ArXivCSExplorer
☆☆Bookmarks🏆RSSHow to UseFAQ
Built with and by Teycir Ben Soltane•
How to Use•FAQ•GitHub•arXiv.org•
Share:

~ similar to 2605.03492v2· 20 results

cs.CRRecentMay 13, 2026

Memory Forensics Techniques for Automated Detection and Analysis of Go Malware

Hala Ali, Andrew Case, Irfan Ahmed

The paper introduces a novel memory forensics framework to perform runtime analysis of Go malware, successfully recovering critical execution state and artifacts that are invisible to traditional stat…

View →
cs.CRRecentJun 1, 2026

PeAR: A Static Binary Rewriting Framework for Binary-Only Fuzzing

Alvin Charles, Adrian Herrera, Peter Oslington, Alwen Tiu

The paper introduces PeAR, a static binary rewriting framework that proves static binary instrumentation (SBI) is a practical and effective alternative to dynamic binary instrumentation (DBI) for high…

View →
cs.CRRecentJun 4, 2026

GCD: Garbled, Corrected, Demonstrandum -- Fixing and Proving Go's Extended GCD Implementation

Linard Arquint

This paper fixes two subtle bugs in Go's extended GCD implementation, which is critical for RSA key generation, and formally proves the correctness and termination of the corrected code.

View →
cs.CRcs.SERecentApr 27, 2026

Evaluating Cryptographic API Misuse Detectors for Go

Vivi Andersson, Martin Monperrus

This paper provides the first comprehensive study of cryptographic API misuse detection in Go, evaluating four state-of-the-art tools and discovering 7,473 instances of cryptographic API misuses acros…

View →
cs.PLcs.CRRecentApr 15, 2026

Erlang Binary and Source Code Obfuscation

Gregory Morse, Tamás Kozsik

This paper analyzes various source-to-bytecode obfuscation techniques for Erlang, demonstrating that effective protection relies on exploiting the representational gaps between high-level semantics an…

View →
cs.CRcs.AIcs.SERecentApr 7, 2026

Broken by Default: A Formal Verification Study of Security Vulnerabilities in AI-Generated Code

Dominik Blain, Maxime Noiseux

This study formally verified 3,500 AI-generated code artifacts and found that a majority (55.8%) contain exploitable security vulnerabilities, regardless of the LLM used.

View →
cs.PLcs.CRRecentApr 15, 2026

Filament: Denning-Style Information Flow Control for Rust

Jeffrey C. Ching, Quan Zhou, Danfeng Zhang

Filament is a novel, compiler-agnostic static information-flow control (IFC) library for Rust that enables fine-grained, Denning-style tracking of both explicit and implicit data flows with minimal pr…

View →
cs.CRcs.AIRecentApr 22, 2026

Mythos and the Unverified Cage: Z3-Based Pre-Deployment Verification for Frontier-Model Sandbox Infrastructure

Dominik Blain

The paper introduces COBALT, a Z3 SMT-based formal verification engine, to proactively detect arithmetic vulnerabilities (CWE-190/191/195) in the critical infrastructure surrounding frontier AI models…

View →
cs.ARcs.CRRecentMay 13, 2026

PoisonCap: Efficient Hierarchical Temporal Safety for CHERI

Yuecheng Wang, Jonathan Woodruff, Alfredo Mazzinghi, Peter Rugg +4 more

PoisonCap introduces a new 'poison' capability format for CHERI systems to provide efficient, strict use-after-free and initialization safety, surpassing existing temporal safety solutions.

View →
cs.CRcs.SCRecentMay 25, 2026

Heimdall: Formally Verified Automated Migration of Legacy eBPF Programs to Rust

Vishnu Asutosh Dasu, Monika Santra, Md Rafi Ur Rashid, Ashish Kumar +2 more

The paper introduces Heimdall, an automated pipeline that uses LLMs and formal verification to safely and automatically migrate legacy, potentially buggy eBPF programs written in C to memory-safe Rust…

View →
cs.CRcs.CLRecentMay 4, 2026

FunFuzz: An LLM-Powered Evolutionary Fuzzing Framework

Mario Rodríguez Béjar, B. Romera-Paredes, Jose L. Hernández-Ramos

FunFuzz introduces a multi-island evolutionary fuzzing framework that uses LLMs to generate structured inputs, achieving superior compiler coverage and discovering more unique failures compared to exi…

View →
cs.CRRecentMar 31, 2026

Detecting speculative leaks with compositional semantics

Xaver Fabian, Marco Guarnieri, Boris Köpf, Jose F. Morales +3 more

The paper proposes a novel framework, Speculative Non-Interference (SNI), and a tool, Spectector, to formally detect and verify security vulnerabilities arising from complex interactions of multiple s…

View →
cs.CRcs.PLcs.SERecentApr 28, 2026

Symbolic Execution Meets Multi-LLM Orchestration: Detecting Memory Vulnerabilities in Incomplete Rust CVE Snippets

Zeyad Abdelrazek, Young Lee

The paper introduces a novel multi-LLM orchestration system combined with symbolic execution to successfully detect memory vulnerabilities in uncompilable, incomplete Rust CVE code snippets, achieving…

View →
cs.CRRecentApr 5, 2026

Semantics Over Syntax: Uncovering Pre-Authentication 5G Baseband Vulnerabilities

Qiqing Huang, Xingyu Wang, Wanda Guo, Guofei Gu +1 more

The paper introduces Constraint-Guided Semantic Testing (ConSeT), a novel framework that systematically finds critical, pre-authentication vulnerabilities in 5G User Equipment (UE) by exploiting seman…

View →
cs.CRRecentApr 2, 2026

Contextualizing Sink Knowledge for Java Vulnerability Discovery

Fabian Fleischer, Cen Zhang, Joonun Jang, Jeongin Cho +2 more

GONDAR is a novel sink-centric fuzzing framework that systematically leverages vulnerability-specific knowledge to discover Java security flaws, significantly outperforming state-of-the-art fuzzers.

View →
cs.CRcs.SERecentApr 5, 2026

Triggering and Detecting Exploitable Library Vulnerability from the Client by Directed Greybox Fuzzing

Yukai Zhao, Menghan Wu, Xing Hu, Shaohua Wang +2 more

The paper proposes LiveFuzz, a directed greybox fuzzing technique that detects the exploitability of third-party library vulnerabilities from client programs without requiring pre-existing proof-of-co…

View →
cs.SEcs.CRRecentMar 27, 2026

A Large-scale Empirical Study on the Generalizability of Disclosed Java Library Vulnerability Exploits

Zirui Chen, Qi Zhan, Jiayuan Zhou, Xing Hu +2 more

This paper conducts a large-scale empirical study demonstrating that Java library exploits can accurately identify affected versions, achieving high recall and precision, and proposes strategies for e…

View →
cs.ARcs.AIcs.CRRecentApr 15, 2026

VeriCWEty: Embedding enabled Line-Level CWE Detection in Verilog

Prithwish Basu Roy, Zeng Wang, Anatolii Chuvashlov, Weihua Xiao +3 more

VeriCWEty proposes an embedding-based framework to detect and classify common software vulnerabilities (CWEs) in Verilog RTL code at both module and line levels, achieving high detection accuracy.

View →
cs.CRcs.SERecentMay 19, 2026

SCARA: A Semantics-Constrained Autonomous Remediation Agent for Opaque Industrial Software Vulnerabilities

Bowei Ning, Xuejun Zong, Lian Lian, Kan He +3 more

SCARA is a novel, end-to-end framework that autonomously connects binary-level vulnerability candidates to conditionally validated remedies for opaque industrial software, achieving high precision and…

View →
cs.CRRecentApr 12, 2026

Analyzing Vector Register Usage in Linux Packages to Understand Real-World Impact of Downfall Attack

Yohei Harata, Soramichi Akiyama

This paper analyzes vector register usage across thousands of Linux packages to determine the real-world impact of the Downfall side-channel attack, finding that over 60% of packages use vector regist…

View →