The paper analyzes persistent TLS misconfigurations and introduces TLSGatekeeper, a high-performance, network-based tool that enforces security policies by monitoring TLS handshakes without requiring…

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

The paper introduces SST-Guard, a multi-modal browser-based system that detects and blocks server-side Google Analytics (sGA) by identifying the semantic patterns of collected data rather than relying…

This paper addresses the operational challenge of adopting Post-Quantum Cryptography (PQC) in complex financial TLS environments by presenting a methodology to automatically profile and normalize cryp…

The paper introduces a multi-surface evidence framework to provide comprehensive observability for post-quantum TLS migration, enabling robust measurement of session behavior and endpoint capabilities…

This paper analyzes RPKI specifications, demonstrating that vague or conflicting requirements in dozens of RFCs cause systemic vulnerabilities in real-world implementations, leading to 61 undocumented…

The study analyzed TLS certificate and domain features in the Danish .dk namespace to distinguish phishing sites, concluding that while combined features are useful, no single attribute reliably ident…

This paper systematically analyzes the threat posed by malicious third-party API routers in the LLM supply chain, finding that a significant number of routers actively perform payload injection, crede…

The paper introduces mcp-attested, a security extension to the Model Context Protocol (MCP) that allows hosts to safely admit and restrict the tools used by external, third-party tool servers.

This paper experimentally compares ML-DSA and SLH-DSA in TLS 1.3, finding that placing SLH-DSA at the server leaf significantly increases computational cost and latency, suggesting upper-layer placeme…

FIDEM introduces a standard-compliant framework that uses Zero-Knowledge Proofs to securely bind IoT devices to their Manufacturer Usage Description (MUD) profiles, mitigating risks associated with in…

WebTrap introduces a stealthy, mid-task hijacking attack that successfully compromises browser agents during long-horizon tasks by seamlessly fusing malicious instructions with the original user goal.

The paper proposes extit{codename}, an architecture that enforces verifiable workflows across untrusted networks by combining hardware-isolated control and kernel-resident data planes, achieving low-…

GETA is a protocol-agnostic framework that analyzes encrypted network traffic using only metadata, achieving state-of-the-art performance across diverse tasks without needing large labeled datasets.

AEGIS introduces a novel physics-based system that analyzes encrypted network traffic flow dynamics, achieving state-of-the-art zero-day evasion detection with high accuracy and low latency.

This study empirically demonstrates that even highly technical students struggle significantly with the long-term usability and security understanding of Mutual TLS (mTLS) client authentication, sugge…

ProcRoute is a system that restricts internal network route access to specific, authorized applications, preventing unprivileged processes from exploiting split-tunnel VPN routes.

VIPER-MCP is a novel, end-to-end automated framework that detects and dynamically confirms the exploitability of taint-style vulnerabilities in Model Context Protocol (MCP) servers, achieving high-fid…

BodhiPromptShield is a policy-aware framework that mediates prompt privacy by detecting sensitive data and replacing it with secure placeholders across multiple stages (retrieval, memory, tools) to pr…

The paper introduces 'Routing Hijacking,' a severe attack where malicious clients forge semantic profiles in Federated RAG systems to misroute target queries, and proposes a trust-aware post-routing f…