English
Related papers

Related papers: Patch2Vuln: Agentic Reconstruction of Vulnerabilit…

200 papers

This paper is the result of a two month research internship on the topic of library version identification. In this paper, ideas and techniques from literature in the area of binary comparison and fingerprinting are outlined and applied to…

Cryptography and Security · Computer Science 2017-03-02 Thomas Rinsma

Linux kernel stable versions serve the needs of users who value stability of the kernel over new features. The quality of such stable versions depends on the initiative of kernel developers and maintainers to propagate bug fixing patches to…

Software Engineering · Computer Science 2019-11-12 Thong Hoang , Julia Lawall , Yuan Tian , Richard J Oentaryo , David Lo

Large Language Models (LLMs) have emerged as promising tools in software development, enabling automated code generation and analysis. However, their knowledge is limited to a fixed cutoff date, making them prone to generating code…

Cryptography and Security · Computer Science 2025-12-01 Minjae Seo , Wonwoo Choi , Myoungsung You , Seungwon Shin

Third-party libraries are essential in software development as they prevent the need for developers to recreate existing functionalities. However, vulnerabilities within these libraries pose significant risks to dependent projects.…

Software Engineering · Computer Science 2025-04-01 Zirui Chen , Xing Hu , Puhua Sun , Xin Xia , Xiaohu Yang

Software vulnerability detection is critical in software en- gineering as security flaws arise from complex interactions across code structure, repository context, and runtime conditions. Existing meth- ods are limited by local code views,…

Software Engineering · Computer Science 2026-03-17 Renwei Meng , Haoyi Wu , Jingming Wang , Haoyan Bai

Mutation analysis is an effective technique to evaluate a test suite adequacy in terms of revealing unforeseen bugs in software. Traditional source- or IR-level mutation analysis is not applicable to the software only available in binary…

Software Engineering · Computer Science 2021-02-16 Mohsen Ahmadi , Pantea Kiaei , Navid Emamdoost

Security of software supply chains is necessary to ensure that software updates do not contain maliciously injected code or introduce vulnerabilities that may compromise the integrity of critical infrastructure. Verifying the integrity of…

Security experts reverse engineer (decompile) binary code to identify critical security vulnerabilities. The limited access to source code in vital systems - such as firmware, drivers, and proprietary software used in Critical…

Cryptography and Security · Computer Science 2024-11-08 Dylan Manuel , Nafis Tanveer Islam , Joseph Khoury , Ana Nunez , Elias Bou-Harb , Peyman Najafirad

Recognizing vulnerabilities in stripped binary files presents a significant challenge in software security. Although some progress has been made in generating human-readable information from decompiled binary files with Large Language…

Cryptography and Security · Computer Science 2025-05-29 Nasir Hussain , Haohan Chen , Chanh Tran , Philip Huang , Zhuohao Li , Pravir Chugh , William Chen , Ashish Kundu , Yuan Tian

Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the importance of security patches. However, in widely used security platforms like NVD, a substantial number of CVE records still lack trace links to…

Software Engineering · Computer Science 2024-07-25 Kaixuan Li , Jian Zhang , Sen Chen , Han Liu , Yang Liu , Yixiang Chen

We introduce Bin2Vec, a new framework that helps compare software programs in a clear and explainable way. Instead of focusing only on one type of information, Bin2Vec combines what a program looks like (its built-in functions, imports, and…

Software Engineering · Computer Science 2025-12-03 Moussa Moussaoui , Tarik Houichime , Abdelalim Sadiq

Many modern software projects evolve rapidly to incorporate new features and security patches. It is important for users to update their dependencies to safer versions, but many still use older, vulnerable package versions because upgrading…

Software Engineering · Computer Science 2025-12-02 Zhiqing Zhong , Jiaming Huang , Pinjia He

This research introduces graph analysis methods and a modified Graph Attention Convolutional Neural Network (GAT) to the critical challenge of open source package vulnerability remediation by analyzing control flow graphs to profile…

Software Engineering · Computer Science 2024-03-11 Fernando Vera , Palina Pauliuchenka , Ethan Oh , Bai Chien Kao , Louis DiValentin , David A. Bader

Since compiler optimization is the most common source contributing to binary code differences in syntax, testing the resilience against the changes caused by different compiler optimization settings has become a standard evaluation step for…

Programming Languages · Computer Science 2021-03-26 Xiaolei Ren , Michael Ho , Jiang Ming , Yu Lei , Li Li

A large user base relies on software updates provided through package managers. This provides a unique lever for improving the security of the software update process. We propose a transparency system for software updates and implement it…

Cryptography and Security · Computer Science 2017-11-21 Benjamin Hof , Georg Carle

Despite the immense popularity of the Automated Program Repair (APR) field, the question of patch validation is still open. Most of the present-day approaches follow the so-called Generate-and-Validate approach, where first a candidate…

Software Engineering · Computer Science 2021-04-01 Viktor Csuvik , Dániel Horváth , Márk Lajkó , László Vidács

We present Wolverine2, an integrated Debug-Localize-Repair environment for heap manipulating programs. Wolverine2 provides an interactive debugging environment: while concretely executing a program via on an interactive shell supporting…

Programming Languages · Computer Science 2022-02-04 Sahil Verma , Subhajit Roy

Extended Berkeley Packet Filter (eBPF) programs are kernel extensions used for networking, observability, and security enforcement in the Linux kernel. The in-kernel eBPF verifier checks low-level memory safety and termination on eBPF…

Cryptography and Security · Computer Science 2026-05-26 Vishnu Asutosh Dasu , Monika Santra , Md Rafi Ur Rashid , Ashish Kumar , Saeid Tizpaz-Niari , Gang Tan

Security practitioners maintain vulnerability reports (e.g., GitHub Advisory) to help developers mitigate security risks. An important task for these databases is automatically extracting structured information mentioned in the report,…

Cryptography and Security · Computer Science 2024-05-21 Tianyu Chen , Lin Li , Liuchuan Zhu , Zongyang Li , Xueqing Liu , Guangtai Liang , Qianxiang Wang , Tao Xie

In this paper, we perform a comprehensive study of 2,470 patched Android vulnerabilities that we collect from different data sources such as Android security bulletins, CVEDetails, Qualcomm Code Aurora, AOSP Git repository, and Linux…

Cryptography and Security · Computer Science 2019-05-24 Sadegh Farhang , Mehmet Bahadir Kirdan , Aron Laszka , Jens Grossklags