ISSTA 2025
Wed 25 - Sat 28 June 2025 Trondheim, Norway

This program is tentative and subject to change.

Fri 27 Jun 2025 16:25 - 16:50 at Cosmos 3A - Security 3

Watermarking is a technique to help identify the source of data points, which can be used to help prevent the misuse of protected datasets. Existing methods on code watermarking, leveraging the idea from the backdoor research, embed stealthy triggers as watermarks. Despite their high resilience against dilution attacks and backdoor detections, the robustness has not been fully evaluated. To fill this gap, we propose DeCoMa, a dual-channel approach to Detect and purify Code dataset waterMarks. To overcome the high barrier created by the stealthy and hidden nature of code watermarks, DeCoMa leverages dual-channel constraints on code to generalize and map code samples into standardized templates. Subsequently, DeCoMa extracts hidden watermarks by identifying outlier associations between paired elements within the standardized templates. Finally, DeCoMa purifies the watermarked dataset by removing all samples containing the detected watermark, enabling the silent appropriation of protected code. We conduct extensive experiments to evaluate the effectiveness and efficiency of DeCoMa, covering 10 types of code watermarks and 3 representative intelligent code tasks (a total of 14 scenarios). Experimental results demonstrate that DeCoMa achieves a stable recall of 100% in 14 code watermark detection scenarios, significantly outperforming the baselines. Additionally, DeCoMa effectively attacks code watermarks with poisoning rates as low as 0.9%, while maintaining comparable model performance after training on the purified dataset. Furthermore, as DeCoMa requires no model training for detection, it achieves substantially higher efficiency than all baselines, with a speedup ranging from 31.5 to 130.9×. The results call for more advanced watermarking techniques for code models, while DeCoMa can serve as a baseline for future evaluation.

This program is tentative and subject to change.

Fri 27 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 17:15
16:00
25m
Talk
Robust Vulnerability Detection Across Compilations: LLVM-IR vs. Assembly with Transformer Model
Research Papers
Rony Shir Ben Gurion University of the Negev, Priyanka Surve Ben Gurion University of the Negev, Yuval Elovici Ben Gurion University of the Negev, Asaf Shabtai Ben Gurion University of the Negev
16:25
25m
Talk
DeCoMa: Detecting and Purifying Code Dataset Watermarks through Dual Channel Code Abstraction
Research Papers
Yuan Xiao Nanjing University, Yuchen Chen Nanjing University, Shiqing Ma University of Massachusetts at Amherst, Haocheng Huang Soochow University, Chunrong Fang Nanjing University, Yanwei Chen Nanjing University, Weisong Sun Nanyang Technological University, Yunfeng Zhu Nanjing University, Xiaofang Zhang Soochow University, Zhenyu Chen Nanjing University
16:50
25m
Talk
Enhancing Vulnerability Detection via Inter-procedural Semantic Completion
Research Papers
bozhi wu Singapore Management University, Chengjie Liu Peking University, Zhiming Li Nanyang Technological University, Singapore, Yushi Cao Nanyang Technological University, Jun Sun Singapore Management University, Shang-Wei LIN Singapore Institute of Technology