ASE 2025
Sun 16 - Thu 20 November 2025 Seoul, South Korea

This program is tentative and subject to change.

Tue 18 Nov 2025 14:00 - 14:10 at Grand Hall 5 - Security 2

Discovering potential vulnerabilities has long been a fundamental goal in software security. Among them, bit flips, caused by hardware or environmental disturbances, are increasingly recognized as a new type of vulnerabilities that threaten program reliability at the instruction level. However, existing work is often restricted to individual programs and requires retraining when applied to unseen code, severely limiting their practicality and responsiveness. In this paper, we propose CIVP, a novel framework for context-aware instruction vulnerability prediction, generalizing to unseen programs without retraining. Specifically, to capture the rich contextual semantics of instructions, CIVP first leverages Large Language Models (LLMs) to accurately extract semantic embeddings of instructions. Then, CIVP further constructs an instruction execution graph containing complex relations of program execution, which implicates the potential path of error propagation. To improve instruction representation for vulnerability prediction, CIVP enhances GraphSAGE with multi-hop diffusion to capture inter-program structural patterns and contextual dependencies, and adopts pseudo-labeling to improve the model’s generalization for vulnerable instructions. Extensive experiments on a dataset of 26 real-world programs demonstrate that CIVP significantly outperforms the state-of-the-art approaches, achieving up to 20.5%↑ Recall and 18.5%↑ F1-score improvements. Notably, CIVP generalizes well to unseen programs, offering an efficient and scalable solution for proactive instruction-level hardening before software deployment.

This program is tentative and subject to change.

Tue 18 Nov

Displayed time zone: Seoul change

14:00 - 15:30
14:00
10m
Talk
Towards Generalizable Instruction Vulnerability Prediction via LLM-Enhanced Code Representation
Research Papers
Bao Wen Nanjing University of Aeronautics and Astronautics, Jingjing Gu Nanjing University of Aeronautics and Astronautics, Jingxuan Zhang Nanjing University of Aeronautics and Astronautics, Yang Liu Nanyang Technological University, Pengfei Yu Nanjing University of Aeronautics and Astronautics, Yanchao Zhao Nanjing University of Aeronautics and Astronautics
14:10
10m
Talk
Interpretable Vulnerability Detection Reports
Research Papers
Claudia Mamede Carnegie Mellon University, Jose Campos FEUP & LASIGE, Claire Le Goues Carnegie Mellon University, Rui Abreu Faculty of Engineering of the University of Porto, Portugal
14:20
10m
Talk
Security Debt in LLM Agent Applications: A Measurement Study of Vulnerabilities and Mitigation Trade-offs
Research Papers
Zhuoxiang Shen Fudan University, Jiarun Dai Fudan University, Yuan Zhang Fudan University, Min Yang Fudan University
14:30
10m
Talk
Altered Histories in Version Control System Repositories: Evidence from the Trenches
Research Papers
Solal Rapaport Télécom Paris, Institut Polytechnique de Paris, Laurent Pautet Télécom Paris, Institut Polytechnique de Paris, Samuel Tardieu Télécom Paris, Institut Polytechnique de Paris, Stefano Zacchiroli LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France
Pre-print
14:40
10m
Talk
Lares: LLM-driven Code Slice Semantic Search for Patch Presence Testing
Research Papers
Siyuan Li University of Chinese Academy of Sciences & Institute of Information Engineering Chinese Academy of Sciences, China, Yaowen Zheng Institute of Information Engineering at Chinese Academy of Sciences, Hong Li Institute of Information Engineering at Chinese Academy of Sciences, Jingdong Guo Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Chaopeng Dong Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Chunpeng Yan Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Weijie Wang Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Yimo Ren Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Hongsong Zhu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences
14:50
10m
Talk
PoliCond: Condition-Aware Ontology-Driven LLMs for Privacy Policy Analysis
Research Papers
Yalin Feng Nanjing University, Yifei Lu State Key Laboratory for Novel Software Technology, Nanjing University, China, Minxue Pan Nanjing University
15:00
10m
Talk
Understanding Resource Injection Vulnerabilities in Kubernetes Ecosystems
Research Papers
Defang Bo Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Jie Lu Institute of Computing Technology of the Chinese Academy of Sciences, Feng Li Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China, Jingting Chen Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Jinchen Wang Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Chendong Yu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Yeting Li Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Wei Huo Institute of Information Engineering at Chinese Academy of Sciences
15:10
10m
Talk
LLM-Powered Static Binary Taint Analysis
Journal-First Track
Puzhuo Liu Ant Group & Tsinghua University, Chengnian Sun University of Waterloo, Yaowen Zheng Institute of Information Engineering at Chinese Academy of Sciences, Xuan Feng Independent Researcher, Chuan Qin Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Yuncheng Wang Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, UCAS Beijing, China, Zhenyang Xu University of Waterloo, Zhi Li Institute of Information Engineering, Chinese Academy of Sciences, China, Peng Di Ant Group & UNSW Sydney, Yu Jiang Tsinghua university, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences
15:20
10m
Talk
Stealthy Backdoor Attack for Code Models
Journal-First Track
Zhou Yang University of Alberta, Alberta Machine Intelligence Institute , Bowen Xu North Carolina State University, Jie M. Zhang King's College London, Hong Jin Kang University of Sydney, Jieke Shi Singapore Management University, Junda He Singapore Management University, David Lo Singapore Management University