English
Related papers

Related papers: GHunter: Universal Prototype Pollution Gadgets in …

200 papers

Prototype pollution is a dangerous vulnerability affecting prototype-based languages like JavaScript and the Node.js platform. It refers to the ability of an attacker to inject properties into an object's root prototype at runtime and…

Cryptography and Security · Computer Science 2022-11-14 Mikhail Shcherbakov , Musard Balliu , Cristian-Alexandru Staicu

For better or worse, JavaScript is the cornerstone of modern Web. Prototype-based languages like JavaScript are susceptible to prototype pollution vulnerabilities, enabling an attacker to inject arbitrary properties into an object's…

Cryptography and Security · Computer Science 2023-11-08 Mikhail Shcherbakov , Paul Moosbrugger , Musard Balliu

Java (de)serialization is prone to causing security-critical vulnerabilities that attackers can invoke existing methods (gadgets) on the application's classpath to construct a gadget chain to perform malicious behaviors. Several techniques…

Cryptography and Security · Computer Science 2023-04-05 Sicong Cao , Xiaobing Sun , Xiaoxue Wu , Lili Bo , Bin Li , Rongxin Wu , Wei Liu , Biao He , Yu Ouyang , Jiajia Li

AI-based code generators have become pivotal in assisting developers in writing software starting from natural language (NL). However, they are trained on large amounts of data, often collected from unsanitized online sources (e.g., GitHub,…

Cryptography and Security · Computer Science 2024-02-12 Domenico Cotroneo , Cristina Improta , Pietro Liguori , Roberto Natella

AI-powered coding assistant tools have revolutionized the software engineering ecosystem. However, prior work has demonstrated that these tools are vulnerable to poisoning attacks. In a poisoning attack, an attacker intentionally injects…

Cryptography and Security · Computer Science 2023-12-12 Sanghak Oh , Kiho Lee , Seonhye Park , Doowon Kim , Hyoungshick Kim

GPU clouds have become a popular computing platform because of the cost of owning and maintaining high-performance computing clusters. Many cloud architectures have also been proposed to ensure a secure execution environment for guest…

Cryptography and Security · Computer Science 2021-12-08 Rihui Sun , Pefei Qiu , Yongqiang Lyu , Donsheng Wang , Jiang Dong , Gang Qu

Test flakiness is a significant issue in industry, affecting test efficiency and product quality. While extensive research has examined the impact of flaky tests, many root causes remain unexplored, particularly in the context of dynamic…

Software Engineering · Computer Science 2026-02-24 Negar Hashemi , Amjed Tahir , August Shi , Shawn Rasheed , Rachel Blagojevic

Evasion techniques allow malicious code to never be observed. This impacts significantly the detection capabilities of tools that rely on either dynamic or static analysis, as they never get to process the malicious code. The dynamic nature…

Cryptography and Security · Computer Science 2024-05-24 Nikolaos Pantelaios , Alexandros Kapravelos

In Go, the widespread adoption of open-source software has led to a flourishing ecosystem of third-party dependencies, which are often integrated into critical systems. However, the reuse of dependencies introduces significant supply chain…

Cryptography and Security · Computer Science 2025-09-05 Carmine Cesarano , Vivi Andersson , Roberto Natella , Martin Monperrus

Background. Jupyter notebooks are one of the main tools used by data scientists. Notebooks include features (configuration scripts, markdown, images, etc.) that make them challenging to analyze compared to traditional software. As a result,…

Software Engineering · Computer Science 2025-07-28 Wenyuan Jiang , Diany Pressato , Harsh Darji , Thibaud Lutellier

This paper provides a survey of methods and tools for automated code-reuse exploit generation. Such exploits use code that is already contained in a vulnerable program. The code-reuse approach allows one to exploit vulnerabilities in the…

Cryptography and Security · Computer Science 2021-07-23 Alexey Vishnyakov , Alexey Nurmukhametov

Code smells signal violations of design principles that degrade the internal quality of evolving software systems. Although many tools detect such anomalies using static metrics, they often ignore the development context in which smells…

Software Engineering · Computer Science 2026-05-21 Matheus dos Santos Viegas , Adrian Gabriel Keller dos Santos , Kleinner Farias , Robson Keemps da Silva

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

With tools like GitHub Copilot, automatic code suggestion is no longer a dream in software engineering. These tools, based on large language models, are typically trained on massive corpora of code mined from unvetted public sources. As a…

Cryptography and Security · Computer Science 2024-01-25 Hojjat Aghakhani , Wei Dai , Andre Manoel , Xavier Fernandes , Anant Kharkar , Christopher Kruegel , Giovanni Vigna , David Evans , Ben Zorn , Robert Sim

Software vulnerabilities pose significant risks to computer systems, impacting our daily lives, productivity, and even our health. Identifying and addressing security vulnerabilities in a timely manner is crucial to prevent hacking and data…

Cryptography and Security · Computer Science 2023-08-01 Jin Wang , Zishan Huang , Hui Xiao , Yinhao Xiao

Writing desktop applications in JavaScript offers developers the opportunity to write cross-platform applications with cutting edge capabilities. However in doing so, they are potentially submitting their code to a number of unsanctioned…

Cryptography and Security · Computer Science 2018-12-19 Adam Rapley , Xavier Bellekens , Lynsay A. Shepherd , Colin McLean

Graph neural networks (GNNs) have shown great success in detecting intellectual property (IP) piracy and hardware Trojans (HTs). However, the machine learning community has demonstrated that GNNs are susceptible to data poisoning attacks,…

Cryptography and Security · Computer Science 2023-03-27 Lilas Alrahis , Satwik Patnaik , Muhammad Abdullah Hanif , Muhammad Shafique , Ozgur Sinanoglu

Machine learning algorithms are becoming increasingly prevalent and performant in the reconstruction of events in accelerator-based neutrino experiments. These sophisticated algorithms can be computationally expensive. At the same time, the…

Recent years have witnessed explosive growth in blockchain smart contract applications. As smart contracts become increasingly popular and carry trillion dollars worth of digital assets, they become more of an appealing target for…

Software Engineering · Computer Science 2023-04-26 Peng Qian , Jianting He , Lingling Lu , Siwei Wu , Zhipeng Lu , Lei Wu , Yajin Zhou , Qinming He

Template-based code generator development as part of model-drivendevelopment (MDD) demands for strong mechanisms and tools that support developers to improve robustness, i.e., the desired code is generated for the specified inputs. Although…

Software Engineering · Computer Science 2016-06-16 Carsten Kolassa , Markus Look , Klaus Müller , Alexander Roth , Dirk Reiß , Bernhard Rumpe
‹ Prev 1 2 3 10 Next ›