English
Related papers

Related papers: SBOM.EXE: Countering Dynamic Code Injection based …

200 papers

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick

Software obfuscation or obscuring a software is an approach to defeat the practice of reverse engineering a software for using its functionality illegally in the development of another software. Java applications are more amenable to…

Cryptography and Security · Computer Science 2009-04-23 Praveen Sivadasan , P Sojan Lal

The software supply chain involves a multitude of tools and processes that enable software developers to write, build, and ship applications. Recently, security compromises of tools or processes has led to a surge in proposals to address…

Cryptography and Security · Computer Science 2022-09-12 Marcela S. Melara , Mic Bowman

Smart grids have undergone a profound digitization process, integrating new data-driven control and supervision techniques, resulting in modern digital substations (DS). Attackers are more focused on attacking the supply chain of the DS, as…

Cryptography and Security · Computer Science 2025-03-26 Xabier Yurrebaso , Fernando Ibañez , Ángel Longueira-Romero

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity,…

Cryptography and Security · Computer Science 2024-06-17 Chinenye Okafor , Taylor R. Schorlemmer , Santiago Torres-Arias , James C. Davis

In recent years, various software supply chain (SSC) attacks have posed significant risks to the global community. Severe consequences may arise if developers integrate insecure code snippets that are vulnerable to SSC attacks into their…

Cryptography and Security · Computer Science 2025-09-25 Xiaofan Li , Xing Gao

The software supply chain is becoming a widespread analogy to designate the series of steps taken to go from source code published by developers to executables running on the users? computers. A security vulnerability in any of these steps…

Software Engineering · Computer Science 2022-06-30 Ludovic Courtès

Rowhammer has drawn much attention from both academia and industry in the past years as rowhammer exploitation poses severe consequences to system security. Since the first comprehensive study of rowhammer in 2014, a number of rowhammer…

Cryptography and Security · Computer Science 2024-05-02 Zhi Zhang , Decheng Chen , Jiahao Qi , Yueqiang Cheng , Shijie Jiang , Yiyang Lin , Yansong Gao , Surya Nepal , Yi Zou , Jiliang Zhang , Yang Xiang

Software testing is the most commonly used technique in the industry to certify the correctness of software systems. This includes security properties like access control and data confidentiality. However, information flow control and the…

Software Engineering · Computer Science 2019-08-28 Eduardo Geraldo , João Costa Seco

Sun and the CERT recommend for secure Java development to not allow partially initialized objects to be accessed. The CERT considers the severity of the risks taken by not following this recommendation as high. The solution currently used…

Programming Languages · Computer Science 2010-11-22 Laurent Hubert , Thomas Jensen , Vincent Monfort , David Pichardie

Despite its obvious benefits, the increased adoption of package managers to automate the reuse of libraries has opened the door to a new class of hazards: supply chain attacks. By injecting malicious code in one library, an attacker may…

Software Engineering · Computer Science 2021-11-08 Nicolas Harrand , Thomas Durieux , David Broman , Benoit Baudry

Speculative execution attacks undermine the security of constant-time programming, the standard technique used to prevent microarchitectural side channels in security-sensitive software such as cryptographic code. Constant-time code must…

Cryptography and Security · Computer Science 2023-12-18 Rutvik Choudhary , Alan Wang , Zirui Neil Zhao , Adam Morrison , Christopher W. Fletcher

Software Bills of Materials (SBOMs) have emerged as tools to facilitate the management of software dependencies, vulnerabilities, licenses, and the supply chain. While significant effort has been devoted to increasing SBOM awareness and…

Software Engineering · Computer Science 2024-11-27 Trevor Stalnaker , Nathan Wintersgill , Oscar Chaparro , Massimiliano Di Penta , Daniel M German , Denys Poshyvanyk

Background. The Software Bill of Materials (SBOM) is a machine-readable list of all the software dependencies included in a software. SBOM emerged as way to assist securing the software supply chain. However, despite mandates from…

Software Engineering · Computer Science 2025-09-03 Oleksii Novikov , Davide Fucci , Oleksandr Adamov , Daniel Mendez

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel

The digital economy runs on Open Source Software (OSS), with an estimated 90\% of modern applications containing open-source components. While this widespread adoption has revolutionized software development, it has also created critical…

Software Engineering · Computer Science 2025-04-25 Piotr Przymus , Thomas Durieux

Runtime introspection of dependencies, i.e., the ability to observe which dependencies are currently used during program execution, is fundamental for Software Supply Chain security. Yet, Java has no support for it. We solve this problem…

Software Engineering · Computer Science 2026-04-15 Serena Cofano , Daniel Williams , Aman Sharma , Martin Monperrus

While new technologies emerge, human errors always looming. Software supply chain is increasingly complex and intertwined, the security of a service has become paramount to ensuring the integrity of products, safeguarding data privacy, and…

Cryptography and Security · Computer Science 2025-01-22 Vasileios Alevizos , George A Papakostas , Akebu Simasiku , Dimitra Malliarou , Antonis Messinis , Sabrina Edralin , Clark Xu , Zongliang Yue

Code obfuscation is a major tool for protecting software intellectual property from attacks such as reverse engineering or code tampering. Yet, recently proposed (automated) attacks based on Dynamic Symbolic Execution (DSE) shows very…

Cryptography and Security · Computer Science 2019-08-08 Mathilde Ollivier , Sébastien Bardin , Richard Bonichon , Jean-Yves Marion

As the role of information and communication technologies gradually increases in our lives, source code security becomes a significant issue to protect against malicious attempts Furthermore with the advent of data-driven techniques, there…

Cryptography and Security · Computer Science 2023-02-03 Maryam Taeb