The immutable feature of blockchain determines that traditional security response
mechanisms (eg, code patching) must change to remedy insecure smart contracts. The only …

Component hijacking is a class of vulnerabilities commonly appearing in Android
applications. When these vulnerabilities are triggered by attackers, the vulnerable apps can …

Integer errors have emerged as an important threat to systems security, because they allow
exploits such as buffer overflow and privilege escalation. This paper presents KINT, a tool …

Automated Program Repair (APR) faces a key challenge in efficiently generating correct
patches from a potentially infinite solution space. Existing approaches, which attempt to …

C makes it easy to misuse integer types; even mature programs harbor many badly-written
integer code. Traditional approaches at best detect these problems; they cannot guide …

The integer primitive type has upper and lower bounds in many programming languages,
including C, and Java. These limits might lead programs that manipulate large integer …

We present a new technique and system, DIODE, for auto-matically generating inputs that
trigger overflows at memory allocation sites. DIODE is designed to identify relevant sanity …

Rust is an emerging programming language which aims to provide both safety guarantee
and runtime efficiency, and has been used extensively in system programming scenarios …

We present a system, SIFT, for generating input filters that nullify integer overflow errors
associated with critical program sites such as memory allocation or block copy sites. SIFT …

Heap overflow is a prevalent memory corruption vulnerability, playing an important role in
recent attacks. Finding such vulnerabilities in applications is thus critical for security. Many …