{"id":"https://openalex.org/W4414604490","doi":"https://doi.org/10.1109/qrs65678.2025.00071","title":"Hybrid Introspection for JIT-Compilers and Interpreters in Attack Surface Analysis","display_name":"Hybrid Introspection for JIT-Compilers and Interpreters in Attack Surface Analysis","publication_year":2025,"publication_date":"2025-07-16","ids":{"openalex":"https://openalex.org/W4414604490","doi":"https://doi.org/10.1109/qrs65678.2025.00071"},"language":"en","primary_location":{"id":"doi:10.1109/qrs65678.2025.00071","is_oa":false,"landing_page_url":"https://doi.org/10.1109/qrs65678.2025.00071","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 25th International Conference on Software Quality, Reliability and Security (QRS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063526024","display_name":"Pavel Dovgalyuk","orcid":"https://orcid.org/0000-0003-2483-5718"},"institutions":[{"id":"https://openalex.org/I99205534","display_name":"Yaroslav-the-Wise Novgorod State University","ror":"https://ror.org/04qzrw529","country_code":"RU","type":"education","lineage":["https://openalex.org/I99205534"]}],"countries":["RU"],"is_corresponding":false,"raw_author_name":"Pavel Dovgalyuk","raw_affiliation_strings":["Yaroslav-the-Wise Novgorod State University,Velikiy Novgorod,Russia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Yaroslav-the-Wise Novgorod State University,Velikiy Novgorod,Russia","institution_ids":["https://openalex.org/I99205534"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033959140","display_name":"Vladislav Stepanov","orcid":null},"institutions":[{"id":"https://openalex.org/I4210101868","display_name":"Institute for System Programming","ror":"https://ror.org/017ef8252","country_code":"RU","type":"facility","lineage":["https://openalex.org/I1313323035","https://openalex.org/I4210101868","https://openalex.org/I4210124601"]}],"countries":["RU"],"is_corresponding":false,"raw_author_name":"Vladislav Stepanov","raw_affiliation_strings":["Institute for System Programming,Moscow,Russia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute for System Programming,Moscow,Russia","institution_ids":["https://openalex.org/I4210101868"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Arkadiy Ivanov","orcid":null},"institutions":[{"id":"https://openalex.org/I4210101868","display_name":"Institute for System Programming","ror":"https://ror.org/017ef8252","country_code":"RU","type":"facility","lineage":["https://openalex.org/I1313323035","https://openalex.org/I4210101868","https://openalex.org/I4210124601"]}],"countries":["RU"],"is_corresponding":false,"raw_author_name":"Arkadiy Ivanov","raw_affiliation_strings":["Institute for System Programming,Moscow,Russia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute for System Programming,Moscow,Russia","institution_ids":["https://openalex.org/I4210101868"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083043160","display_name":"Natalia Fursova","orcid":null},"institutions":[{"id":"https://openalex.org/I4210101868","display_name":"Institute for System Programming","ror":"https://ror.org/017ef8252","country_code":"RU","type":"facility","lineage":["https://openalex.org/I1313323035","https://openalex.org/I4210101868","https://openalex.org/I4210124601"]}],"countries":["RU"],"is_corresponding":false,"raw_author_name":"Natalia Fursova","raw_affiliation_strings":["Institute for System Programming,Moscow,Russia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute for System Programming,Moscow,Russia","institution_ids":["https://openalex.org/I4210101868"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.12418901,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"370","last_page":"381"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9697999954223633,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9697999954223633,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9498000144958496,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.6869000196456909},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5742999911308289},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.5480999946594238},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4706999957561493},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4528999924659729},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.4359999895095825},{"id":"https://openalex.org/keywords/interpreter","display_name":"Interpreter","score":0.40880000591278076},{"id":"https://openalex.org/keywords/core","display_name":"Core (optical fiber)","score":0.35109999775886536},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.3490000069141388}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7706000208854675},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.6869000196456909},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5742999911308289},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.5480999946594238},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4706999957561493},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4528999924659729},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.4359999895095825},{"id":"https://openalex.org/C122783720","wikidata":"https://www.wikidata.org/wiki/Q183065","display_name":"Interpreter","level":2,"score":0.40880000591278076},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.35109999775886536},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.3490000069141388},{"id":"https://openalex.org/C2780428219","wikidata":"https://www.wikidata.org/wiki/Q16952335","display_name":"Cover (algebra)","level":2,"score":0.336899995803833},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.3303999900817871},{"id":"https://openalex.org/C153185123","wikidata":"https://www.wikidata.org/wiki/Q1391624","display_name":"Sequence diagram","level":4,"score":0.2971999943256378},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.29100000858306885},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.2888999879360199},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2879999876022339},{"id":"https://openalex.org/C2776799497","wikidata":"https://www.wikidata.org/wiki/Q484298","display_name":"Surface (topology)","level":2,"score":0.28439998626708984},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.28290000557899475},{"id":"https://openalex.org/C3019565508","wikidata":"https://www.wikidata.org/wiki/Q444835","display_name":"Virtual world","level":2,"score":0.2793000042438507},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2750999927520752},{"id":"https://openalex.org/C115168132","wikidata":"https://www.wikidata.org/wiki/Q55813","display_name":"Machine code","level":3,"score":0.27459999918937683},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26930001378059387},{"id":"https://openalex.org/C174683762","wikidata":"https://www.wikidata.org/wiki/Q609588","display_name":"Component-based software engineering","level":4,"score":0.2685999870300293},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.26759999990463257},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2651999890804291},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.25760000944137573},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2556999921798706},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.2540999948978424},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.25119999051094055}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/qrs65678.2025.00071","is_oa":false,"landing_page_url":"https://doi.org/10.1109/qrs65678.2025.00071","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 25th International Conference on Software Quality, Reliability and Security (QRS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Finding":[0],"the":[1,5,23,26,36,46,53,72,83,98,102,110,114,133,145,151],"attack":[2,111,152],"surface":[3,19,112],"of":[4,25,35,57,135],"systems":[6,54,116],"and":[7,30,39,49,78,122,138],"applications":[8,92],"is":[9],"an":[10],"important":[11],"phase":[12],"in":[13,97,144],"secure":[14],"software":[15,73],"development":[16],"lifecycle.":[17],"Attack":[18],"usually":[20],"analyzed":[21],"with":[22,132],"help":[24],"experts":[27],"or":[28],"static":[29],"dynamic":[31],"analysis":[32,37,105,134],"tools.":[33],"Most":[34],"tools":[38],"methods":[40],"can":[41],"be":[42],"applied":[43],"only":[44],"to":[45,89,108,141],"single":[47],"programs":[48],"do":[50],"not":[51],"cover":[52],"that":[55,117,148],"consist":[56],"several":[58],"heterogenous":[59],"components.":[60,125],"In":[61],"this":[62],"paper":[63],"we":[64],"present":[65,128],"new":[66],"hybrid":[67],"introspection":[68],"method":[69],"for":[70,113],"analyzing":[71],"which":[74],"includes":[75],"interpreted":[76],"code":[77],"just-in-time":[79],"(JIT)":[80],"compilers":[81],"besides":[82],"machine":[84,104],"code.":[85],"We":[86,126],"show":[87,139],"how":[88,140],"inspect":[90],"such":[91],"when":[93],"they":[94],"are":[95],"executed":[96],"virtual":[99,103],"machine.":[100],"Targeting":[101],"allows":[106],"one":[107],"recover":[109],"complex":[115],"include":[118],"web":[119],"servers,":[120],"databases,":[121],"other":[123],"backend":[124],"also":[127],"a":[129],"case":[130],"study":[131],"Java":[136],"application":[137],"find":[142],"bugs":[143],"core":[146],"dependencies,":[147],"reside":[149],"on":[150],"surface.":[153]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}