English
Related papers

Related papers: Rethinking Broken Object Level Authorization Attac…

200 papers

Broken Object Level Authorization (BOLA) is consistently ranked the most critical API security vulnerability, yet the existing literature remains almost entirely conceptual. This paper presents one of the first large-scale empirical…

Cryptography and Security · Computer Science 2026-05-26 Bandana Kaur

APIs have become the prominent technology of choice for achieving inter-service communications. The growth of API deployments has driven the urgency in addressing its lack of security standards. API Security is a topic for concern given the…

Cryptography and Security · Computer Science 2024-06-05 Rami Haddad , Rim El Malki , Daniel Cozma

Objective. Insecure Direct Object Reference (IDOR) or Broken Object Level Authorization (BOLA) are one of the critical type of access control vulnerabilities for modern applications. As a result, an attacker can bypass authorization checks…

Cryptography and Security · Computer Science 2022-01-27 Alexander Barabanov , Denis Dergunov , Denis Makrushin , Aleksey Teplov

Broken Access Control (BAC) remains one of the most critical and widespread vulnerabilities in web applications, allowing attackers to access unauthorized resources or perform privileged actions. Despite its severity, BAC is underexplored…

Cryptography and Security · Computer Science 2025-07-23 I Putu Arya Dharmaadi , Mohannad Alhanahnah , Van-Thuan Pham , Fadi Mohsen , Fatih Turkmen

Broken Access Control (BAC) violations, which consistently rank among the top five security risks in the OWASP API Security Top 10, refer to unauthorized access attempts arising from BAC vulnerabilities, whose successful exploitation can…

Cryptography and Security · Computer Science 2025-12-24 Yanjing Yang , He Zhang , Bohan Liu , Jinwei Xu , Jinghao Hu , Liming Dong , Zhewen Mao , Dongxue Pan

Zero Trust Architectures (ZTA) fundamentally redefine network security by adopting a "trust nothing, verify everything" approach that requires identity verification for all access. Conventional discrete access control measures have proven…

Cryptography and Security · Computer Science 2025-01-14 Sina Ahmadi

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes (e.g., 500 HTTP server error status code). However,…

Software Engineering · Computer Science 2026-04-02 Omur Sahin , Man Zhang , Andrea Arcuri

Currently, Application Programming Interfaces (APIs) are becoming increasingly popular to facilitate data transfer in a variety of mobile applications. These APIs often process sensitive user information through their endpoints, which are…

Cryptography and Security · Computer Science 2023-10-24 Nate Haris , Kendree Chen , Ann Song , Benjamin Pou

Vision-Language-Action (VLA) models have advanced robotic control by enabling end-to-end decision-making directly from multimodal inputs. However, their tightly coupled architectures expose novel security vulnerabilities. Unlike traditional…

Cryptography and Security · Computer Science 2025-05-23 Xueyang Zhou , Guiyao Tie , Guowen Zhang , Hechang Wang , Pan Zhou , Lichao Sun

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

As cloud infrastructure evolves to support dynamic and distributed workflows, accelerated now by AI-driven processes, the outdated model of standing permissions has become a critical vulnerability. Based on the Cloud Security Alliance (CSA)…

Cryptography and Security · Computer Science 2025-10-13 Nico Bistolfi , Andreea Georgescu , Dave Hodson

Unauthorized access remains one of the critical security challenges in the realm of cybersecurity. With the increasing sophistication of attack techniques, the threat of unauthorized access is no longer confined to the conventional ones,…

Cryptography and Security · Computer Science 2025-07-23 Eyasu Getahun Chekole , Howard Halim , Jianying Zhou

The OAuth 2.0 protocol is one of the most widely deployed authorization/single sign-on (SSO) protocols and also serves as the foundation for the new SSO standard OpenID Connect. Despite the popularity of OAuth, so far analysis efforts were…

Cryptography and Security · Computer Science 2019-01-31 Daniel Fett , Ralf Kuesters , Guido Schmitz

Although Large Language Models (LLMs) have evolved from text generators into the cognitive core of modern AI systems, their inherent lack of authorization awareness exposes these systems to catastrophic risks, ranging from unintentional…

Artificial Intelligence · Computer Science 2026-04-06 Yang Li , Yule Liu , Xinlei He , Youjian Zhao , Qi Li , Ke Xu

Cloud-based services have become part of our day-to-day software solutions. The identity authentication process is considered to be the main gateway to these services. As such, these gates have become increasingly susceptible to aggressive…

Cryptography and Security · Computer Science 2017-11-27 Marwan Darwish , Abdelkader Ouda , Luiz Fernando Capretz

Black-box adversarial attacks have demonstrated strong potential to compromise machine learning models by iteratively querying the target model or leveraging transferability from a local surrogate model. Recently, such attacks can be…

Machine Learning · Computer Science 2024-09-09 Hanbin Hong , Xinyu Zhang , Binghui Wang , Zhongjie Ba , Yuan Hong

Softwarization and virtualization in 5G and beyond require rigorous testing against vulnerabilities and unintended emergent behaviors for critical infrastructure and network security assurance. Formal methods operates efficiently in…

Cryptography and Security · Computer Science 2023-07-13 Jingda Yang , Ying Wang

Internet of Things (IoT) devices pose significant security challenges due to their heterogeneity (i.e., hardware and software) and vulnerability to extensive attack surfaces. Today's conventional perimeter-based systems use credential-based…

Cryptography and Security · Computer Science 2023-11-29 Cem Bicer , Ilir Murturi , Praveen Kumar Donta , Schahram Dustdar

In recent cyber attacks, credential theft has emerged as one of the primary vectors of gaining entry into the system. Once attacker(s) have a foothold in the system, they use various techniques including token manipulation to elevate the…

Cryptography and Security · Computer Science 2022-11-30 Jaimandeep Singh , Chintan Patel , Naveen Kumar Chaudhary

This paper introduces a robust zero-trust architecture (ZTA) tailored for the decentralized system that empowers efficient remote work and collaboration within IoT networks. Using blockchain-based federated learning principles, our proposed…

Cryptography and Security · Computer Science 2024-06-26 Shiva Raj Pokhrel , Luxing Yang , Sutharshan Rajasegarar , Gang Li
‹ Prev 1 2 3 10 Next ›