{"id":"https://openalex.org/W7165883504","doi":"https://doi.org/10.48550/arxiv.2606.25863","title":"Automated Detection of Configuration-Specific Security Vulnerabilities via Patch Analysis","display_name":"Automated Detection of Configuration-Specific Security Vulnerabilities via Patch Analysis","publication_year":2026,"publication_date":"2026-06-24","ids":{"openalex":"https://openalex.org/W7165883504","doi":"https://doi.org/10.48550/arxiv.2606.25863"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2606.25863","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.25863","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2606.25863","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5115578266","display_name":"Felipe de Sant\u2019Anna Paix\u00e3o","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Paix\u00e3o, Felipe de Sant'Anna","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5139363448","display_name":"Joanna C. S. Santos","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Santos, Joanna C. S.","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088049727","display_name":"Paulo Anselmo da Mota Silveira Neto","orcid":"https://orcid.org/0000-0003-0197-8249"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Neto, Paulo Anselmo da Mota Silveira","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5139358632","display_name":"Daniel Sadoc Menasche","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Menasche, Daniel Sadoc","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003668568","display_name":"Gustavo B. Figueiredo","orcid":"https://orcid.org/0000-0001-9756-378X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Figueiredo, Gustavo Bittencourt","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5125221281","display_name":"Eduardo Santana de Almeida","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"de Almeida, Eduardo Santana","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.23180000483989716,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.23180000483989716,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.16779999434947968,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.16449999809265137,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5408999919891357},{"id":"https://openalex.org/keywords/encode","display_name":"ENCODE","score":0.44760000705718994},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4390999972820282},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.43160000443458557},{"id":"https://openalex.org/keywords/predicate","display_name":"Predicate (mathematical logic)","score":0.4016000032424927},{"id":"https://openalex.org/keywords/object-oriented-programming","display_name":"Object-oriented programming","score":0.3880000114440918},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.37209999561309814}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7897999882698059},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5408999919891357},{"id":"https://openalex.org/C66746571","wikidata":"https://www.wikidata.org/wiki/Q1134833","display_name":"ENCODE","level":3,"score":0.44760000705718994},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4390999972820282},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.43160000443458557},{"id":"https://openalex.org/C140146324","wikidata":"https://www.wikidata.org/wiki/Q1144319","display_name":"Predicate (mathematical logic)","level":2,"score":0.4016000032424927},{"id":"https://openalex.org/C73752529","wikidata":"https://www.wikidata.org/wiki/Q79872","display_name":"Object-oriented programming","level":2,"score":0.3880000114440918},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.37209999561309814},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32670000195503235},{"id":"https://openalex.org/C2777120189","wikidata":"https://www.wikidata.org/wiki/Q780067","display_name":"Triage","level":2,"score":0.31299999356269836},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.30480000376701355},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.27880001068115234},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.27549999952316284},{"id":"https://openalex.org/C200833197","wikidata":"https://www.wikidata.org/wiki/Q333707","display_name":"Compile time","level":3,"score":0.2669000029563904},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.259799987077713},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.25119999051094055},{"id":"https://openalex.org/C2781238097","wikidata":"https://www.wikidata.org/wiki/Q175026","display_name":"Object (grammar)","level":2,"score":0.25119999051094055},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.25049999356269836}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2606.25863","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.25863","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2606.25863","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.25863","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","score":0.5574086904525757,"display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"We":[0,17],"study":[1],"how":[2],"security":[3],"patches":[4],"in":[5,155,178],"highly":[6,179],"configurable":[7,180],"C/C++":[8],"systems":[9],"map":[10],"onto":[11],"the":[12,19,37,87,132,149],"space":[13],"of":[14,117,142],"compile-time":[15],"variants.":[16],"formalize":[18],"Vulnerability":[20],"Impact":[21],"Condition":[22],"(VIC)":[23],"-":[24,40],"a":[25,44,114,171],"Boolean":[26],"predicate":[27],"over":[28],"configuration":[29],"options":[30,134],"that":[31,35,48,112],"denotes":[32],"all":[33],"variants":[34],"contained":[36],"original":[38],"flaw":[39],"and":[41,60,77,110,148,159,164,166],"introduce":[42],"PatchLens,":[43],"purely":[45],"static":[46],"technique":[47],"recovers":[49],"VICs":[50,85],"by":[51],"aligning":[52],"AST-level":[53],"patch":[54],"hunks":[55],"with":[56,145],"source-level":[57],"presence":[58],"conditions":[59],"resolving":[61],"file":[62],"inclusion":[63],"via":[64],"lightweight":[65],"build":[66],"system":[67,92],"analysis.":[68],"Evaluating":[69],"PatchLens":[70,147],"on":[71],"1,192":[72],"Linux":[73],"kernel,":[74],"289":[75],"FFmpeg,":[76,106],"100":[78],"PHP":[79],"patches,":[80],"we":[81],"compute":[82],"precise,":[83],"human-readable":[84],"without":[86],"need":[88],"to":[89,175],"compile":[90],"any":[91],"variant.":[93],"The":[94],"resulting":[95],"predicates":[96],"are":[97,119],"compact":[98],"(avg.":[99],"1.84":[100],"variables":[101],"for":[102,105,108],"Linux,":[103],"3.23":[104],"1.04":[107],"PHP)":[109],"show":[111],"only":[113],"small":[115],"fraction":[116],"vulnerabilities":[118],"system-wide,":[120],"which":[121],"carry":[122],"higher":[123],"CVSS":[124],"scores;":[125],"meanwhile,":[126],"CVE":[127,143],"texts":[128],"almost":[129],"never":[130],"encode":[131],"required":[133],"($\\approx$":[135],"1%":[136],"average":[137],"recall),":[138],"motivating":[139],"automated":[140],"enrichment":[141],"descriptions":[144],"VICs.":[146],"accompanying":[150],"dataset":[151],"enable":[152],"immediate":[153],"applications":[154],"CI":[156],"(variant-aware":[157],"triage":[158],"test":[160],"selection),":[161],"targeted":[162],"sampling":[163],"fuzzing,":[165],"feature":[167],"risk":[168],"scoring,":[169],"offering":[170],"scalable,":[172],"explainable":[173],"path":[174],"vulnerability":[176],"assessment":[177],"software.":[181]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-06-26T00:00:00"}
