{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T09:37:03Z","timestamp":1768383423427,"version":"3.49.0"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T00:00:00Z","timestamp":1764892800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T00:00:00Z","timestamp":1764892800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1007\/s10664-025-10750-x","type":"journal-article","created":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T06:51:40Z","timestamp":1764917500000},"update-policy":"https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["TransLock: Securing LLM deployment for software applications via self-locking watermarks"],"prefix":"10.1007","volume":"31","author":[{"ORCID":"https:\/\/linproxy.fan.workers.dev:443\/https\/orcid.org\/0009-0004-9570-7566","authenticated-orcid":false,"given":"Pei-Gen","family":"Ye","sequence":"first","affiliation":[]},{"given":"Zhenxin","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Kanghua","family":"Mo","sequence":"additional","affiliation":[]},{"given":"Yun","family":"Peng","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,5]]},"reference":[{"key":"10750_CR1","doi-asserted-by":"crossref","unstructured":"Cai Z, Ma R, Fu Y et al (2024) LLMaaS: serving large language models on trusted serverless computing platforms. IEEE Transactions on Artificial Intelligence","DOI":"10.1109\/TAI.2024.3429480"},{"key":"10750_CR2","unstructured":"Castro L, Polychroniadou A, Escudero D (2024) Privacy-preserving large language model inference via GPU-accelerated fully homomorphic encryption. In: Neurips safe generative AI workshop 2024"},{"key":"10750_CR3","doi-asserted-by":"publisher","first-page":"987","DOI":"10.1109\/TIFS.2019.2932228","volume":"15","author":"X Chen","year":"2019","unstructured":"Chen X, Li C, Wang D et al (2019) Android HIV: a study of repackaging malware for evading machine-learning detection. IEEE Trans Inf Forensics Secur 15:987\u20131001","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10750_CR4","doi-asserted-by":"crossref","unstructured":"Chen T, Da L, Zhou H et al (2025) Protecting privacy against membership inference attack with LLM fine-tuning through flatness. In: Proceedings of the 2025 SIAM International Conference on Data Mining (SDM). SIAM, pp 386\u2013397","DOI":"10.1137\/1.9781611978520.41"},{"key":"#cr-split#-10750_CR5.1","unstructured":"Cheong I, Xia K, Feng KK et al (2024)"},{"key":"#cr-split#-10750_CR5.2","doi-asserted-by":"crossref","unstructured":"(A) I am not a lawyer, but...: engaging legal experts towards responsible LLM policies for legal advice. In: Proceedings of the 2024 ACM conference on fairness, accountability, and transparency. pp 2454-2469","DOI":"10.1145\/3630106.3659048"},{"issue":"5","key":"10750_CR6","doi-asserted-by":"publisher","first-page":"872","DOI":"10.1109\/JAS.2025.125498","volume":"12","author":"Z Deng","year":"2025","unstructured":"Deng Z, Ma W, Han Q et al (2025) Exploring DeepSeek: a survey on advances, applications, challenges and future directions. IEEE\/CAA J Autom Sin 12(5):872\u2013893. https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1109\/JAS.2025.125498","journal-title":"IEEE\/CAA J Autom Sin"},{"key":"10750_CR7","doi-asserted-by":"publisher","unstructured":"Deng Z, Guo Y, Han C, et al (2025) AI agents under threat: a survey of key security challenges and future pathways. ACM Comput Surv 57(7). https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1145\/3716628","DOI":"10.1145\/3716628"},{"issue":"1","key":"10750_CR8","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1109\/JAS.2022.105860","volume":"10","author":"X Feng","year":"2022","unstructured":"Feng X, Zhu X, Han Q-L et al (2022) Detecting vulnerability on IoT device firmware: a survey. IEEE\/CAA J Autom Sin 10(1):25\u201341","journal-title":"IEEE\/CAA J Autom Sin"},{"key":"10750_CR9","doi-asserted-by":"crossref","unstructured":"Goyal S, Rastogi E, Rajagopal SP et al (2024) HealAI: a healthcare LLM for effective medical documentation. In: Proceedings of the 17th ACM international conference on web search and data mining. pp 1167\u20131168","DOI":"10.1145\/3616855.3635739"},{"key":"10750_CR10","doi-asserted-by":"crossref","unstructured":"Han H, Zheng X, Wen Y, et al (2024) TensorTEE: unifying heterogeneous TEE granularity for efficient secure collaborative tensor computing. In: Proceedings of the 29th ACM international conference on architectural support for programming languages and operating systems, vol 4. pp 282\u2013297","DOI":"10.1145\/3622781.3674168"},{"key":"10750_CR11","doi-asserted-by":"crossref","unstructured":"Huang W, Wang Y, Cheng A et al (2024) A fast, performant, secure distributed training framework for LLM. In: ICASSP 2024-2024 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, pp 4800\u20134804","DOI":"10.1109\/ICASSP48485.2024.10446717"},{"key":"10750_CR12","doi-asserted-by":"crossref","unstructured":"Iqbal U, Kohno T, Roesner F (2024) LLM platform security: applying a systematic evaluation framework to OpenAI\u2019s ChatGPT plugins. In: Proceedings of the AAAI\/ACM conference on AI, ethics, and society, vol 7. pp 611\u2013623","DOI":"10.1609\/aies.v7i1.31664"},{"key":"10750_CR13","doi-asserted-by":"crossref","unstructured":"Jian Z, Liu X, Dong Q, et al (2025) SmartZone: runtime support for secure and efficient on-device inference on ARM TrustZone. IEEE Transactions on Computers","DOI":"10.1109\/TC.2025.3557971"},{"key":"10750_CR14","unstructured":"Jovanovi\u0107 N, Staab R, Vechev M (2024) Watermark stealing in large language models. arXiv:2402.19361"},{"issue":"6","key":"10750_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3707453","volume":"34","author":"D Li","year":"2025","unstructured":"Li D, Zhang Z, Yao M et al (2025) TEESlice: Protecting sensitive neural network models in trusted execution environments when attackers have pre-trained models. ACM Trans Softw Eng Methodol 34(6):1\u201349","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"10750_CR16","doi-asserted-by":"crossref","unstructured":"Lin Z, Zhang S, Wang X et al (2025) LoRATEE: a secure and efficient inference framework for multi-tenant LoRA LLMs based on TEE. In: ICASSP 2025-2025 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, pp 1\u20135","DOI":"10.1109\/ICASSP49660.2025.10890445"},{"issue":"2","key":"10750_CR17","first-page":"1","volume":"57","author":"A Liu","year":"2024","unstructured":"Liu A, Pan L, Lu Y et al (2024) A survey of text watermarking in the era of large language models. ACM Comput Surv 57(2):1\u201336","journal-title":"ACM Comput Surv"},{"key":"10750_CR18","first-page":"21702","volume":"36","author":"X Ma","year":"2023","unstructured":"Ma X, Fang G, Wang X (2023) LLM-pruner: on the structural pruning of large language models. Adv Neural Inf Process Syst 36:21702\u201321720","journal-title":"Adv Neural Inf Process Syst"},{"key":"10750_CR19","doi-asserted-by":"crossref","unstructured":"Ma J, Lyu X, Jiang J et al (2025) SplitFrozen: split learning with device-side model frozen for fine-tuning LLM on heterogeneous resource-constrained devices. arXiv:2503.18986","DOI":"10.1109\/MCOM.001.2500165"},{"key":"10750_CR20","doi-asserted-by":"crossref","unstructured":"Mohan A, Ye M, Franke H et al (2024) Securing AI inference in the cloud: is CPU-GPU confidential computing ready? In: 2024 IEEE 17th International Conference on Cloud Computing (CLOUD). IEEE, pp 164\u2013175","DOI":"10.1109\/CLOUD62652.2024.00028"},{"key":"10750_CR21","unstructured":"Pal A, Thomas RK, Zahran L et al (2025) Hidden no more: attacking and defending private third-party LLM inference. In: ICLR 2025 workshop on building trust in language models and applications"},{"key":"10750_CR22","doi-asserted-by":"crossref","unstructured":"Patel P, Choukse E, Zhang C et al (2024) Splitwise: Efficient generative LLM inference using phase splitting. In: 2024 ACM\/IEEE 51st Annual International Symposium on Computer Architecture (ISCA). IEEE, pp 118\u2013132","DOI":"10.1109\/ISCA59077.2024.00019"},{"key":"10750_CR23","unstructured":"Shen X, Liu Y, Liu H et al (2023) A split-and-privatize framework for large language model fine-tuning. arXiv:2312.15603"},{"key":"10750_CR24","unstructured":"Sorensen T, Khlaaf H (2024) LeftoverLocals: Listening to LLM responses through leaked GPU local memory. arXiv:2401.16603"},{"key":"10750_CR25","doi-asserted-by":"crossref","unstructured":"Tan Y, Mi Z (2024) Performance analysis and optimization of NVIDIA H100 confidential computing for AI workloads. In: 2024 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA). IEEE, pp 1426\u20131432","DOI":"10.1109\/ISPA63168.2024.00192"},{"key":"10750_CR26","doi-asserted-by":"crossref","unstructured":"Tong M, Chen K, Zhang J, et al (2025) InferDPT: privacy-preserving inference for Black-box large language models. IEEE Transactions on Dependable and Secure Computing","DOI":"10.1109\/TDSC.2025.3550389"},{"key":"10750_CR27","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1016\/j.jmsy.2024.04.020","volume":"75","author":"T Wang","year":"2024","unstructured":"Wang T, Fan J, Zheng P (2024) An LLM-based vision and language cobot navigation approach for human-centric smart manufacturing. J Manuf Syst 75:299\u2013305","journal-title":"J Manuf Syst"},{"key":"10750_CR28","doi-asserted-by":"crossref","unstructured":"Wang X, Peng J, Xu K et al (2024) Reinforcement learning-driven LLM agent for automated attacks on LLMs. In: Proceedings of the fifth workshop on privacy in natural language processing. pp 170\u2013177","DOI":"10.18653\/v1\/2024.privatenlp-1.17"},{"key":"10750_CR29","unstructured":"Yang H, Li Z, Zhang Y et al (2024) PFID: Privacy first inference delegation framework for LLMs. arXiv:2406.12238"},{"key":"10750_CR30","doi-asserted-by":"crossref","unstructured":"Yang H, Zhang D, Zhao Y, et al (2024) A first look at efficient and secure on-device LLM inference against KV leakage. In: Proceedings of the 19th workshop on mobility in the evolving Internet architecture. pp 13\u201318","DOI":"10.1145\/3691555.3696827"},{"key":"10750_CR31","doi-asserted-by":"crossref","unstructured":"Yao Y, Duan J, Xu K et al (2024) A survey on large language model (LLM) security and privacy: the good, the bad, and the ugly. High-Confidence Computing, 100211","DOI":"10.1016\/j.hcc.2024.100211"},{"key":"10750_CR32","first-page":"137010","volume":"37","author":"Y Yu","year":"2024","unstructured":"Yu Y, Yao Z, Li H et al (2024) FinCon: a synthesized LLM multi-agent system with conceptual verbal reinforcement for enhanced financial decision making. Adv Neural Inf Process Syst 37:137010\u2013137045","journal-title":"Adv Neural Inf Process Syst"},{"key":"10750_CR33","doi-asserted-by":"crossref","unstructured":"Yu C, Wang T, Shao Z, Zhu L, Zhou X, Jiang S (2024) TwinPilots: a new computing paradigm for GPU-CPU parallel LLM inference. In: Proceedings of the 17th ACM international systems and storage conference. pp 91\u2013103","DOI":"10.1145\/3688351.3689164"},{"key":"10750_CR34","doi-asserted-by":"crossref","unstructured":"Zhang Z, Gong C, Cai Y, et al (2024) No privacy left outside: on the (IN-) security of TEE-shielded DNN partition for On-Device ML. In: 2024 IEEE Symposium on Security and Privacy (SP). IEEE, pp 3327\u20133345","DOI":"10.1109\/SP54263.2024.00052"},{"key":"10750_CR35","unstructured":"Zhang R, Hussain SS, Neekhara P et al (2024) $$\\{$$REMARK-LLM$$\\}$$: a robust and efficient watermarking framework for generative large language models. In: 33rd USENIX security symposium (USENIX Security 24). pp 1813\u20131830"},{"issue":"1","key":"10750_CR36","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/JAS.2024.124983","volume":"12","author":"W Zhou","year":"2025","unstructured":"Zhou W, Zhu X, Han Q-L et al (2025) The security of using large language models - a survey with emphasis on ChatGPT. IEEE\/CAA J Autom Sin 12(1):1\u201326. https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1109\/JAS.2024.124983","journal-title":"IEEE\/CAA J Autom Sin"},{"issue":"2","key":"10750_CR37","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1109\/JAS.2024.124971","volume":"12","author":"X Zhu","year":"2025","unstructured":"Zhu X, Zhou W, Han Q-L et al (2025) When software security meets large language models: a survey. IEEE\/CAA J Autom Sin 12(2):317\u2013334. https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1109\/JAS.2024.124971","journal-title":"IEEE\/CAA J Autom Sin"},{"key":"10750_CR38","doi-asserted-by":"publisher","unstructured":"Zhu X, Wen S, Camtepe S et al (2022) Fuzzing: a survey for roadmap. ACM Comput Surv 54(11s). https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1145\/3512345","DOI":"10.1145\/3512345"},{"key":"10750_CR39","unstructured":"Zimerman I, Adir A, Aharoni E et al (2024) Power-Softmax: towards secure LLM inference over encrypted data. arXiv:2410.09457"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10750-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/link.springer.com\/article\/10.1007\/s10664-025-10750-x","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10750-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T04:33:18Z","timestamp":1768365198000},"score":1,"resource":{"primary":{"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/link.springer.com\/10.1007\/s10664-025-10750-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,5]]},"references-count":40,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,3]]}},"alternative-id":["10750"],"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1007\/s10664-025-10750-x","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,5]]},"assertion":[{"value":"8 July 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 October 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All procedures were performed in accordance with the ethical standards of the responsible committee.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}},{"value":"The authors have no relevant financial or non-financial interests to disclose.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Written informed consent was obtained from all individual participants included in the study.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to participate"}},{"value":"The manuscript does not contain any individual person\u2019s data in any form.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"Not applicable. All authors read and approved the final manuscript and agree to be accountable for all aspects of the work.","order":6,"name":"Ethics","group":{"name":"EthicsHeading","label":"Funding acquisition"}}],"article-number":"25"}}