Search Results - "Security and privacy Software and application security Software security engineering"

ReGuard: finding reentrancy bugs in smart contracts by Liu, Chao, Liu, Han, Cao, Zhao, Chen, Zhong, Chen, Bangdao, Roscoe, Bill

“…Smart contracts enabled a new way to perform cryptocurrency transactions over blockchains. While this emerging technique introduces free-of-conflicts and…”
Get full text

GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis by Sun, Yuqiang, Wu, Daoyuan, Xue, Yue, Liu, Han, Wang, Haijun, Xu, Zhengzi, Xie, Xiaofei, Liu, Yang

“…Smart contracts are prone to various vulnerabilities, leading to substantial financial losses over time. Current analysis tools mainly target vulnerabilities…”
Get full text

MEMLOCK: Memory Usage Guided Fuzzing by Wen, Cheng, Wang, Haijun, Li, Yuekang, Qin, Shengchao, Liu, Yang, Xu, Zhiwu, Chen, Hongxu, Xie, Xiaofei, Pu, Geguang, Liu, Ting

“…Uncontrolled memory consumption is a kind of critical software security weaknesses. It can also become a security-critical vulnerability when attackers can…”
Get full text

MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks by Cao, Sicong, Sun, Xiaobing, Bo, Lili, Wu, Rongxin, Li, Bin, Tao, Chuanqi

“…Memory-related vulnerabilities constitute severe threats to the security of modern software. Despite the success of deep learning-based approaches to generic…”
Get full text

Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities by Wang, Haijun, Xie, Xiaofei, Li, Yi, Wen, Cheng, Li, Yuekang, Liu, Yang, Qin, Shengchao, Chen, Hongxu, Sui, Yulei

“…Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge coverage to guide the fuzzing process, which has shown great potential…”
Get full text

SmartBugs: A Framework to Analyze Solidity Smart Contracts by Ferreira, Joao F., Cruz, Pedro, Durieux, Thomas, Abreu, Rui

“…Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not…”
Get full text

SCVHUNTER: Smart Contract Vulnerability Detection Based on Heterogeneous Graph Attention Network by Luo, Feng, Luo, Ruijie, Chen, Ting, Qiao, Ao, He, Zheyuan, Song, Shuwei, Jiang, Yu, Li, Sixing

“…Smart contracts are integral to blockchain's growth, but their vulnerabilities pose a significant threat. Traditional vulnerability detection methods rely…”
Get full text

Windranger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks by Du, Zhengjie, Li, Yuekang, Liu, Yang, Mao, Bing

“…Directed grey-box fuzzing (DGF) is a security testing technique that aims to steer the fuzzer towards predefined target sites in the program. To gain…”
Get full text

Ponziguard: Detecting Ponzi Schemes on Ethereum with Contract Runtime Behavior Graph (CRBG) by Liang, Ruichao, Chen, Jing, He, Kun, Wu, Yueming, Deng, Gelei, Du, Ruiying, Wu, Cong

“…Ponzi schemes, a form of scam, have been discovered in Ethereum smart contracts in recent years, causing massive financial losses. Rule-based detection…”
Get full text

RoPGen: Towards Robust Code Authorship Attribution via Automatic Coding Style Transformation by Li, Zhen, Chen, Guenevere Qian, Chen, Chen, Zou, Yayi, Xu, Shouhuai

“…Source code authorship attribution is an important problem often encountered in applications such as software forensics, bug fixing, and software quality…”
Get full text

COBRA: Interaction-Aware Bytecode-Level Vulnerability Detector for Smart Contracts by Li, Wenkai, Li, Xiaoqi, Li, Zongwei, Zhang, Yuqing

“…The detection of vulnerabilities in smart contracts remains a significant challenge. While numerous tools are available for analyzing smart contracts in source…”
Get full text

Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling by Zhou, Chijin, Wang, Mingzhe, Liang, Jie, Liu, Zhe, Jiang, Yu

“…Coverage-guided fuzzing is one of the most popular software testing techniques for vulnerability detection. While effective, current fuzzing methods suffer…”
Get full text

ReMoS: Reducing Defect Inheritance in Transfer Learning via Relevant Model Slicing by Zhang, Ziqi, Li, Yuanchun, Wang, Jindong, Liu, Bingyan, Li, Ding, Guo, Yao, Chen, Xiangqun, Liu, Yunxin

“…Transfer learning is a popular software reuse technique in the deep learning community that enables developers to build custom mod-els (students) based on…”
Get full text

RMCBench: Benchmarking Large Language Models' Resistance to Malicious Code by Chen, Jiachi, Zhong, Qingyuan, Wang, Yanlin, Ning, Kaiwen, Liu, Yongkun, Xu, Zenan, Zhao, Zhe, Chen, Ting, Zheng, Zibin

“…Warning: Please note that this article contains potential harmful or offensive content. This content is only for the evaluating and analysis of LLMs and does…”
Get full text

Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference by Manes, Valentin J.M., Kim, Soomin, Cha, Sang Kil

“…Grey-box fuzzing is an evolutionary process, which maintains and evolves a population of test cases with the help of a fitness function. Fitness functions used…”
Get full text

S-gram: Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts by Liu, Han, Liu, Chao, Zhao, Wenqi, Jiang, Yu, Sun, Jiaguang

“…Smart contracts, as a promising and powerful application on the Ethereum blockchain, have been growing rapidly in the past few years. Since they are highly…”
Get full text

Towards More Practical Automation of Vulnerability Assessment by Pan, Shengyi, Bao, Lingfeng, Zhou, Jiayuan, Hu, Xing, Xia, Xin, Li, Shanping

“…It is increasingly suggested to identify emerging software vulner-abilities (SVs) through relevant development activities (e.g., issue reports) to allow early…”
Get full text

Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models by Wu, Cong, Chen, Jing, Wang, Ziwei, Liang, Ruichao, Du, Ruiying

“…Smart contracts, self-executing agreements directly encoded in code, are fundamental to blockchain technology, especially in decentralized finance (DeFi) and…”
Get full text

VGX: Large-Scale Sample Generation for Boosting Learning-Based Software Vulnerability Analyses by Nong, Yu, Fang, Richard, Yi, Guangbei, Zhao, Kunsong, Luo, Xiapu, Chen, Feng, Cai, Haipeng

“…Accompanying the successes of learning-based defensive software vulnerability analyses is the lack of large and quality sets of labeled vulnerable program…”
Get full text

PrettySmart: Detecting Permission Re-Delegation Vulnerability for Token Behaviors in Smart Contracts by Zhong, Zhijie, Zheng, Zibin, Dai, Hong-Ning, Xue, Qing, Chen, Junjia, Nan, Yuhong

“…As an essential component in Ethereum and other blockchains, token assets have been interacted with by diverse smart contracts. Effective permission policies…”
Get full text