Abstract: A computer-implemented method for automatically generating a patch of software or of a part of the software designed to control, regulate and/or monitor a technical system or a part thereof. The method includes generating, via a machine learning model, at least one patch for a vulnerability of the software or the part thereof based on a prompt and a binary code of the software or the part thereof. A computer-implemented method for further training a machine learning model is also described, the machine learning model being designed to generate at least one patch for a vulnerability of software or a part of the software based on a prompt and a binary code of the software or the part thereof. The method includes adapting the machine learning model based on at least one generated patch and at least one evaluation result resulting from evaluating the at least one patch.

Abstract: A computer-implemented method for maintaining a function of a local entity upon connection disruption to a backend in a communication system including a backend and a plurality of local entities. The backend provides backend information for the function. The method includes reception of local behavior models from a plurality of local entities by the backend, wherein the local behavior models provide the function in the local entities if particular backend information is not available; creation of a behavior model based on the received local behavior models; and transmission of the behavior model to a local entity of the plurality of the local entities by the backend.

Abstract: A method for generating fuzz drivers for a fuzz setup. The method includes: inputting documentation of a fuzz target into a language understanding Artificial Intelligence (AI); generating, by the language understanding AI, Application Programming Interface (API) calls and their arguments from the documentation; generating at least one fuzz driver from the API calls and their arguments.

Abstract: A computer-implemented method for mitigating anomalous activity in an embedded computer system including a plurality of communicably coupled embedded processing elements. The method includes: detecting a transmission of an anomalous message in the embedded computer system; transmitting at least one notification to a plurality of embedded processing elements in the embedded computer system, wherein the notification is encrypted using a cryptographic key; in at least one embedded processing element of the plurality of processing elements: receiving the at least one notification; identifying, at the at least one embedded processing element, that the at least one notification has been encrypted using the cryptographic key; and reconfiguring the at least one processing element from a first mode into a second mode, wherein the at least one processing element presents a reduced functionality to the embedded computer system in the second mode.

Abstract: A method for improving the memory allocation of code generated using a language model. The method includes: providing a program code generated using a language model, if a new version of the program code is available; generating an executable file using compilation and instrumentation, wherein a memory sanitizer inserts instructions into the program code and/or the executable file; execution of fuzzing by a fuzzer, wherein the fuzzer injects inputs into the executable file; monitoring the memory performance and optionally runtime information, the behavior and/or the output of the executable file; storing metadata generated from the allocated and freed memory in a memory metadata database, wherein the metadata are based on the instructions and are stored when the executable file is generated and/or when the fuzzing is executed; outputting the program code if no memory performance degradation or other errors are found.

Abstract: An apparatus and computer-implemented method for allocating computing resources in a method for protecting a computer-aided development environment in a distributed development process from damage and threats. In the method for protecting, multiple methods for identifying damage and/or a threat in the computer-aided development environment are carried out, wherein a metric which quantifies a quality and/or informative value of the method is determined for each method, wherein a respective offer for allocating computing resources for the execution of the respective method is determined for the methods depending on said metric, wherein the computing resources are allocated to the methods depending on the respective offer.

Abstract: A method for checking the dynamic behavior of code generated using a language model. Th method includes: providing a first executable file from a program code generated using a language model; providing a second executable file, wherein the second executable file is a previous first executable file or is an original source code of the program code; executing differential fuzzing using a fuzzer, wherein the fuzzer injects identical inputs into the first executable file and into the second executable file; monitoring the behavior and the output of the first executable file and the second executable file; outputting the program code if the fuzzing found no inconsistencies, no errors and/or no worse runtime behavior of the first executable file compared to the second executable file.

Abstract: A method for verifying static warnings of code generated by a language model includes (i) providing an executable file from a program code generated by a language model, (ii) providing warning points in the program code originating from static testing, (iii) performing directed fuzzing by a fuzzer, wherein the fuzzer injects inputs into the executable file to reach a warning point, (iv) monitoring the behavior and output of the executable file, and (v) rating the warning point based on the behavior and the output.

Abstract: A method for obtaining coverage-guided fuzzing of software on a hardware target. The hardware target includes a breakpoint register, and is designed to stop an execution of the software prior to execution of an instruction of the software if the instruction is reached during the execution of the software; a memory address of the instruction is set in the breakpoint register. The method includes setting a first breakpoint prior to a first instruction of the software; executing or continuing a fuzzing iteration of the software; first checking whether the first breakpoint is reached while executing or continuing the fuzzing iteration; storing a piece of log information that includes that the first instruction in the fuzzing iteration has been reached, and optionally deleting the first breakpoint if the first check is positive. The coverage-guided fuzzing of the software includes the piece of log information.

Abstract: A method for creating a honeypot. The method includes sending requests to a target system; observing the responses of the target system to the requests; in accordance with the observed responses of the target system, creating a state machine model for the behavior of a network protocol according to which the target system responds to requests; and creating a honeypot that responds to requests in accordance with the state machine model.

Abstract: A method for generating a honeypot for a target system. The method includes training a large language model to respond to operating system command line interface commands like a command line interface of the target system, and generating a honeypot that uses the trained large language model to respond to operating system command line interface commands it receives.

Abstract: A method for testing a computer program. The method includes setting one or more breakpoints on one or more string output instructions in the computer program; executing the computer program; when one of the set breakpoints is triggered, ascertaining whether the string provided, for outputting, to a string output function called by the particular string output instruction contains one or more format specifications for the computer program for more values than provided as arguments to the particular string output function; and, in response to ascertaining that the string provided to the string output function for outputting contains one or more format specifications for the computer program for more values than provided as arguments to the particular string output function, triggering a display that the computer program has an error.

Abstract: A method for testing a computer program. The method includes setting one or more breakpoints on one or more arithmetic or bit-shifting operations in the computer program; executing the computer program; when one of the set breakpoints is triggered, ascertaining whether an overflow flag is set by executing the respective arithmetic or bit-shifting operation; and triggering a display that the computer program has an error, in response to ascertaining that the overflow flag is set as a result of the respective arithmetic or bit-shifting operation.

Abstract: A method for testing a computer program. The method includes setting breakpoints on one or more memory access instructions in the computer program; executing the computer program; when one of the set breakpoints is triggered, ascertaining whether the memory access instruction is for accessing a data element that has a size that requires an alignment to the memory address to which it is written or from which it is read, and ascertaining the required alignment; if the memory access instruction is for accessing a data element that has a size that requires an alignment to the memory address to which it is written or from which it is read, ascertaining whether the memory address which the memory access instruction accesses meets the required alignment; in response to ascertaining that the memory address does not meet the required alignment, triggering a display that the computer program has an error.

Abstract: A method for testing a computer program. The method includes setting one or more breakpoints on one or more memory deallocation instructions in the computer program; executing the computer program; and, when one of the set breakpoints is triggered, setting a pointer that the memory deallocation instruction obtains as a specification of the memory area to be deallocated, to a value that triggers an exception when the pointer is subsequently used in the computer program.

Abstract: A method for testing a computer program. The method includes executing the computer program until a memory share command for a memory area previously allocated by a memory allocation command of the computer program is called; setting, for each one or more memory locations of the memory area shared by the memory share command, a respective watchpoint for the memory location of the memory area and executing the memory share command; displaying, for each set watchpoint, that the computer program has an error, if the set watchpoint is triggered, and removing the watchpoint for each of the set watchpoints if the memory location for which it is set is reallocated by a further memory allocation command in the computer program.

Abstract: A method for testing a computer program. The method includes executing the computer program until a memory enable command is called for a memory region previously allocated by a memory allocation command of the computer program; skipping the memory enable command, and setting, for each of one or more memory locations of the memory region that is to be enabled by the memory enable command, a relevant watchpoint to the memory location of the memory region; and displaying, for each set watchpoint, that the computer program has a bug if the set watchpoint is triggered.

Abstract: A method for testing a computer program. The method includes ascertaining uninitialized variables of the test program, setting watchpoints to memory locations reserved for the uninitialized variables, and executing the computer program. The method also includes, for each set watchpoint: removing the watchpoint if the memory location to which the watchpoint is set is written to; and indicating that the computer program has an error if the watchpoint is triggered by a read access.

Abstract: A computer-implemented method for performing a test for a program code. The method includes the following steps: providing a modified program code, which includes the program code to be tested and at least one code segment, the at least one code segment monitoring an execution sequence of execution segments, and the code segment being developed to induce a program termination when an impermissible execution sequence is detected; performing a fuzz test for the modified program code; signaling a program termination when an impermissible execution sequence is detected.

Abstract: A method for treating uncertainty estimates for non-deterministic fuzz executions in a fuzzing system including: initializing the fuzzing system by setting observations of the fuzzer blank or to one or more initial test cases that are executed on a target program; executing test cases; creating an output report for the test case which includes information about a code coverage of the target program; repeating the execution of the test case to determine whether the test case leads to jitter or non-deterministic behavior in the target program; deciding how often the test case is to be executed to obtain an optimized estimate of the code path distribution; deciding whether and how test cases are mutated to minimize overall uncertainty and to investigate more areas in the target program; and adding, to the corpus of the test cases, the new test cases which cause a new behavior of the target program.