Score
Windows system work includes administering Windows Server and desktop environments using Active Directory, Group Policy, Windows Update, event logs and PowerShell scripting for automation, as well as managing security (patching, firewall, user policies) and OS-level troubleshooting tools.
Windows systems—targeted in 93% of ransomware attacks—pose critical security risks in IT/OT environments. Method: This paper designs and implements a high-interaction Windows 11 honeypot system tailored to real-world enterprise settings, featuring novel multi-protocol deception (RDP/SSH), dynamic SMTP credential harvesting with attribution, and integrated capabilities including NetFlow/sFlow traffic collection, Sysmon-based host logging, deceptive token injection, ELK-based log analytics, and SIEM-driven real-time alerting. Contribution/Results: Deployed in production for 34 days, the system captured 5.79 million unauthorized connections, 1.24 million login attempts, and 359 verified attack sessions—enabling full attack-chain reconstruction. It harvested 1,250 valid SMTP credentials. Empirical results demonstrate the system’s effectiveness and innovation in advanced threat detection, behavioral attribution, and defensive coordination.
Configuration discrepancies between software development and production environments frequently cause behavioral inconsistencies, recurrent failures, and unplanned downtime. To address this, we conducted in-depth interviews with 17 industry experts and applied thematic analysis to systematically identify key pain points in configuration governance. Based on empirical evidence, we propose the first structured, practice-oriented taxonomy of mitigation strategies—comprising eight actionable categories: process design, automated deployment, Infrastructure-as-Code (IaC) adoption, Docker-based containerized validation, virtualization-based environment isolation, and closed-loop verification, among others. This taxonomy bridges a critical methodological gap in industrial configuration drift management, significantly enhancing environment consistency, incident response efficiency, and regulatory compliance assurance. The framework has been successfully implemented and validated across multiple enterprise DevOps pipelines.
Traditional operating systems struggle to support goal-directed, dynamically tool-invoking agents with adaptive behaviors, exhibiting fundamental limitations in scheduling, state management, security, and observability. This work presents the first systematic design of an Agent Operating System (AOS) architecture, which introduces an agent control plane into conventional OS abstractions and rethinks core mechanisms—including scheduling, context management, capability registration, policy enforcement, and auditing. AOS clearly delineates responsibility boundaries and non-goals, establishing a multi-layered integration model spanning user-space runtimes to distributed control planes, thereby transcending the traditional OS assumption of deterministic program execution. The paper establishes novel system abstractions for agent-centric computing, proposes a security threat model and evaluation criteria, and makes significant advances in ensuring deterministic execution, auditability, and operational interpretability.
This work addresses the limitation of existing GUI agent benchmarks, which are often confined to single-application tasks and thus inadequate for evaluating complex, cross-application interactions required in professional workflows. To bridge this gap, we introduce WindowsWorld—the first benchmark driven by real-world occupational workflows—comprising 181 human-refined tasks spanning 16 professions and four difficulty levels, with 78% involving multiple applications. Implemented in a simulated desktop environment, WindowsWorld encompasses 17 commonly used applications and supports fine-grained subgoal tracking and intermediate state validation. Empirical evaluation reveals that state-of-the-art agents achieve less than 21% success on multi-application tasks, with particularly poor performance on conditional reasoning tasks involving three or more applications, underscoring the benchmark’s critical value in assessing professional-grade human-computer interaction capabilities.
Large organizations struggle to sustain information security and regulatory compliance in dynamic, evolving environments. Method: This study models enterprise information security governance as a multidimensional dynamical system and, for the first time, formalizes it as a feedback regulation problem within control-theoretic frameworks. Leveraging the UK BS standard, we construct an enterprise-scale digital twin with 1.2 million parameters and propose a quantification paradigm centered on an integral-type security state metric, enabling real-time security态势 characterization and closed-loop compliance verification. Contribution/Results: The work transcends traditional static audit paradigms by establishing a novel digital twin–enabled security governance approach—standards-driven, parameter-auditable, quantitatively evaluable, and response-controllable. The solution has been fully deployed across an operational enterprise and integrated with organization-wide capability alignment, yielding significant improvements in security resilience and regulatory response efficiency.
This work addresses the semantic gap faced by current AI agents in enforcing natural language policies: the intended policy semantics are difficult to enforce precisely and interpretably at the system level. To bridge this gap, the authors propose a novel approach that integrates agent-side context with kernel-level enforcement mechanisms. For the first time, policy context is preserved on the agent side, while a domain-specific language (DSL) for information flow control (IFC), implemented via eBPF, enables comprehensive, action-level policy enforcement within the operating system kernel. This framework supports cross-event data-flow and ordering constraints, significantly improving policy compliance rates by covering indirect execution paths invisible to conventional tool-call interception. The system incurs only 1.9%–8.4% runtime overhead and provides semantically clear feedback instead of ambiguous errors.
This work addresses the challenge of maintaining continuous compliance with security configuration standards such as DISA STIG, which is often hindered by the limitations of manual processes and static analysis tools. The authors propose a large language model (LLM)-driven multi-agent system that models operating system hardening as a dynamic, closed-loop, iterative feedback process. By executing remediation actions on target systems and validating outcomes through compliance scans, the system continuously refines security configurations. This approach departs from traditional static remediation paradigms and represents the first implementation of LLM-coordinated multi-agent collaboration for OS hardening. Experimental results demonstrate that even with a lightweight, locally deployed 20B-parameter model, the system successfully remediates 73% of identified vulnerabilities across diverse virtual machine environments, confirming its effectiveness and practicality in resource-constrained settings.
This study addresses the lack of systematic architectural analysis in current software-intensive Asset Administration Shells (AAS), which hinders their ability to meet the pressing demands of software modeling in digital manufacturing and AI-driven environments. To bridge this gap, the work proposes the first software integration taxonomy framework specifically tailored for AAS, integrating software quality attributes with representative manufacturing use cases. By employing architectural analysis, quality attribute evaluation, and scenario mapping, the framework provides systematic guidance on how software services should be integrated within AAS. This contribution fills a critical void between academic research and industrial practice, offering actionable architectural choices and interpretive guidelines for the standardized integration of software services in digital twins.
This study addresses the challenges of assessing compliance between organizational cybersecurity policies and abstract security control frameworks such as NIST SP 800-53, which are often time-consuming, difficult to standardize, and lack traceability. To overcome these limitations, the authors propose PROPAGATE, a novel framework that leverages large language models (LLMs) to automate control-level compliance evaluation for the first time. By integrating both open-source and closed-source LLMs, the framework automatically retrieves relevant policy text, evaluates coverage across 1,007 security controls, and generates interpretable gap analyses with actionable improvement recommendations. Experimental results on two real-world organizational policy corpora demonstrate high effectiveness, achieving F1 scores of 88.54 and 82.31, respectively, thereby enabling traceable and explainable compliance enhancement.
This work addresses the critical challenge that while autonomous agents enhance operational efficiency, their failures can lead to sudden and irreversible consequences. To mitigate this risk, the paper introduces, for the first time, the concept of an “agent data environment,” which reimagines traditional passive data systems by constructing an active execution substrate that integrates files, APIs, applications, and system states. This architecture simultaneously enables capability enhancement and enforces safety constraints through embedded mechanisms for proactive intervention and assurance. By doing so, it not only amplifies agent effectiveness but also effectively bounds the impact of potential failures, thereby establishing a foundational framework for highly reliable autonomous automation.