English
Related papers

Related papers: Improving Java Deserialization Gadget Chain Mining…

200 papers

Several techniques have been proposed to detect vulnerable Spectre gadgets in widely deployed commercial software. Unfortunately, detection techniques proposed so far rely on hand-written rules which fall short in covering subtle variations…

Cryptography and Security · Computer Science 2021-03-29 M. Caner Tol , Berk Gulmezoglu , Koray Yurtseven , Berk Sunar

Method-level historical information is useful in research on mining software repositories such as fault-prone module detection or evolutionary coupling identification. An existing technique named Historage converts a Git repository of a…

Software Engineering · Computer Science 2021-04-23 Yoshiki Higo , Shinpei Hayashi , Shinji Kusumoto

Generics have been added to Java so as to increase the expressiveness of its type system. Generics in Java, however, include some features---such as Java wildcards, $F$-bounded generics, and Java erasure---that have been hard to analyze and…

Programming Languages · Computer Science 2019-06-11 Moez A. AbdelGawad

Object detectors are vulnerable to backdoor attacks. In contrast to classifiers, detectors possess unique characteristics, architecturally and in task execution; often operating in challenging conditions, for instance, detecting traffic…

Although Rust ensures memory safety by default, it also permits the use of unsafe code, which can introduce memory safety vulnerabilities if misused. Unfortunately, existing tools for detecting memory bugs in Rust typically exhibit limited…

Cryptography and Security · Computer Science 2025-10-28 Georgios Androutsopoulos , Antonio Bianchi

Since its inception, Rowhammer exploits have rapidly evolved into increasingly sophisticated threats compromising data integrity and the control flow integrity of victim processes. Nevertheless, it remains a challenge for an attacker to…

Cryptography and Security · Computer Science 2025-05-06 Andrew Adiletta , M. Caner Tol , Kemal Derya , Berk Sunar , Saad Islam

Once a failure is observed, the primary concern of the developer is to identify what caused it in order to repair the code that induced the incorrect behavior. Until a permanent repair is afforded, code repair patches are invaluable. The…

Software Engineering · Computer Science 2017-05-03 Rawad Abou Assi , Chadi Trad , Wes Masri

Patch fuzzing is a technique aimed at identifying vulnerabilities that arise from newly patched code. While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have…

Cryptography and Security · Computer Science 2025-05-02 Junjie Wang , Yuhan Ma , Xiaofei Xie , Xiaoning Du , Xiangwei Zhang

Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency. However, by…

Cryptography and Security · Computer Science 2017-01-18 Rock Stevens , Octavian Suciu , Andrew Ruef , Sanghyun Hong , Michael Hicks , Tudor Dumitraş

Coverage-guided fuzzing has proven effective for software testing, but targeting library code requires specialized fuzz harnesses that translate fuzzer-generated inputs into valid API invocations. Manual harness creation is time-consuming…

Software Engineering · Computer Science 2026-03-10 Nils Loose , Nico Winkel , Kristoffer Hempel , Felix Mächtle , Julian Hans , Thomas Eisenbarth

Coverage-based greybox fuzzing (CGF) is one of the most successful methods for automated vulnerability detection. Given a seed file (as a sequence of bits), CGF randomly flips, deletes or bits to generate new files. CGF iteratively…

Cryptography and Security · Computer Science 2020-05-22 Van-Thuan Pham , Marcel Böhme , Andrew E. Santosa , Alexandru Răzvan Căciulescu , Abhik Roychoudhury

This work is motivated by the pervasive use of method invocations in object-oriented (OO) programs, and indeed their prevalence in patches of OO-program bugs. We propose a generate-and-validate repair technique, called ELIXIR designed to be…

Software Engineering · Computer Science 2021-12-22 Ripon K. Saha , Yingjun Lyu , Hiroaki Yoshida , Mukul R. Prasad

Malware detectors based on machine learning are vulnerable to adversarial attacks. Generative Adversarial Networks (GAN) are architectures based on Neural Networks that could produce successful adversarial samples. The interest towards this…

Cryptography and Security · Computer Science 2021-09-29 Renjith G , Sonia Laudanna , Aji S , Corrado Aaron Visaggio , Vinod P

Exponential growth in embedded systems is driving the research imperative to develop fuzzers to automate firmware testing to uncover software bugs and security vulnerabilities. But, employing fuzzing techniques in this context present a…

Cryptography and Security · Computer Science 2023-01-18 Guy Farrelly , Michael Chesser , Damith C. Ranasinghe

Automated Exploit Generation (AEG) is a well-known difficult task, especially for heap vulnerabilities. Previous works first detected heap vulnerabilities and then searched for exploitable states by using symbolic execution and fuzzing…

Cryptography and Security · Computer Science 2022-12-29 Jie Liu , Hang An , Jin Li , Hongliang Liang

Fuzzing has become the de facto standard technique for finding software vulnerabilities. However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance…

Cryptography and Security · Computer Science 2019-07-16 Dongdong She , Kexin Pei , Dave Epstein , Junfeng Yang , Baishakhi Ray , Suman Jana

Hybrid testing approaches that involve fuzz testing and symbolic execution have shown promising results in achieving high code coverage, uncovering subtle errors and vulnerabilities in a variety of software applications. In this paper we…

Software Engineering · Computer Science 2018-06-11 Yannic Noller , Rody Kersten , Corina S. Păsăreanu

Security vulnerabilities play a vital role in network security system. Fuzzing technology is widely used as a vulnerability discovery technology to reduce damage in advance. However, traditional fuzzing techniques have many challenges, such…

Cryptography and Security · Computer Science 2020-08-20 Yan Wang , Peng Jia , Luping Liu , Jiayong Liu

Researchers and practitioners have designed and implemented various automated test case generators to support effective software testing. Such generators exist for various languages (e.g., Java, C#, or Python) and for various platforms…

As LLMs continue to shape real-world applications, automated jailbreak generation becomes essential to reveal safety weaknesses and guide model improvement. Existing automatic jailbreak generation methods have not yet fully considered two…

Neural and Evolutionary Computing · Computer Science 2026-05-06 Rui Tang , Kaiyu Xu , Pengsen Cheng , Hao Ren , Haizhou Wang , Shuyu Jiang