English
Related papers

Related papers: Rowhammer.js: A Remote Software-Induced Fault Atta…

200 papers

Retrieval-Augmented Generative (RAG) models enhance Large Language Models (LLMs) by integrating external knowledge bases, improving their performance in applications like fact-checking and information searching. In this paper, we…

Cryptography and Security · Computer Science 2024-07-01 Zhen Tan , Chengshuai Zhao , Raha Moraffah , Yifan Li , Song Wang , Jundong Li , Tianlong Chen , Huan Liu

Prototype pollution is a dangerous vulnerability affecting prototype-based languages like JavaScript and the Node.js platform. It refers to the ability of an attacker to inject properties into an object's root prototype at runtime and…

Cryptography and Security · Computer Science 2022-11-14 Mikhail Shcherbakov , Musard Balliu , Cristian-Alexandru Staicu

Electromagnetic fault injection (EMFI) is a well known technique used to disturb the behaviour of a chip for weakening its security. These attacks are mostly done on simple microcontrollers. On these targets, the fault effects are…

Cryptography and Security · Computer Science 2019-10-28 Thomas Trouchkine , Sébanjila Kevin Bukasa , Mathieu Escouteloup , Ronan Lashermes , Guillaume Bouffard

Outdated software remains a potent and underappreciated menace in 2025's cybersecurity environment, exposing systems to a broad array of threats, including ransomware, data breaches, and operational outages that can have devastating and…

Cryptography and Security · Computer Science 2025-05-21 Gogulakrishnan Thiyagarajan , Vinay Bist , Prabhudarshi Nayak

JavaScript, a scripting language employed to augment the capabilities of web browsers within web pages or browser extensions, utilizes code segments termed JavaScript inclusions. While the security aspects of JavaScript inclusions in web…

Cryptography and Security · Computer Science 2025-05-27 Chong Guan

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the…

Cryptography and Security · Computer Science 2026-02-11 Kotekar Annapoorna Prabhu , Andrew Gan , Zahra Ghodsi

Microarchitectural timing attacks exploit subtle timing variations caused by hardware behaviors to leak sensitive information. In this paper, we introduce MCHammer, a novel side-channel technique that leverages machine clears induced by…

Cryptography and Security · Computer Science 2025-02-17 Billy Bob Brumley

DRAM-based main memory and its associated components increasingly account for a significant portion of application performance bottlenecks and power budget demands inside the computing ecosystem. To alleviate the problems of storage density…

Cryptography and Security · Computer Science 2019-02-12 Fan Yao , Guru Venkataramani

In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger isolation boundaries between user and…

Cryptography and Security · Computer Science 2019-05-15 Michael Schwarz , Moritz Lipp , Daniel Moghimi , Jo Van Bulck , Julian Stecklina , Thomas Prescher , Daniel Gruss

Browser extensions have been established as a common feature present in modern browsers. However, some extension systems risk exposing APIs which are too permissive and cohesive with the browser's internal structure, thus leaving a hole for…

Cryptography and Security · Computer Science 2017-09-28 Raffaello Perrotta , Feng Hao

Side-channel information leakage is a known limitation of SGX. Researchers have demonstrated that secret-dependent information can be extracted from enclave execution through page-fault access patterns. Consequently, various recent research…

Cryptography and Security · Computer Science 2017-02-27 Ferdinand Brasser , Urs Müller , Alexandra Dmitrienko , Kari Kostiainen , Srdjan Capkun , Ahmad-Reza Sadeghi

The growing ubiquity of Retrieval-Augmented Generation (RAG) systems in several real-world services triggers severe concerns about their security. A RAG system improves the generative capabilities of a Large Language Models (LLM) by a…

Artificial Intelligence · Computer Science 2024-12-31 Christian Di Maio , Cristian Cosci , Marco Maggini , Valentina Poggioni , Stefano Melacci

Invasive Brain-Computer Interfaces (BCI) are extensively used in medical application scenarios to record, stimulate, or inhibit neural activity with different purposes. An example is the stimulation of some brain areas to reduce the effects…

Cryptography and Security · Computer Science 2021-05-25 Sergio López Bernal , Alberto Huertas Celdrán , Gregorio Martínez Pérez

Remote Code Execution (RCE) exploits pose a significant threat to AI and ML systems, particularly in GPU-accelerated environments where the computational power of GPUs can be misused for malicious purposes. This paper focuses on RCE attacks…

Cryptography and Security · Computer Science 2025-02-18 Ariel Szabo , Uzy Hadad

Speculation is key to achieving high CPU performance, yet it enables risks like Spectre attacks which remain a significant challenge to mitigate without incurring substantial performance overheads. These attacks typically unfold in three…

Cryptography and Security · Computer Science 2025-05-09 Hossam ElAtali , N. Asokan

Using memory located on remote machines, or far memory, as a swap space is a promising approach to meet the increasing memory demands of modern datacenter applications. Operating systems have long relied on prefetchers to mask the increased…

Retrieval-Augmented Code Generation (RACG) is increasingly adopted to enhance Large Language Models for software development, yet its security implications remain dangerously underexplored. This paper conducts the first systematic…

Cryptography and Security · Computer Science 2025-12-29 Tian Li , Bo Lin , Shangwen Wang , Yusong Tan

Byte-addressable non-volatile main memory (NVM) demands transactional mechanisms to access and manipulate data on NVM atomically. Those transaction mechanisms often employ a logging mechanism (undo logging or redo logging). However, the…

Distributed, Parallel, and Cluster Computing · Computer Science 2019-04-19 Kai Wu , Jie Ren , Dong Li

Caches have become the prime method for unintended information extraction across logical isolation boundaries. Even Spectre and Meltdown rely on the cache side channel, as it provides great resolution and is widely available on all major…

Cryptography and Security · Computer Science 2019-04-15 Samira Briongos , Pedro Malagón , José M. Moya , Thomas Eisenbarth

Reusing off-the-shelf code snippets from online repositories is a common practice, which significantly enhances the productivity of software developers. To find desired code snippets, developers resort to code search engines through natural…

Software Engineering · Computer Science 2023-06-13 Weisong Sun , Yuchen Chen , Guanhong Tao , Chunrong Fang , Xiangyu Zhang , Quanjun Zhang , Bin Luo