A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Finding Security Vulnerabilities in Network Protocol Implementations
[article]
2020
arXiv
pre-print
Preserved Fulltext
Our experimental results show that ESBMC can be further developed within our verification framework called FuSeBMC, to efficiently and effectively detect intricate security vulnerabilities in network protocol ...
Finding practical approaches for checking the security of network protocol implementations has proven to be a challenging problem. ...
Techniques such as fuzzing [20] , symbolic execution [16] , static code analysis [12] , and taint tracking [22] are the most common techniques to detect security vulnerabilities in network protocol ...
arXiv:2001.09592v1
fatcat:gwhsnn23ircg7cikfkksdir6ui
Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
And we have explored many software tools to detect the security vulnerabilities of smart contracts in terms of static analysis, dynamic analysis, and formal verification. ...
We also investigated the limitations of the tools or analysis methods with respect to the identified security vulnerabilities of the smart contracts. ...
We thank to Loi Luu, Antoine Delignat-Lavaud, Ivica Nikolić and Yuxiao Zhu for their coordination. ...
arXiv:1908.08605v3
fatcat:c3byi3iubfacpbgt4uh3xts5oq
ForASec: Formal Analysis of Security Vulnerabilities in Sequential Circuits
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2020 pre-print arXiv:1812.05446v2 fatcat:gvkjk66fwvh2fcg5scvybdfdgqOther Versions
We analyze multiple ISCAS89 and trust-hub benchmarks to demonstrate the efficacy of our framework in identifying security vulnerabilities. ...
Security vulnerability analysis of Integrated Circuits using conventional design-time validation and verification techniques (like simulations, emulations, etc.) is generally a computationally intensive ...
ACKNOWLEDGMENT This work is supported in parts by the Austrian Research Promotion Agency (FFG) and the Austrian Federal Ministry for Transport, Innovation, and Technology (BMVIT) under the ICT of the Future ...
arXiv:1812.05446v3
fatcat:qjcwkhsegnegpmatzckak3fedm
Emerging Threats and Vulnerabilities
[chapter]
2013
Managing Risk and Information Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Some of these hybrid attacks have shown they can circumvent new security features. ...
Interoperability between programs has resulted in a new category of hybrid attacks where malicious objects are concealed in innocent-looking ones to thwart detection. ...
doi:10.1007/978-1-4302-5114-9_6
fatcat:7zxrpnshlnh7pgfjbi4dzega7e
A Review on C3I Systems' Security: Vulnerabilities, Attacks, and Countermeasures
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Furthermore, our survey has enabled us to: (i) propose a taxonomy for security vulnerabilities, attack vectors and countermeasures; (ii) interrelate attack vectors with security vulnerabilities and countermeasures ...
Consequently, cyber adversaries leverage highly sophisticated attack vectors to exploit security vulnerabilities in C3I systems. ...
ACKNOWLEDGMENTS The work has been supported by the Cyber Security Research Centre Limited whose activities are partially funded by the Australian Government's Cooperative Research Centres Programme. ...
arXiv:2104.11906v2
fatcat:nvz3bssy55fwlcwqzkd7n3zism
An Automated Vulnerability Detection and Remediation Method for Software Security
2018
Sustainability
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We propose an automated vulnerability detection method based on binary complexity analysis to prevent a zero-day attack. ...
This paper introduces a trend of techniques and tools related to automated vulnerability detection and remediation. ...
Conflicts of Interest: The authors declare no conflict of interest. ...
doi:10.3390/su10051652
fatcat:752sfczsgrdwniw4nlez6jfzaq
Availability Assessment of Embedded Systems with Security Vulnerabilities
2011
2011 IEEE 34th Software Engineering Workshop
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
The results of the study obtained for availability assessment due to security lapses show that a modeling technique may be used to evaluate the need for appropriate mitigation mechanisms allowing the system ...
to withstand the attacks still assuring desired level of availability. ...
on the level of security to be applied. ...
doi:10.1109/sew.2011.12
dblp:conf/sew/KorneckiZS11
fatcat:jtbnsss6gfgx3lmnq6jid6ws6u
Understanding the Quality of Container Security Vulnerability Detection Tools
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Consequently, a number of container scanning tools are available for detecting container security vulnerabilities. ...
However, the pressing concern with the use of containers is its susceptibility to security attacks. ...
Therefore, we recommend the usage of a hybrid approach by using metadata to find reported vulnerabilities (as identified from a vulnerability database), and by running static code analysis to detect new ...
arXiv:2101.03844v1
fatcat:b4p7itwnhrgwvlhjqb3gmsghj4
Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We developed a working prototype, called RevOK, and we applied it to 78 scanning systems. Out of them, 36 were found vulnerable to XSS. ...
The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. ...
Conclusion In this paper we introduced a new methodology, based on a novel attacker model, to detect vulnerabilities in scanning systems. ...
arXiv:2006.09769v1
fatcat:lyaiuqd5yvamnods5n7j4ci6fa
Applied Vulnerability Detection System
2015
2015 IEEE International Symposium on Technologies for Homeland Security (HST)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In [1], we presented a Vulnerability Detection System (VDS) that can detect emergent vulnerabilities in complex Cyber Physical Systems (CPS). ...
With a combination of simulation and vehicle instrumented real-time execution, the AAEP confirms each candidate attack. The AAEPs output is used as feedback to refine the Alloy model. ...
Attack-Centric Analysis and Context The common bottom-up technology-centric perspective promoted by security researchers comes at the expense of understanding how a hacker discovers and exploits vulnerabilities ...
doi:10.1109/ths.2015.7225296
fatcat:zw4qmuz3j5dxlp577dp3sqfrfq
The Current and Future of Software Securities and Vulnerabilities
2014
Journal of Software Engineering and Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2014; you can also visit the original URL.
The file type is application/pdf.
And then the testing professors take which kinds of methods to test the software with white-box testing or black-box testing to discover the vulnerabilities and flaws. ...
At the same time, the paper gives some examples to demonstrate why the security of software is pretty important and what we should do to secure that. ...
The testing site has to analyse the execution trace for vulnerabilities detection. We organize the bit sequences of tested execution paths as a binary decision tree (BDT). ...
doi:10.4236/jsea.2014.71001
fatcat:pz77momuw5buvg7z26dnz4ezoi
SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns' Detection
2021
Security and Communication Networks
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. ...
To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. ...
To secure the SC and detect its security vulnerabilities before deployment to blockchain, many researchers have contributed to the static and dynamic analysis of SC. ...
doi:10.1155/2021/2897565
fatcat:7gt5efmez5dsph6yezpx5p2xju
A novel hybrid method to analyze security vulnerabilities in Android applications
2020
Tsinghua Science and Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In addition, our dynamic analysis can be extended to detect more types of vulnerabilities. ...
We propose a novel hybrid method to analyze the security vulnerabilities in Android applications. ...
However, the dynamic analysis is not only expensive but also difficult to detect certain types of security vulnerabilities. Our hybrid method can avoid these shortcomings. ...
doi:10.26599/tst.2019.9010067
fatcat:udxcnk7pona7rnakt5weqxup5i
Extracting Information about Security Vulnerabilities from Web Text
2011
2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
The Web is an important source of information about computer security threats, vulnerabilities and cyberattacks. ...
We present initial work on developing a framework to detect and extract information about vulnerabilities and attacks from Web text. ...
ACKNOWLEDGMENT This work was partially supported by an grant from the Air Force Office of Scientific Research (MURI FA9550-08-1-0265) and a gift from Northrop Grumman Corporation. ...
doi:10.1109/wi-iat.2011.26
dblp:conf/iat/MulwadLJFV11
fatcat:jp7ze5bxergtrh5fsjxsiombva
Secure Coding Practices in Java: Challenges and Vulnerabilities
[article]
2017
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
More interestingly, we identified security vulnerabilities in the suggested code of accepted answers. ...
However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. ...
Detecting Security Vulnerabilities Approaches were built to detect security vulnerabilities caused by API misuse [75, 78, 80, 81, 83, 85, 87, 94] . ...
arXiv:1709.09970v1
fatcat:j4m3gjblinfermu737cpheaeum
« Previous
Showing results 1 — 15 out of 23,627 results