English
Related papers

Related papers: Finding Software Vulnerabilities in Open-Source C …

200 papers
Verifying Security Vulnerabilities in Large Software Systems using Multi-Core k-Induction

Computer-based systems have been used to solve several domain problems, such as industrial, military, education, and wearable. Those systems need high-quality software to guarantee security and safety. We advocate that Bounded Model…

Cryptography and Security · Computer Science 2021-02-05 Thales Silva , Carmina Porto , Erickson Alves , Lucas Cordeiro , Herbert Rocha
Continuous Verification of Large Embedded Software using SMT-Based Bounded Model Checking

The complexity of software in embedded systems has increased significantly over the last years so that software verification now plays an important role in ensuring the overall product quality. In this context, SAT-based bounded model…

Software Engineering · Computer Science 2009-11-20 Lucas Cordeiro , Bernd Fischer , Joao Marques-Silva
Scaling Bounded Model Checking By Transforming Programs With Arrays

Bounded Model Checking is one the most successful techniques for finding bugs in program. However, model checkers are resource hungry and are often unable to verify programs with loops iterating over large arrays.We present a transformation…

Logic in Computer Science · Computer Science 2017-03-08 Anushri Jana , Uday P. Khedker , Advaita Datar , R Venkatesh , C Niyas
Automated software vulnerability detection with machine learning

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

Software Engineering · Computer Science 2018-08-03 Jacob A. Harer , Louis Y. Kim , Rebecca L. Russell , Onur Ozdemir , Leonard R. Kosta , Akshay Rangamani , Lei H. Hamilton , Gabriel I. Centeno , Jonathan R. Key , Paul M. Ellingwood , Erik Antelman , Alan Mackay , Marc W. McConley , Jeffrey M. Opper , Peter Chin , Tomo Lazovich
A New Era in Software Security: Towards Self-Healing Software via Large Language Models and Formal Verification

This paper introduces an innovative approach that combines Large Language Models (LLMs) with Formal Verification strategies for automatic software vulnerability repair. Initially, we employ Bounded Model Checking (BMC) to identify…

Software Engineering · Computer Science 2024-07-01 Norbert Tihanyi , Ridhi Jain , Yiannis Charalambous , Mohamed Amine Ferrag , Youcheng Sun , Lucas C. Cordeiro
Scaling Bounded Model Checking By Transforming Programs With Arrays

Bounded Model Checking is one the most successful techniques for finding bugs in program. However, for programs with loops iterating over large-sized arrays, bounded model checkers often exceed the limit of resources available to them. We…

Programming Languages · Computer Science 2016-08-22 Anushri Jana , Uday P. Khedker , Advaita Datar , R Venkatesh , C Niyas
Harnessing Large Language Models for Software Vulnerability Detection: A Comprehensive Benchmarking Study

Despite various approaches being employed to detect vulnerabilities, the number of reported vulnerabilities shows an upward trend over the years. This suggests the problems are not caught before the code is released, which could be caused…

Cryptography and Security · Computer Science 2025-02-14 Karl Tamberg , Hayretdin Bahsi
Model Checking C++ Programs

In the last three decades, memory safety issues in system programming languages such as C or C++ have been one of the significant sources of security vulnerabilities. However, there exist only a few attempts with limited success to cope…

Software Engineering · Computer Science 2021-07-05 Felipe R. Monteiro , Mikhail R. Gadelha , Lucas C. Cordeiro
Software Vulnerability Analysis Across Programming Language and Program Representation Landscapes: A Survey

Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks,…

Cryptography and Security · Computer Science 2025-03-27 Zhuoyun Qian , Fangtian Zhong , Qin Hu , Yili Jiang , Jiaqi Huang , Mengfei Ren , Jiguo Yu
Vulnerability Detection in Open Source Software: An Introduction

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar
Automated Vulnerability Detection in Source Code Using Deep Representation Learning

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

Machine Learning · Computer Science 2018-11-29 Rebecca L. Russell , Louis Kim , Lei H. Hamilton , Tomo Lazovich , Jacob A. Harer , Onur Ozdemir , Paul M. Ellingwood , Marc W. McConley
Detection of Configuration Vulnerabilities in Distributed (Web) Environments

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta
Feature Engineering-Based Detection of Buffer Overflow Vulnerability in Source Code Using Neural Networks

One of the most significant challenges in the field of software code auditing is the presence of vulnerabilities in software source code. Every year, more and more software flaws are discovered, either internally in proprietary code or…

Cryptography and Security · Computer Science 2023-06-16 Mst Shapna Akter , Hossain Shahriar , Juan Rodriguez Cardenas , Sheikh Iqbal Ahamed , Alfredo Cuzzocrea
Incremental Bounded Model Checking for Embedded Software (extended version)

Program analysis is on the brink of mainstream in embedded systems development. Formal verification of behavioural requirements, finding runtime errors and automated test case generation are some of the most common applications of automated…

Software Engineering · Computer Science 2014-09-23 Peter Schrammel , Daniel Kroening , Martin Brain , Ruben Martins , Tino Teige , Tom Bienmüller
Outside the Comfort Zone: Analysing LLM Capabilities in Software Vulnerability Detection

The significant increase in software production driven by automation and faster development lifecycles has resulted in a corresponding surge in software vulnerabilities. In parallel, the evolving landscape of software vulnerability…

Cryptography and Security · Computer Science 2024-08-30 Yuejun Guo , Constantinos Patsakis , Qiang Hu , Qiang Tang , Fran Casino
Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source Data

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin
CBMC: The C Bounded Model Checker

The C Bounded Model Checker (CBMC) demonstrates the violation of assertions in C programs, or proves safety of the assertions under a given bound. CBMC implements a bit-precise translation of an input C program, annotated with assertions…

Software Engineering · Computer Science 2023-02-07 Daniel Kroening , Peter Schrammel , Michael Tautschnig
Supporting the monitoring of the verification process of critical systems'software

Critical software systems face stringent requirements in safety, security, and reliability due to the circumstances surrounding their operation. Safety and security have progressively gained importance over the years due to the integration…

Software Engineering · Computer Science 2015-12-16 Julio Escribano-Barreno , Marisol García-Valls
LLMs in Code Vulnerability Analysis: A Proof of Concept

Context: Traditional software security analysis methods struggle to keep pace with the scale and complexity of modern codebases, requiring intelligent automation to detect, assess, and remediate vulnerabilities more efficiently and…

Software Engineering · Computer Science 2026-01-14 Shaznin Sultana , Sadia Afreen , Nasir U. Eisty
Vulnerability Detection: From Formal Verification to Large Language Models and Hybrid Approaches: A Comprehensive Overview

Software testing and verification are critical for ensuring the reliability and security of modern software systems. Traditionally, formal verification techniques, such as model checking and theorem proving, have provided rigorous…

Software Engineering · Computer Science 2025-03-17 Norbert Tihanyi , Tamas Bisztray , Mohamed Amine Ferrag , Bilel Cherif , Richard A. Dubniczky , Ridhi Jain , Lucas C. Cordeiro
‹ Prev 1 2 3 10 Next ›