English
Related papers

Related papers: Automatic detection of access control vulnerabilit…

200 papers

The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software.…

Software Engineering · Computer Science 2026-05-07 Liyou Chen , Hailong Sun , Xiang Gao , Lin Shi , Yixin Yang , Yi Xu

Access control is a security mechanism designed to ensure that only authorized users can access specific resources. Cross-domain access control involves access to resources across different organizations, institutions, or applications.…

Cryptography and Security · Computer Science 2025-12-01 Aiyao Zhang , Xiaodong Lee , Zhixian Zhuang , Jiuqi Wei , Yufan Fu , Botao Peng

With the improvements of computing technology, more and more applications embed powerful ARM processors into their devices. These systems can be attacked by redirecting the control-flow of a program to bypass critical pieces of code such as…

Cryptography and Security · Computer Science 2021-05-03 Robert Schilling , Pascal Nasahl , Stefan Mangard

The goal of an Intrusion Detection is inadequate to detect errors and unusual activity on a network or on the hosts belonging to a local network by monitoring network activity. Algorithms for building detection models are broadly classified…

Networking and Internet Architecture · Computer Science 2010-10-28 M. Sadiq Ali Khan

LLM developers have imposed technical interventions to prevent fine-tuning misuse attacks, attacks where adversaries evade safeguards by fine-tuning the model using a public API. Previous work has established several successful attacks…

Machine Learning · Computer Science 2025-10-27 Xander Davies , Eric Winsor , Alexandra Souly , Tomek Korbak , Robert Kirk , Christian Schroeder de Witt , Yarin Gal

Large language model fine-tuning APIs enable widespread model customization, yet pose significant safety risks. Recent work shows that adversaries can exploit access to these APIs to bypass model safety mechanisms by encoding harmful…

Machine Learning · Computer Science 2025-08-26 Jack Youstra , Mohammed Mahfoud , Yang Yan , Henry Sleight , Ethan Perez , Mrinank Sharma

Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning…

Cryptography and Security · Computer Science 2020-04-03 Yuyang Zhou , Guang Cheng , Shanqing Jiang , Mian Dai

The integration of external data services (e.g., Model Context Protocol, MCP) has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security…

Cryptography and Security · Computer Science 2026-02-25 Che Wang , Jiaming Zhang , Ziqi Zhang , Zijie Wang , Yinghui Wang , Jianbo Gao , Tao Wei , Zhong Chen , Wei Yang Bryan Lim

In this work, we investigate how to make use of model reduction techniques to identify the vulnerability of a closed-loop system, consisting of a plant and a supervisor, that might invite attacks. Here, the system vulnerability refers to…

Systems and Control · Electrical Eng. & Systems 2022-01-26 Ruochen Tai , Liyong Lin , Rong Su

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick

With web applications becoming a preferred method of presenting graphical user interfaces to users, software vulnerabilities affecting web applications are becoming more and more prevalent and devastating. Some of these vulnerabilities,…

Cryptography and Security · Computer Science 2019-08-14 Michael Flanders

Java applications are prone to vulnerabilities stemming from the insecure use of security-sensitive APIs, such as file operations enabling path traversal or deserialization routines allowing remote code execution. These sink APIs encode…

Cryptography and Security · Computer Science 2026-04-21 Fabian Fleischer , Cen Zhang , Joonun Jang , Jeongin Cho , Meng Xu , Taesoo Kim

Deep learning models achieve remarkable accuracy in computer vision tasks, yet remain vulnerable to adversarial examples--carefully crafted perturbations to input images that can deceive these models into making confident but incorrect…

Computer Vision and Pattern Recognition · Computer Science 2025-04-18 Khoi Nguyen Tiet Nguyen , Wenyu Zhang , Kangkang Lu , Yuhuan Wu , Xingjian Zheng , Hui Li Tan , Liangli Zhen

Backdoor attack is a new AI security risk that has emerged in recent years. Drawing on the previous research of adversarial attack, we argue that the backdoor attack has the potential to tap into the model learning process and improve model…

Cryptography and Security · Computer Science 2022-02-23 Shangxi Wu , Qiuyang He , Yi Zhang , Jitao Sang

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is…

Cryptography and Security · Computer Science 2014-12-05 Christian Mainka , Vladislav Mladenov , Jörg Schwenk

Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting…

Cryptography and Security · Computer Science 2014-07-03 Mathias Payer , Antonio Barresi , Thomas R. Gross

In an algorithmic complexity attack, a malicious party takes advantage of the worst-case behavior of an algorithm to cause denial-of-service. A prominent algorithmic complexity attack is regular expression denial-of-service (ReDoS), in…

Cryptography and Security · Computer Science 2017-01-17 Valentin Wüstholz , Oswaldo Olivo , Marijn J. H. Heule , Isil Dillig

Advanced Persistent Threats (APTs) are sophisticated multi-step attacks, planned and executed by skilled adversaries targeting modern government and enterprise networks. Intrusion Detection Systems (IDSs) and User and Entity Behavior…

Cryptography and Security · Computer Science 2021-01-08 Hazem M. Soliman , Geoff Salmon , Dušan Sovilj , Mohan Rao

Industrial components are of high importance because they control critical infrastructures that form the lifeline of modern societies. However, the rapid evolution of industrial components, together with the new paradigm of Industry 4.0,…

Cryptography and Security · Computer Science 2022-03-16 Ángel Longueira-Romero , Rosa Iglesias , Jose Luis Flores , Iñaki Garitano

Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources. In this paper, we introduce a formally-defined,…

Software Engineering · Computer Science 2017-01-02 Andrea Margheri , Massimiliano Masi , Rosario Pugliese , Francesco Tiezzi