The paper proposes a tamper-proofing model for self-modifying code (SMC) by leveraging external timing, concurrency, and microarchitectural state to make non-SMC reproduction detectably expensive.

The paper presents a novel technology that uses zero-knowledge proofs to formally verify a software system's correctness against a public specification without revealing the system's internal details.

The paper formalizes TOCTOU vulnerabilities in GUI agents due to observation-to-action delays and proposes a layered defense, Pre-execution UI State Verification (PUSV), achieving high interception ra…

The paper proposes DALC-CT, a dynamic analysis tool that verifies the constant-time property of cryptographic code by comparing instruction mix distributions across multiple execution traces.

The paper provides a formal proof that a single C program can contain a countably infinite number of distinct, independently assignable software vulnerabilities, suggesting the set of all software vul…

KVerus is a retrieval-augmented system that significantly improves the scalability and resilience of formal verification for Rust code by managing complex cross-module dependencies and adapting to cod…

The paper introduces Post-Deterministic Distributed Systems (PDDS) as a new model to coordinate autonomous infrastructure where participants, including stochastic agents, produce divergent reasoning p…

SCARA is a novel, end-to-end framework that autonomously connects binary-level vulnerability candidates to conditionally validated remedies for opaque industrial software, achieving high precision and…

The paper develops a formal theory to analyze how throughput changes in AI-enhanced cybersecurity pipelines when stage capacities are perturbed by multipliers.

The paper presents Broken Quantum, a comprehensive formal security audit that identifies 547 security vulnerabilities across 45 open-source quantum computing simulators, revealing critical flaws in me…

The paper proves that standard runtime enforcement mechanisms cannot detect systematic behavioral drift in autonomous agents, proposing a new Invariant Measurement Layer (IML) that restores observabil…

The paper introduces the concept of the atomic decision boundary, proving that for autonomous systems to guarantee execution-time admissibility, the decision and the resulting state transition must oc…

This paper investigates Description-Code Inconsistency (DCI) in Model Context Protocol (MCP) servers, finding that 9.93% of real-world tools exhibit inconsistencies that create security blind spots.

AFL-ICP is a novel specification-driven fuzzing framework that significantly enhances the security testing of industrial control protocols by detecting subtle semantic and logic bugs missed by traditi…

PoisonCap introduces a new 'poison' capability format for CHERI systems to provide efficient, strict use-after-free and initialization safety, surpassing existing temporal safety solutions.

The paper introduces an efficient, novel algorithm for incremental Byte Pair Encoding (BPE) tokenization that processes input text prefix by prefix, achieving significant speedups and enabling streami…

The paper demonstrates that current agentic-AI runtimes are fundamentally insecure and architecturally obsolete because they fail to detect critical safety failures, proposing a superior, hardened alt…

The paper proposes a novel method to automatically enforce differential privacy in stream-based runtime monitoring specifications by analyzing temporal dependencies and injecting calibrated noise.