English
Related papers

Related papers: Fluently specifying taint-flow queries with fluent…

200 papers

Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is…

Software Engineering · Computer Science 2025-12-05 Burak Yetiştiren , Hong Jin Kang , Miryung Kim

Static analysis has established itself as a weapon of choice for detecting security vulnerabilities. Taint analysis in particular is a very general and powerful technique, where security policies are expressed in terms of forbidden flows,…

Cryptography and Security · Computer Science 2021-11-19 Saikat Dutta , Diego Garbervetsky , Shuvendu Lahiri , Max Schäfer

Static Application Security Testing (SAST) tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis…

This paper presents an approach for identification of vulnerable IoT applications. The approach focuses on a category of vulnerabilities that leads to sensitive information leakage which can be identified by using taint flow analysis.…

Cryptography and Security · Computer Science 2022-01-11 Hajra Naeem , Manar H. Alalfi

Existing query languages for data discovery exhibit system-driven designs that emphasize database features and functionality over user needs. We propose a re-prioritization of the client through an introduction of a language-driven approach…

Databases · Computer Science 2025-08-12 Andrew Kang , Sainyam Galhotra

Static analysis is a powerful tool for detecting security vulnerabilities and other programming problems. Global taint tracking, in particular, can spot vulnerabilities arising from complicated data flow across multiple functions. However,…

Software Engineering · Computer Science 2023-01-26 Yiu Wai Chow , Max Schäfer , Michael Pradel

With the growing and widespread use of Internet of Things (IoT) in our daily life, its security is becoming more crucial. To ensure information security, we require better security analysis tools for IoT applications. Hence, this paper…

Cryptography and Security · Computer Science 2021-10-13 Manar H. Alalfi , Sajeda Parveen , Bara Nazzal

This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identifies all tainted flows reported by one of the…

Software Engineering · Computer Science 2022-02-08 Bara' Nazzal , Manar H. Alalfi

The diversity of web configuration interfaces for IoT devices has exacerbated issues such as inadequate permission controls and insecure interfaces, resulting in various vulnerabilities. Owing to the varying interface configurations across…

Cryptography and Security · Computer Science 2025-04-02 Jiahui Xiang , Lirong Fu , Tong Ye , Peiyu Liu , Huan Le , Liming Zhu , Wenhai Wang

Cross-site scripting (XSS) flaws are a class of security flaws that permit the injection of malicious code into a web application. In simple situations, these flaws can be caused by missing input sanitizations. Sometimes, however, all…

Cryptography and Security · Computer Science 2020-05-15 Antonín Steinhauser , Petr Tůma

Over the years, static taint analysis emerged as the analysis of choice to detect some of the most common web application vulnerabilities, such as SQL injection (SQLi) and cross-site scripting (XSS)~\cite{OWASP}. Furthermore, from an…

Programming Languages · Computer Science 2021-03-31 Nicholas Allen , François Gauthier , Alexander Jordan

Although the importance of using static analysis to detect taint-style vulnerabilities in Linux-based embedded firmware is widely recognized, existing approaches are plagued by three major limitations. (a) Approaches based on symbolic…

Cryptography and Security · Computer Science 2021-09-28 Kai Cheng , Tao Liu , Le Guan , Peng Liu , Hong Li , Hongsong Zhu , Limin Sun

Security engineering, from security requirements engineering to the implementation of cryptographic protocols, is often supported by domain-specific languages (DSLs). Unfortunately, a lack of knowledge about these DSLs, such as which…

Cryptography and Security · Computer Science 2026-04-15 Markus Krausz , Sven Peldszus , Francesco Regazzoni , Thorsten Berger , Tim Güneysu

Taint-style vulnerabilities comprise a majority of fuzzer discovered program faults. These vulnerabilities usually manifest as memory access violations caused by tainted program input. Although fuzzers have helped uncover a majority of…

Cryptography and Security · Computer Science 2017-06-02 Bhargava Shastry , Federico Maggi , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

In object-oriented languages software developers rely on thread-safe classes to implement concurrent applications. However, determining whether a class is thread-safe is a challenging task. This paper presents a highly scalable method to…

Software Engineering · Computer Science 2025-09-03 Bjørnar Haugstad Jåtten , Simon Boye Jørgensen , Rasmus Petersen , Raúl Pardo

In recent years, Deep Learning (DL) has found great success in domains such as multimedia understanding. However, the complex nature of multimedia data makes it difficult to develop DL-based software. The state-of-the art tools, such as…

Programming Languages · Computer Science 2017-01-10 Tian Zhao , Xiaobing Huang , Yu Cao

The exponential growth of mobile devices has raised concerns about sensitive data leakage. In this paper, we make the first attempt to identify suspicious location-related HTTP transmission flows from the user's perspective, by answering…

Cryptography and Security · Computer Science 2016-07-26 Hao Fu , Zizhan Zheng , Aveek K. Das , Parth H. Pathak , Pengfei Hu , Prasant Mohapatra

While automated vulnerability detection techniques have made promising progress in detecting security vulnerabilities, their scalability and applicability remain challenging. The remarkable performance of Large Language Models (LLMs), such…

Cryptography and Security · Computer Science 2024-10-24 Avishree Khare , Saikat Dutta , Ziyang Li , Alaia Solko-Breslin , Rajeev Alur , Mayur Naik

GraphQL's flexible query model and nested data dependencies expose APIs to complex, context-dependent vulnerabilities that are difficult to uncover using conventional testing tools. Existing fuzzers either rely on random payload generation…

Cryptography and Security · Computer Science 2025-10-21 Shaolun Liu , Sina Marefat , Omar Tsai , Yu Chen , Zecheng Deng , Jia Wang , Mohammad A. Tayebi

As an alternative to Java, Kotlin has gained rapid popularity since its introduction and has become the default choice for developing Android apps. However, due to its interoperability with Java, Kotlin programs may contain almost the same…

Programming Languages · Computer Science 2022-08-01 Ranjith Krishnamurthy , Goran Piskachev , Eric Bodden
‹ Prev 1 2 3 10 Next ›