315 papers
This paper introduces \SysName, a novel framework that enhances Multi-Agent System security by shifting from static input filtering to execution-aware analysis through the reconstruction of Cross-Agent Semantic Flows, effectively detecting complex attack vectors that bypass conventional guardrails.
This paper evaluates the impact of logical vulnerabilities in 5G Standalone networks on UAV communications by utilizing a Kubernetes-based testbed to demonstrate how attacks from malicious UEs, compromised gNodeBs, or the 5G core can disrupt operations, thereby highlighting the critical need for user plane isolation and protocol integrity.
This paper demonstrates that diffusion-based image editing inherently compromises robust invisible watermarks by treating embedded payloads as noise to be removed during the denoising process, leading to a theoretical and empirical analysis of this fragility and proposing guidelines for future watermarking designs.
This paper introduces the first efficient framework for privacy-preserving sparse matrix-vector multiplication using homomorphic encryption, featuring a novel Compressed Sparse Sorted Column (CSSC) format that significantly reduces computational and storage overhead while enabling secure applications in fields like federated learning and scientific computing.
This paper demonstrates that while electromagnetic shielding effectively suppresses passive radiated emissions, it fails to prevent active RF probing attacks that exploit state-dependent impedance variations to leak execution-dependent information through backscattering.
This paper introduces Osmosis Distillation, a novel model hijacking attack that exploits synthetic datasets generated by dataset distillation methods to compromise deep learning models in transfer learning with high success rates using only a few poisoned samples while maintaining utility on original tasks.
This paper introduces AgentSCOPE, a benchmark and Privacy Flow Graph framework that reveals how agentic systems frequently violate contextual privacy at intermediate pipeline stages—particularly during tool responses—demonstrating that current output-focused evaluations significantly underestimate the true privacy risks of multi-step AI workflows.
The paper introduces EVMbench, a benchmarking framework that evaluates the capabilities of frontier AI agents in detecting, patching, and exploiting smart contract vulnerabilities within a realistic local Ethereum environment, revealing their ability to successfully execute end-to-end attacks against live blockchain instances.
This paper introduces the Fully Homomorphic Modified Rivest Scheme (FHMRS), identifies a specific security vulnerability within it, and proposes a modified version (mFHMRS) to resolve that issue.
This paper proposes a practical, post-quantum, lattice-based distributed ledger protocol tailored for financial institutions that ensures transaction confidentiality and auditability through novel zero-knowledge proofs, a new commitment equating method, and an efficient compact range-proof for single or multi-asset transactions.
GELO is a lightweight protocol that preserves prompt privacy for LLMs on untrusted accelerators by applying fresh, per-batch invertible mixing to hidden states, effectively thwarting statistical attacks while maintaining exact output accuracy with only 20–30% latency overhead.
This paper investigates the evolution of cyber threat intelligence to address AI-specific security threats by analyzing current gaps, proposing a structured knowledge base with concrete indicators of compromise across the AI supply chain, and outlining techniques for measuring artifact similarity to support a practical, AI-tailored defense framework.
This paper proposes a novel single-message adaptive shuffler-based piecewise (ASP) protocol for robust distribution estimation under pure shuffle differential privacy, which outperforms existing baselines by simultaneously achieving superior utility, minimal message complexity, and enhanced resilience against data poisoning attacks through an optimized randomizer and an Expectation Maximization with Adaptive Smoothing (EMAS) recovery algorithm.
This paper introduces Lambda-randomization, a computationally efficient multi-dimensional randomized response protocol that overcomes the curse of dimensionality by using a simple parameterization involving only three elements to retrieve unbiased estimates of true distributions.
This paper introduces "Volley Revolver," a novel matrix-encoding method that enables efficient privacy-preserving neural network inference via homomorphic encryption, demonstrated by a convolutional neural network that classifies 32 encrypted MNIST images in approximately 287 seconds on a public cloud while requiring only a single ciphertext upload.
This paper presents virtCCA, a virtualized implementation of Arm's Confidential Compute Architecture using TrustZone on existing hardware that enables the deployment of confidential virtual machines with strong API compatibility and acceptable performance overhead, bridging the gap until dedicated CCA hardware becomes widely available.
This paper presents a sample-optimal, locally differentially private algorithm for hypothesis selection that achieves the information-theoretic lower bound of using only rounds of interaction, thereby demonstrating the provable power of interactivity to overcome the sample complexity barrier inherent in non-interactive approaches.
This paper introduces PA-B2G, a provable and adjustable bit-to-Gaussian mapping framework that resolves the fundamental trade-off between image quality, security, and extraction reliability in diffusion-based generative steganography by enabling reversible, training-free embedding of arbitrary-length secret messages into pure Gaussian noise.
This paper introduces Inception, the first multi-turn jailbreak attack that exploits the memory mechanisms of text-to-image systems by embedding malicious intent across segmented and recursively expanded conversational turns, achieving a 20% higher success rate than state-of-the-art methods in bypassing safety filters.
This paper characterizes Apple's Synthetic Defocus Noise Pattern (SDNP) found in iPhone portrait-mode images, proposing a modeling method to mitigate its interference with PRNU-based camera source verification while demonstrating its utility for tracing images across different iPhone models and iOS versions.