Session 10A: Confidential Computing 2

Authors, Creators & Presenters: Qihang Zhou (Institute of Information Engineering, Chinese Academy of Sciences), Wenzhuo Cao (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences), Peng Liu (The Pennsylvania State University, USA), Shengzhi Zhang (Department of Computer Science, Metropolitan College, Boston University, USA), Jiayun Chen (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Shaowen Xu (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Zhenyu Song (Institute of Information Engineering, Chinese Academy of Science)

PAPER
RContainer: A Secure Container Architecture through Extending ARM CCA Hardware Primitives

Containers have become widely adopted in cloud platforms due to their efficient deployment and high resource utilization. However, their weak isolation has always posed a significant security concern. In this paper, we propose RContainer, a novel secure container architecture that protects containers from untrusted operating systems and enforces strong isolation among containers by extending ARM Confidential Computing Architecture (CCA) hardware primitives. RContainer introduces a small, trusted mini-OS that runs alongside the deprivileged OS, responsible for monitoring the control flow between the operating system and containers. Additionally, RContainer uses shim-style isolation, creating an isolated physical address space called con-shim for each container at the kernel layer through the Granule Protection Check mechanism. We have implemented RContainer on ARMv9-A Fixed Virtual Platform and ARMv8 hardware SoC for security analysis and performance evaluation. Experimental results demonstrate that RContainer can significantly enhance container security with a modest performance overhead and a minimal Trusted Computing Base (TCB).

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – RContainer appeared first on Security Boulevard.

Government security leaders are struggling. Cyber investments are lagging. Resources are being cut. The problem is getting worse. Let’s explore solutions.

The post Cybersecurity’s New Business Case: Fraud appeared first on Security Boulevard.

Cybersecurity must shift from solely protecting systems to safeguarding human decision-making under uncertainty and system failures.

How Can Non-Human Identities Enhance AI Security? What are the key challenges faced by organizations in managing cybersecurity for machine identities? With digital systems continue to evolve, cybersecurity professionals are increasingly focusing on the protection and management of Non-Human Identities (NHIs). These machine identities play a pivotal role in ensuring robust AI security and better […]

The post How is AI security evolving for better protection? appeared first on Entro.

The post How is AI security evolving for better protection? appeared first on Security Boulevard.

How Does Non-Human Identities (NHI) Impact Digital Secrets Management? Is your organization adequately prepared to manage non-human identities (NHIs) and protect your digital secrets? That’s a critical question. With cyber threats become more sophisticated, the role of NHIs in digital secrets management becomes increasingly vital. These machine identities are crucial in secure networks, especially in […]

The post Can you trust AI with your digital secrets management? appeared first on Entro.

The post Can you trust AI with your digital secrets management? appeared first on Security Boulevard.

Is Your Organization Missing Out on the Value of Non-Human Identities in Digital Security? The rapid expansion of cloud environments has ushered in a powerful yet complex challenge: managing digital identities that aren’t tied to any one person. These Non-Human Identities (NHIs), which often take the form of machine identities, are integral to a secure […]

The post How do NHIs deliver value in digital security landscapes? appeared first on Entro.

The post How do NHIs deliver value in digital security landscapes? appeared first on Security Boulevard.

The Strategic Role of Non-Human Identities in AI-Powered Cybersecurity Operations What is the role of Non-Human Identities (NHIs) in achieving seamless security for your organization? With digital continues to expand, cybersecurity professionals face the challenges of managing complex systems and ensuring secure operations. NHIs, which are essentially machine identities, play a pivotal role, acting as […]

The post How does AI ensure calm in cybersecurity operations? appeared first on Entro.

The post How does AI ensure calm in cybersecurity operations? appeared first on Security Boulevard.

GCVE would enhance global collaboration, flexibility, and efficiency in tracking security flaws. Duplicate entries and a decentralization policy may create more chaos for defenders.

Session 10A: Confidential Computing 2

Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University)

PAPER
Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution

Cloud based Spark platform is a tempting approach for sharing data, as it allows data users to easily analyze the data while the owners to efficiently share the large volume of data. However, the absence of a robust policy enforcement mechanism on Spark hinders the data owners from sharing their data due to the risk of private data breach. In this respect, we found that malicious data users and cloud managers can easily leak the data by constructing a policy violating physical plan, compromising the Spark libraries, or even compromising the Spark cluster itself. Nonetheless, current approaches fail to securely and generally enforce the policies on Spark, as they do not check the policies on physical plan level, and they do not protect the integrity of data analysis pipeline. This paper presents Laputa, a secure policy enforcement framework on Spark. Specifically, Laputa designs a pattern matching based policy checking on the physical plans, which is generally applicable to Spark applications with more fine-grained policies. Then, Laputa compartmentalizes Spark applications based on confidential computing, by which the entire data analysis pipeline is protected from the malicious data users and cloud managers. Meanwhile, Laputa preserves the usability as the data users can run their Spark applications on Laputa with minimal modification. We implemented Laputa, and evaluated its security and performance aspects on TPC-H, Big Data benchmarks, and real world applications using ML models. The evaluation results demonstrated that Laputa correctly blocks malicious Spark applications while imposing moderate performance overheads.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Secure Data Analytics appeared first on Security Boulevard.

Emerging Evidence Provides Basis for Opening Investigation of ICE Agent Who Killed Renee Good  (Julia Gegenheimer, Just Security)
The Justice Department’s refusal to investigate ICE Agent Jonathan Ross’s killing of Renee Good breaks with decades of DOJ civil-rights practice and standards.

read more

As a growing number of encounters between civilians and Department of Homeland Security agents — including the widely scrutinized fatal shooting of Renee Good in Minneapolis — are scrutinized in court records and on social media, federal officials are returning to a familiar response: self-defense.

read more

How Not to Lead  (Fareed Zakaria, Foreign Policy)
America’s allies may comply for now. But the damage to trust will have consequences.

The Great Divorce  (Eliot A. Cohen, The Atlantic)
The marriage between Europe and the United States has been fraught from the first—and now it might be coming apart.

read more

Security teams are under constant pressure to do more with the same resources. Manual processes, fragmented tools, and inefficient workflows can slow teams down and pull focus away from what matters most.

In this live webinar, experienced security practitioners share how they’ve escaped the constraints of limited

The post [Webinar] Doing More With Less: How Security Teams Escape Manual Work with Efficient Workflows appeared first on Security Boulevard.

Learn about the key differences between DAST and pentesting, the emerging role of AI pentesting, their roles in security testing, and which is right for your business.

The post DAST vs Penetration Testing: Key Differences in 2026 appeared first on Security Boulevard.

Merge a multiphysics simulation with real nuclear reactor inspection data and the result is a revolutionizing tool that predicts component failure before it happens.

Researchers at the U.S. Department of Energy’s (DOE) Argonne National Laboratory have developed an innovative framework to improve maintenance schedules for critical components in nuclear power plants. This breakthrough could save millions of dollars on operating costs while keeping power reliable.

read more

The recent delivery of advanced nuclear fuel to the Idaho National Laboratory’s Transient Reactor Test Facility marks a major milestone for Project Pele, a first-of-its-kind mobile microreactor prototype designed to provide resilient power for military operations.

read more

ISO 27001 is an internationally recognized standard that defines the requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) within an organization. First introduced in 1999, the standard has evolved through multiple revisions to address changing security needs. The most recent update, ISO 27001:2022, was released on October 25, 2022, […]

The post ISO 27001:2013 vs 2022 – A Quick Comparison Guide appeared first on Kratikal Blogs.

The post ISO 27001:2013 vs 2022 – A Quick Comparison Guide appeared first on Security Boulevard.

The digital landscape is evolving at a rapid pace, and so are the threats that target organizations. With cyberattacks becoming more sophisticated and diverse, traditional security solutions often struggle to keep up. Businesses today need a more unified, proactive, and intelligent approach to detect and respond to threats. This is where Extended Detection and Response

The post Extended Detection and Response (XDR): A New Era in Cybersecurity appeared first on Seceon Inc.

The post Extended Detection and Response (XDR): A New Era in Cybersecurity appeared first on Security Boulevard.

Artificial intelligence (AI) systems rarely fail in obvious ways. No red error screen. No crashed service. No broken button. They fail quietly. Outputs look confident...Read More

The post Shift Left QA for AI Systems. Catching Model Risk Before Production appeared first on ISHIR | Custom AI Software Development Dallas Fort-Worth Texas.

The post Shift Left QA for AI Systems. Catching Model Risk Before Production appeared first on Security Boulevard.

The WorldLeaks cybercrime group claims to have stolen information from the footwear and apparel giant’s systems.

The post Nike Probing Potential Security Incident as Hackers Threaten to Leak Data appeared first on SecurityWeek.