English
Related papers

Related papers: SBOM.EXE: Countering Dynamic Code Injection based …

200 papers

In response to newly found security vulnerabilities, or as part of a moving target defense, a fast and safe control software update scheme for networked control systems is highly desirable. We here develop such a scheme for intelligent…

Systems and Control · Electrical Eng. & Systems 2024-02-15 Kin Cheong Sou , Henrik Sandberg

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to enable malicious JavaScript analysis. Existing analysis tech- niques fall into two general categories: static analysis and…

Cryptography and Security · Computer Science 2017-01-30 Xunchao Hu , Yao Cheng , Yue Duan , Andrew Henderson , Heng Yin

Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from…

Cryptography and Security · Computer Science 2020-06-23 Joseph O. Eichenhofer , Elisa Heymann , Barton P. Miller , Arnold Kang

Companies are misled into thinking they solve their security issues by using a DevSecOps system. This paper aims to answer the question: Could a DevOps pipeline be misused to transform a securely developed application into an insecure one?…

Cryptography and Security · Computer Science 2022-02-01 Nicholas Pecka , Lotfi ben Othmane , Altaz Valani

Isolating programs is an important mechanism to support more secure applications. Isolating program in dynamic languages such as JavaScript is even more challenging since reflective operations can circumvent simple mechanisms that could…

Programming Languages · Computer Science 2013-09-17 Damien Cassou , Stéphane Ducasse , Nicolas Petton

Trusted Execution Environments (TEEs), such as Intel Software Guard eXtensions (SGX), are considered as a promising approach to resolve security challenges in clouds. TEEs protect the confidentiality and integrity of application code and…

Cryptography and Security · Computer Science 2020-12-14 Robert Krahn , Donald Dragoti , Franz Gregor , Do Le Quoc , Valerio Schiavoni , Pascal Felber , Clenimar Souza , Andrey Brito , Christof Fetzer

Recent work has shown that Just-In-Time (JIT) compilation can introduce timing side-channels to constant-time programs, which would otherwise be a principled and effective means to counter timing attacks. In this paper, we propose a novel…

Programming Languages · Computer Science 2022-03-01 Qi Qin , JulianAndres JiYang , Fu Song , Taolue Chen , Xinyu Xing

The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an…

Cryptography and Security · Computer Science 2022-06-08 Raphael Hiesgen , Marcin Nawrocki , Thomas C. Schmidt , Matthias Wählisch

Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable…

Cryptography and Security · Computer Science 2025-06-25 Sajal Halder , Muhammad Ejaz Ahmed , Seyit Camtepe

Package confusion attacks such as typosquatting threaten software supply chains. Attackers make packages with names that syntactically or semantically resemble legitimate ones, tricking engineers into installing malware. While prior work…

Cryptography and Security · Computer Science 2025-08-05 Wenxin Jiang , Berk Çakar , Mikola Lysenko , James C. Davis

Many users implicitly assume that software can only be exploited after it is installed. However, recent supply-chain attacks demonstrate that application integrity must be ensured during installation itself. We introduce SIGL, a new tool…

Cryptography and Security · Computer Science 2021-06-24 Xueyuan Han , Xiao Yu , Thomas Pasquier , Ding Li , Junghwan Rhee , James Mickens , Margo Seltzer , Haifeng Chen

Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering…

Cryptography and Security · Computer Science 2025-08-12 Joshua Bailey , Charles Nicholas

JDBC remains a key technology for database access in Java applications. Since the database dictionary and the Java type system have distinct scopes, developers inevitably need to deal with bugs in SQL-to-Java type mappings. We propose an…

Databases · Computer Science 2026-05-05 Thomas James Kirz , Werner Dietl , Mattias Ulbrich , Stefanie Scherzinger

NullPointerExceptions (NPEs) are a key source of crashes in modern Java programs. Previous work has shown how such errors can be prevented at compile time via code annotations and pluggable type checking. However, such systems have been…

Software Engineering · Computer Science 2019-07-05 Subarno Banerjee , Lazaro Clapp , Manu Sridharan

The Internet, as it stands today, is highly vulnerable to attacks. However, little has been done to understand and verify the formal security guarantees of proposed secure inter-domain routing protocols, such as Secure BGP (S-BGP). In this…

Logic in Computer Science · Computer Science 2017-01-11 Chen Chen , Limin Jia , Hao Xu , Cheng Luo , Wenchao Zhou , Boon Thau Loo

Large language model (LLM) ecosystems such as Claude Code and ChatGPT increasingly rely on skills: packages of natural-language instructions and executable tools. Once in the LLM's context, skill content cannot be reliably separated from…

Cryptography and Security · Computer Science 2026-05-08 Tingda Shen , Yebo Feng , Konglin Zhu , Xiaojun Jia , Yang Liu , Lin Zhang

Open source code is considered a common practice in modern software development. However, reusing other code allows bad actors to access a wide developers' community, hence the products that rely on it. Those attacks are categorized as…

Cryptography and Security · Computer Science 2022-09-19 Chen Tsfaty , Michael Fire

Speculative execution attacks leverage the speculative and out-of-order execution features in modern computer processors to access secret data or execute code that should not be executed. Secret information can then be leaked through a…

Cryptography and Security · Computer Science 2023-02-03 Guangyuan Hu , Zecheng He , Ruby Lee

Vulnerability Discovery with attack Injection security threats are increasing for the server software, when software is developed, the software tested for the functionality. Due to unawareness of software vulnerabilities most of the…

Networking and Internet Architecture · Computer Science 2014-02-12 G. Vijay Kumar , Ravikumar S. Raykundaliya , Dr. P. Naga Prasad
‹ Prev 1 8 9 10 Next ›