Reverse engineering finds six flaws in AirDrop and Quick Share
Protocols on over five billion devices accept complex untrusted data without pairing, exposing reachable denial-of-service and bypass paths.
full image
Cryptography and Security
Covers all areas of cryptography and security including authentication, public key cryptosytems, proof-carrying code, etc. Roughly includes material in ACM Subject Classes D.4.6 and E.3.
Protocols on over five billion devices accept complex untrusted data without pairing, exposing reachable denial-of-service and bypass paths.
full image
Near-Optimal Generalized Private Testing
It accepts the first sufficiently successful mechanism from a sequence, rejects the rest, and uses a bounded number of evaluations while保持纯ε
A First Measurement Study on Authentication Security in Real-World Remote MCP Servers
First study of real-world remote servers finds 325 total issues, dynamic client registration flaws in 96.6 percent.
full image
SoK: A Taxonomy for Cybersecurity Incident Response Influence Factors
Review of 457 publications yields a more complete classification than seven prior frameworks and NIST elements.
full image
HTTP REST API Structure Learning
HRAL builds endpoint baselines from network data alone, outperforming alternatives when documentation is incomplete and hitting 100% with si
full image
Steerability via constraints: a substrate for scalable oversight of coding agents
Access controls and enforced conventions let a small reviewer model catch most inserted backdoors while cutting token cost.
Cloak and Detonate: Scanner Evasion and Dynamic Detection of Agent Skill Malware
Runtime sandbox tracking catches attacks that hide from code inspection
full image
Securing People and their Machines Against Major Faults
Friends replace a person's public key after identity custodians approve, restoring the network without central servers.
Overview of Risk Assessment and Management for Intelligent Systems under the AI Act and Beyond
Review of global rules and methodologies identifies best practices plus gaps in managing technical and ethical risks.
full image
Privacy-Preserving and Verifiable Approximate Distributed Coded Computing
GPBACC plus aggregation and group testing limits leaks and isolates adversaries across federated and decentralized settings.
full image
Behind the Refusal: Determining Guardrail Activation via Behavioral Monitoring
HTTP, lexical and timing differences separate guardrail blocks from LLM rejections at 98 percent F1 on unseen prompts.
full image
HaloGuard 1.0: An Open Weights Constitutional Classifier for Multilingual AI Safety
HaloGuard 1.0 beats 27B baselines on seven prompt-safety tests while holding low error rates across 46 languages.
full image
kNNGuard: Turning LLM Hidden Activations into a Training-Free Configurable Guardrail
A 50-prompt bank and multi-layer nearest-neighbor search classify unsafe inputs without any model training or slow inference.
full image
ElephantAgent: Contextual State Continuity in Agentic Systems
ElephantAgent recomputes digests against a trusted hardware ledger before each query to detect tampering in tools and memory.
full image
Has This Checkpoint Been Abliterated? A Two-Signal Audit and Its Failure Map
Z-sum of refusal-gap and weight energy separates 57 stripped models from 37 benign fine-tunes on 273 checkpoints with 0.89 accuracy on new f
full image
Knowledge Over Parameters: Evolving Smart Contract Vulnerability Detection
Portable logic built from ten samples per type transfers across models at under fifty dollars
full image
Resilient Liquid Democracy: Mitigating Voting Power Imbalances via Secure Delegation Networks
Sealed networks reduce power concentration and ranked fallbacks cut vote loss in liquid democracy
full image
Trust Boundary Semantic Gaps: A Multi-dimensional Analysis and Mitigation for Security-by-Design
Study of 75 incidents shows signed or protocol-compliant artifacts can still enable compromise; design method makes hidden assumptions expli
full image
New trigger spreads frame-level timbre info to create natural poisoned samples that bypass detectors.
full image
ZOO leaves XGBoost predictions nearly untouched but drives ESI down to 0.06-0.16, showing robustness and stability are separate for tree sec
full image
VeriChat: An Agentic Conversational AI Assistant for Hardware Security Verification
Three specialized agents ground responses with retrieved data and live EDA tool calls for simulation and proofs.
full image
AgentFlow: Building Agent Dependency Graphs for Static Analysis of Agent Programs
The graphs recover more agent entities and flows than AST tools across 5,399 real programs from five frameworks.
full image
LIB-TRAP: Standard Cell Library Hardware Trojan Risk Assessment and Prevention
A foundry can swap deactivated Trojan cells for active ones during fabrication, shown on AES-128 and other benchmarks in 32nm and 130nm tech
full image
Overthink-Triggered Slowdown Attacks on LVLM-Based Robotic Systems
Black-box attacks embed readable triggers in scenes to delay decisions, with physical prints still effective
full image
Janus: a Playground for User-Involved Agentic Permission Management
Six permission assistant designs tested across scenarios reveal trade-offs in security, load, and repeated-decision effects.
full image
The benefit reverses when privacy is weaker and the usual tension with robustness returns.
full image
Hamm-Grams: An Algorithm for Mining Regular Expressions of Bytes
Locality-sensitive hash plus clustering finds byte patterns that tolerate small variations better than fixed sequences.
full image
From Forgeries to Foundation Models: A Systematic Survey of Identity Document Attack and Detection
Benchmarking on unseen synthesised documents reveals limits in current detection under security conditions.
full image
Point-voxel network turns natural gestures into password-free access without extra hardware or broken immersion.
full image
Chameleon: Recovering Cyber-Physical Systems from Memory Corruption Attacks via ML Surrogates
Replaces vulnerable compartments with accurate models to keep robotic vehicles running safely with low overhead.
full image
An alternative approach towards attacks against fully-split PLWE instances
Every map between fully-split rings alters error terms enough to prevent distinction from uniform
Black-Box Inference of LLM Architectural Properties with Restrictive API Access
NightVision recovers dimensions to 23 percent error and depth for large models from prompts and timing alone.
full image
All-out Attack: Optimal Block Withholding Under Pay-Per-Share Scheme
Under pay-per-share, attackers gain α/(1-α) after adjustment while operators pay for shares without blocks.
full image
Detecting Adversarial Evasion Attacks Against Autoencoder-Based Network Intrusion Detection Systems
RLD and FPC check image reconstruction errors and packet features to catch adversarial evasions on autoencoder systems.
full image
Generative AI and Federated Learning for Intrusion Detection Systems: A Survey
They enable synthetic traffic creation and distributed training without sharing raw network data.
full image
Antaeus: Hunting Repository-Level Logic Vulnerabilities via Context-Grounded LLM Reasoning
Full repository view helps identify implicit security rules that isolated code snippets hide from standard LLM detectors.
full image
Toward a Unified Security and Privacy Framework for AI-Native 6G Networks
Survey shows isolated solutions cannot cover integrated threats from communication, computing, sensing, and AI, so a unified cross-layer fra
full image
The Binary Tree Mechanism is Optimal for Approximate Differentially Private Continual Counting
Lower bound matches binary tree upper bound, proving asymptotic optimality under approximate DP and tightest separation from hereditary disc
full image
No Country for Old Privacy: The Evolving Challenges of Anonymity in Bitcoin
Adoption falls after regulations with no standard for stealth addresses, suggesting shift to hidden methods.
full image
TSTR evaluation on CICIDS2017 stays within real-data variance while preserving attack fingerprints needed for expert testimony.
full image
SessionBound: Turning Enterprise Task Approval into Budgeted Database Sessions
AI agents generate SQL freely but stay inside pre-set budgets enforced directly by the database without LLM safety checks.
full image
Know Thy Neighbor: Cross-TEE Mutual Attestation
Hema lets TA instances on same or different TEE types verify each other efficiently while maintaining security.
full image
The Rise and Fall of Google's Privacy Sandbox
Weekly crawls show most APIs used by few actors with steady decline, except CHIPS, leaving ad privacy challenge open.
full image
New representation eliminates conditional steps in Montgomery operations and folds scaling into butterfly units for faster FPGA results.
full image
Safe Alone, Unsafe Together: Safeguarding Against Implicit Toxicity When Benign Images Combine
MiShield-8B outperforms commercial APIs by analyzing cross-image correlations that create harm.
full image
HARC: Coupling Harmfulness and Refusal Directions for Robust Safety Alignment
A subspace-targeted fine-tuning method outperforms six major safety baselines while preserving capability and avoiding over-refusal.
full image
Cross-Domain Generalization Failure in Lightweight Intrusion Detection Models for IIoT Networks
They depend on port categories that occur 96-435 times more often in training attacks than in new domains.
full image
Cognitive Firewall: A Proactive, Zero-Trust, Multi-Gate Framework for LLM Safety
The approach handles multi-turn and human-crafted attacks while limiting over-refusals to 8 percent on safe queries.
full image
Beyond the Prompt: Jailbreaking Function-Calling LLMs via Simulated Moderation Traces
Fabricated audit traces weaken safety constraints in commercial models using few queries.
full image
Minos: A Multi-Agent Collaborative Framework for Provenance-Based Backward Tracking
It replaces exhaustive provenance traversal with hypothesis-guided agents, yielding 49 percent more compact attack subgraphs than prior meth
full image
A black-box attack uses bait, link, and malicious evidence documents to redirect iterative retrieval without any model access.
full image
A Penny for Your Prompts: Experiments Detecting and Mitigating LLM Usage by Survey Respondents
Response patterns and keystroke logs allow detection, yet efforts to block AI do not always improve answer quality.
SoK: Attack and Defense Landscape of Mobile On-device AI Systems
It organizes security pillars, local-model risks, and protections into one framework that future work can build on.
full image
ReShift: Aha-Moment-Driven Reasoning-Level Backdoor Attacks on Vision-Language Models
The attack uses poisoned data construction and joint optimization to shift internal CoT trajectories on a trigger without harming clean accu
full image
Black-box attacks identify the model from unordered document sets even when a reranker is present.
full image
(A)I Sees What You Don't: Exploiting New Attack Surfaces in Third-Party Mobile Agents
Gaps between human and machine vision let attackers seize control of screenshot-driven automation while the screen looks unchanged.
full image
Dual phones capture acoustic and magnetic signals from 60 cm away in non-line-of-sight to recover printing commands.
full image
Semantic Leakage and Privacy Preservation in Relay-Assisted Semantic Communications
This exposes a privacy flaw in semantic comms; adversarial training widens the accuracy gap at the relay while preserving receiver performan
full image
Robocalls: A Worldwide or US-only Problem? Analyzing Spam and Fraud in International Phone Calls
Data from 65 nations shows the problem is global yet far more severe inside the United States
full image
Exploring Side-Channel Protections in Hardware Implementations of PQC ML-KEM Verification
Experiments recover full secret keys from masked verification on FPGAs via first-order leakage created by parallel processing.
full image
Mapping vulnerabilities from data collection to deployment shows why isolated defenses fail to protect systems that use tools and memory.
full image
Model combines persistence diagrams with LSTM layers to separate normal traffic from 14 attack types in 2.8 million flows.
full image
Robust Text Watermarking for Large Language Models via Dual Semantic Embeddings
Token and context vectors produce a signal that survives rephrasing and translation while preserving output quality.
full image
Digital signature schemes based on code equivalence and syndrome decoding from restricted errors
Review explains how sigma protocols for two coding problems become non-interactive signatures via Fiat-Shamir.
full image
Comparative Analysis of Machine Learning based Intrusion Detection in Realistic IoT Networks
Comparative tests on emulated 78-device network with MQTT, CoAP and RTSP show it leads five ML models for intrusion detection.
full image
CVE-TTP KG: Knowledge Graph Linking Software Vulnerabilities to Attack Behaviors
Automated extraction turns vulnerability records into structured attack-behavior links for faster defense decisions.
full image
A forgery attack on the Block.co blockchain-based digital credential certification system
Vulnerability shows decentralized blockchain credential systems cannot ensure issuer authenticity without central authority.
full image
No Prompt, No Leaks: A Robust Generative Steganography Framework via Prompt-Free Diffusion
Style priors plus a predictor-corrector replace prompts for controllable, accurate stego generation.
full image
EnclaveX: End-to-End Confidential AI with CPU/GPU TEEs
End-to-end system protects models and data from cloud operators and Kubernetes admins while measuring overhead on TDX with H200.
full image
Witness Complexity of Short Descriptions: A Cryptographic Perspective
gam(x) measures runtime of near-shortest descriptions and can exceed polynomial bounds even when KC is low, with a conditional separation fr
Automated High-Precision Extraction and Forensic Verification of Data-Bearing Vector Figures
Recovery is injective outside a tiny near-zero interval and a re-rendering certificate binds values to drawn markers and lines
full image
Class subspace method in embedding space boosts detector accuracy and recovers ground-truth triggers across domains and architectures.
full image
The Decomposition Is the Fingerprint: Per-Component Identity for Agent Skills
120-byte signature on prompt, code and tools recovers family identity when one part stays shared but flags independent rewrites, at 77x lowe
full image
Securing the AI Agent: A Unified Framework for Multi-Layer Agent Red Teaming
Pairs rules, auditing, multi-turn tests, and jailbreaks with infrastructure, tools, behavior, and models for full coverage including skill p
Probing Memorization of Tabular In-Context Learning
Probe isolates signals in 8 of 10 tasks with single-task repeated training, yet effects vanish under realistic conditions.
full image
Fixed 20-token window mean-NLL disagrees with full-span NLL and exact recall on controlled secrets.
full image
An Empirical Study of Security Calibration in Large Language Models for Code
Models align stated confidence more closely with vulnerability presence than with whether the code actually works.
full image
Projecting updates into hardness-gradient space isolates attackers when statistical defenses lose all signal.
full image
Certified Speculative Execution for Untrusted AI Agents
Zero violations and near-oracle regret on hard-constrained decisions even from sources that violate 98 percent of the time.
full image
Curvature-Guided Module Localization for Low-Rank Detoxification of Backdoored Large Language Models
Activation patching plus Fisher analysis pinpoints modules for low-rank fixes that block trigger attacks while preserving normal outputs.
full image