English
Related papers

Related papers: WebSpec: Towards Machine-Checked Analysis of Brows…

200 papers

As language models are increasingly deployed as autonomous agents in high-stakes settings, ensuring that they reliably follow user-defined rules has become a critical safety concern. To this end, we study whether language models exhibit…

Machine Learning · Computer Science 2025-08-28 Dylan Sam , Alexander Robey , Andy Zou , Matt Fredrikson , J. Zico Kolter

Rigorous quantitative evaluation of microarchitectural side channels is challenging for two reasons. First, the processors, attacks, and defenses often exhibit probabilistic behaviors. These probabilistic behaviors arise due to natural…

Cryptography and Security · Computer Science 2025-10-06 Weihang Li , Pete Crowley , Arya Tschand , Yu Wang , Miroslav Pajic , Daniel Sorin

This paper presents a systematic evaluation of the privacy behaviors and attributes of eight recent, popular browser agents. Browser agents are software that automate Web browsing using large language models and ancillary tooling. However,…

Cryptography and Security · Computer Science 2025-12-09 Alisha Ukani , Hamed Haddadi , Ali Shahin Shamsabadi , Peter Snyder

BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. It employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized…

Cryptography and Security · Computer Science 2019-01-31 Daniel Fett , Ralf Kuesters , Guido Schmitz

Secure by Design has become the mainstream development approach ensuring that software systems are not vulnerable to cyberattacks. Architectural security controls need to be carefully monitored over the software development life cycle to…

Software Engineering · Computer Science 2023-07-13 Ahmet Okutan , Ali Shokri , Viktoria Koscinski , Mohamad Fazelinia , Mehdi Mirakhorli

Large language models (LLMs) for automatic code generation have achieved breakthroughs in several programming tasks. Their advances in competition-level programming problems have made them an essential pillar of AI-assisted pair…

Cryptography and Security · Computer Science 2023-10-24 Hossein Hajipour , Keno Hassler , Thorsten Holz , Lea Schönherr , Mario Fritz

Many JavaScript applications perform HTTP requests to web APIs, relying on the request URL, HTTP method, and request data to be constructed correctly by string operations. Traditional compile-time error checking, such as calling a…

Software Engineering · Computer Science 2017-02-17 Erik Wittern , Annie T. T. Ying , Yunhui Zheng , Julian Dolby , Jim A. Laredo

Browser fingerprinting is an invasive and opaque stateless tracking technique. Browser vendors, academics, and standards bodies have long struggled to provide meaningful protections against browser fingerprinting that are both accurate and…

Cryptography and Security · Computer Science 2020-08-12 Umar Iqbal , Steven Englehardt , Zubair Shafiq

WebAssembly (Wasm) is a low-level bytecode language and virtual machine, intended as a compilation target for a wide range of programming languages, which is seeing increasing adoption across diverse ecosystems. As a young technology, Wasm…

In recent years, Cyber attacks have increased in number, and with them, the intensity of the attacks and their potential to damage the user have also increased significantly. In an ever-advancing world, users find it difficult to keep up…

Cryptography and Security · Computer Science 2024-11-22 Latesh G. Malik , Rohini Shambharkar , Shivam Morey , Shubhlak Kanpate , Vedika Raut

Database query performance problem determination is often performed by analyzing query execution plans (QEPs) in addition to other performance data. As the query workloads that organizations run, have become larger and more complex,…

Databases · Computer Science 2015-10-13 Guilherme Damasio , Piotr Mierzejewski , Jaroslaw Szlichta , Calisto Zuzarte

The complexity, interdependence, and rapid evolution of 3GPP specifications present fundamental challenges for ensuring the security of modern cellular networks. Manual reviews and existing automated approaches, which often depend on…

Cryptography and Security · Computer Science 2026-04-02 Ke Xie , Xingyi Zhao , Min-Yue Chen , Yu-An Chen , Yiwen Hu , Munshi Saifuzzaman , Wen Li , Shuhan Yuan , Guan-Hua Tu , Tian Xie

Since the discovery of Spectre, a large number of hardware mechanisms for secure speculation has been proposed. Intuitively, more defensive mechanisms are less efficient but can securely execute a larger class of programs, while more…

Cryptography and Security · Computer Science 2020-10-02 Marco Guarnieri , Boris Köpf , Jan Reineke , Pepe Vila

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

New speculation-based attacks that affect large numbers of modern systems are disclosed regularly. Currently, CPU vendors regularly fall back to heavy-handed mitigations like using barriers or enforcing strict programming guidelines…

Cryptography and Security · Computer Science 2023-06-21 Ali Hajiabadi , Archit Agarwal , Andreas Diavastos , Trevor E. Carlson

Discovering vulnerabilities in applications of real-world complexity is a daunting task: a vulnerability may affect a single line of code, and yet it compromises the security of the entire application. Even worse, vulnerabilities may…

Cryptography and Security · Computer Science 2020-12-10 Gabriele Costa , Andrea Valenza

Web attacks, i.e. attacks exclusively using the HTTP protocol, are rapidly becoming one of the fundamental threats for information systems connected to the Internet. When the attacks suffered by web servers through the years are analyzed,…

Cryptography and Security · Computer Science 2007-05-23 Gonzalo Alvarez , Slobodan Petrovic

Large Language Models (LLMs) have demonstrated remarkable capabilities in code generation, but their proficiency in producing secure code remains a critical, under-explored area. Existing benchmarks often fall short by relying on synthetic…

Cryptography and Security · Computer Science 2026-02-02 Yanlin Wang , Ziyao Zhang , Chong Wang , Xinyi Xu , Mingwei Liu , Yong Wang , Jiachi Chen , Zibin Zheng

Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the…

Cryptography and Security · Computer Science 2013-08-01 Hatem Ghabri , Ghazi Maatoug , Michael Rusinowitch

Web application pentesting is a crucial component in the offensive cybersecurity area, whose aim is to safeguard web applications and web services as the majority of the web applications are mounted in publicly accessible web environments.…

Cryptography and Security · Computer Science 2024-10-17 María Olivares-Naya , Jacobo Casado de Gracia , Alfonso Sánchez-Macián