{"id":"https://openalex.org/W7163247866","doi":"https://doi.org/10.48550/arxiv.2606.00625","title":"NICE: A Framework for Declarative and Machine-Checkable Vulnerability Reproduction","display_name":"NICE: A Framework for Declarative and Machine-Checkable Vulnerability Reproduction","publication_year":2026,"publication_date":"2026-05-30","ids":{"openalex":"https://openalex.org/W7163247866","doi":"https://doi.org/10.48550/arxiv.2606.00625"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2606.00625","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.00625","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2606.00625","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101854045","display_name":"Minh-Luan Nguyen","orcid":"https://orcid.org/0009-0002-1569-2049"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nguyen, Minh-Lu\u00e2n","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045703478","display_name":"Olivier Levillain","orcid":"https://orcid.org/0000-0002-0558-5015"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Levillain, Olivier","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137704303","display_name":"Julien Malka","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Malka, Julien","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137672695","display_name":"Stefano Zacchiroli","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zacchiroli, Stefano","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5137658946","display_name":"Th\u00e9o Zimmermann","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zimmermann, Th\u00e9o","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.296999990940094,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.296999990940094,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.29280000925064087,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.219200000166893,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7519999742507935},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5873000025749207},{"id":"https://openalex.org/keywords/nice","display_name":"Nice","score":0.5723000168800354},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5109999775886536},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.49309998750686646},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.40939998626708984},{"id":"https://openalex.org/keywords/mathematical-proof","display_name":"Mathematical proof","score":0.40470001101493835}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7519999742507935},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7175999879837036},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5873000025749207},{"id":"https://openalex.org/C2779256446","wikidata":"https://www.wikidata.org/wiki/Q33959","display_name":"Nice","level":2,"score":0.5723000168800354},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5325000286102295},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5109999775886536},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.49309998750686646},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.40939998626708984},{"id":"https://openalex.org/C108710211","wikidata":"https://www.wikidata.org/wiki/Q11538","display_name":"Mathematical proof","level":2,"score":0.40470001101493835},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.39739999175071716},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.37059998512268066},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.36959999799728394},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.3596000075340271},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.35350000858306885},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3154999911785126},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.31209999322891235},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.3046000003814697},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.287200003862381},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.2865000069141388},{"id":"https://openalex.org/C59659247","wikidata":"https://www.wikidata.org/wiki/Q11990","display_name":"Reproduction","level":2,"score":0.2596000134944916}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2606.00625","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.00625","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2606.00625","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.00625","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Reproducing":[0],"software":[1,28],"vulnerabilities":[2,13],"is":[3,142],"fundamental":[4],"to":[5,16,54,125,144,155,168],"security":[6,145],"researchers,":[7],"open-source":[8],"maintainers,":[9],"and":[10,19,38,56,78,93,110,117,129,136,147,161,170],"educators.":[11],"Yet,":[12],"remain":[14],"hard":[15],"reproduce":[17,133],"today,":[18],"even":[20],"when":[21],"they":[22],"can":[23,33,164],"be":[24,34],"reproduced,":[25],"recreating":[26],"a":[27,63,74],"environment":[29],"where":[30,158],"the":[31,45],"vulnerability":[32,156],"exploited":[35],"becomes":[36],"harder":[37,39],"over":[40],"time.":[41],"We":[42,96,120],"present":[43],"NICE,":[44,62],"NIx":[46],"CvE":[47],"reproduction":[48],"framework,":[49],"which":[50],"uses":[51],"declarative":[52],"recipes":[53,128],"build":[55],"automatically":[57],"validate":[58],"vulnerable":[59,134],"environments.":[60],"In":[61],"reproduced":[64],"CVE":[65],"comprises":[66],"one":[67],"or":[68],"more":[69],"NixOS":[70],"virtual":[71],"machine":[72],"configurations,":[73],"scripted":[75],"exploitation":[76],"scenario,":[77],"machine-checkable":[79],"assertions":[80],"that":[81,122,132],"provide":[82,137],"factual":[83],"evidence":[84],"of":[85,139],"exploitation.":[86,140],"This":[87],"design":[88],"facilitates":[89],"sharing,":[90],"validation,":[91],"review,":[92],"long-term":[94],"reproducibility.":[95],"evaluate":[97],"NICE":[98,123,141],"on":[99],"19":[100],"diverse":[101],"real-world":[102],"CVEs":[103],"spanning":[104],"multiple":[105],"CWE":[106],"categories,":[107],"attack":[108],"vectors,":[109],"target":[111],"types":[112],"(user-space,":[113],"system":[114],"software,":[115],"kernel,":[116],"graphical":[118],"applications).":[119],"show":[121],"allows":[124],"produce":[126],"concise":[127],"integration":[130],"tests":[131],"environments":[135],"proofs":[138],"applicable":[143],"education":[146],"training":[148],"(e.g.,":[149],"creating":[150],"cyber":[151],"ranges),":[152],"but":[153],"also":[154],"reporting,":[157],"its":[159],"reproducibility":[160],"reviewability":[162],"properties":[163],"make":[165],"reports":[166],"easier":[167],"audit":[169],"verify.":[171]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-06-03T00:00:00"}
