English
Related papers

Related papers: Automatic detection of access control vulnerabilit…

200 papers

When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and…

Software Engineering · Computer Science 2020-08-20 Shamal Faily , Claudia Iacob , Raian Ali , Duncan Ki-Aries

Traditionally, security systems for enterprises have implicit access based on strong cryptography, authentication and key sharing, wherein access control is based on Role Based Access Control (RBAC), in which roles such as manager,…

Cryptography and Security · Computer Science 2022-03-18 Nitesh Kumar , Gaurav S. Kasbekar , D. Manjunath

Autonomous Large Language Model (LLM) agents exhibit significant vulnerability to Indirect Prompt Injection (IPI) attacks. These attacks hijack agent behavior by polluting external information sources, exploiting fundamental trade-offs…

Artificial Intelligence · Computer Science 2026-01-26 Zhibo Liang , Tianze Hu , Zaiye Chen , Mingjie Tang

Broken Access Control (BAC) violations, which consistently rank among the top five security risks in the OWASP API Security Top 10, refer to unauthorized access attempts arising from BAC vulnerabilities, whose successful exploitation can…

Cryptography and Security · Computer Science 2025-12-24 Yanjing Yang , He Zhang , Bohan Liu , Jinwei Xu , Jinghao Hu , Liming Dong , Zhewen Mao , Dongxue Pan

Software Defined Internet of Things (SD-IoT) Networks profits from centralized management and interactive resource sharing which enhances the efficiency and scalability of IoT applications. But with the rapid growth in services and…

Cryptography and Security · Computer Science 2018-06-08 Jiaqi Li , Zhifeng Zhao , Rongpeng Li , Honggang Zhang

With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits control flow to well-known locations, severely restricting…

Cryptography and Security · Computer Science 2019-11-26 Kyriakos Ispoglou , Bader AlBassam , Trent Jaeger , Mathias Payer

In the current control design of safety-critical autonomous systems, formal verification techniques are typically applied after the controller is designed to evaluate whether the required properties (e.g., safety) are satisfied. However,…

Systems and Control · Electrical Eng. & Systems 2021-06-08 Yixuan Wang , Chao Huang , Zhaoran Wang , Zhilu Wang , Qi Zhu

The intrusion detection system (IDS) is an essential element of security monitoring in computer networks. An IDS distinguishes the malicious traffic from the benign one and determines the attack types targeting the assets of the…

Cryptography and Security · Computer Science 2021-08-23 Mahdi Soltani , Behzad Ousat , Mahdi Jafari Siavoshani , Amir Hossein Jahangir

Object detection models, widely used in security-critical applications, are vulnerable to backdoor attacks that cause targeted misclassifications when triggered by specific patterns. Existing backdoor defense techniques, primarily designed…

Computer Vision and Pattern Recognition · Computer Science 2024-10-01 Xianda Zhang , Siyuan Liang

Backdoor attacks (BA) are an emerging threat to deep neural network classifiers. A classifier being attacked will predict to the attacker's target class when a test sample from a source class is embedded with the backdoor pattern (BP).…

Cryptography and Security · Computer Science 2021-10-22 Zhen Xiang , David J. Miller , Siheng Chen , Xi Li , George Kesidis

Security Orchestration, Automation, and Response (SOAR) platforms integrate and orchestrate a wide variety of security tools to accelerate the operational activities of Security Operation Center (SOC). Integration of security tools in a…

Cryptography and Security · Computer Science 2022-01-21 Zarrin Tasnim Sworna , Chadni Islam , Muhammad Ali Babar

Distributed data analytics platforms (i.e., Apache Spark, Hadoop) provide high-level APIs to programmatically write analytics tasks that are run distributedly in multiple computing nodes. The design of these frameworks was primarily…

Cryptography and Security · Computer Science 2023-12-05 Fahad Shaon , Sazzadur Rahaman , Murat Kantarcioglu

Indicators of Compromise (IOCs) are artifacts observed on a network or in an operating system that can be utilized to indicate a computer intrusion and detect cyber-attacks in an early stage. Thus, they exert an important role in the field…

Artificial Intelligence · Computer Science 2018-10-25 Shengping Zhou , Zi Long , Lianzhi Tan , Hao Guo

OAuth is the new de facto standard for delegating authorization in the web. An important limitation of OAuth is the fact that it was designed for authorization and not for authentication. The usage of OAuth for authentication thus leads to…

Cryptography and Security · Computer Science 2016-01-08 Vladislav Mladenov , Christian Mainka , Jörg Schwenk

Large language models (LLMs) increasingly rely on retrieving information from external corpora. This creates a new attack surface: indirect prompt injection (IPI), where hidden instructions are planted in the corpora and hijack model…

Cryptography and Security · Computer Science 2026-01-13 Hongyan Chang , Ergute Bao , Xinjian Luo , Ting Yu

Intrusion detection has been a commonly adopted detective security measures to safeguard systems and networks from various threats. A robust intrusion detection system (IDS) can essentially mitigate threats by providing alerts. In networks…

Cryptography and Security · Computer Science 2024-11-06 Maraz Mia , Mir Mehedi A. Pritom , Tariqul Islam , Kamrul Hasan

Intrusion detection systems (IDS) reinforce cyber defense by autonomously monitoring various data sources for traces of attacks. However, IDSs are also infamous for frequently raising false positives and alerts that are difficult to…

Cryptography and Security · Computer Science 2024-09-04 Max Landauer , Florian Skopik , Markus Wurzenberger

Broken access control is one of the most common security vulnerabilities in web applications. These vulnerabilities are the major cause of many data breach incidents, which result in privacy concern and revenue loss. However, preventing and…

Cryptography and Security · Computer Science 2023-04-24 Li Zhong

Low-rate application layer distributed denial of service (LDDoS) attacks are both powerful and stealthy. They force vulnerable webservers to open all available connections to the adversary, denying resources to real users. Mitigation advice…

Networking and Internet Architecture · Computer Science 2019-04-03 Michael Siracusano , Stavros Shiaeles , Bogdan Ghita

The increasing interconnection of industrial networks exposes them to an ever-growing risk of cyber attacks. To reveal such attacks early and prevent any damage, industrial intrusion detection searches for anomalies in otherwise predictable…

Cryptography and Security · Computer Science 2022-07-12 Konrad Wolsing , Eric Wagner , Antoine Saillard , Martin Henze