Zobrazeno 1 - 10
of 136
pro vyhledávání: '"Godefroid, Patrice"'
Autor:
Zahan, Nusrat, Zimmermann, Thomas, Godefroid, Patrice, Murphy, Brendan, Maddila, Chandra, Williams, Laurie
Modern software development frequently uses third-party packages, raising the concern of supply chain security attacks. Many attackers target popular package managers, like npm, and their users with supply chain attacks. In 2021 there was a 650% year
Externí odkaz:
http://arxiv.org/abs/2112.10165
Security is critical to the adoption of open source software (OSS), yet few automated solutions currently exist to help detect and prevent malicious contributions from infecting open source repositories. On GitHub, a primary host of OSS, repositories
Externí odkaz:
http://arxiv.org/abs/2103.03846
We introduce a new programming paradigm called oracle-guided decision programming in which a program specifies a Markov Decision Process (MDP) and the language provides a universal policy. We prototype a new programming language, Dodona, that manifes
Externí odkaz:
http://arxiv.org/abs/2012.11401
Autor:
Atlidakis, Vaggelis, Geambasu, Roxana, Godefroid, Patrice, Polishchuk, Marina, Ray, Baishakhi
This paper introduces Pythia, the first fuzzer that augments grammar-based fuzzing with coverage-guided feedback and a learning-based mutation strategy for stateful REST API fuzzing. Pythia uses a statistical model to learn common usage patterns of a
Externí odkaz:
http://arxiv.org/abs/2005.11498
Cloud services have recently exploded with the advent of powerful cloud-computing platforms such as Amazon Web Services and Microsoft Azure. Today, most cloud services are accessed through REST APIs, and Swagger is arguably the most popular interface
Externí odkaz:
http://arxiv.org/abs/1806.09739
Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision proc
Externí odkaz:
http://arxiv.org/abs/1801.04589
Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar suitable for inp
Externí odkaz:
http://arxiv.org/abs/1701.07232
Autor:
GODEFROID, PATRICE1 pg@microsoft.compartner
Publikováno v:
Communications of the ACM. Feb2020, Vol. 63 Issue 2, p70-76. 7p. 2 Color Photographs, 2 Diagrams, 1 Graph.
Autor:
Zahan, Nusrat, Zimmermann, Thomas, Godefroid, Patrice, Murphy, Brendan, Maddila, Chandra, Williams, Laurie
Publikováno v:
Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice.
Modern software development frequently uses third-party packages, raising the concern of supply chain security attacks. Many attackers target popular package managers, like npm, and their users with supply chain attacks. In 2021 there was a 650% year
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_dedup___::184d26a620d9d634e8826e479db14f00
https://doi.org/10.1145/3510457.3513044
https://doi.org/10.1145/3510457.3513044
Publikováno v:
ICSE: International Conference on Software Engineering; 5/25/2019, p748-758, 11p