English
Related papers

Related papers: GoSurf: Identifying Software Supply Chain Attack V…

200 papers

As we increasingly depend on software systems, the consequences of breaches in the software supply chain become more severe. High-profile cyber attacks like those on SolarWinds and ShadowHammer have resulted in significant financial and…

Cryptography and Security · Computer Science 2023-08-10 Tanmay Singla , Dharun Anandayuvaraj , Kelechi G. Kalu , Taylor R. Schorlemmer , James C. Davis

With the popularity of software ecosystems, the number of open source components (known as packages) has grown rapidly. Identifying high-quality and well-maintained packages from a large pool of packages to depend on is a basic and…

Software Engineering · Computer Science 2022-04-12 Suhaib Mujahid , Rabe Abdalkareem , Emad Shihab

The art of finding software vulnerabilities has been covered extensively in the literature and there is a huge body of work on this topic. In contrast, the intentional insertion of exploitable, security-critical bugs has received little…

Cryptography and Security · Computer Science 2020-07-07 Jannik Pewny , Thorsten Holz

An attack taxonomy offers a consistent and structured classification scheme to systematically understand, identify, and classify cybersecurity threat attributes. However, existing taxonomies only focus on a narrow range of attacks and…

Cryptography and Security · Computer Science 2026-04-03 Md Habibor Rahman , Rocco Cassandro , Thorsten Wuest , Mohammed Shafae

In recent years, there has been a growing concern with software integrity, that is, the assurance that software has not been tampered with on the path between developers and users. This path is represented by a software development pipeline…

Cryptography and Security · Computer Science 2022-11-14 B. M. Reichert , R. R. Obelheiro

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

Spectre, Meltdown, and related attacks have demonstrated that kernels, hypervisors, trusted execution environments, and browsers are prone to information disclosure through micro-architectural weaknesses. However, it remains unclear as to…

Large Language Models (LLMs) have revolutionized artificial intelligence (AI), driving breakthroughs in natural language understanding, text generation, and autonomous systems. However, the rapid growth of LLMs presents significant…

Software Engineering · Computer Science 2025-04-30 Yanzhe Hu , Shenao Wang , Tianyuan Nie , Yanjie Zhao , Haoyu Wang

While providing economic and software development value, software supply chains are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks, specifically targeting vulnerable…

Cryptography and Security · Computer Science 2025-05-16 Imranur Rahman , Yasemin Acar , Michel Cukier , William Enck , Christian Kastner , Alexandros Kapravelos , Dominik Wermke , Laurie Williams

The Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380…

Software Engineering · Computer Science 2021-02-11 Tiago Espinha Gasiba , Ulrike Lechner , Maria Pinto-Albuquerque , Daniel Mendez

The demand for quick and reliable DevOps operations pushed distributors of repository platforms to implement workflows. Workflows allow automating code management operations directly on the repository hosting the software. However, this…

Cryptography and Security · Computer Science 2022-11-11 Giacomo Benedetti , Luca Verderame , Alessio Merlo

Timing-based side or covert channels in processor caches continue to present a threat to computer systems, and they are the key to many of the recent Spectre and Meltdown attacks. Based on improvements to an existing three-step model for…

Cryptography and Security · Computer Science 2019-11-21 Shuwen Deng , Wenjie Xiong , Jakub Szefer

While new technologies emerge, human errors always looming. Software supply chain is increasingly complex and intertwined, the security of a service has become paramount to ensuring the integrity of products, safeguarding data privacy, and…

Cryptography and Security · Computer Science 2025-01-22 Vasileios Alevizos , George A Papakostas , Akebu Simasiku , Dimitra Malliarou , Antonis Messinis , Sabrina Edralin , Clark Xu , Zongliang Yue

Modern software development is increasingly dependent on components, libraries and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges). This way of writing…

Software Engineering · Computer Science 2020-12-16 Paolo Boldi , Georgios Gousios

The increasing frequency and sophistication of software supply chain attacks pose severe risks to critical infrastructure sectors, threatening national security, economic stability, and public safety. Despite growing awareness, existing…

Software Engineering · Computer Science 2025-10-31 Liming Dong , Sung Une Lee , Zhenchang Xing , Muhammad Ejaz Ahmed , Stefan Avgoustakis

In the software engineering community, deep learning (DL) has recently been applied to many source code processing tasks. Due to the poor interpretability of DL models, their security vulnerabilities require scrutiny. Recently, researchers…

Software Engineering · Computer Science 2022-11-01 Jia Li , Zhuo Li , Huangzhao Zhang , Ge Li , Zhi Jin , Xing Hu , Xin Xia

The widespread deployment of Deep Learning-based Face Recognition Systems raises many security concerns. While prior research has identified backdoor vulnerabilities on isolated components, Backdoor Attacks on real-world, unconstrained…

Computer Vision and Pattern Recognition · Computer Science 2026-01-21 Quentin Le Roux , Yannick Teglia , Teddy Furon , Philippe Loubet-Moundi , Eric Bourbao

A number of important real-world protocols including the Transport Layer Security (TLS) protocol have the ability to negotiate various security-related choices such as the protocol version and the cryptographic algorithms to be used in a…

Cryptography and Security · Computer Science 2019-01-29 Eman Salem Alashwali , Kasper Rasmussen

The rise of AI has transformed the software and hardware landscape, enabling powerful capabilities through specialized infrastructures, large-scale data storage, and advanced hardware. However, these innovations introduce unique attack…

Cryptography and Security · Computer Science 2025-08-29 Michael R Smith , Joe Ingram

Downfall is a side-channel attack that leaks values in vector registers from a process to another on the same CPU core. This attack enables an attacker to achieve serious outcomes (e.g., stealing AES keys), and there is no fundamental…

Cryptography and Security · Computer Science 2026-04-14 Yohei Harata , Soramichi Akiyama