惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

NISL@THU
NISL@THU
罗磊的独立博客
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
人人都是产品经理
人人都是产品经理
美团技术团队
月光博客
月光博客
Last Week in AI
Last Week in AI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - Franky
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
量子位
博客园_首页
有赞技术团队
有赞技术团队
V
Visual Studio Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
C
Cisco Blogs
博客园 - 司徒正美
大猫的无限游戏
大猫的无限游戏
宝玉的分享
宝玉的分享
Spread Privacy
Spread Privacy
V
V2EX
K
Kaspersky official blog
C
Cybersecurity and Infrastructure Security Agency CISA
雷峰网
雷峰网
P
Privacy & Cybersecurity Law Blog
W
WeLiveSecurity
B
Blog
H
Hacker News: Front Page
AWS News Blog
AWS News Blog
T
Troy Hunt's Blog
Forbes - Security
Forbes - Security
T
The Blog of Author Tim Ferriss
GbyAI
GbyAI
V
Vulnerabilities – Threatpost
PCI Perspectives
PCI Perspectives
Latest news
Latest news
Stack Overflow Blog
Stack Overflow Blog
N
Netflix TechBlog - Medium
博客园 - 三生石上(FineUI控件)
Google DeepMind News
Google DeepMind News
C
Cyber Attacks, Cyber Crime and Cyber Security
G
Google Developers Blog
The Last Watchdog
The Last Watchdog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
H
Help Net Security
酷 壳 – CoolShell
酷 壳 – CoolShell

cs.CR updates on arXiv.org

An AI Security Agent for University ACMIS: Multi-Vector Threat Detection and Automated Response From Privacy to Workflow Integrity: Communication-Graph Metadata in Autonomous Agent Interoperability Learn from Your Mistakes: Tree-like Self-Play for Secure Code LLMs Send a SCOUT First: Pre-hoc Reasoning for Adaptive Detector Allocation in Prompt-Injection Defense QSignAI: Quantum-Randomness-Seeded Identity Signatures at the Intersection of AI for Science and Science for AI A Standardized Ontology for Intent-Based Security Management in Autonomous Networks Code as a Weapon: A Consensus-Labeled Prompt Bank for Measuring Coding-Model Compliance with Malicious-Code Requests Cordyceps: Covert Control Attacks on LLMs via Data Poisoning SAMark: A Self-Anchored Text Watermarking with Paragraph-Level Paraphrase Robustness Mechanistic origins of catastrophic forgetting: why RL preserves circuits better than SFT? Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents PLAGUE: Plug-and-play framework for Lifelong Adaptive Generation of Multi-turn Exploits VERA-V: Variational Inference Framework for Jailbreaking Vision-Language Models CrossGuard: Safeguarding MLLMs against Joint-Modal Implicit Malicious Attacks Feedback Lunch: Learned Feedback Codes for Secure Communications Noise Aggregation Analysis Driven by Small-Noise Injection: Efficient Membership Inference for Diffusion Models A First Look at the Security Issues in the Model Context Protocol Ecosystem Formalizing the Safety, Security, and Functional Properties of Agentic AI Systems CTIConnect: A Benchmark for Retrieval-Augmented LLMs over Heterogeneous Cyber Threat Intelligence RAG-Pull: Turning Retrieval into a Code-Injection Channel via Invisible Unicode Perturbations MEASER: Malware embedding attacks on open-source LLMs ADMIT: Few-shot Knowledge Poisoning Attacks on RAG-based Fact Checking Fall into a Pit, Gain in a Wit: Cognitive-Guided Harmful Meme Detection via Misjudgment Risk Pattern Retrieval When Search Goes Wrong: Red-Teaming Web-Augmented Large Language Models A2AS: Agentic AI Runtime Security and Self-Defense Differentially Private Synthetic Text Generation for Retrieval-Augmented Generation (RAG) Correcting Prompt Dependence in LLM Benchmarks: A Bayesian Hierarchical Model with Embedding-Space Clustering From surveillance to signalling: escalation channels as environmental controls for agentic AI Quantitative Certification of Agentic Tool Selection Bypassing Prompt Guards in Production with Controlled-Release Prompting Where Do Backdoors Live? A Component-Level Analysis of Backdoor Propagation in Speech Language Models STAC: When Innocent Tools Form Dangerous Chains to Jailbreak LLM Agents Fingerprinting LLMs via Prompt Injection Federated Spatiotemporal Graph Learning for Passive Attack Detection in Smart Grids SafeSearch: Automated Red-Teaming of LLM-Based Search Agents Uncovering Vulnerabilities of LLM-Assisted Cyber Threat Intelligence Benchmarking LLM-Assisted Blue Teaming via Standardized Threat Hunting LLM Watermark Evasion via Bias Inversion Guidance Watermarking for Diffusion Models SecureVibeBench: Benchmarking Secure Vibe Coding of AI Agents via Reconstructing Vulnerability-Introducing Scenarios RAG Security and Privacy: Formalizing the Threat Model and Attack Surface xOffense: An Autonomous Multi-Agent Framework for Penetration Testing with Domain-Adapted Large Language Models Enabling Regulatory Multi-Agent Collaboration: Architecture, Challenges, and Solutions Hammer and Anvil: Toward a Theory of Backdoors in Federated Learning Neuro-Symbolic AI for Cybersecurity: State of the Art, Challenges, and Opportunities Tell-Tale Watermarks for Explanatory Reasoning in Synthetic Media Forensics Between a Rock and a Hard Place: The Tension Between Ethical Reasoning and Safety Alignment in LLMs A Comprehensive Guide to Differential Privacy: From Theory to User Expectations HiGraph: A Large-Scale Hierarchical Graph Dataset for Malware Analysis AI Propaganda factories with language models Enabling Transparent Cyber Threat Intelligence Combining Large Language Models and Domain Ontologies Unveiling Unicode's Unseen Underpinnings in Undermining Authorship Attribution Optimizing Token Choice for Code Watermarking: An RL Approach Searching for Privacy Risks in LLM Agents via Simulation Exact Verification of Graph Neural Networks with Incremental Constraint Solving SPRINT: Robust Model Attribution of Generated Images via Secret Pixel Reconstruction Majority Bit-Aware Watermarking For Large Language Models BadBlocks: Low-Cost and Stealthy Backdoor Attacks Tailored for Text-to-Image Diffusion Models Coward: Collision-based OOD Watermarking for Practical Proactive Federated Backdoor Detection Prompt to Pwn: Automated Exploit Generation for Smart Contracts Activation-Guided Local Editing for Jailbreaking Attacks Random Walk Learning and the Pac-Man Attack How Much Do Large Language Model Cheat on Evaluation? Benchmarking Overestimation under the One-Time-Pad-Based Framework ExCyTIn-Bench: Evaluating LLM agents on Cyber Threat Investigation From Multi-Agent Systems and the Semantic Web to Agentic AI: A Unified Narrative of the Web of Agents White-Basilisk: A Hybrid Model for Code Vulnerability Detection Taming Data Challenges in ML-based Security Tasks Using Generative AI Optimus: A Robust Defense Framework for Mitigating Toxicity while Fine-Tuning Conversational AI Intrinsic Fingerprint of LLMs: Continue Training is NOT All You Need to Steal A Model! InvisibleInk: High-Utility and Low-Cost Text Generation with Differential Privacy Logit-Gap Steering: A Forward-Pass Diagnostic for Alignment Robustness VERA: Variational Inference Framework for Jailbreaking Large Language Models Toward Principled LLM Safety Testing: Solving the Jailbreak Oracle Problem Exploring the Secondary Risks of Large Language Models SHIELD: Secure Hypernetworks for Incremental Expansion Learning Defense Benchmarking Misuse Mitigation Against Covert Adversaries Through the Stealth Lens: Attention-Aware Defenses Against Poisoning in RAG Mitigating Disparate Impact of Differentially Private Learning through Bounded Adaptive Clipping Organizational Adaptation to Generative AI in Cybersecurity Efficient Preimage Approximation for Neural Network Certification Practical Adversarial Attacks on Stochastic Bandits via Fake Data Injection Enhancing Membership Inference Attacks on Diffusion Models from a Frequency-Domain Perspective Efficient and Stealthy Jailbreak Attacks via Adversarial Prompt Distillation from LLMs to SLMs \texttt{Range-Arithmetic}: Verifiable Deep Learning Inference on an Untrusted Party PARASITE: Conditional System Prompt Poisoning to Hijack LLMs Unlearning Isn't Deletion: Investigating Reversibility of Machine Unlearning in LLMs Secure LLM Fine-Tuning via Safety-Aware Probing Can Large Language Models Really Recognize Your Name? PoLO: Proof-of-Learning and Proof-of-Ownership at Once with Chained Watermarking Towards Efficient and Exact Forgetting Services in Pre-Trained-Model-based Continual Learning Unveiling the Black Box: A Multi-Layer Framework for Explaining Reinforcement Learning-Based Cyber Agents Think Twice Before You Act: Enhancing Agent Behavioral Safety with Thought Correction A Survey on the Safety and Security Threats of Computer-Using Agents: JARVIS or Ultron? AutoRAN: Automated Hijacking of Safety Reasoning in Large Reasoning Models Remote Rowhammer Attack using Adversarial Observations on Federated Learning Clients Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents Erased but Not Forgotten: How Backdoors Compromise Concept Erasure DiffMI: Breaking Face Recognition Privacy via Diffusion-Driven Training-Free Model Inversion Quantum Autoencoder for Multivariate Time Series Anomaly Detection
Optimising Fine-Grained Access Control Policy Enforcement for Database Queries. A Model-Driven Approach
Hoang Nguyen Phuoc-Bao, Manuel Clavel · 2022-09-13 · via cs.CR updates on arXiv.org

Recently, we have proposed a model-driven approach for enforcing fine-grained access control (FGAC) policies when executing SQL queries. More concretely, we have defined a function SecQuery() that, given an FGAC policy S and a SQL select-statement q, generates a SQL stored-procedure SecQuery(S, q), such that: if a user u with role r is authorised, according to S, to execute q based on the current state of the database, then calling SecQuery(S, q)(u, r) returns the same result as when u executes q; otherwise, if the user u is not authorised, according to S, to execute q based on the current state of the database, then calling SecQuery(S, q)(u, r) signals an error. Not surprisingly, executing the query q takes less time than calling the corresponding stored-procedure SecQuery(S, q). Here we propose a model-based methodology for optimising the stored-procedures generated by the function SecQuery(). The idea is to eliminate authorisation checks in the body of the stored-procedures generated by SecQuery(), when they can be proved to be unnecessary. Based on our previous mapping from the Object Constraint Language (OCL) to many-sorted first-order logic, we can attempt to prove that authorisation checks are unnecessary by using SMT solvers. We include a case study to illustrate and show the applicability of our methodology.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。