ArXivCSExplorer
☆☆Bookmarks🏆RSSHow to UseFAQ
Built with and by Teycir Ben Soltane•
How to Use•FAQ•GitHub•arXiv.org•
Share:

~ similar to 2604.16080v1· 20 results

cs.CRcs.NIRecentMay 29, 2026

Thou Shall Not Pass: Gatekeeping Outbound TLS Connections

Henrique B. Brum, Matteo Franzil, Riccardo Germenia, Salvatore Manfredi +2 more

The paper analyzes persistent TLS misconfigurations and introduces TLSGatekeeper, a high-performance, network-based tool that enforces security policies by monitoring TLS handshakes without requiring…

View →
cs.CRRecentApr 9, 2026

Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain

Hanzhi Liu, Chaofan Shou, Hongbo Wen, Yanju Chen +2 more

This paper systematically analyzes the threat posed by malicious third-party API routers in the LLM supply chain, finding that a significant number of routers actively perform payload injection, crede…

View →
cs.NIcs.CRRecentMay 19, 2026

Fifty Shades of Darknet

Siddique Abubakr Muntaka, Jacques Bou Abdo

The paper identifies and demonstrates the existence of a covert sublayer, called the Exclusive Network, within the I2P anonymous network, which allows nodes to host services without being discoverable…

View →
cs.NIcs.CRRecentMar 17, 2026

Persistent Device Identity for Network Access Control in the Era of MAC Address Randomization: A RADIUS-Based Framework

Premanand Seralathan

The paper proposes a RADIUS-based framework to maintain persistent device identity for Network Access Control (NAC) despite modern operating system MAC address randomization, ensuring regulatory compl…

View →
cs.CRRecentMay 26, 2026

The Fault in Our Drafts: Vulnerabilities in RPKI Specification and Software

Oliver Jacobsen, Tobias Kirsch, Haya Schulmann, Niklas Vogel +1 more

This paper analyzes RPKI specifications, demonstrating that vague or conflicting requirements in dozens of RFCs cause systemic vulnerabilities in real-world implementations, leading to 61 undocumented…

View →
cs.CRRecentApr 5, 2026

Invisible Adversaries: A Systematic Study of Session Manipulation Attacks on VPNs

Yuxiang Yang, Ao Wang, Xuewei Feng, Qi Li +1 more

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

View →
cs.CRcs.ARcs.CLRecentMay 24, 2026

RouteScan: A Non-Intrusive Approach to Auditing MoE LLMs Safety via Expert Routing Telemetry

Bo Lv, Zhiheng Xu, KeDong Xiu, Ruyi Ding +3 more

RouteScan introduces a non-intrusive framework that audits the safety of Mixture-of-Experts (MoE) LLMs by analyzing low-level GPU expert routing telemetry, achieving high accuracy even on unseen harmf…

View →
cs.CRcs.AIcs.SERecentMay 12, 2026

Options, Not Clicks: Lattice Refinement for Consent-Driven MCP Authorization

Ying Li, Yanju Chen, Peiran Wang, Issac Khabra +3 more

The paper introduces Conleash, a client-side middleware that uses a risk lattice to enforce granular, boundary-scoped authorization for tool invocations, significantly improving user consent and secur…

View →
cs.CRRecentMay 4, 2026

Autonomous LLM Agent Worms: Cross-Platform Propagation, Automated Discovery and Temporal Re-Entry Defense

Mingming Zha, Xiaofeng Wang

The paper introduces a systematic framework and defense mechanisms to analyze and mitigate autonomous LLM agent worms that propagate through persistent agent state and cross-platform multi-agent syste…

View →
cs.CRcs.OSRecentMay 27, 2026

A Secure, Manifest-Based Framework for Delegated Privilege Promotion

Rajarshi Chowdhury, Akshay Shah

The paper introduces a secure, manifest-based framework that allows unprivileged processes to safely update and promote narrowly scoped privileged software components without requiring full administra…

View →
cs.NIcs.CRRecentMay 2, 2026

ShieldShare: Building a VPN-backed Android Hotspot for Secure Internet Sharing with Per-User Traffic Accounting

Carlos Semeho Edorh, Jialu Bi, Hanchen Ye, Dawood Sajjadi +1 more

ShieldShare is a novel, non-root Android application that enables secure, VPN-backed hotspot sharing with accurate per-user traffic accounting, addressing limitations in current mobile VPN implementat…

View →
cs.CRcs.NIRecentMay 29, 2026

MeshGuard: MUD-Based Network Access Control for Large-Scale Thread-Powered IoT Networks

Dominik Roy George, Wouter van Hoof, Habib Mostafaei, Savio Sciancalepore

MeshGuard is a framework that extends MUD-based network access control to complex, large-scale Thread IoT networks by adapting the MLE protocol and using SDN for scalable policy enforcement.

View →
cs.CRcs.AIRecentApr 2, 2026

RefinementEngine: Automating Intent-to-Device Filtering Policy Deployment under Network Constraints

Davide Colaiacomo, Chiara Bonfanti, Cataldo Basile

RefinementEngine is an automated system that translates high-level security intents and threat intelligence into deployable, low-level network filtering policies, overcoming manual deployment challeng…

View →
cs.CRcs.AIRecentMay 26, 2026

Grimlock: Guarding High-Agency Systems with eBPF and Attested Channels

Qiancheng Wu, Wenhui Zhang, Gan Fang, Sheng Mao +4 more

Grimlock is an Agent Guard that enhances security for high-agency systems by enforcing identity, authorization, and scope-bound communication through eBPF and attested TLS channels, without modifying…

View →
cs.CRcs.AIRecentMay 4, 2026

APIOT: Autonomous Vulnerability Management Across Bare-Metal Industrial OT Networks

Adel ElZemity, Budi Arief, Shujun Li, Calvin Brierley +5 more

The paper introduces APIOT, the first LLM framework capable of autonomously performing the full discovery, exploitation, patching, and verification cycle against bare-metal industrial OT devices.

View →
cs.CRRecentMay 7, 2026

Constraining Host-Level Abuse in Self-Hosted Computer-Use Agents via TEE-Backed Isolation

Di Lu, Bo Zhang, Xiyuan Li, Yongzhi Liao +4 more

The paper proposes an operation-centric, TEE-backed isolation model to constrain self-hosted computer-use agents, preventing malicious or unsafe host-level operations without sacrificing general funct…

View →
cs.CRcs.AIRecentMay 18, 2026

Prompts Don't Protect: Architectural Enforcement via MCP Proxy for LLM Tool Access Control

Rohith Uppala

The paper proposes an architectural proxy (MCP) to enforce robust, reliable tool access control for LLM agents, demonstrating that this structural enforcement is necessary because prompt-based restric…

View →
cs.CRcs.AIRecentMar 19, 2026

ClawTrap: A MITM-Based Red-Teaming Framework for Real-World OpenClaw Security Evaluation

Haochen Zhao, Shaoyang Cui

The paper introduces ClawTrap, a MITM-based red-teaming framework, to evaluate the security robustness of web agents like OpenClaw against dynamic, real-world network attacks, finding that model stren…

View →
cs.CRcs.AIcs.MARecentApr 18, 2026

enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

Alfredo Metere

enclawed is a configurable, hard-fork hardening framework for AI assistant gateways that enforces strict security controls, verifiable trust, and auditable connectivity for regulated environments.

View →
cs.CRcs.OSRecentMay 7, 2026

Pomegranate: A Lightweight Compartmentalization Architecture using Virtualization Extensions

Shriram Raja, Zhiyuan Ruan, Richard West

Pomegranate is a novel framework that uses hardware-assisted virtualization and Extended Page Tables to securely compartmentalize existing operating systems with minimal source code modification, enab…

View →