English
Related papers

Related papers: Seneca: Taint-Based Call Graph Construction for Ja…

200 papers

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…

Cryptography and Security · Computer Science 2022-08-18 Imen Sayar , Alexandre Bartel , Eric Bodden , Yves Le Traon

Untrusted deserialization exploits, where a serialised object graph is used to achieve denial-of-service or arbitrary code execution, have become so prominent that they were introduced in the 2017 OWASP Top 10. In this paper, we present a…

Cryptography and Security · Computer Science 2022-04-21 Francois Gauthier , Sora Bae

Java (de)serialization is prone to causing security-critical vulnerabilities that attackers can invoke existing methods (gadgets) on the application's classpath to construct a gadget chain to perform malicious behaviors. Several techniques…

Cryptography and Security · Computer Science 2023-04-05 Sicong Cao , Xiaobing Sun , Xiaoxue Wu , Lili Bo , Bin Li , Rongxin Wu , Wei Liu , Biao He , Yu Ouyang , Jiajia Li

Speech tokenizers are a key building block of fully discrete Speech LLMs.Existing tokenizers either prioritize semantic encoding,fuse semantic content with acoustic style inseparably,or achieve incomplete semantic-acoustic…

Sound · Computer Science 2026-05-28 Hanlin Zhang , Daxin Tan , Dehua Tao , Xiao Chen , Haochen Tan , Yunhe Li , Yuchen Cao , Linqi Song

Static analysis plays a key role in finding bugs, including security issues. A critical step in static analysis is building accurate call graphs that model function calls in a program. However, due to hard-to-analyze language features,…

Software Engineering · Computer Science 2025-06-24 Masudul Hasan Masud Bhuiyan , Gianluca De Stefano , Giancarlo Pellegrino , Cristian-Alexandru Staicu

In managed languages, serialization of objects is typically done in bespoke binary formats such as Protobuf, or markup languages such as XML or JSON. The major limitation of these formats is readability. Human developers cannot read binary…

Software Engineering · Computer Science 2025-12-16 Julian Wachter , Deepika Tiwari , Martin Monperrus , Benoit Baudry

The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts, leading to exploitable vulnerabilities, particularly in decentralized finance (DeFi) ecosystems and…

Cryptography and Security · Computer Science 2025-10-22 Hadis Rezaei , Ahmed Afif Monrat , Karl Andersson , Francesco Flammini

Transformers have demonstrated success in graph learning, particularly for node-level tasks. However, existing methods encounter an information bottleneck when generating graph-level representations. The prevalent single token paradigm…

Machine Learning · Computer Science 2026-02-11 Ruixiang Wang , Yuyang Hong , Shiming Xiang , Chunhong Pan

Large-scale decentralized learning frameworks such as federated learning (FL), require both communication efficiency and strong data security, motivating the study of secure aggregation (SA). While information-theoretic SA is well…

Information Theory · Computer Science 2026-01-28 Xiang Zhang , Zhou Li , Han Yu , Kai Wan , Hua Sun , Mingyue Ji , Giuseppe Caire

Java deserialization vulnerability is a severe threat in practice. Researchers have proposed static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate proof-of-concept (PoC) serialized objects to…

Cryptography and Security · Computer Science 2023-04-11 Sicong Cao , Biao He , Xiaobing Sun , Yu Ouyang , Chao Zhang , Xiaoxue Wu , Ting Su , Lili Bo , Bin Li , Chuanlei Ma , Jiajia Li , Tao Wei

We introduce DeSCo, a scalable neural deep subgraph counting pipeline, designed to accurately predict both the count and occurrence position of queries on target graphs post single training. Firstly, DeSCo uses a novel canonical partition…

Machine Learning · Computer Science 2023-12-21 Tianyu Fu , Chiyue Wei , Yu Wang , Rex Ying

The success of large pretrained Transformers is closely tied to tokenizers, which convert raw input into discrete symbols. Extending these models to graph-structured data remains a significant challenge. In this work, we introduce a graph…

Machine Learning · Computer Science 2026-03-13 Zeyuan Guo , Enmao Diao , Cheng Yang , Chuan Shi

Security vulnerabilities are among the most critical software defects in existence. As such, they require patches that are correct and quickly deployed. This motivates an automatic patch generation method that emphasizes both soundness and…

Cryptography and Security · Computer Science 2018-06-13 Zhen Huang , David Lie

Java deserialization gadget chains are a well-researched critical software weakness. The vast majority of known gadget chains rely on gadgets from software dependencies. Furthermore, it has been shown that small code changes in dependencies…

Cryptography and Security · Computer Science 2025-04-30 Bruno Kreyssig , Sabine Houy , Timothée Riom , Alexandre Bartel

Knowledge graphs serve as critical resources supporting intelligent systems, but they can be noisy due to imperfect automatic generation processes. Existing approaches to noise detection often rely on external facts, logical rule…

Machine Learning · Computer Science 2025-03-14 Jiaqi Sun , Yujia Zheng , Xinshuai Dong , Haoyue Dai , Kun Zhang

Building sound and precise static call graphs for real-world JavaScript applications poses an enormous challenge, due to many hard-to-analyze language features. Further, the relative importance of these features may vary depending on the…

Programming Languages · Computer Science 2022-05-16 Madhurima Chakraborty , Renzo Olivares , Manu Sridharan , Behnaz Hassanshahi

In the Data-Centric Artificial Intelligence (AI) paradigm, improving data quality is essential for robust machine learning. However, many denoising methods rely on rigid statistical assumptions or require clean reference data, which limits…

Artificial Intelligence · Computer Science 2026-04-28 J. Javier Alonso-Ramos , Ignacio Aguilera-Martos , Francisco Herrera , Andrés Herrera-Poyatos

Static analysis has established itself as a weapon of choice for detecting security vulnerabilities. Taint analysis in particular is a very general and powerful technique, where security policies are expressed in terms of forbidden flows,…

Cryptography and Security · Computer Science 2021-11-19 Saikat Dutta , Diego Garbervetsky , Shuvendu Lahiri , Max Schäfer

Interoperability of potentially heterogeneous databases has been an ongoing research issue for a number of years in the database community. With the trend towards globalization of data location and data access and the consequent requirement…

Instrumentation and Detectors · Physics 2007-05-23 J. -M. Le Goff , H. Stockinger , I. Willers , R. McClatchey , Z. Kovacs , P. Martin , N. Bhatti , W. Hassan

Static analysis is sound in theory, but an implementation may unsoundly fail to analyze all of a program's code. Any such omission is a serious threat to the validity of the tool's output. Our work is the first to measure the prevalence of…

Software Engineering · Computer Science 2024-07-11 Jordan Samhi , René Just , Tegawendé F. Bissyandé , Michael D. Ernst , Jacques Klein
‹ Prev 1 2 3 10 Next ›