security engineering – SSL and internet security news

Applying Security Engineering to Prompt Injection Security

April 29, 2025 infossl

academic papers, AI, google, LLM, security engineering, Security technology, Uncategorized

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear … Read More “Applying Security Engineering to Prompt Injection Security” »

In Memoriam: Ross Anderson, 1956-2024

April 10, 2024 infossl

cryptanalysis, cryptography, cybersecurity, economics of security, security conferences, security engineering, Security technology, Uncategorized

Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version. Powered by WPeMatico

Ross Anderson

April 1, 2024 infossl

cryptanalysis, cryptography, cybersecurity, economics of security, security conferences, security engineering, Security technology, Uncategorized

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created … Read More “Ross Anderson” »

New Report on IoT Security

September 27, 2022 infossl

cybersecurity, Internet of Things, reports, security engineering, Security technology, Uncategorized

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices. The report recommends that regulators should … Read More “New Report on IoT Security” »

Prompt Injection/Extraction Attacks against AI Systems

September 22, 2022 infossl

artificial intelligence, cyberattack, security engineering, Security technology, Uncategorized

This is an interesting attack I had not previously considered. The variants are interesting, and I think we’re just starting to understand their implications. Powered by WPeMatico

Manipulating Machine-Learning Systems through the Order of the Training Data

May 25, 2022 infossl

academic papers, machine learning, security engineering, Security technology, Uncategorized

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not random? You guessed … Read More “Manipulating Machine-Learning Systems through the Order of the Training Data” »

Hiding Vulnerabilities in Source Code

November 1, 2021 infossl

academic papers, operating systems, security engineering, Security technology, steganography, Uncategorized, usability, vulnerabilities

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog: We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see … Read More “Hiding Vulnerabilities in Source Code” »