Výsledky vyhledávání - Security and privacy Software and applications security Software security engineering

Wemint:Tainting Sensitive Data Leaks in WeChat Mini-Programs Autor Meng, Shi, Wang, Liu, Wang, Shenao, Wang, Kailong, Xiao, Xusheng, Bai, Guangdong, Wang, Haoyu

“… However, MiniApps raise new security and privacy concerns as they can access partially or all of host apps' system resources, including sensitive personal data…”
Získat plný text

Decoding Secret Memorization in Code LLMs Through Token-Level Characterization Autor Nie, Yuqing, Wang, Chong, Wang, Kailong, Xu, Guoai, Xu, Guosheng, Wang, Haoyu

“… However, their training process inadvertently leads to the memorization of sensitive information, posing severe privacy risks…”
Získat plný text

IntraFuzz: Coverage-Guided Intra-Enclave Fuzzing for Intel SGX Applications Autor Cui, Jinhua, Peng, Qiao, Yao, Yiwen, Ye, Ke, Zhang, Jiliang

“…Intel SGX is susceptible to intra-enclave software vulnerabilities. Existing automated bug-finding methods primarily focus on fuzzing enclave boundaries for SGX applications in simulated, rather than actual hardware-protected enclaves…”
Získat plný text

COBRA: Interaction-Aware Bytecode-Level Vulnerability Detector for Smart Contracts Autor Li, Wenkai, Li, Xiaoqi, Li, Zongwei, Zhang, Yuqing

“…The detection of vulnerabilities in smart contracts remains a significant challenge. While numerous tools are available for analyzing smart contracts in source…”
Získat plný text

Rewrite to Reinforce: Rewriting the Binary to Apply Countermeasures against Fault Injection Autor Kiaei, Pantea, Breunesse, Cees-Bart, Ahmadi, Mohsen, Schaumont, Patrick, Woudenberg, Jasper van

“…Fault injection attacks can cause errors in software for malicious purposes. Oftentimes, vulnerable points of a program are detected after its development…”
Získat plný text

LeanBin: Harnessing Lifting and Recompilation to Debloat Binaries Autor Wodiany, Igor, Pop, Antoniu, Lujan, Mikel

“… The dynamically recorded execution traces capture the required subset of instructions and control flow of the application binary for a given set of inputs…”
Získat plný text

Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps Autor Chen, Yongliang, Tang, Ruoqin, Zuo, Chaoshun, Zhang, Xiaokuan, Xue, Lei, Luo, Xiapu, Zhao, Qingchuan

“…Recently, clipboard usage has become prevalent in mobile apps allowing users to copy and paste text within the same app or across different apps. However,…”
Získat plný text

Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware Autor Cao, Michael, Ahmed, Khaled, Rubin, Julia

“…This paper provides an in-depth analysis of Android malware that bypassed the strictest defenses of the Google Play application store and penetrated the official Android market between January 2016 and July 2021…”
Získat plný text

Self-hiding behavior in Android apps: detection and characterization Autor Shan, Zhiyong, Neamtiu, Iulian, Samuel, Raina

“…Applications (apps) that conceal their activities are fundamentally deceptive; app marketplaces and end-users should treat such apps as suspicious…”
Získat plný text

SmartBugs: A Framework to Analyze Solidity Smart Contracts Autor Ferreira, Joao F., Cruz, Pedro, Durieux, Thomas, Abreu, Rui

“…Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not…”
Získat plný text

Prompt-to-SQL Injections in LLM-Integrated Web Applications: Risks and Defenses Autor Pedro, Rodrigo, Coimbra, Miguel E., Castro, Daniel, Carreira, Paulo, Santos, Nuno

“… We characterize \mathrm{P}_{2} \text{SQL} injections, exploring their variants and impact on application security through multiple concrete examples…”
Získat plný text

Combining Fine-Tuning and LLM-Based Agents for Intuitive Smart Contract Auditing with Justifications Autor Ma, Wei, Wu, Daoyuan, Sun, Yuqiang, Wang, Tianwen, Liu, Shangqing, Zhang, Jian, Xue, Yue, Liu, Yang

“…Smart contracts are decentralized applications built atop blockchains like Ethereum…”
Získat plný text

Hiding Critical Program Components via Ambiguous Translation Autor Jung, Chijung, Kim, Doowon, Chen, An, Wang, Weihang, Zheng, Yunhui, Lee, Kyu Hyung, Kwon, Yonghwi

“…Software systems may contain critical program components such as patented program logic or sensitive data…”
Získat plný text

Effective Vulnerable Function Identification based on CVE Description Empowered by Large Language Models Autor Wu, Yulun, Wen, Ming, Yu, Zeliang, Guo, Xiaochen, Jin, Hai

“…Open-source software (OSS) has profoundly transformed the software development paradigm by facilitating effortless code reuse…”
Získat plný text

On Prescription or Off Prescription? An Empirical Study of Community-Prescribed Security Configurations for Kubernetes Autor Shamim, Shazibul Islam, Hu, Hanyang, Rahman, Akond

“…Despite being beneficial for rapid delivery of software, Kubernetes deployments can be susceptible to security attacks, which can cause serious consequences…”
Získat plný text

MEMLOCK: Memory Usage Guided Fuzzing Autor Wen, Cheng, Wang, Haijun, Li, Yuekang, Qin, Shengchao, Liu, Yang, Xu, Zhiwu, Chen, Hongxu, Xie, Xiaofei, Pu, Geguang, Liu, Ting

“…Uncontrolled memory consumption is a kind of critical software security weaknesses…”
Získat plný text

Preserving Privacy in Software Composition Analysis: A Study of Technical Solutions and Enhancements Autor Wang, Huaijin, Liu, Zhibo, Dai, Yanbo, Wang, Shuai, Tang, Qiyi, Nie, Sen, Wu, Shi

“…Software composition analysis (SCA) denotes the process of identifying open-source software components in an input software application…”
Získat plný text

MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks Autor Cao, Sicong, Sun, Xiaobing, Bo, Lili, Wu, Rongxin, Li, Bin, Tao, Chuanqi

“…Memory-related vulnerabilities constitute severe threats to the security of modern software…”
Získat plný text

Windranger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks Autor Du, Zhengjie, Li, Yuekang, Liu, Yang, Mao, Bing

“…Directed grey-box fuzzing (DGF) is a security testing technique that aims to steer the fuzzer towards predefined target sites in the program…”
Získat plný text

Build and Runtime Integrity for Java Autor Sharma, Aman

“…Software Supply Chain attacks are increasingly threatening the security of software systems, with the potential to compromise both build and runtime integrity…”
Získat plný text