ﻻ يوجد ملخص باللغة العربية
Automatic patch generation can significantly reduce the window of exposure after a vulnerability is disclosed. Towards this goal, a long-standing problem has been that of patch localization: to find a program point at which a patch can be synthesized. We present PatchLoc, one of the first systems which automatically identifies such a location in a vulnerable binary, given just one exploit, with high accuracy. PatchLoc does not make any assumptions about the availability of source code, test suites, or specialized knowledge of the vulnerability. PatchLoc pinpoints valid patch locations in large real-world applications with high accuracy for about 88% of 43 CVEs we study. These results stem from a novel approach to automatically synthesizing a test-suite which enables probabilistically ranking and effectively differentiating between candidate program patch locations.
With the increasing usage of open-source software (OSS) components, vulnerabilities embedded within them are propagated to a huge number of underlying applications. In practice, the timely application of security patches in downstream software is cha
Android Framework is a layer of software that exists in every Android system managing resources of all Android apps. A vulnerability in Android Framework can lead to severe hacks, such as destroying user data and leaking private information. With ten
A fundamental premise of SMS One-Time Password (OTP) is that the used pseudo-random numbers (PRNs) are uniquely unpredictable for each login session. Hence, the process of generating PRNs is the most critical step in the OTP authentication. An improp
Vulnerability prediction refers to the problem of identifying the system components that are most likely to be vulnerable based on the information gained from historical data. Typically, vulnerability prediction is performed using manually identified
Despite the high stakes involved in smart contracts, they are often developed in an undisciplined manner, leaving the security and reliability of blockchain transactions at risk. In this paper, we introduce ContraMaster: an oracle-supported dynamic e