English
Related papers

Related papers: WebSpec: Towards Machine-Checked Analysis of Brows…

200 papers

This paper tackles the problems of generating concrete test cases for testing whether an application is vulnerable to attacks, and of checking whether security solutions are correctly implemented. The approach proposed in the paper aims at…

Software Engineering · Computer Science 2020-07-08 Sébastien Salva , Loukmen Regainia

Security code review is a time-consuming and labor-intensive process typically requiring integration with automated security defect detection tools. However, existing security analysis tools struggle with poor generalization, high false…

Software Engineering · Computer Science 2026-05-12 Jiaxin Yu , Peng Liang , Yujia Fu , Amjed Tahir , Mojtaba Shahin , Chong Wang , Yangxiao Cai

REST APIs are prevalent among web service implementations, easing interoperability through the HTTP protocol. API testers and users exploit the widely adopted OpenAPI Specification (OAS), a machine-readable standard to document REST APIs.…

Software Engineering · Computer Science 2025-07-17 Alix Decrop , Xavier Devroey , Mike Papadakis , Pierre-Yves Schobbens , Gilles Perrouin

Background: Security regressions are vulnerabilities introduced in a previously unaffected software system. They often happen as a result of source code changes (e.g., a bug fix) and can have severe effects. Aims: To increase the…

Software Engineering · Computer Science 2022-07-06 Larissa Braz , Enrico Fregnan , Vivek Arora , Alberto Bacchelli

Large language model fine-tuning APIs enable widespread model customization, yet pose significant safety risks. Recent work shows that adversaries can exploit access to these APIs to bypass model safety mechanisms by encoding harmful…

Machine Learning · Computer Science 2025-08-26 Jack Youstra , Mohammed Mahfoud , Yang Yan , Henry Sleight , Ethan Perez , Mrinank Sharma

Password-based authentication faces various security and usability issues. Password managers help alleviate some of these issues by enabling users to manage their passwords effectively. However, malicious client-side scripts and browser…

Cryptography and Security · Computer Science 2024-02-12 Anuj Gautam , Tarun Kumar Yadav , Kent Seamons , Scott Ruoti

Many static benchmarks are beginning to saturate: as models rapidly improve, they achieve near-perfect scores on fixed test sets, leaving little headroom to expose genuine model weaknesses -- and even expert-curated challenge sets quickly…

Computation and Language · Computer Science 2026-05-27 Wenda Xu , Vilém Zouhar , Parker Riley , Mara Finkelstein , Markus Freitag , Daniel Deutsch

Techniques for verifying or invalidating the security of computer systems have come a long way in recent years. Extremely sophisticated tools are available to specify and formally verify the behavior of a system and, at the same time,…

Cryptography and Security · Computer Science 2024-04-16 Matteo Busi , Riccardo Focardi , Flaminia Luccio

We present new analytic techniques for inferring HTTP semantics from passive observations of HTTPS that can infer the value of important fields including the status-code, Content-Type, and Server, and the presence or absence of several…

Cryptography and Security · Computer Science 2018-05-30 Blake Anderson , Andrew Chi , Scott Dunlop , David McGrew

This study presents the first comprehensive safety evaluation of the DeepSeek models, focusing on evaluating the safety risks associated with their generated content. Our evaluation encompasses DeepSeek's latest generation of large language…

Cryptography and Security · Computer Science 2025-03-20 Zonghao Ying , Guangyi Zheng , Yongxin Huang , Deyue Zhang , Wenxin Zhang , Quanchen Zou , Aishan Liu , Xianglong Liu , Dacheng Tao

Traditional security analyses are often geared towards cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into {\em which aspects of a networked system having a…

Cryptography and Security · Computer Science 2016-03-29 Xiaohu Li , Paul Parker , Shouhuai Xu

In the network design phase, designers typically assess the validity of the network configuration on paper. However, the interactions between devices based on network protocols can be complex, making this assessment challenging. Meanwhile,…

Networking and Internet Architecture · Computer Science 2025-11-25 Tomoya Fujita , Hikofumi Suzuki , Shinpei Ogata , Hiroaki Hashiura , Takashi Nagai , Kozo Okano

Port scanning is the process of attempting to connect to various network ports on a computing endpoint to determine which ports are open and which services are running on them. It is a common method used by hackers to identify…

Cryptography and Security · Computer Science 2023-02-01 Jason M. Pittman

Formal connectivity checking offers scalable verification of signal paths in complex SoC designs, but debugging counterexamples remains a manual and time-consuming process. ConnChecker introduces a new graph-based perspective for automating…

Hardware Architecture · Computer Science 2026-03-10 Do Ngoc Tiep , Nguyen Linh Anh , Luu Danh Minh

Web applications rely heavily on hyperlinks to connect disparate information resources. However, the dynamic nature of the web leads to link rot, where targets become unavailable, and more insidiously, semantic drift, where a valid HTTP 200…

Software Engineering · Computer Science 2026-04-08 Guan-Yan Yang , Wei-Ling Wen , Shu-Yuan Ku , Farn Wang , Kuo-Hui Yeh

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole…

Cryptography and Security · Computer Science 2017-05-11 Federico De Meo , Luca Viganò

Large language models (LLMs) are evolving into agentic systems that reason, plan, and operate external tools. The Model Context Protocol (MCP) is a key enabler of this transition, offering a standardized interface for connecting LLMs with…

Computation and Language · Computer Science 2026-03-06 Xuanjun Zong , Zhiqi Shen , Lei Wang , Yunshi Lan , Chao Yang

The increased adoption of smart contracts in many industries has made them an attractive target for cybercriminals, leading to millions of dollars in losses. Thus, deploying smart contracts with detected vulnerabilities (known to…

Software Engineering · Computer Science 2023-07-25 Pengcheng , Peng , Yun , Qingzhao , Tao , Dawn , Prateek , Sanjeev , Zhuotao , Xusheng

Secure Multi-Party Computation (MPC) is an important enabling technology for data privacy in modern distributed applications. Currently, proof methods for low-level MPC protocols are primarily manual and thus tedious and error-prone, and…

Cryptography and Security · Computer Science 2024-07-24 Christian Skalka , Joseph P. Near

Modern web dashboards and enterprise applications increasingly rely on complex, distributed microservices architectures. While these architectures offer scalability, they introduce significant challenges in debugging and observability. When…

Software Engineering · Computer Science 2026-02-18 Devendra Tata , Mona Rajhans