Stem vulner$ (all stems)

103 papers:

DATE-2015-MirkhaniMCA #design #estimation #fault #performance

Efficient soft error vulnerability estimation of complex designs (SM, SM, CYC, JA), pp. 103–108.

ICSME-2015-PlatePS #assessment #library #open source

Impact assessment for vulnerabilities in open-source software libraries (HP, SEP, AS), pp. 411–420.

MSR-2015-CamiloMN #case study #debugging

Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project (FC, AM, MN), pp. 269–279.

SANER-2015-CadariuBVD #security

Tracking known security vulnerabilities in proprietary software systems (MC, EB, JV, AvD), pp. 516–519.

CSCW-2015-KoganPA #twitter

Think Local, Retweet Global: Retweeting by the Geographically-Vulnerable during Hurricane Sandy (MK, LP, KMA), pp. 981–993.

SEKE-2015-WangSZ #detection #execution #symbolic computation

Statically-Guided Fork-based Symbolic Execution for Vulnerability Detection (YW, HS, QZ), pp. 536–539.

SIGIR-2015-HaraSKF #recommendation

Reducing Hubness: A Cause of Vulnerability in Recommender Systems (KH, IS, KK, KF), pp. 815–818.

SAC-2015-RrushiFNHCP #protocol #specification

By-design vulnerabilities in the ANSI C12.22 protocol specification (JLR, HF, RN, CH, KC, AP), pp. 2231–2236.

ESEC-FSE-2015-ParameshwaranBS15a #framework #named #robust #testing

DexterJS: robust testing platform for DOM-based XSS vulnerabilities (IP, EB, SS, HD, AS, PS), pp. 946–949.

ESEC-FSE-2015-SmithJMCL #developer #security #static analysis

Questions developers ask while diagnosing potential security vulnerabilities with static analysis (JS, BJ, ERMH, BC, HRL), pp. 248–259.

ICSE-v2-2015-SadeghiBM #analysis #android #security #using

Analysis of Android Inter-App Security Vulnerabilities Using COVERT (AS, HB, SM), pp. 725–728.

ISSTA-2015-HayTP #android #communication #detection

Dynamic detection of inter-application communication vulnerabilities in Android (RH, OT, MP), pp. 118–128.

DATE-2014-HelfmeierBNTS #physics

Physical vulnerabilities of Physically Unclonable Functions (CH, CB, DN, ST, JPS), pp. 1–4.

FASE-2014-SadeghiEM #analysis #mining #repository #security

Mining the Categorized Software Repositories to Improve the Analysis of Security Vulnerabilities (AS, NE, SM), pp. 155–169.

CHI-2014-WarnestalSN

Co-constructing child personas for health-promoting services with vulnerable children (PW, PS, JN), pp. 3767–3776.

DUXU-TMT-2014-CorreiaSCBS #design #risk management #safety

Design as a Tool for Managing Risks and Vulnerabilities Regarding Artifacts of Public Safety (WC, SXdS, FC, MLNB, MMS), pp. 437–444.

ICEIS-v2-2014-DingTZ #automation #c #c++ #source code

Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs (SD, HBKT, HZ), pp. 49–59.

ICEIS-v2-2014-SimpsonC #enterprise

Vulnerability and Remediation for a High-assurance Web-based Enterprise (WRS, CC), pp. 119–128.

SAC-2014-ChenZW #detection #named #testing

Crashmaker: an improved binary concolic testing tool for vulnerability detection (BC, QZ, WW), pp. 1257–1263.

SAC-2014-KarumanchiS #case study #scalability #web #web service

In the wild: a large scale study of web services vulnerabilities (SK, ACS), pp. 1239–1246.

SAC-2014-ShahriarH #assessment #fuzzy #injection #risk management #using

Risk assessment of code injection vulnerabilities using fuzzy logic-based system (HS, HH), pp. 1164–1170.

FSE-2014-BosuCHHJ #empirical #identification

Identifying the characteristics of vulnerable code changes: an empirical study (AB, JCC, MH, PH, DJ), pp. 257–268.

ASPLOS-2014-BanabicCG #distributed

Finding trojan message vulnerabilities in distributed systems (RB, GC, RG), pp. 113–126.

ICST-2014-AydinAB #automation #generative #testing

Automated Test Generation from Vulnerability Signatures (AA, MA, TB), pp. 193–202.

ISSTA-2014-AppeltNBA #approach #automation #injection #sql #testing

Automated testing for SQL injection vulnerabilities: an input mutation approach (DA, CDN, LCB, NA), pp. 259–269.

DAC-2013-AgostaBMP #analysis

Compiler-based side channel vulnerability analysis and optimized countermeasures application (GA, AB, MM, GP), p. 6.

DATE-2013-CarreteroHMRV

Capturing vulnerability variations for register files (JC, EH, MM, TR, XV), pp. 1468–1473.

DATE-2013-ImagawaTOS #analysis #architecture #configuration management #effectiveness

A cost-effective selective TMR for heterogeneous coarse-grained reconfigurable architectures based on DFG-level vulnerability analysis (TI, HT, HO, TS), pp. 701–706.

IFM-2013-SavaryFL #bytecode #detection #modelling #testing #using #verification

Detecting Vulnerabilities in Java-Card Bytecode Verifiers Using Model-Based Testing (AS, MF, JLL), pp. 223–237.

CHI-2013-ThiemeWJMLWOM #design #women

Design to promote mindfulness practice and sense of self for vulnerable women in secure hospital services (AT, JW, PJ, JCM, SEL, PCW, PO, TDM), pp. 2647–2656.

SAC-2013-PayetDKV #analysis #execution #scalability

EARs in the wild: large-scale analysis of execution after redirect vulnerabilities (PP, AD, CK, GV), pp. 1792–1799.

ICSE-2013-MeneelyL #re-engineering

Vulnerability of the day: concrete demonstrations for software engineering undergraduates (AM, SL), pp. 1154–1157.

ICSE-2013-SharTB #hybrid #injection #mining #program analysis #sql #using

Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis (LKS, HBKT, LCB), pp. 642–651.

ICSE-2013-ZhengZ #detection #execution #static analysis #web

Path sensitive static analysis of web applications for remote code execution vulnerability detection (YZ, XZ), pp. 652–661.

CAV-2013-SosnovichGN #network #protocol #security #using

Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems (AS, OG, GN), pp. 724–739.

ICST-2013-BlomeOLPD #flexibility #modelling #named #testing

VERA: A Flexible Model-Based Vulnerability Testing Tool (AB, MO, KL, MP, MTD), pp. 471–478.

ICST-2013-Vernotte #modelling #research #testing #web

Research Questions for Model-Based Vulnerability Testing of Web Applications (AV), pp. 505–506.

ASE-2012-AlmorsyGI #analysis #automation #using

Supporting automated vulnerability analysis using formalized vulnerability signatures (MA, JG, ASI), pp. 100–109.

ASE-2012-SharT #predict #validation #web

Predicting common web application vulnerabilities from input validation and sanitization code patterns (LKS, HBKT), pp. 310–313.

DATE-2012-RahimiBG #analysis

Analysis of instruction-level vulnerability to dynamic voltage and temperature variations (AR, LB, RKG), pp. 1102–1105.

DATE-2012-TabkhiS #approach #power management

Application-specific power-efficient approach for reducing register file vulnerability (HT, GS), pp. 574–577.

WCRE-2012-GauthierM #data access #detection #performance #php

Fast Detection of Access Control Vulnerabilities in PHP Applications (FG, EM), pp. 247–256.

CHI-2012-ShiraziMKS #authentication #gesture

Assessing the vulnerability of magnetic gestural authentication to video-based shoulder surfing attacks (ASS, PM, HK, AS), pp. 2045–2048.

ICSE-2012-MollerS #automation #detection

Automated detection of client-state manipulation vulnerabilities (AM, MS), pp. 749–759.

ICSE-2012-ShahzadSL #analysis #lifecycle #scalability

A large scale exploratory analysis of software vulnerability life cycles (MS, MZS, AXL), pp. 771–781.

ICSE-2012-SharT #injection #mining #predict #sql

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities (LKS, HBKT), pp. 1293–1296.

OSDI-2012-KimCZ #performance #web

Efficient Patch-based Auditing for Web Application Vulnerabilities (TK, RC, NZ), pp. 193–206.

ICST-2012-DucheneGRR #detection #fuzzing #model inference #using

XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing (FD, RG, SR, JLR), pp. 815–817.

ISSTA-2012-CaballeroGMN #detection #named #pointer

Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities (JC, GG, MM, AN), pp. 133–143.

SCAM-2011-AvanciniC #approach #search-based #security #testing #web

Security Testing of Web Applications: A Search-Based Approach for Cross-Site Scripting Vulnerabilities (AA, MC), pp. 85–94.

WCRE-2011-CodobanMM #design #fault #named #problem

iProblems — An Integrated Instrument for Reporting Design Flaws, Vulnerabilities and Defects (MC, CM, RM), pp. 437–438.

SIGAda-2011-PhDJPD

Software vulnerabilities precluded by spark (JLT, FDJ, PEB, CED), pp. 39–46.

ICEIS-v4-2011-WuW #enterprise #multi

A Multi-layer Tree Model for Enterprise Vulnerability Management (BW, AJAW), pp. 389–394.

KDD-2011-GundechaBL #network #privacy #social

Exploiting vulnerability to secure user privacy on a social networking site (PG, GB, HL), pp. 511–519.

SAC-2011-Mammar #approach #bibliography #c #detection

An overview of a proof-based approach to detecting C vulnerabilities (AM), pp. 1343–1344.

ICSE-2011-WuSG #case study #empirical

Empirical results on the study of software vulnerabilities (YW, HPS, RG), pp. 964–967.

ICSE-2011-YuAB #synthesis

Patching vulnerabilities with sanitization synthesis (FY, MA, TB), pp. 251–260.

CAV-2011-GaneshKAGHE #analysis #detection #named #string #testing

HAMPI: A String Solver for Testing, Analysis and Vulnerability Detection (VG, AK, SA, PJG, PH, MDE), pp. 1–19.

ICST-2011-BekrarBGM #fuzzing

Finding Software Vulnerabilities by Smart Fuzzing (SB, CB, RG, LM), pp. 427–430.

ICST-2011-SmithW #detection #heuristic #sql #using #web

Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities (BHS, LW), pp. 220–229.

ICTSS-2011-MammarCJMO #c #detection #source code #testing #using

Using Testing Techniques for Vulnerability Detection in C Programs (AM, ARC, WJ, WM, EMdO), pp. 80–96.

ISSTA-2011-GuarnieriPTDTB #javascript #web

Saving the world wide web from vulnerable JavaScript (SG, MP, OT, JD, ST, RB), pp. 177–187.

ASE-2010-PhamNNN #detection

Detection of recurring software vulnerabilities (NHP, TTN, HAN, TNN), pp. 447–456.

DATE-2010-PanHL #fault #named

IVF: Characterizing the vulnerability of microprocessor structures to intermittent faults (SP, YH, XL), pp. 238–243.

KDD-2010-BozorgiSSV #heuristic #learning #predict

Beyond heuristics: learning to classify vulnerabilities and predict exploits (MB, LKS, SS, GMV), pp. 105–114.

SEKE-2010-FuL #constraints #detection #string #theorem proving #web

A String Constraint Solver for Detecting Web Application Vulnerability (XF, CCL), pp. 535–542.

SEKE-2010-HuangLZ #towards

Towards a Structured Model for Software Vulnerabilities (MH, YL, QZ), pp. 543–547.

SAC-2010-ChowdhuryZ #complexity #metric #question

Can complexity, coupling, and cohesion metrics be used as early indicators of vulnerabilities? (IC, MZ), pp. 1963–1969.

ICSE-2010-PhamNNWNN #detection

Detecting recurring and similar software vulnerabilities (NHP, TTN, HAN, XW, ATN, TNN), pp. 227–230.

LCTES-2010-ShrivastavaLJ #embedded #equation #fault

Cache vulnerability equations for protecting data in embedded processor caches from soft errors (AS, JL, RJ), pp. 143–152.

ICST-2010-ZimmermannNW #predict #security

Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista (TZ, NN, LAW), pp. 421–428.

ASE-2009-YuAB #analysis #generative #source code #string #using

Generating Vulnerability Signatures for String Manipulating Programs Using Automata-Based Forward and Backward Symbolic Analyses (FY, MA, TB), pp. 605–609.

RE-2009-LongLYJ #approach #evaluation #requirements #security

AVT Vector: A Quantitative Security Requirements Evaluation Approach Based on Assets, Vulnerabilities and Trustworthiness of Environment (TL, LL, YY, ZJ), pp. 377–378.

SAC-2009-BreauxLOA #identification #requirements #using

Identifying vulnerabilities and critical requirements using criminal court proceedings (TDB, JDL, PNO, AIA), pp. 355–359.

HPCA-2009-DuanLP #architecture #estimation #metric #performance #predict

Versatile prediction and fast estimation of Architectural Vulnerability Factor from processor performance metrics (LD, BL, LP), pp. 129–140.

HPCA-2009-FuLF #fault #process

Soft error vulnerability aware process variation mitigation (XF, TL, JABF), pp. 93–104.

HPCA-2009-SridharanK #architecture #dependence

Eliminating microarchitectural dependency from Architectural Vulnerability (VS, DRK), pp. 117–128.

ICST-2009-JohM #process

Seasonal Variation in the Vulnerability Discovery Process (HJ, YKM), pp. 191–200.

CBSE-2008-ParrendF #classification #component #java #programming

Classification of Component Vulnerabilities in Java Service Oriented Programming (SOP) Platforms (PP, SF), pp. 80–96.

DAC-2008-HuangYX #composition #on the #reliability #testing

On reliable modular testing with vulnerable test access mechanisms (LH, FY, QX), pp. 834–839.

SCAM-2008-PentaCA #detection #evolution #source code

The Evolution and Decay of Statically Detected Source Code Vulnerabilities (MDP, LC, LA), pp. 101–110.

SCAM-2008-WangZZ #automation #detection #model checking #program analysis

Automated Detection of Code Vulnerabilities Based on Program Analysis and Model Checking (LW, QZ, PZ), pp. 165–173.

CHI-2008-SankarpandianLE #named #using

Talc: using desktop graffiti to fight software vulnerability (KS, TL, WKE), pp. 1055–1064.

ICEIS-ISAS2-2008-LeL #analysis #web

Realizing Web Application Vulnerability Analysis via AVDL (HTL, PKKL), pp. 259–265.

ICSE-2008-WassermannS #detection #static analysis

Static detection of cross-site scripting vulnerabilities (GW, ZS), pp. 171–180.

ICLP-2008-Tsitovich #detection #model checking #security #using

Detection of Security Vulnerabilities Using Guided Model Checking (AT), pp. 822–823.

PLDI-2007-WassermannS #analysis #injection #precise #web

Sound and precise analysis of web applications for injection vulnerabilities (GW, ZS), pp. 32–41.

DATE-2006-AsadiSTK #analysis

Vulnerability analysis of L2 cache elements to single event upsets (HA, VS, MBT, DRK), pp. 1276–1281.

ICSM-2006-ByersASD #graph #modelling

Modeling Software Vulnerabilities With Vulnerability Cause Graphs (DB, SA, NS, CD), pp. 411–422.

WCRE-2006-MerloLA #analysis #injection #php #sql

Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP (EM, DL, GA), pp. 147–156.

AdaEurope-2006-BreuerP #fault #kernel #linux #source code #static analysis

One Million (LOC) and Counting: Static Analysis for Errors and Vulnerabilities in the Linux Kernel Source Code (PTB, SP), pp. 56–70.

OSDI-2006-ReisDWDE #html #named

BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML (CR, JD, HJW, OD, SE), pp. 61–74.

ICDAR-2005-YamazakiNTK #case study #online #verification

A Study on Vulnerability in On-line Writer Verification System (YY, AN, KT, NK), pp. 640–644.

SAC-2005-HouD #analysis #design #detection #search-based

Immunity-based intrusion detection system design, vulnerability analysis, and GENERTIA’s genetic arms race (HH, GVD), pp. 952–956.

SOSP-2005-JoshiKDC #detection

Detecting past and present intrusions through vulnerability-specific predicates (AJ, STK, GWD, PMC), pp. 91–104.

ICEIS-v3-2004-YongzhengX #taxonomy

A New Vulnerability Taxonomy Based on Privilege Escalation (YZ, XcY), pp. 596–600.

SAC-2004-BistarelliFO #constraints #detection #modelling #problem #using

Modeling and detecting the cascade vulnerability problem using soft constraints (SB, SNF, BO), pp. 383–390.

ICSM-2003-DaCostaDMP #security

Characterizing the “Security Vulnerability Likelihood” of Software Functions (DD, CD, SM, VP), p. 266–?.

CIKM-2002-TosunF #similarity

Vulnerabilities in similarity search based systems (AST, HF), pp. 110–117.

SAC-2002-ThompsonWM #security #testing

Software security vulnerability testing in hostile environments (HHT, JAW, FEM), pp. 260–264.

SCAM-2001-WeberSR #case study #constraints #detection #optimisation #security #using

A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization (MW, VS, CR), pp. 3–13.

KDD-2000-RaghavanBS #detection #predict #process #using

Defection detection: using activity profiles to predict ISP customer vulnerability (NR, RMB, MS), pp. 506–515.

ASPLOS-1992-KubiatowiczCA #memory management #multi #transaction

Closing the Window of Vulnerability in Multiphase Memory Transactions (JK, DC, AA), pp. 274–284.