English
Related papers

Related papers: Automatic detection of access control vulnerabilit…

200 papers

Fault injection attacks represent a class of threats that can compromise embedded systems across multiple layers of abstraction, such as system software, instruction set architecture (ISA), microarchitecture, and physical implementation.…

Cryptography and Security · Computer Science 2025-05-07 Arsalan Ali Malik , Harshvadan Mihir , Aydin Aysu

The lack of reliable sources of detailed information on the vulnerabilities of open-source software (OSS) components is a major obstacle to maintaining a secure software supply chain and an effective vulnerability management process.…

Cryptography and Security · Computer Science 2025-03-18 Antonino Sabetta , Michele Bezzi

As control-flow protection gets widely deployed, it is difficult for attackers to corrupt control-data and achieve control-flow hijacking. Instead, data-oriented attacks, which manipulate non-control data, have been demonstrated to be…

Cryptography and Security · Computer Science 2024-05-03 Zhilong Wang , Haizhou Wang , Hong Hu , Peng Liu

Machine learning has been applied to a broad range of applications and some of them are available online as application programming interfaces (APIs) with either free (trial) or paid subscriptions. In this paper, we study adversarial…

Machine Learning · Computer Science 2018-11-06 Yi Shi , Yalin E. Sagduyu , Kemal Davaslioglu , Jason H. Li

Web services often impose inter-parameter dependencies that restrict the way in which two or more input parameters can be combined to form valid calls to the service. Unfortunately, current specification languages for web services like the…

Software Engineering · Computer Science 2020-05-08 Alberto Martin-Lopez , Sergio Segura , Carlos Müller , Antonio Ruiz-Cortés

Inspection of insulators is important to ensure reliable operation of the power system. Deep learning is being increasingly exploited to automate the inspection process by leveraging object detection models to analyse aerial images captured…

Computer Vision and Pattern Recognition · Computer Science 2024-08-28 Laya Das , Blazhe Gjorgiev , Giovanni Sansavini

Software vulnerabilities, caused by unintentional flaws in source codes, are the main root cause of cyberattacks. Source code static analysis has been used extensively to detect the unintentional defects, i.e. vulnerabilities, introduced…

Cryptography and Security · Computer Science 2022-11-17 Arash Mahyari

An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer…

Cryptography and Security · Computer Science 2018-12-18 Rohan Doshi , Noah Apthorpe , Nick Feamster

Context: In C, low-level errors, such as buffer overflow and use-after-free, are a major problem, as they cause security vulnerabilities and hard-to-find bugs. C lacks automatic checks, and programmers cannot apply defensive programming…

Programming Languages · Computer Science 2017-12-05 Manuel Rigger , Rene Mayrhofer , Roland Schatz , Matthias Grimmer , Hanspeter Mössenböck

In this paper, we present a generic, query-efficient black-box attack against API call-based machine learning malware classifiers. We generate adversarial examples by modifying the malware's API call sequences and non-sequential features…

Cryptography and Security · Computer Science 2020-10-06 Ishai Rosenberg , Asaf Shabtai , Yuval Elovici , Lior Rokach

Intrusion Detection Systems (IDS) must maintain reliable detection performance under rapidly evolving benign traffic patterns and the continual emergence of cyberattacks, including zero-day threats with no labeled data available. However,…

Cryptography and Security · Computer Science 2026-02-10 Sean Fuhrman , Onat Gungor , Tajana Rosing

We present the first systematic approach to static and dynamic taint analysis for Graph APIs focusing on broken access control. The approach comprises the following. We taint nodes of the Graph API if they represent data requiring specific…

Cryptography and Security · Computer Science 2026-03-18 Leen Lambers , Lucas Sakizloglou , Taisiya Khakharova , Fernando Orejas

Federated Learning (FL) is increasingly adopted for privacy-preserving collaborative training, but its decentralized nature makes it particularly susceptible to backdoor attacks. Existing attack methods, however, often rely on idealized…

Cryptography and Security · Computer Science 2025-08-21 Xuezheng Qin , Ruwei Huang , Xiaolong Tang , Feng Li

There have been several efforts in backdoor attacks, but these have primarily focused on the closed-set performance of classifiers (i.e., classification). This has left a gap in addressing the threat to classifiers' open-set performance,…

Machine Learning · Computer Science 2024-12-09 ZeinabSadat Taghavi , Hossein Mirzaei

User tracking is critical in the mobile ecosystem, which relies on device identifiers to build clear user profiles. In earlier ages, Android allowed easy access to non-resettable device identifiers like device serial numbers and IMEI by…

Cryptography and Security · Computer Science 2025-02-24 Zikan Dong , Liu Wang , Guoai Xu , Haoyu Wang

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

Data-oriented attacks manipulate non-control data to alter a program's benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow…

Cryptography and Security · Computer Science 2019-03-26 Long Cheng , Hans Liljestrand , Thomas Nyman , Yu Tsung Lee , Danfeng Yao , Trent Jaeger , N. Asokan

Understanding application resilience (or error tolerance) in the presence of hardware transient faults on data objects is critical to ensure computing integrity and enable efficient application-level fault tolerance mechanisms. However, we…

Distributed, Parallel, and Cluster Computing · Computer Science 2021-02-16 Luanzheng Guo , Dong Li

AI control protocols serve as a defense mechanism to stop untrusted LLM agents from causing harm in autonomous settings. Prior work treats this as a security problem, stress testing with exploits that use the deployment context to subtly…

Access control policies are used to restrict access to sensitive records for authorized users only. One approach for specifying policies is using role based access control (RBAC) where authorization is given to roles instead of users. Users…

Cryptography and Security · Computer Science 2015-03-27 Khair Eddin Sabri