English
Related papers

Related papers: BacAlarm: Mining and Simulating Composite API Traf…

200 papers

Broken Access Control (BAC) remains one of the most critical and widespread vulnerabilities in web applications, allowing attackers to access unauthorized resources or perform privileged actions. Despite its severity, BAC is underexplored…

Cryptography and Security · Computer Science 2025-07-23 I Putu Arya Dharmaadi , Mohannad Alhanahnah , Van-Thuan Pham , Fadi Mohsen , Fatih Turkmen

Currently, Application Programming Interfaces (APIs) are becoming increasingly popular to facilitate data transfer in a variety of mobile applications. These APIs often process sensitive user information through their endpoints, which are…

Cryptography and Security · Computer Science 2023-10-24 Nate Haris , Kendree Chen , Ann Song , Benjamin Pou

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

Role-Based Access Control (RBAC) struggles to adapt to dynamic enterprise environments with documents that contain information that cannot be disclosed to specific user groups. As these documents are used by LLM-driven systems (e.g., in…

Cryptography and Security · Computer Science 2025-12-24 Michele Lorenzo , Idilio Drago , Dario Salvadori , Fabio Romolo Vayr

The increasing automation of traffic management systems has made them prime targets for cyberattacks, disrupting urban mobility and public safety. Traditional network-layer defenses are often inaccessible to transportation agencies,…

A common trait of current access control approaches is the challenging need to engineer abstract and intuitive access control models. This entails designing access control information in the form of roles (RBAC), attributes (ABAC), or…

Cryptography and Security · Computer Science 2022-03-30 Mohammad Nur Nobi , Ram Krishnan , Yufei Huang , Mehrnoosh Shakarami , Ravi Sandhu

We present the first systematic approach to static and dynamic taint analysis for Graph APIs focusing on broken access control. The approach comprises the following. We taint nodes of the Graph API if they represent data requiring specific…

Cryptography and Security · Computer Science 2026-03-18 Leen Lambers , Lucas Sakizloglou , Taisiya Khakharova , Fernando Orejas

With the continuous improvement of attack methods, there are more and more distributed, complex, targeted attacks in which the attackers use combined attack methods to achieve the purpose. Advanced cyber attacks include multiple stages to…

Cryptography and Security · Computer Science 2021-10-26 Xiaoyu Wang , Xiaorui Gong , Lei Yu , Jian Liu

A common cause of bugs and vulnerabilities are the violations of usage constraints associated with Application Programming Interfaces (APIs). API misuses are common in software projects, and while there have been techniques proposed to…

Software Engineering · Computer Science 2022-04-22 Hong Jin Kang , David Lo

RESTful APIs facilitate data exchange between applications, but they also expose sensitive resources to potential exploitation. Broken Object Level Authorization (BOLA) is the top vulnerability in the OWASP API Security Top 10, exemplifies…

Cryptography and Security · Computer Science 2025-07-16 Anbin Wu , Zhiyong Feng , Ruitao Feng , Zhenchang Xing , Yang Liu

Today, security threats to operating systems largely come from network. Traditional discretionary access control mechanism alone can hardly defeat them. Although traditional mandatory access control models can effectively protect the…

Cryptography and Security · Computer Science 2016-09-06 Zhiyong Shan

We study the problem of medium access control in domain of event-driven wireless sensor networks (WSNs). In this kind of WSN, sensor nodes send data to sink node only when an event occurs in the monitoring area. The nodes in this kind of…

Networking and Internet Architecture · Computer Science 2012-05-22 Rajeev K. Shakya , Yatindra Nath Singh , Nishchal K. Verma

Consent-Based Access Control (CBAC) is a foundational mechanism for enforcing patient autonomy in modern healthcare information systems. Many CBAC frameworks are built on the eXtensible Access Control Markup Language (XACML) and inherit its…

Cryptography and Security · Computer Science 2026-03-10 Nasif Muslim , Jean-Charles Grégoire

Attribute-Based Access Control (ABAC) provides expressiveness and flexibility, making it a compelling model for enforcing fine-grained access control policies. To facilitate the transition to ABAC, extensive research has been conducted to…

Cryptography and Security · Computer Science 2025-05-14 Thang Bui , Anthony Matricia , Emily Contreras , Ryan Mauvais , Luis Medina , Israel Serrano

Lack of experience, inadequate documentation, and sub-optimal API design frequently cause developers to make mistakes when re-using third-party implementations. Such API misuses can result in unintended behavior, performance losses, or…

Software Engineering · Computer Science 2021-07-13 Sebastian Nielebock , Robert Heumüller , Kevin Michael Schott , Frank Ortmeier

This paper introduces language-based agent control (LBAC), a new programming model for agentic applications that brings techniques from programming languages and language-based security to the problem of agent control. In conventional…

Programming Languages · Computer Science 2026-05-14 Timothy Zhou , Loris D'Antoni , Nadia Polikarpova

Machine learning has been applied to a broad range of applications and some of them are available online as application programming interfaces (APIs) with either free (trial) or paid subscriptions. In this paper, we study adversarial…

Machine Learning · Computer Science 2018-11-06 Yi Shi , Yalin E. Sagduyu , Kemal Davaslioglu , Jason H. Li

While attack graphs are useful for identifying major cybersecurity threats affecting a system, they do not provide operational support for determining the likelihood of having a known vulnerability exploited, or that critical system nodes…

Cryptography and Security · Computer Science 2026-04-21 Francesco Vitale , Simone Guarino , Stefano Perone , Massimiliano Rak , Nicola Mazzocca

Security researchers have stated that the core concept behind current implementations of access control predates the Internet. These assertions are made to pinpoint that there is a foundational gap in this field, and one should consider…

Cryptography and Security · Computer Science 2016-09-16 Yvo Desmedt , Arash Shaghaghi

Developers rely on third-party library Application Programming Interfaces (APIs) when developing software. However, libraries typically come with assumptions and API usage constraints, whose violation results in API misuse. API misuses may…

Software Engineering · Computer Science 2026-04-17 Akalanka Galappaththi , Sarah Nadi , Christoph Treude
‹ Prev 1 2 3 10 Next ›