Search Results - Security and privacy Software and application security Software security engineering

Wemint:Tainting Sensitive Data Leaks in WeChat Mini-Programs by Meng, Shi, Wang, Liu, Wang, Shenao, Wang, Kailong, Xiao, Xusheng, Bai, Guangdong, Wang, Haoyu

“… However, MiniApps raise new security and privacy concerns as they can access partially or all of host apps' system resources, including sensitive personal data…”
Get full text

Decoding Secret Memorization in Code LLMs Through Token-Level Characterization by Nie, Yuqing, Wang, Chong, Wang, Kailong, Xu, Guoai, Xu, Guosheng, Wang, Haoyu

“… However, their training process inadvertently leads to the memorization of sensitive information, posing severe privacy risks…”
Get full text

COBRA: Interaction-Aware Bytecode-Level Vulnerability Detector for Smart Contracts by Li, Wenkai, Li, Xiaoqi, Li, Zongwei, Zhang, Yuqing

“…The detection of vulnerabilities in smart contracts remains a significant challenge. While numerous tools are available for analyzing smart contracts in source…”
Get full text

IntraFuzz: Coverage-Guided Intra-Enclave Fuzzing for Intel SGX Applications by Cui, Jinhua, Peng, Qiao, Yao, Yiwen, Ye, Ke, Zhang, Jiliang

“…Intel SGX is susceptible to intra-enclave software vulnerabilities. Existing automated bug-finding methods primarily focus on fuzzing enclave boundaries for SGX applications in simulated, rather than actual hardware-protected enclaves…”
Get full text

Rewrite to Reinforce: Rewriting the Binary to Apply Countermeasures against Fault Injection by Kiaei, Pantea, Breunesse, Cees-Bart, Ahmadi, Mohsen, Schaumont, Patrick, Woudenberg, Jasper van

“…Fault injection attacks can cause errors in software for malicious purposes. Oftentimes, vulnerable points of a program are detected after its development…”
Get full text

Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps by Chen, Yongliang, Tang, Ruoqin, Zuo, Chaoshun, Zhang, Xiaokuan, Xue, Lei, Luo, Xiapu, Zhao, Qingchuan

“…Recently, clipboard usage has become prevalent in mobile apps allowing users to copy and paste text within the same app or across different apps. However,…”
Get full text

LeanBin: Harnessing Lifting and Recompilation to Debloat Binaries by Wodiany, Igor, Pop, Antoniu, Lujan, Mikel

“… The dynamically recorded execution traces capture the required subset of instructions and control flow of the application binary for a given set of inputs…”
Get full text

Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware by Cao, Michael, Ahmed, Khaled, Rubin, Julia

“…This paper provides an in-depth analysis of Android malware that bypassed the strictest defenses of the Google Play application store and penetrated the official Android market between January 2016 and July 2021…”
Get full text

SmartBugs: A Framework to Analyze Solidity Smart Contracts by Ferreira, Joao F., Cruz, Pedro, Durieux, Thomas, Abreu, Rui

“…Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not…”
Get full text

Self-hiding behavior in Android apps: detection and characterization by Shan, Zhiyong, Neamtiu, Iulian, Samuel, Raina

“…Applications (apps) that conceal their activities are fundamentally deceptive; app marketplaces and end-users should treat such apps as suspicious…”
Get full text

MEMLOCK: Memory Usage Guided Fuzzing by Wen, Cheng, Wang, Haijun, Li, Yuekang, Qin, Shengchao, Liu, Yang, Xu, Zhiwu, Chen, Hongxu, Xie, Xiaofei, Pu, Geguang, Liu, Ting

“…Uncontrolled memory consumption is a kind of critical software security weaknesses…”
Get full text

Combining Fine-Tuning and LLM-Based Agents for Intuitive Smart Contract Auditing with Justifications by Ma, Wei, Wu, Daoyuan, Sun, Yuqiang, Wang, Tianwen, Liu, Shangqing, Zhang, Jian, Xue, Yue, Liu, Yang

“…Smart contracts are decentralized applications built atop blockchains like Ethereum…”
Get full text

MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks by Cao, Sicong, Sun, Xiaobing, Bo, Lili, Wu, Rongxin, Li, Bin, Tao, Chuanqi

“…Memory-related vulnerabilities constitute severe threats to the security of modern software…”
Get full text

ReGuard: finding reentrancy bugs in smart contracts by Liu, Chao, Liu, Han, Cao, Zhao, Chen, Zhong, Chen, Bangdao, Roscoe, Bill

“… As a special form of computer program, smart contract can hardly get rid of bugs. Even worse, an exploitable security bug can lead to catastrophic consequences, e.g…”
Get full text

Hiding Critical Program Components via Ambiguous Translation by Jung, Chijung, Kim, Doowon, Chen, An, Wang, Weihang, Zheng, Yunhui, Lee, Kyu Hyung, Kwon, Yonghwi

“…Software systems may contain critical program components such as patented program logic or sensitive data…”
Get full text

Windranger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks by Du, Zhengjie, Li, Yuekang, Liu, Yang, Mao, Bing

“…Directed grey-box fuzzing (DGF) is a security testing technique that aims to steer the fuzzer towards predefined target sites in the program…”
Get full text

On Prescription or Off Prescription? An Empirical Study of Community-Prescribed Security Configurations for Kubernetes by Shamim, Shazibul Islam, Hu, Hanyang, Rahman, Akond

“…Despite being beneficial for rapid delivery of software, Kubernetes deployments can be susceptible to security attacks, which can cause serious consequences…”
Get full text

Prompt-to-SQL Injections in LLM-Integrated Web Applications: Risks and Defenses by Pedro, Rodrigo, Coimbra, Miguel E., Castro, Daniel, Carreira, Paulo, Santos, Nuno

“… We characterize \mathrm{P}_{2} \text{SQL} injections, exploring their variants and impact on application security through multiple concrete examples…”
Get full text

Effective Vulnerable Function Identification based on CVE Description Empowered by Large Language Models by Wu, Yulun, Wen, Ming, Yu, Zeliang, Guo, Xiaochen, Jin, Hai

“…Open-source software (OSS) has profoundly transformed the software development paradigm by facilitating effortless code reuse…”
Get full text

Preserving Privacy in Software Composition Analysis: A Study of Technical Solutions and Enhancements by Wang, Huaijin, Liu, Zhibo, Dai, Yanbo, Wang, Shuai, Tang, Qiyi, Nie, Sen, Wu, Shi

“…Software composition analysis (SCA) denotes the process of identifying open-source software components in an input software application…”
Get full text