all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Trojan Source: Invisible Vulnerabilities. (arXiv:2111.00169v2 [cs.CR] UPDATED)

Add to bookmarks
March 9, 2023, 2:10 a.m. | Nicholas Boucher, Ross Anderson

cs.CR updates on arXiv.org arxiv.org

We present a new type of attack in which source code is maliciously encoded
so that it appears different to a compiler and to the human eye. This attack
exploits subtleties in text-encoding standards such as Unicode to produce
source code whose tokens are logically encoded in a different order from the
one in which they are displayed, leading to vulnerabilities that cannot be
perceived directly by human code reviewers. 'Trojan Source' attacks, as we call
them, pose an immediate …

attack attacks code compiler encoding exploits human order source code standards text tokens trojan trojan source unicode vulnerabilities

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Differentially private Bayesian tests 2 days, 13 hours ago | arxiv.org
arxiv confidential cornerstone cs.cr +16
On the Learnability of Watermarks for Language Models 2 days, 13 hours ago | arxiv.org
arxiv ask can cs.cl +12
Intriguing Properties of Diffusion Models: An Empirical Study of the Natural Attack Capability in Text-to-Image … 2 days, 13 hours ago | arxiv.org
applications arxiv attack cs.cr +14
On the Reliability of Watermarks for Large Language Models 2 days, 13 hours ago | arxiv.org
arxiv bots cs.cl cs.cr +23
A Watermark for Large Language Models 2 days, 13 hours ago | arxiv.org
arxiv can cs.cl cs.cr +13
Asymmetric Distributed Trust 2 days, 13 hours ago | arxiv.org
abstraction algorithms arxiv can +12
Read Disturbance in High Bandwidth Memory: A Detailed Experimental Study on HBM2 DRAM Chips 2 days, 13 hours ago | arxiv.org
arxiv bandwidth chips cs.ar +5
ABACuS: All-Bank Activation Counters for Scalable and Low Overhead RowHammer Mitigation 2 days, 13 hours ago | arxiv.org
access address area arxiv +17
A Case Study of Large Language Models (ChatGPT and CodeBERT) for Security-Oriented Code Analysis 2 days, 13 hours ago | arxiv.org
analysis arxiv can capabilities +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com

Cryptography Software Developer

@ Intel | USA - AZ - Chandler
View on infosec-jobs.com

Lead Consultant, Geology

@ WSP | Richmond, VA, United States
View on infosec-jobs.com

BISO Cybersecurity Director

@ ABM Industries | Alpharetta, GA, United States
View on infosec-jobs.com
View more jobs