chen , Lin Li , Bingjie Shan , Guangtai Liang , Ding Li , Qianxiang Wang , Tao Xie

Machine Learning software systems are frequently used in our day-to-day lives. Some of these systems are used in various sensitive environments to make life-changing decisions. Therefore, it is crucial to ensure that these AI/ML systems do…

Machine Learning · Computer Science 2025-08-25 Ajoy Das , Gias Uddin , Shaiful Chowdhury , Mostafijur Rahman Akhond , Hadi Hemmati

Attribute-based encryption (ABE) comprises a set of one-to-many encryption schemes that allow the encryption and decryption of data by associating it with access policies and attributes. Therefore, it is an asymmetric encryption scheme, and…

Cryptography and Security · Computer Science 2022-09-27 Aintzane Mosteiro-Sanchez , Marc Barcelo , Jasone Astorga , Aitor Urbieta

Formal verification provides the highest assurance of software correctness and security, but its application to large-scale, evolving systems remains a major challenge. While large language models (LLMs) have shown promise in automating…

Software Engineering · Computer Science 2026-05-06 Yuwei Liu , Xinyi Wan , Yanhao Wang , Minghua Wang , Lin Huang , Tao Wei

Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how…

OAuth is the new de facto standard for delegating authorization in the web. An important limitation of OAuth is the fact that it was designed for authorization and not for authentication. The usage of OAuth for authentication thus leads to…

Cryptography and Security · Computer Science 2016-01-08 Vladislav Mladenov , Christian Mainka , Jörg Schwenk

This paper explores how the current paradigm of vulnerability management might adapt to include machine learning systems through a thought experiment: what if flaws in machine learning (ML) were assigned Common Vulnerabilities and Exposures…

Cryptography and Security · Computer Science 2021-01-27 Jonathan M. Spring , April Galyardt , Allen D. Householder , Nathan VanHoudnos

As large language models (LLMs) increasingly integrate native code interpreters, they enable powerful real-time execution capabilities, substantially expanding their utility. However, such integrations introduce potential system-level…

Cryptography and Security · Computer Science 2025-07-28 Gabriel Chua

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

Artificial Intelligence systems, which benefit from the availability of large-scale datasets and increasing computational power, have become effective solutions to various critical tasks, such as natural language understanding, speech…

Software Engineering · Computer Science 2023-03-20 Zhou Yang , Chenyu Wang , Jieke Shi , Thong Hoang , Pavneet Kochhar , Qinghua Lu , Zhenchang Xing , David Lo

Modern software design practice implies widespread use in the development of ready-made components, usually designed as external libraries. The undoubted advantages of reusing third-party code can be offset by integration errors that appear…

Software Engineering · Computer Science 2022-02-09 Vladislav Feofilaktov , Vladimir Itsykson

Smart Contracts (SCs) handle transactions in the Ethereum blockchain worth millions of United States dollars, making them a lucrative target for attackers seeking to exploit vulnerabilities and steal funds. The Ethereum community has…

Cryptography and Security · Computer Science 2024-12-16 Chavhan Sujeet Yashavant , MitrajSinh Chavda , Saurabh Kumar , Amey Karkare , Angshuman Karmakar

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Software security is becoming a high priority for both large companies and start-ups alike due to the increasing potential for harm that vulnerabilities and breaches carry with them. However, attaining robust security assurance while…

Software Engineering · Computer Science 2019-08-06 David N. Palacio , Daniel McCrystal , Kevin Moran , Carlos Bernal-Cárdenas , Denys Poshyvanyk , Chris Shenefiel

Software vulnerabilities are commonly exploited as attack vectors in cyberattacks. Hence, it is crucial to identify vulnerable software configurations early to apply preventive measures. Effective vulnerability detection relies on…

Cryptography and Security · Computer Science 2024-12-24 Devesh Sawant , Manjesh K. Hanawal , Atul Kabra

Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps). There exist several open-sourced and commercial security tools that automatically screen Java programs to…

Cryptography and Security · Computer Science 2021-12-09 Sharmin Afrose , Ya Xiao , Sazzadur Rahaman , Barton P. Miller , Danfeng , Yao

Penetration testing, a critical component of cybersecurity, typically requires extensive time and effort to find vulnerabilities. Beginners in this field often benefit from collaborative approaches with the community or experts. To address…

Cryptography and Security · Computer Science 2024-11-07 Derry Pratama , Naufal Suryanto , Andro Aprila Adiputra , Thi-Thu-Huong Le , Ahmada Yusril Kadiptya , Muhammad Iqbal , Howon Kim

Smart contract vulnerabilities, particularly improper Access Control that allows unauthorized execution of restricted functions, have caused billions of dollars in losses. GitHub hosts numerous smart contract repositories containing source…

Software Engineering · Computer Science 2025-10-23 Chong Chen , Jiachi Chen , Lingfeng Bao , David Lo , Yanlin Wang , Zhenyu Shan , Ting Chen , Guangqiang Yin , Jianxing Yu , Zibin Zheng

Software libraries implement APIs that deliver reusable functionalities. To correctly use these functionalities, software applications must satisfy certain correctness policies, for instance policies about the order some API methods can be…

Software Engineering · Computer Science 2020-10-14 Oliviero Riganelli , Daniela Micucci , Leonardo Mariani

Open-source software (OSS) is a pillar of modern software development. Its success depends on the dedication of maintainers who work constantly to keep their libraries stable, adapt to changing needs, and support a growing community. Yet,…

Software Engineering · Computer Science 2025-10-20 Rachna Raj , Diego Elias Costa