English
Related papers

Related papers: Secure Extensibility for System State Extraction v…

200 papers

The widening availability of hardware-based trusted execution environments (TEEs) has been accelerating the adaptation of new applications using TEEs. Recent studies showed that a cloud application consists of multiple distributed software…

Cryptography and Security · Computer Science 2022-12-23 Joongun Park , Seunghyo Kang , Sanghyeon Lee , Taehoon Kim , Jongse Park , Youngjin Kwon , Jaehyuk Huh

Sandboxing mechanisms allow developers to limit how much access applications have to resources, following the least-privilege principle. However, it's not clear how much and in what ways developers are using these mechanisms. This study…

Software Engineering · Computer Science 2024-05-14 Maysara Alhindi , Joseph Hallett

Computer systems often provide hardware support for isolation mechanisms like privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that…

Cryptography and Security · Computer Science 2020-01-30 Matteo Busi , Job Noorman , Jo Van Bulck , Letterio Galletta , Pierpaolo Degano , Jan Tobias Mühlberg , Frank Piessens

Application size and complexity are the underlying cause of numerous security vulnerabilities in code. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of…

Cryptography and Security · Computer Science 2017-06-12 Ahmad Atamli-Reineh , Andrew Martin

Browser Extensions (often called plugins or addons) are small pieces of code that let developers add additional functionality to the browser. However, with extensions comes a security price: the user must trust the developer. We look at…

Cryptography and Security · Computer Science 2014-03-14 Abhay Rana , Rushil Nagda

Companies developing and maintaining software-only products like web shops aim for establishing persistent links to their software running in the field. Monitoring data from real usage scenarios allows for a number of improvements in the…

Software Engineering · Computer Science 2016-08-25 Philip Masek , Magnus Thulin , Hugo Andrade , Christian Berger , Ola Benderius

Modern software supply chains face an increasing threat from malicious code hidden in trusted components such as browser extensions, IDE extensions, and open-source packages. This paper introduces JavaSith, a novel client-side framework for…

Cryptography and Security · Computer Science 2025-05-28 Avihay Cohen

WebAssembly is revolutionizing the approach to developing modern applications. Although this technology was born to create portable and performant modules in web browsers, currently, its capabilities are extensively exploited in multiple…

Cryptography and Security · Computer Science 2025-02-11 Gaetano Perrone , Simon Pietro Romano

Passwords are undoubtedly the most dominant user authentication mechanism on the web today. Although they are inexpensive and easy-to-use, security concerns of password-based authentication are serious. Phishing and theft of password…

Cryptography and Security · Computer Science 2018-04-24 Klaudia Krawiecka , Arseny Kurnikov , Andrew Paverd , Mohammad Mannan , N. Asokan

Open software ecosystems are beneficial for customers; they benefit from 3rd party services and applications, e.g. analysis of data using apps, developed and deployed by other companies or open-source communities. One significant advantage…

Cryptography and Security · Computer Science 2024-05-21 Christian Binkowski , Stefan Appel , Andreas Aßmuth

Tool-augmented LLM agents raise new security risks: tool executions can introduce runtime-only behaviors, including prompt injection and unintended exposure of external inputs (e.g., environment secrets or local files). While existing…

Cryptography and Security · Computer Science 2026-01-06 Zhuoran Tan , Run Hao , Jeremy Singer , Yutian Tang , Christos Anagnostopoulos

Serverless computing is an approach to cloud computing that allows programmers to run serverless functions in response to external events. Serverless functions are priced at sub-second granularity, support transparent elasticity, and…

Distributed, Parallel, and Cluster Computing · Computer Science 2020-08-05 Emily Herbert , Arjun Guha

Isolating programs is an important mechanism to support more secure applications. Isolating program in dynamic languages such as JavaScript is even more challenging since reflective operations can circumvent simple mechanisms that could…

Programming Languages · Computer Science 2013-09-17 Damien Cassou , Stéphane Ducasse , Nicolas Petton

Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security…

Cryptography and Security · Computer Science 2019-10-17 Huayi Duan , Cong Wang , Xingliang Yuan , Yajin Zhou , Qian Wang , Kui Ren

Current cyber-physical systems (CPS) are expected to accomplish complex tasks. To achieve this goal, high performance, but unverified controllers (e.g. deep neural network, black-box controllers from third parties) are applied, which makes…

Systems and Control · Electrical Eng. & Systems 2021-09-24 Bingzhuo Zhong , Majid Zamani , Marco Caccamo

Large language model (LLM) services have recently begun offering a plugin ecosystem to interact with third-party API services. This innovation enhances the capabilities of LLMs, but it also introduces risks, as these plugins developed by…

Cryptography and Security · Computer Science 2024-04-29 Wanru Zhao , Vidit Khazanchi , Haodi Xing , Xuanli He , Qiongkai Xu , Nicholas Donald Lane

We present the design, implementation and evaluation of a system, called MATRIX, developed to protect the privacy of mobile device users from location inference and sensor side-channel attacks. MATRIX gives users control and visibility over…

Cryptography and Security · Computer Science 2018-08-15 Sashank Narain , Guevara Noubir

Applications running in Trusted Execution Environments (TEEs) commonly use untrusted external services such as host File System. Adversaries may maliciously alter the normal service behavior to trigger subtle application bugs that would…

Cryptography and Security · Computer Science 2022-11-15 Meni Orenbach , Bar Raveh , Alon Berkenstadt , Yan Michalevsky , Shachar Itzhaky , Mark Silberstein

With the evolution of computer systems, the amount of sensitive data to be stored as well as the number of threats on these data grow up, making the data confidentiality increasingly important to computer users. Currently, with devices…

With the continuous rise of malicious campaigns and the exploitation of new attack vectors, it is necessary to assess the efficacy of the defensive mechanisms used to detect them. To this end, the contribution of our work is twofold. First,…

Cryptography and Security · Computer Science 2021-05-04 Vasilios Koutsokostas , Constantinos Patsakis