MMLAB Forum - 최근 주제들

One Email, Many Faces: A Deep Dive into Identity Confusion in Email Aliases

sykim — Thu, 07 May 2026 04:22:15 +0000

Email addresses serve as a universal identifier for online account management, however, their aliasing mechanisms introduce significant identity confusion between email providers and external platforms. This paper presents the first systematic analysis of the inconsistencies arising from email aliasing, where providers view alias addresses (e.g., ALICE@example.com, alice+work@example.com) as additional entrances of the base email (alice@example.com), while platforms often treat them as distinct identities.

Through empirical evaluations the alias mechanisms of 28 email providers and 18 online platforms, we reveal critical gaps: (1) Only Gmail fully documents its aliasing rules, while 11 providers silently support undocumented alias behaviors; (2) Due to lack of standardization documentation and de facto implementation, platforms either failed to distinguish alias addresses or over aggressive excluded all emails containing specific symbol. Real-world abuse cases demonstrate attackers exploiting aliases to create up to 139 accounts from a single base email in npm for spam campaigns. Our user study further highlights security risks, showing 31.65% of participants with alias knowledge mistake phishing emails as legitimate emails alias due to inconsistent provider implementations. Users who believe they understand email aliasing, especially those highly educated, male, and technical participants, are more susceptible to being phished. Our findings underscore the urgent need for standardization and transparency in email aliasing. We contribute the OriginMail tool to help platforms resolve alias confusion and disclose vulnerabilities to affected stakeholders.

MainSeminar260507_OneEmailManyFaces_sykim.pptx

2026-s148-paper.pdf

BGP-iSec: Improved security of internet routing against post-ROV attacks

jhoh — Thu, 30 Apr 2026 04:52:32 +0000

메인세미나 발표자료입니다.

260423_BGPisec_jhoh_submission.pdf

260423_BGPisec_jhoh_submission.pptx

Les Dissonances: Cross-Tool Harvesting and Polluting in Pool-of-Tools Empowered LLM Agents

jhkang — Thu, 23 Apr 2026 04:45:54 +0000

Abstract-

Large Language Model (LLM) agents are au tonomous systems powered by LLMs, capable of reasoning and planning to solve problems by leveraging a set of tools. However, the integration of multiple tools in LLM agents introduces chal lenges in securely managing tools, ensuring their compatibility, handling dependency relationships, and protecting control flows within LLM agent’s task workflows. In this paper, we present the f irst systematic security analysis of task control flows in multi tool-enabled LLM agents. We identify a novel threat, Cross-Tool Harvesting and Polluting (XTHP), which includes multiple attack vectors to first hijack the normal control flows of agent tasks, and then collect and pollute confidential or private information within LLM agent systems. To understand the impact of this threat, we developed Chord, a dynamic scanning tool designed to automatically detect real-world agent tools susceptible to XTHP attacks. Our evaluation of 66 real-world tools from two major LLM agent development frameworks, LangChain and Llama-Index, revealed that 75% are vulnerable to XTHP attacks, highlighting the prevalence of this threat.

les_dissonances_ndss26.pdf

2026042_Les-Dissonances_jhkang.pdf

Dangers Behind Access Control: Understanding and Exploiting Implicit Permissions in Kubernetes

고형욱 — Thu, 09 Apr 2026 04:52:56 +0000

Abstract:

As the de-facto standard for container orchestration, Kubernetes is extensively adopted by numerous companies and cloud vendors, making its security critical. In this paper, we define a new attack surface called implicit permission: The execution of explicitly granted permissions in Kubernetes dynamically leads to implicit operations on other resources, enabling new permissions beyond the explicitly granted ones. Such implicit permissions create security vulnerabilities that attackers can exploit to compromise an entire cluster. Automatically identifying implicit permissions is challenging due to implicit relation reasoning and dynamic behaviors across diverse components of Kubernetes. To address that, we devise a systematic approach that combines static analysis techniques with the advanced capabilities of the large language model (LLM, e.g., GPT-4.5). Initially, we develop a static analysis to identify all Kubernetes resources. Building on this, we use static analysis to identify all explicit permissions for each resource. Finally, by combining the semantic reasoning capabilities of LLMs with the pattern-based precision of static analysis, we reason about what explicit permissions
may dynamically lead to implicit permissions through complex interactions and uncover 593 implicit permissions derived from explicit permissions. We use the implicit permission references as insights to identify potential risks of CNCF projects and applications provided by the top four cloud vendors. With responsible disclosure, we obtain five new CVEs, six acknowledgments of cloud vendors, and a bounty awarded by Google. These acknowledgments underlie the practical impact of our attack.

20260409_AC-EP_huko_vfin.pptx

kube_ac_ep.pdf

20260409_AC-EP_huko_vfin.pdf

Global, Passive Detection of Connection Tampering

chlee — Wed, 01 Apr 2026 03:40:53 +0000

Abstract

In-network devices around the world monitor and tamper with connections for many reasons, including intrusion prevention, combating spam or phishing, and country-level censorship. Connection tampering seeks to block access to specific domain names or keywords, and it affects billions of users worldwide with little-to-no transparency. To detect, diagnose, and measure connection-level blocking, "active" measurement techniques originate queries with domains or keywords believed to be blocked and send them from vantage points within networks of interest. Active measurement efforts have been critical to understanding how traffic tampering occurs, but they inherently are unable to capture critical parts of the picture. For instance, knowing the set of domains in a block-list (i.e., what could get blocked) is not the same as knowing what real users are actively experiencing (i.e., what is actively getting blocked). We present the first global study of connection tampering through a passive analysis of traffic received at a global CDN, Cloudflare. We analyze a sample of traffic to all of Cloudflare's servers to construct the first comprehensive list of tampering signatures: sequences of packet headers that are indicative of connection tampering. We then apply these tampering signatures to analyze our global dataset of real user traffic, yielding a more comprehensive view of connection tampering than has been possible with active measurements alone. In particular, our passive analysis allows us to report on how connection tampering is actively affecting users and clients from virtually every network, without active probes, vantage points in difficult-to-reach networks and regions, or test lists (which we analyze for completeness against our results). Our study shows that passive measurement can be a powerful complement to active measurement in understanding connection tampering and improving transparency.

Global-Passive-Detection-of-Connection-Tampering.pdf

Global-Passive-Detection-of-Connection-Tampering_CH.pdf

Global-Passive-Detection-of-Connection-Tampering_CH.pptx

Authenticated Private Information Retrieval

박홍근 — Wed, 18 Mar 2026 02:33:48 +0000

안녕하세요, 3월 18일 메인세미나 발표자 박홍근입니다.

발표 자료와 논문 업로드 합니다.

감사합니다.

260318_Authenticated-Private-Information-Retrieval_hgpark.pdf

260318_Authenticated-Private-Information-Retrieval_hgpark.pptx

Colombo-등-Authenticated-private-information-retrieval.pdf