The paper introduces Constraint-Guided Semantic Testing (ConSeT), a novel framework that systematically finds critical, pre-authentication vulnerabilities in 5G User Equipment (UE) by exploiting seman…

OrchJail introduces an orchestration-guided fuzzing framework to systematically jailbreak tool-calling text-to-image agents by exploiting unsafe multi-step tool-orchestration patterns.

The paper introduces Devilray, a comprehensive adversarial model that systematically tests the realistic operational space of fake base stations, revealing significant blind spots in existing detectio…

The paper reverse-engineers Apple's Private Cloud Compute (PCC) implementation to independently benchmark its model and evaluate its privacy claims, addressing the lack of transparency in Apple's syst…

This paper audits Apple's Differential Privacy framework on macOS and finds multiple implementation bugs and misconfigurations, revealing significant privacy violations in a large percentage of collec…

The paper introduces HarmChip, a novel benchmark to evaluate LLM vulnerability to domain-specific hardware security threats, revealing that current safety guardrails fail against semantically disguise…

The paper introduces MT-JailBench, a modular framework for evaluating multi-turn jailbreaks, demonstrating that controlling experimental components like prompt generation and resource budgets is cruci…

This paper provides the first comprehensive review of threats and defenses specifically targeting on-device AI inference, revealing a significant imbalance where certain attack types, like adversarial…

The paper empirically compares the security and privacy implementation characteristics of major Android messaging apps (Meta Messenger, Signal, and Telegram) using static and dynamic analysis, finding…

Janus is a compiler-based security framework for ARM64 that mitigates transient execution attacks like Spectre by integrating PA and BTI microarchitectural features, achieving strong security with low…

This paper systematizes two decades of hardware reverse engineering research by analyzing 187 publications, identifying key technical methods and recommending improvements for reproducibility, standar…

LiteAtt introduces a verifier-less, Peer-to-Peer Self-Attestation (P2P-SA) framework for modern IoT MCUs, enabling mutual authentication and firmware attestation directly within the connection handsha…

The paper introduces AVISE, a modular open-source framework for systematically identifying and evaluating security vulnerabilities in AI systems, demonstrating its effectiveness by developing an autom…

The paper introduces PINSIGHT, a novel methodology that rigorously assesses Wi-Fi PIN code inference attacks by separating environmental effects from typing effects, concluding that current state-of-t…

This paper surveys model forensics in AI-native wireless networks, detailing key security problems and demonstrating practical workflows for verifying model authenticity and detecting malicious functi…

This paper introduces the 'wide-net-casting' jailbreak scenario, demonstrating that querying a group of large language models can expose significant, previously overlooked safety risks, with a novel m…

The paper introduces TESLA, a novel, contactless electromagnetic (EM) side-channel attack that exploits inherent EM emanations from capacitive touchscreens to extract highly sensitive user data like P…

The paper investigates the effectiveness of hardware-backed security mechanisms when mobile devices are repurposed outside their original ecosystem, concluding that vendor-locked mechanisms significan…

The paper introduces a novel pipeline integrating formal verification and process mining to systematically identify and analyze root causes of security property invalidations in complex automotive net…

The paper introduces a novel toolkit to enhance RISC-V Trusted Execution Environments (TEEs) by adding modular extensions for secure enclave update, migration, state continuity, and trusted time, ther…