English
Related papers

Related papers: Fluently specifying taint-flow queries with fluent…

200 papers

GraphQL is an open-source data query and manipulation language for web applications, offering a flexible alternative to RESTful APIs. However, its dynamic execution model and lack of built-in security mechanisms expose it to vulnerabilities…

Cryptography and Security · Computer Science 2025-04-21 Omar Tsai , Jianing Li , Tsz Tung Cheung , Lejing Huang , Hao Zhu , Jianrui Xiao , Iman Sharafaldin , Mohammad A. Tayebi

GraphQL's flexibility, while beneficial for efficient data fetching, introduces unique security vulnerabilities that traditional API security mechanisms often fail to address. Malicious GraphQL queries can exploit the language's dynamic…

Cryptography and Security · Computer Science 2025-10-09 Irash Perera , Hiranya Abeyrathne , Sanjeewa Malalgoda , Arshardh Ifthikar

An increasing number of models and frameworks for Virtual Assistant (VA) development exist nowadays, following the progress in the Natural Language Processing (NLP) and Natural Language Understanding (NLU) fields. Regardless of their…

Software Engineering · Computer Science 2023-10-04 Nikolaos Malamas , Konstantinos Panayiotou , Andreas L. Symeonidis

Taint analysis using explicit whole-program data-dependence graphs is powerful for vulnerability discovery but faces two major challenges. First, accurately modeling taint propagation through calls to external library procedures requires…

Software Engineering · Computer Science 2025-06-09 Sedick David Baker Effendi , Xavier Pinho , Andrei Michael Dreyer , Fabian Yamaguchi

Finding errors in machine learning applications requires a thorough exploration of their behavior over data. Existing approaches used by practitioners are often ad-hoc and lack the abstractions needed to scale this process. We present…

Databases · Computer Science 2024-10-17 Aaditya Naik , Adam Stein , Yinjun Wu , Mayur Naik , Eric Wong

The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional…

Cryptography and Security · Computer Science 2026-04-23 Ronghao Ni , Mihai Christodorescu , Limin Jia

The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts, leading to exploitable vulnerabilities, particularly in decentralized finance (DeFi) ecosystems and…

Cryptography and Security · Computer Science 2025-10-22 Hadis Rezaei , Ahmed Afif Monrat , Karl Andersson , Francesco Flammini

Quality assurance is of great importance for deep learning (DL) systems, especially when they are applied in safety-critical applications. While quality issues of native DL applications have been extensively analyzed, the issues of…

Software Engineering · Computer Science 2022-09-13 Lili Quan , Qianyu Guo , Xiaofei Xie , Sen Chen , Xiaohong Li , Yang Liu

Program analysis tools often produce large volumes of candidate vulnerability reports that require costly manual review, creating a practical challenge: how can security analysts prioritize the reports most likely to be true…

Cryptography and Security · Computer Science 2025-10-24 Ronghao Ni , Aidan Z. H. Yang , Min-Chien Hsu , Nuno Sabino , Limin Jia , Ruben Martins , Darion Cassel , Kevin Cheang

In this work, we address question answering (QA) over a hybrid of tabular and textual data that are very common content on the Web (e.g. SEC filings), where discrete reasoning capabilities are often required. Recently, large language models…

Computation and Language · Computer Science 2024-10-01 Fengbin Zhu , Ziyang Liu , Fuli Feng , Chao Wang , Moxin Li , Tat-Seng Chua

Many important security properties can be formulated in terms of flows of tainted data, and improved taint analysis tools to prevent such flows are of critical need. Most existing taint analyses use whole-program static analysis, leading to…

Programming Languages · Computer Science 2025-05-02 Nima Karimipour , Kanak Das , Manu Sridharan , Behnaz Hassanshahi

As machine learning gains prominence in various sectors of society for automated decision-making, concerns have risen regarding potential vulnerabilities in machine learning (ML) frameworks. Nevertheless, testing these frameworks is a…

Software Engineering · Computer Science 2023-07-13 Zhao Liu , Quanchen Zou , Tian Yu , Xuan Wang , Guozhu Meng , Kai Chen , Deyue Zhang

The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each enterprise host, and perform timely abnormal system behavior detection over the stream of…

Cryptography and Security · Computer Science 2020-03-02 Peng Gao , Xusheng Xiao , Ding Li , Kangkook Jee , Haifeng Chen , Sanjeev R. Kulkarni , Prateek Mittal

Java applications are prone to vulnerabilities stemming from the insecure use of security-sensitive APIs, such as file operations enabling path traversal or deserialization routines allowing remote code execution. These sink APIs encode…

Cryptography and Security · Computer Science 2026-04-21 Fabian Fleischer , Cen Zhang , Joonun Jang , Jeongin Cho , Meng Xu , Taesoo Kim

Performance-critical industrial applications, including large-scale program, network, and distributed system analyses, rely on fixed-point computations. The introduction of recursive common table expressions (CTEs) using the WITH RECURSIVE…

Programming Languages · Computer Science 2026-04-27 Anna Herlihy , Amir Shaikhha , Anastasia Ailamaki , Martin Odersky

Logging is a critical function in modern distributed applications, but the lack of standardization in log query languages and formats creates significant challenges. Developers currently must write ad hoc queries in platform-specific…

Information flow analysis prevents secret or untrusted data from flowing into public or trusted sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint analysis to heavyweight information flow control that…

Cryptography and Security · Computer Science 2019-06-28 Cristian-Alexandru Staicu , Daniel Schoepe , Musard Balliu , Michael Pradel , Andrei Sabelfeld

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large…

Software Engineering · Computer Science 2025-05-22 Yuxuan Wang , Jingshu Chen , Qingyang Wang

TLS protocol is an essential part of secure Internet communication. In past, many attacks have been identified on the protocol. Most of these attacks are due to flaws in protocol implementation. The flaws are due to improper design and…

Networking and Internet Architecture · Computer Science 2019-02-21 Tarun Yadav , Koustav Sadhukhan

Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable…

Cryptography and Security · Computer Science 2025-06-25 Sajal Halder , Muhammad Ejaz Ahmed , Seyit Camtepe