English
Related papers

Related papers: Scalable Language Agnostic Taint Tracking using Ex…

200 papers

We present the first systematic approach to static and dynamic taint analysis for Graph APIs focusing on broken access control. The approach comprises the following. We taint nodes of the Graph API if they represent data requiring specific…

Cryptography and Security · Computer Science 2026-03-18 Leen Lambers , Lucas Sakizloglou , Taisiya Khakharova , Fernando Orejas

This paper presents a scalable path- and context-sensitive data-dependence analysis. The key is to address the aliasing-path-explosion problem via a sparse, demand-driven, and fused approach that piggybacks the computation of pointer…

Programming Languages · Computer Science 2021-09-20 Peisen Yao , Jinguo Zhou , Xiao Xiao , Qingkai Shi , Rongxin Wu , Charles Zhang

Large Language Models (LLMs) are rapidly becoming commodity components of larger software systems. This poses natural security and privacy problems: poisoned data retrieved from one component can change the model's behavior and compromise…

Memory corruption attacks remain the primary threat for computer security. Information flow tracking or taint analysis has been proven to be effective against most memory corruption attacks. However, there are two shortcomings with current…

Cryptography and Security · Computer Science 2015-03-13 Pankaj Kohli

Static Application Security Testing (SAST) tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis…

Large language models (LLMs) are increasingly used to complete complex tasks by selecting and coordinating external tools across multiple steps. This requires aligning tool choices with subtask intent while satisfying directional execution…

Machine Learning · Computer Science 2026-05-13 Xinyi Gao , Xinyu Ren , Junliang Yu , Tong Chen , Quoc Viet Hung Nguyen , Hongzhi Yin

Privacy analysis is critical but also a time-consuming and tedious task. We present a formalization which eases designing and auditing high-level privacy properties of software architectures. It is incorporated into a larger policy analysis…

Cryptography and Security · Computer Science 2018-06-11 Marcel von Maltitz , Cornelius Diekmann , Georg Carle

Performance models are well-known instruments to understand the scaling behavior of parallel applications. They express how performance changes as key execution parameters, such as the number of processes or the size of the input problem,…

Distributed, Parallel, and Cluster Computing · Computer Science 2021-01-01 Marcin Copik , Alexandru Calotoiu , Tobias Grosser , Nicolas Wicki , Felix Wolf , Torsten Hoefler

Many important security properties can be formulated in terms of flows of tainted data, and improved taint analysis tools to prevent such flows are of critical need. Most existing taint analyses use whole-program static analysis, leading to…

Programming Languages · Computer Science 2025-05-02 Nima Karimipour , Kanak Das , Manu Sridharan , Behnaz Hassanshahi

Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is…

Software Engineering · Computer Science 2025-12-05 Burak Yetiştiren , Hong Jin Kang , Miryung Kim

Over the years, static taint analysis emerged as the analysis of choice to detect some of the most common web application vulnerabilities, such as SQL injection (SQLi) and cross-site scripting (XSS)~\cite{OWASP}. Furthermore, from an…

Programming Languages · Computer Science 2021-03-31 Nicholas Allen , François Gauthier , Alexander Jordan

Explainability in classification results are dependent upon the features used for classification. Data dependency graph features representing data movement are directly correlated with operational semantics, and subject to fine grained…

Cryptography and Security · Computer Science 2024-07-09 John Musgrave , Anca Ralescu

Dependency analysis is a program analysis that determines potential data flow between program points. While it is not a security analysis per se, it is a viable basis for investigating data integrity, for ensuring confidentiality, and for…

Programming Languages · Computer Science 2013-05-30 Matthias Keil , Peter Thiemann

Static analysis has established itself as a weapon of choice for detecting security vulnerabilities. Taint analysis in particular is a very general and powerful technique, where security policies are expressed in terms of forbidden flows,…

Cryptography and Security · Computer Science 2021-11-19 Saikat Dutta , Diego Garbervetsky , Shuvendu Lahiri , Max Schäfer

Dynamic taint analysis (DTA) has been widely used in various security-relevant scenarios that need to track the runtime information flow of programs. Dynamic binary instrumentation (DBI) is a prevalent technique in achieving effective…

Cryptography and Security · Computer Science 2021-11-09 Xiao Kan , Cong Sun , Shen Liu , Yongzhe Huang , Gang Tan , Siqi Ma , Yumei Zhang

Program analysis tools often produce large volumes of candidate vulnerability reports that require costly manual review, creating a practical challenge: how can security analysts prioritize the reports most likely to be true…

Cryptography and Security · Computer Science 2025-10-24 Ronghao Ni , Aidan Z. H. Yang , Min-Chien Hsu , Nuno Sabino , Limin Jia , Ruben Martins , Darion Cassel , Kevin Cheang

Dynamic taint analysis (DTA) is widely used by various applications to track information flow during runtime execution. Existing DTA techniques use rule-based taint-propagation, which is neither accurate (i.e., high false positive) nor…

Cryptography and Security · Computer Science 2019-09-04 Dongdong She , Yizheng Chen , Abhishek Shah , Baishakhi Ray , Suman Jana

The large transformer-based language models demonstrate excellent performance in natural language processing. By considering the transferability of the knowledge gained by these models in one domain to other related domains, and the…

Cryptography and Security · Computer Science 2022-09-07 Chandra Thapa , Seung Ick Jang , Muhammad Ejaz Ahmed , Seyit Camtepe , Josef Pieprzyk , Surya Nepal

The integration of open-source third-party library dependencies in Java development introduces significant security risks when these libraries contain known vulnerabilities. Existing Software Composition Analysis (SCA) tools struggle to…

Software Engineering · Computer Science 2025-07-25 Wang Lingxiang , Quanzhi Fu , Wenjia Song , Gelei Deng , Yi Liu , Dan Williams , Ying Zhang

Augmenting Transformers with linguistic structures effectively enhances the syntactic generalization performance of language models. Previous work in this direction focuses on syntactic tree structures of languages, in particular…

Computation and Language · Computer Science 2026-05-18 Tianyu Huang , Yida Zhao , Chuyan Zhou , Kewei Tu
‹ Prev 1 2 3 10 Next ›