CachePrune introduces a privacy-aware, fine-grained KV cache sharing mechanism that allows LLM inference systems to safely reuse cache entries across users' requests, significantly improving efficienc…

This paper presents SCP, a cache partitioning design that combines strict eviction isolation with write-shared coherence to mitigate eviction-based cache side channels.

The paper introduces SCAgent, an automated framework that uses LLM-assisted agents to systematically discover, analyze, and assess side-channel leakage risks in complex systems like iOS, moving beyond…

The paper analyzes the bit-flip vulnerability of shared KV-cache blocks in LLM serving systems, demonstrating that these blocks are susceptible to silent, persistent, and selective data corruption.

This paper analyzes vector register usage across thousands of Linux packages to determine the real-world impact of the Downfall side-channel attack, finding that over 60% of packages use vector regist…

The paper proposes DALC-CT, a dynamic analysis tool that verifies the constant-time property of cryptographic code by comparing instruction mix distributions across multiple execution traces.

The paper introduces PoSME, a cryptographic primitive that enforces strict sequential memory execution by chaining data-dependent writes, providing verifiable delay and authorship attestation.

PoisonCap introduces a new 'poison' capability format for CHERI systems to provide efficient, strict use-after-free and initialization safety, surpassing existing temporal safety solutions.

This paper introduces a dual-layer side-channel attack framework that exploits the variable workload introduced by dynamic image preprocessing in local Vision-Language Models (VLMs) to infer sensitive…

This paper identifies side-channel vulnerabilities in Confidential Federated Compute platforms that could bypass differential privacy guarantees, demonstrating how DP can mitigate some of these risks.

The paper proposes a novel framework, Speculative Non-Interference (SNI), and a tool, Spectector, to formally detect and verify security vulnerabilities arising from complex interactions of multiple s…

Cloak is an oblivious storage system that significantly improves the performance of ORAM by exploiting temporal locality, achieving low overheads while maintaining security.

This paper audits the prompt caching mechanisms of the OpenRouter API gateway to determine if its architecture compromises the prompt cache isolation guarantees provided by underlying LLM inference pr…

This paper demonstrates that standard binary kP algorithms, even when protected using Chevallier-Mames atomic blocks, remain vulnerable to single-trace Side-Channel Analysis (SCA) attacks.

This paper demonstrates that side-channel attacks can be executed across chiplets within a package by repurposing communication-oriented interfaces as internal observation platforms, revealing informa…

The paper introduces CIPL, a unified channel-oriented framework, demonstrating that privacy leakage in LLM agents is governed by observable data channels and pipeline interactions, rather than being l…

This paper analyzes various source-to-bytecode obfuscation techniques for Erlang, demonstrating that effective protection relies on exploiting the representational gaps between high-level semantics an…

The paper proposes GroundedCache, an evidence-validated cache router that significantly improves the safety of reusing cached semantic answers in RAG systems by requiring multiple gates to validate th…

Janus is a compiler-based security framework for ARM64 that mitigates transient execution attacks like Spectre by integrating PA and BTI microarchitectural features, achieving strong security with low…

This paper proposes training a single neural network using EM traces collected from multiple probe positions to detect cryptographic leakage across a larger area of a target device, validated by cross…