English
Related papers

Related papers: SBOM.EXE: Countering Dynamic Code Injection based …

200 papers

Software applications integrate more and more open-source software (OSS) to benefit from code reuse. As a drawback, each vulnerability discovered in bundled OSS potentially affects the application. Upon the disclosure of every new…

Cryptography and Security · Computer Science 2025-03-18 Henrik Plate , Serena Elisa Ponta , Antonino Sabetta

Developers often build software on top of third-party libraries (Libs) to improve productivity, but these libraries may contain vulnerabilities that enable supply chain attacks. Existing tools detect vulnerable dependencies, yet developers…

Cryptography and Security · Computer Science 2026-03-31 Ying Zhang , Wenjia Song , Zhengjie Ji , Danfeng , Yao , Na Meng

Modern code completion engines, powered by large language models (LLMs), assist millions of developers with their strong capabilities to generate functionally correct code. Due to this popularity, it is crucial to investigate the security…

Cryptography and Security · Computer Science 2025-06-16 Slobodan Jenko , Niels Mündler , Jingxuan He , Mark Vero , Martin Vechev

Protecting software supply chains from malicious packages is paramount in the evolving landscape of software development. Attacks on the software supply chain involve attackers injecting harmful software into commonly used packages or…

Cryptography and Security · Computer Science 2024-02-13 S. Halder , M. Bewong , A. Mahboubi , Y. Jiang , R. Islam , Z. Islam , R. Ip , E. Ahmed , G. Ramachandran , A. Babar

Data hosted in a cloud environment can be subject to attacks from a higher privileged adversary, such as a malicious or compromised cloud provider. To provide confidentiality and integrity even in the presence of such an adversary, a number…

Cryptography and Security · Computer Science 2019-07-24 Mathias Morbitzer

Autonomous agents powered by Large Language Models (LLMs) acquire external functionalities through third-party skills available in open marketplaces. Adopting these integrations broadens the potential attack surface, prompting a need for…

Cryptography and Security · Computer Science 2026-05-15 Xinyu Liu , Yukai Zhao , Xing Hu , Xin Xia

Information protection is becoming a focal point for designing, creating and implementing software applications within highly integrated technology environments. The use of a safe coding technique in the software development process is…

Software Engineering · Computer Science 2020-12-11 Isaac Chin Eian , Lim Ka Yong , Majesty Yeap Xiao Li , Noor Affan Bin Noor Hasmaddi , Fatima-tuz-Zahra

The web continues to grow, but dependency-monitoring tools and standards for resource integrity lag behind. Currently, there exists no robust method to verify the integrity of web resources, much less in a generalizable yet performant…

Cryptography and Security · Computer Science 2025-09-19 Johnny So , Michael Ferdman , Nick Nikiforakis

The increasing frequency and sophistication of software supply chain attacks pose severe risks to critical infrastructure sectors, threatening national security, economic stability, and public safety. Despite growing awareness, existing…

Software Engineering · Computer Science 2025-10-31 Liming Dong , Sung Une Lee , Zhenchang Xing , Muhammad Ejaz Ahmed , Stefan Avgoustakis

Integrating security into agile software development is an open issue for research and practice. Especially in strongly regulated industries, complexity increases not only when scaling agile practices but also when aiming for compliance…

Software Engineering · Computer Science 2021-05-31 Fabiola Moyón , Daniel Méndez Fernández , Kristian Beckers , Sebastian Klepper

The persistently growing resilience concerns of large-scale computing systems today require not only generic fault tolerance approaches, but also application-level resilience, due to demanding efficiency and various domain-specific…

Distributed, Parallel, and Cluster Computing · Computer Science 2019-11-07 Li Tan , Marc Charest , Nathan DeBardeleben , Qiang Guan , Ben Bergen

Secure software engineering is crucial but can be time-consuming; therefore, methods that could expedite the identification of software weaknesses without reducing the process efficacy would benefit the software engineering industry and…

Software Engineering · Computer Science 2023-08-11 Mounika Vanamala , Sean Loesch , Alexander Caravella

Developers gain productivity by reusing readily available Free and Open Source Software (FOSS) components. Such practices also bring some difficulties, such as managing licensing, components and related security. One approach to handle…

Software Engineering · Computer Science 2025-03-20 Luıs Soeiro , Thomas Robert , Stefano Zacchiroli

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but…

Cryptography and Security · Computer Science 2015-04-10 Andreas Follner , Eric Bodden

Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using…

Programming Languages · Computer Science 2015-07-01 Thomas Jensen , Florent Kirchner , David Pichardie

Security is a critical issue of the modern file and storage systems, it is imperative to protect the stored data from unauthorized access. We have developed a file security system named as Java File Security System (JFSS) [1] that guarantee…

Operating Systems · Computer Science 2014-03-25 Brijender Kahanwal , Dr. Tejinder Pal Singh , Dr. R. K. Tuteja

Hardware supply-chain attacks are raising significant security threats to the boot process of multiprocessor systems. This paper identifies a new, prevalent hardware supply-chain attack surface that can bypass multiprocessor secure boot due…

Cryptography and Security · Computer Science 2025-04-22 Zhuoruo Zhang , Rui Chang , Mingshuai Chen , Wenbo Shen , Chenyang Yu , He Huang , Qinming Dai , Yongwang Zhao

Trusted Execution Environments (TEEs) are gaining popularity as an effective means to provide confidentiality in the cloud. TEEs, such as Intel SGX, suffer from so-called rollback and cloning attacks (often referred to as forking attacks).…

Cryptography and Security · Computer Science 2026-01-15 Annika Wilde , Samira Briongos , Claudio Soriente , Ghassan Karame

Trojanized software packages used in software supply chain attacks constitute an emerging threat. Unfortunately, there is still a lack of scalable approaches that allow automated and timely detection of malicious software packages and thus…

Cryptography and Security · Computer Science 2021-03-22 Marc Ohm , Lukas Kempf , Felix Boes , Michael Meier

Incremental and parallel builds are crucial features of modern build systems. Parallelism enables fast builds by running independent tasks simultaneously, while incrementality saves time and computing resources by processing the build…

Software Engineering · Computer Science 2023-12-05 Thodoris Sotiropoulos , Stefanos Chaliasos , Dimitris Mitropoulos , Diomidis Spinellis