Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- posterNovember 2020
Towards Using Source Code Repositories to Identify Software Supply Chain Attacks
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications SecurityPages 2093–2095https://doi.org/10.1145/3372297.3420015Increasing popularity of third-party package repositories, like NPM, PyPI, or RubyGems, makes them an attractive target for software supply chain attacks. By injecting malicious code into legitimate packages, attackers were known to gain more than 100,...
- ArticleDecember 2013
Effective Fuzzing Based on Dynamic Taint Analysis
CIS '13: Proceedings of the 2013 Ninth International Conference on Computational Intelligence and SecurityPages 615–619https://doi.org/10.1109/CIS.2013.135In this paper we present a new vulnerability-targeted black box fuzzing approach to effectively detect errors in the program. Unlike the standard fuzzing techniques that randomly change bytes of the input file, our approach remarkably reduces the ...
- research-articleNovember 2008
Requirements engineering: from craft to discipline
SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineeringPages 238–249https://doi.org/10.1145/1453101.1453133Getting the right software requirements under the right environment assumptions is a critical precondition for developing the right software. This task is intrinsically difficult. We need to produce a complete, adequate, consistent, and well-structured ...
- research-articleMarch 2004
Software Process Representation and Analysis for Framework Instantiation
IEEE Transactions on Software Engineering (ISOF), Volume 30, Issue 3Pages 145–159https://doi.org/10.1109/TSE.2004.1271169Object-oriented frameworks are currently regarded as a promising technology for reusing designs and implementations. However, developers find there is still a steep learning curve when extracting the design rationale and understanding the framework ...
- research-articleFebruary 2001
Lightweight Extraction of Object Models from Bytecode
IEEE Transactions on Software Engineering (ISOF), Volume 27, Issue 2Pages 156–169https://doi.org/10.1109/32.908960A program's object model captures the essence of its design. For some programs, no object model was developed during design; for others, an object model exists but may be out-of-sync with the code. This paper describes a tool that automatically extracts ...