Empirical analysis of 444 iOS apps using dynamic traffic interception found 282 leaking LLM API keys across ten providers, with only 28% remediation after three months.
hub Canonical reference
In: IEEE Symposium on Security and Privacy (S&P)
Canonical reference. 92% of citing Pith papers cite this work as background.
hub tools
citation-role summary
citation-polarity summary
representative citing papers
MHOT achieves provably minimal tree height via discriminative-bit indexing and hierarchical proofs, delivering up to 9X write throughput, 4X lower amplification, 2X smaller proofs, and 0% Nurgle attack success versus MPT on Ethereum workloads.
Formulates privacy-constrained advertising measurement as a robust causal decision problem under signal loss and derives a sharp decision frontier separating certifiable from unresolved incrementality claims.
Decentralized block building is an exact potential game with an asymptotically tight factor-2 Price of Anarchy and utility concentration bounds showing the lowest-utility builder earns at least half the highest.
PACZero achieves zero mutual information privacy in LLM fine-tuning via sign-quantized subset-aggregated ZO gradients, delivering near non-private accuracy on SST-2 at I=0.
A low-stake adversary can degrade a liquid staking pool's performance via consensus manipulation and profit from the resulting drop in its LST value through application-layer financial positions.
Cond-DP conditions DPSGD on public features with decaying spectra to achieve faster convergence guarantees and better empirical performance in label-DP regression.
ResAware improves cross-environment website fingerprinting robustness by distilling resource-privileged knowledge into a traffic-only student model, raising Var-CNN F1 from 72.77% to 81.49% under 150-day drift on a 160k-sample dataset.
Embedding and removing a dummy backdoor reduces unknown backdoor success in generative LLMs by targeting shared trigger-activated internal mechanisms.
GapFuzz detects cross-plane divergences in distributed SDN clusters by injecting timed contradictory Northbound requests on backup nodes and reconstructing state via replica queries plus kernel probes, reporting 81.7% detection on ONOS 2.7.
DNS over CoAP with packet length equalization, block-wise transfer, header and payload compression reduces DNS identification accuracy to 77-86% in constrained IoT scenarios, outperforming DNS over HTTPS.
TraceCodec is a compiler-backed neural codec that lifts packets to state-aware action latents for high-fidelity multi-flow trace generation, matching real traces within 0.03% on CICIDS2017.
A systematic review of on-device AI inference security finds defenses are imbalanced, with roughly half focused on IP theft while one-third of attacks (adversarial examples) lack any associated defenses.
PoisonCap uses a new poison capability format to deliver strict use-after-free and initialization safety for CHERI systems with no fundamental overhead over Cornucopia baselines.
An automated static-analysis pipeline generates labeled structural units from virtualization-obfuscated binaries so LLMs can analyze them without exceeding token limits.
Current AI image watermark removal attacks replace the watermark with a different forensic signal, allowing independent detectors to distinguish processed outputs from clean images at over 98% true-positive rate under a 1% false-positive budget.
GRASP detects anomalies in system provenance graphs via self-supervised executable prediction from two-hop neighborhoods, outperforming prior PIDS on DARPA datasets by identifying all documented attacks where behaviors are learnable plus additional unlabeled suspicious activity.
Metaphors scaffold youth privacy reasoning and design, with relational metaphors potentially increasing disclosure by framing systems as loyal companions.
Pomegranate compartmentalizes commodity OS kernels via virtualization extensions, sentry functions, and EPT-enforced policies, achieving negligible overhead on a Linux network stack when compartment boundaries limit cross-talk.
Semia synthesizes Datalog representations of agent skills via constraint-guided loops to enable reachability queries for semantic risks, finding critical issues in over half of 13,728 real skills with 97.7% recall on expert-labeled samples.
BadStyle creates stealthy backdoors in LLMs by poisoning samples with imperceptible style triggers and using an auxiliary loss to stabilize payload injection, achieving high attack success rates across multiple models while evading defenses.
A differentially private pipeline using node-level DP summaries to fit ERGMs or SBMs, generate synthetic networks, and simulate SIS disease spread on ARTNet sexual contact data produces incidence, prevalence, and intervention effect sizes close to non-private versions.
PrivacyAkinator uses LLM-generated questions grounded in data-flow representations and a news-mined design space to help developers surface privacy decisions, yielding 47% more decisions identified in 73% less time than PRAM in a 24-person study.
ContentFuzz rewrites posts with LLM guidance from stance model confidence to flip machine labels without altering human intent, tested across four models and three datasets in two languages.
citing papers explorer
-
MHOT: Height-Optimized Authenticated Data Structure for Blockchain State Commitment
MHOT achieves provably minimal tree height via discriminative-bit indexing and hierarchical proofs, delivering up to 9X write throughput, 4X lower amplification, 2X smaller proofs, and 0% Nurgle attack success versus MPT on Ethereum workloads.
-
Dummy Backdoor as a Defense: Removing Unknown Backdoors via Shared Internal Mechanisms for Generative LLMs
Embedding and removing a dummy backdoor reduces unknown backdoor success in generative LLMs by targeting shared trigger-activated internal mechanisms.
-
Secrets Best Not Shared: DNS Privacy Enhancements for the Constrained IoT
DNS over CoAP with packet length equalization, block-wise transfer, header and payload compression reduces DNS identification accuracy to 77-86% in constrained IoT scenarios, outperforming DNS over HTTPS.
-
Protecting On-Device AI Inference: A Systematic Review of Attacks and Defence Mechanisms
A systematic review of on-device AI inference security finds defenses are imbalanced, with roughly half focused on IP theft while one-third of attacks (adversarial examples) lack any associated defenses.
-
Towards LLM-Based Analysis of Virtualization-Obfuscated Code through Automated Data Generation
An automated static-analysis pipeline generates labeled structural units from virtualization-obfuscated binaries so LLMs can analyze them without exceeding token limits.
-
Removing the Watermark Is Not Enough: Forensic Stealth in Generative-AI Watermark Removal
Current AI image watermark removal attacks replace the watermark with a different forensic signal, allowing independent detectors to distinguish processed outputs from clean images at over 98% true-positive rate under a 1% false-positive budget.
-
GRASP -- Graph-Based Anomaly Detection Through Self-Supervised Classification
GRASP detects anomalies in system provenance graphs via self-supervised executable prediction from two-hop neighborhoods, outperforming prior PIDS on DARPA datasets by identifying all documented attacks where behaviors are learnable plus additional unlabeled suspicious activity.
-
Pomegranate: A Lightweight Compartmentalization Architecture using Virtualization Extensions
Pomegranate compartmentalizes commodity OS kernels via virtualization extensions, sentry functions, and EPT-enforced policies, achieving negligible overhead on a Linux network stack when compartment boundaries limit cross-talk.
-
Semia: Auditing Agent Skills via Constraint-Guided Representation Synthesis
Semia synthesizes Datalog representations of agent skills via constraint-guided loops to enable reachability queries for semantic risks, finding critical issues in over half of 13,728 real skills with 97.7% recall on expert-labeled samples.
-
Stealthy Backdoor Attacks against LLMs Based on Natural Style Triggers
BadStyle creates stealthy backdoors in LLMs by poisoning samples with imperceptible style triggers and using an auxiliary loss to stabilize payload injection, achieving high attack success rates across multiple models while evading defenses.
-
Differentially Private Modeling of Disease Transmission within Human Contact Networks
A differentially private pipeline using node-level DP summaries to fit ERGMs or SBMs, generate synthetic networks, and simulate SIS disease spread on ARTNet sexual contact data produces incidence, prevalence, and intervention effect sizes close to non-private versions.
-
NanoTag: Systems Support for Efficient Byte-Granular Overflow Detection on ARM MTE
NanoTag enables byte-granular overflow detection on unmodified MTE binaries by combining hardware tagging with selective software tripwire checks on the Scudo allocator.
-
AliMark: Enhancing Robustness of Sentence-Level Watermarking Against Text Paraphrasing
AliMark introduces a two-stage detection strategy with multi-candidate bit sequence alignment to improve robustness of sentence-level text watermarks against paraphrasing attacks.
-
Security in the Fine-Tuning Lifecycle of Large Language Models: Threats, Defenses,Evaluation, and Future Directions
A lifecycle-based survey of LLM fine-tuning security that reviews attacks and defenses by intervention phase and reports unified empirical findings on model-dependent attack effectiveness and limited defense generalization.
-
Adversarial Reframing: A Framework for Targeted Generation in Language Models
THREAT uses coordinated LLMs in an iterative optimization loop to generate jailbreak prompts that achieve higher success rates and lower detection rates than previous methods across tested models and datasets.
-
Position Paper: Denial-of-Service against Multi-Round Transaction Simulation
The paper examines denial-of-service risks to multi-round transaction simulation arising from inter-transaction dependencies in smart-contract state.
-
Agent Security is a Systems Problem
The paper argues that agent security is best addressed as a systems problem by applying principles from operating systems, networks, and formal methods rather than relying solely on model robustness improvements.
-
AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey
A literature survey synthesizes 119 studies on AI-driven alert screening into a four-stage taxonomy of filtering, triage, correlation, and generative augmentation while identifying gaps in deployment realism and robustness.
-
Digital Guardians: The Past and The Future of Cyber-Physical Resilience
A survey frames CPS resilience through five themes and illustrates them in connected transportation and medical systems to provide a roadmap for real-world resilience.
- StegoStylo: Squelching Stylometric Scrutiny through Steganographic Stitching