English
Related papers

Related papers: InspectJS: Leveraging Code Similarity and User-Fee…

200 papers

The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional…

Cryptography and Security · Computer Science 2026-04-23 Ronghao Ni , Mihai Christodorescu , Limin Jia

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

WebAssembly seeks to provide an alternative to running large and untrusted binaries within web browsers by implementing a portable, performant, and secure bytecode format for native web computation. However, WebAssembly is largely unstudied…

Cryptography and Security · Computer Science 2018-07-24 Aron Szanto , Timothy Tamm , Artidoro Pagnoni

Intel SGX (Software Guard Extension) is a promising TEE (trusted execution environment) technique that can protect programs running in user space from being maliciously accessed by the host operating system. Although it provides hardware…

Cryptography and Security · Computer Science 2022-08-24 Yang Chen , Jianfeng Jiang , Shoumeng Yan , Hui Xu

Taint analysis using explicit whole-program data-dependence graphs is powerful for vulnerability discovery but faces two major challenges. First, accurately modeling taint propagation through calls to external library procedures requires…

Software Engineering · Computer Science 2025-06-09 Sedick David Baker Effendi , Xavier Pinho , Andrei Michael Dreyer , Fabian Yamaguchi

The rapid rise of cyber-crime activities and the growing number of devices threatened by them place software security issues in the spotlight. As around 90% of all attacks exploit known types of security issues, finding vulnerable…

Cryptography and Security · Computer Science 2024-05-14 Rudolf Ferenc , Péter Hegedűs , Péter Gyimesi , Gábor Antal , Dénes Bán , Tibor Gyimóthy

Click-Through Rate (CTR) prediction, a core task in recommendation systems, estimates user click likelihood using historical behavioral data. Modeling user behavior sequences as text to leverage Language Models (LMs) for this task has…

Computation and Language · Computer Science 2025-08-06 Zixuan Li , Binzong Geng , Jing Xiong , Yong He , Yuxuan Hu , Jian Chen , Dingwei Chen , Xiyu Chang , Liang Zhang , Linjian Mo , Chengming Li , Chuan Yuan , Zhenan Sun

Although the importance of using static analysis to detect taint-style vulnerabilities in Linux-based embedded firmware is widely recognized, existing approaches are plagued by three major limitations. (a) Approaches based on symbolic…

Cryptography and Security · Computer Science 2021-09-28 Kai Cheng , Tao Liu , Le Guan , Peng Liu , Hong Li , Hongsong Zhu , Limin Sun

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically…

The Android mining sandbox approach consists in running dynamic analysis tools on a benign version of an Android app and recording every call to sensitive APIs. Later, one can use this information to (a) prevent calls to other sensitive…

This paper presents an approach for identification of vulnerable IoT applications. The approach focuses on a category of vulnerabilities that leads to sensitive information leakage which can be identified by using taint flow analysis.…

Cryptography and Security · Computer Science 2022-01-11 Hajra Naeem , Manar H. Alalfi

Cryptographic research takes software timing side channels seriously. Approaches to mitigate them include constant-time coding and techniques to enforce such practices. However, recent attacks like Meltdown [42], Spectre [37], and…

Cryptography and Security · Computer Science 2025-04-29 Martin Dunsche , Patrick Bastian , Marcel Maehren , Nurullah Erinola , Robert Merget , Nicolai Bissantz , Holger Dette , Jörg Schwenk

Detection and quantification of information leaks through timing side channels are important to guarantee confidentiality. Although static analysis remains the prevalent approach for detecting timing side channels, it is computationally…

Cryptography and Security · Computer Science 2019-07-25 Saeid Tizpaz-Niari , Pavol Cerny , Sriram Sankaranarayanan , Ashutosh Trivedi

Information flows are intrinsic properties of an multi-stage manufacturing systems (MMS). In computer security, a basic information flow tracking technique is dynamic taint analysis (DTA). DTA tracks taint propagation from one data variable…

Cryptography and Security · Computer Science 2021-09-28 Tao Liu , Bowen Yang , Qi Li , Jin Ye , Wenzhan Song , Peng Liu

The exponential growth of mobile devices has raised concerns about sensitive data leakage. In this paper, we make the first attempt to identify suspicious location-related HTTP transmission flows from the user's perspective, by answering…

Cryptography and Security · Computer Science 2016-07-26 Hao Fu , Zizhan Zheng , Aveek K. Das , Parth H. Pathak , Pengfei Hu , Prasant Mohapatra

To detect security vulnerabilities, static analysis tools need to be configured with security-relevant methods. Current approaches can automatically identify such methods using binary relevance machine learning approaches. However, they…

Machine Learning · Computer Science 2024-03-13 Oshando Johnson , Goran Piskachev , Ranjith Krishnamurthy , Eric Bodden

With the growing and widespread use of Internet of Things (IoT) in our daily life, its security is becoming more crucial. To ensure information security, we require better security analysis tools for IoT applications. Hence, this paper…

Cryptography and Security · Computer Science 2021-10-13 Manar H. Alalfi , Sajeda Parveen , Bara Nazzal

Specification mining offers a solution by automating security specification for hardware. Specification miners use a form of machine learning to specify behaviors of a system by studying a system in execution. However, specification mining…

Cryptography and Security · Computer Science 2021-08-23 Calvin Deutschbein

Since the creation of Bitcoin, transaction tracking is one of the prominent means for following the movement of Bitcoins involved in illegal activities. Although every Bitcoin transaction is recorded in the blockchain database, which is…

Cryptography and Security · Computer Science 2019-12-06 Tin Tironsakkul , Manuel Maarek , Andrea Eross , Mike Just