Session 10A: Confidential Computing 2

Authors, Creators & Presenters: Qihang Zhou (Institute of Information Engineering, Chinese Academy of Sciences), Wenzhuo Cao (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences), Peng Liu (The Pennsylvania State University, USA), Shengzhi Zhang (Department of Computer Science, Metropolitan College, Boston University, USA), Jiayun Chen (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Shaowen Xu (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Zhenyu Song (Institute of Information Engineering, Chinese Academy of Science)

PAPER
RContainer: A Secure Container Architecture through Extending ARM CCA Hardware Primitives

Containers have become widely adopted in cloud platforms due to their efficient deployment and high resource utilization. However, their weak isolation has always posed a significant security concern. In this paper, we propose RContainer, a novel secure container architecture that protects containers from untrusted operating systems and enforces strong isolation among containers by extending ARM Confidential Computing Architecture (CCA) hardware primitives. RContainer introduces a small, trusted mini-OS that runs alongside the deprivileged OS, responsible for monitoring the control flow between the operating system and containers. Additionally, RContainer uses shim-style isolation, creating an isolated physical address space called con-shim for each container at the kernel layer through the Granule Protection Check mechanism. We have implemented RContainer on ARMv9-A Fixed Virtual Platform and ARMv8 hardware SoC for security analysis and performance evaluation. Experimental results demonstrate that RContainer can significantly enhance container security with a modest performance overhead and a minimal Trusted Computing Base (TCB).

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – RContainer appeared first on Security Boulevard.

Fresh information from a reliable Chinese tipster suggests the OnePlus 15T may play it safe with the cameras, reusing familiar hardware while focusing on performance gains and battery capacity in a compact flagship form factor.

The post OnePlus 15T leak spills details on a curious camera situation appeared first on Digital Trends.

Mention the INDIRECT function in an Excel forum and you'll start a fight. It's volatile, meaning it's always awake and recalculating, which can turn a fast spreadsheet into a sluggish mess. But used correctly, it's a power user's secret weapon for building dynamic, reactive dashboards.

Russia has replaced the leadership of its strategic aircraft manufacturer Tupolev, appointing 37-year-old Yuri Ambrosimov as chief executive to replace 76-year-old Aleksandr Bobryshev, according to a report by Defense Express citing Russian industry sources. The personnel change took place roughly one year after the previous round of management rotations at Tupolev in 2024 and comes […]

Session 10A: Confidential Computing 2

Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University)

PAPER
Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution

Cloud based Spark platform is a tempting approach for sharing data, as it allows data users to easily analyze the data while the owners to efficiently share the large volume of data. However, the absence of a robust policy enforcement mechanism on Spark hinders the data owners from sharing their data due to the risk of private data breach. In this respect, we found that malicious data users and cloud managers can easily leak the data by constructing a policy violating physical plan, compromising the Spark libraries, or even compromising the Spark cluster itself. Nonetheless, current approaches fail to securely and generally enforce the policies on Spark, as they do not check the policies on physical plan level, and they do not protect the integrity of data analysis pipeline. This paper presents Laputa, a secure policy enforcement framework on Spark. Specifically, Laputa designs a pattern matching based policy checking on the physical plans, which is generally applicable to Spark applications with more fine-grained policies. Then, Laputa compartmentalizes Spark applications based on confidential computing, by which the entire data analysis pipeline is protected from the malicious data users and cloud managers. Meanwhile, Laputa preserves the usability as the data users can run their Spark applications on Laputa with minimal modification. We implemented Laputa, and evaluated its security and performance aspects on TPC-H, Big Data benchmarks, and real world applications using ML models. The evaluation results demonstrated that Laputa correctly blocks malicious Spark applications while imposing moderate performance overheads.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Secure Data Analytics appeared first on Security Boulevard.

VBA used to be the only way to handle iterative, multistep logic in Microsoft Excel. Not anymore. REDUCE brings the power of functional programming directly into your cells, allowing you to condense complex, messy data into single, clean results.

Many Excel users abandon the ROWS function because it feels like a technicality they can skip. However, to build a truly functional workbook, you need formulas that adapt to your data dimensions, and the ROWS function is ideal for this. Here are four ways I use it to make my Excel spreadsheet smarter.

Session 10A: Confidential Computing 2

Authors, Creators & Presenters: Weili Wang (Southern University of Science and Technology), Honghan Ji (ByteDance Inc.), Peixuan He (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology)

PAPER
WAVEN: WebAssembly Memory Virtualization for Enclaves

The advancement of trusted execution environments (TEEs) has enabled the confidential computing paradigm and created new application scenarios for WebAssembly (Wasm). "Wasm+TEE" designs achieve in-enclave multi-tenancy with strong isolation, facilitating concurrent execution of untrusted code instances from multiple users. However, the linear memory model of Wasm lacks efficient cross-module data sharing and fine-grained memory access control, significantly restricting its applications in certain confidential computing scenarios where secure data sharing is essential (e.g., confidential stateful FaaS and data marketplaces). In this paper, we propose WAVEN (WebAssembly Memory Virtualization for ENclaves), a novel WebAssembly memory virtualization scheme, to enable memory sharing among Wasm modules and page-level access control. We implement WAVEN atop WAMR, a popular Wasm runtime for TEEs, and empirically demonstrate its efficiency and effectiveness. To the best of our knowledge, our work represents the first approach that enables cross-module memory sharing with fine-grained memory access control in Wasm.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – WAVEN: WebAssembly Memory Virtualization For Enclaves appeared first on Security Boulevard.

Session 9D: Github + OSN Security

Authors, Creators & Presenters: Jan-Ulrich Holtgrave (CISPA Helmholtz Center for Information Security), Kay Friedrich (CISPA Helmholtz Center for Information Security), Fabian Fischer (CISPA Helmholtz Center for Information Security), Nicolas Huaman (Leibniz University Hannover), Niklas Busch (CISPA Helmholtz Center for Information Security), Jan H. Klemmer (CISPA Helmholtz Center for Information Security), Marcel Fourné (Paderborn University), Oliver Wiese (CISPA Helmholtz Center for Information Security), Dominik Wermke (North Carolina State University), Sascha Fahl (CISPA Helmholtz Center for Information Security)

PAPER
Attributing Open-Source Contributions is Critical but Difficult: A Systematic Analysis of GitHub Practices and Their Impact on Software Supply Chain Security

Critical open-source projects form the basis of many large software systems. They provide trusted and extensible implementations of important functionality for cryptography, compatibility, and security. Verifying commit authorship authenticity in open-source projects is essential and challenging. Git users can freely configure author details such as names and email addresses. Platforms like GitHub use such information to generate profile links to user accounts. We demonstrate three attack scenarios malicious actors can use to manipulate projects and profiles on GitHub to appear trustworthy. We designed a mixed-research study to assess the effect on critical open-source software projects and evaluated countermeasures. First, we conducted a large-scale measurement among 50,328 critical open-source projects on GitHub and demonstrated that contribution workflows can be abused in 85.9% of the projects. We identified 573,043 email addresses that a malicious actor can claim to hijack historic contributions and improve the trustworthiness of their accounts. When looking at commit signing as a countermeasure, we found that the majority of users (95.4%) never signed a commit, and for the majority of projects (72.1%), no commit was ever signed. In contrast, only 2.0% of the users signed all their commits, and for 0.2% of the projects all commits were signed. Commit signing is not associated with projects' programming languages, topics, or other security measures. Second, we analyzed online security advice to explore the awareness of contributor spoofing and identify recommended countermeasures. Most documents exhibit awareness of the simple spoofing technique via Git commits but no awareness of problems with GitHub's handling of email addresses.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Attributing Open-Source Contributions Is Critical But Difficult appeared first on Security Boulevard.

Samsung appears to have leaked a built-in privacy display for the Galaxy S26 Ultra, hinting at a hardware-based feature designed to block side-angle viewing.

The post Galaxy S26 Ultra Leak Reveals Samsung’s Built-In Privacy Screen Feature appeared first on TechRepublic.

Samsung appears to have leaked a built-in privacy display for the Galaxy S26 Ultra, hinting at a hardware-based feature designed to block side-angle viewing.

The post Galaxy S26 Ultra Leak Reveals Samsung’s Built-In Privacy Screen Feature appeared first on TechRepublic.

NASA successfully conducted a hot fire of RS-25 engine No. 2063 on Jan. 22 at the Fred Haise Test Stand at NASA’s Stennis Space Center near Bay St. Louis, Mississippi, clearing the way for the engine to be installed for the agency’s Artemis IV mission.  

The RS-25 engines help power NASA’s SLS (Space Launch System) rocket that will carry astronauts to the Moon under the Artemis campaign.

Engine No. 2063 originally was installed on the SLS core stage for the Artemis II mission but was removed in 2025 after engineers discovered a hydraulic leak on the engine’s main oxidizer valve actuator, which controls propellant flow into the engine combustion chamber.

Following standard NASA procedures, teams removed the engine from the core stage and replaced the actuator.

Because NASA requires any significantly modified or repaired engine to undergo hot fire testing before flight, teams at NASA Stennis fired the engine for five minutes (300 seconds), at up to 109% of its rated power level in a test known as a confidence test that demonstrates the engine is ready for flight.

The test was conducted by a team of operators from NASA, L3Harris Technologies, and Sierra Lobo, Inc., the NASA Stennis test operations contractor. NASA Stennis provides critical data to L3Harris, the prime engines contractor for the SLS rocket.

With the successful test complete, engine No. 2063 is scheduled to be installed on the SLS core stage for Artemis IV. All RS-25 engines for NASA’s Artemis missions are tested and proven flightworthy at NASA Stennis before flight.

NASA is targeting as soon as February to send four astronauts around the Moon and back on Artemis II, the first crewed mission under the Artemis campaign. During launch, the SLS rocket will use four RS-25 engines, along with a pair of solid rocket boosters, to help lift the Orion spacecraft and the crew away from Earth using more than 8.8 million pounds of thrust.

Under the Artemis campaign, NASA is returning humans to the Moon for economic benefits, scientific discovery, and to prepare for crewed missions to Mars.

These tricks show how AI tools, new import formulas, and classic features improve productivity.

The post 10 Clever Microsoft Excel Tricks to Use in 2026 appeared first on TechRepublic.

These tricks show how AI tools, new import formulas, and classic features improve productivity.

The post 10 Clever Microsoft Excel Tricks to Use in 2026 appeared first on TechRepublic.

Fable’s extended preview outlines a bigger, more reactive Albion, with open-world freedom, reputation-driven consequences, and flexible “style-weaving” combat, all heading to PS5, Xbox Series X and S, and PC in autumn 2026.

The post Your Fable reboot preview is here, open world Albion looks gloriously chaotic appeared first on Digital Trends.

Don't let that extra "S" fool you—ROW and ROWS do completely different jobs in Excel. One tells you where you are, while the other tells you how much space you have. If you're tired of formulas breaking when you delete a row, it's time to master the difference between these two tools.

A little token that few people had heard of a year ago has become a big mover of money. Reports say the A7A5 stablecoin, launched as a rouble-linked coin, has processed the equivalent of $100 billion in transfers since it began moving at scale.

Elliptic Finds Rapid Growth And Large Volumes

According to analysis by Elliptic, A7A5 grew quickly after its launch and was used heavily for settlement between firms that could not rely on regular banks. The firm traced huge daily flows, with transaction totals rising into the billions and aggregate transfers passing major milestones.

Origins And Backing

A7A5 was set up in a way that tied it to rouble deposits and to a handful of private entities connected to Russia’s financial network.

Reports say the project was linked to a payments group and to banking partners that have been under western scrutiny. Some of the people and firms behind the token were later sanctioned by authorities in the US and the UK.

How The Money Moved

Transactions were concentrated on a small number of exchanges and on on-chain routes that made cross-border transfers possible without the usual banking rails.

In practice, the coin served as a bridge into other stablecoins and crypto markets. That routing let trade keep moving even when formal channels were closed to certain actors.

A7A5 Stablecoin Role In Sanctions Evasion Claims

Reports note that regulators and analysts view those flows as a tool that could help avoid sanctions. Regulators in several countries have taken action against linked platforms and individuals after patterns of transfers were uncovered.

Some of the design choices around the token made monitoring harder for a time, and in a few cases tokens were reissued in new wallets to muddy traces.

Market Reaction And The Wider Impact

Markets noticed. The token’s market cap surged, and exchanges that handled it saw sharply higher volumes.

Ordinary traders were not the main users; activity was often timed with business hours and weekdays, which suggested corporate or institutional flows rather than retail swaps. This type of pattern changed how people outside the region looked at crypto as a payments tool.

Authorities responded by blacklisting some addresses and platforms and by stepping up enforcement against those named in the network.

The moves show that a token can move a lot of value, but it can also draw regulatory heat and prompt countermeasures that affect every participant in the chain.

Featured image from Pixabay, chart from TradingView

An hours-long outage is preventing Microsoft's enterprise customers from accessing their inboxes, files, and video meetings.

Session 9D: Github + OSN Security

Authors, Creators & Presenters: Aditya Sirish A Yelgundhalli (New York University), Patrick Zielinski (New York University), Reza Curtmola (New Jersey Institute of Technology), Justin Cappos (New York University)

PAPER
Rethinking Trust In Forge-Based Git Security

Git is the most popular version control system today, with Git forges such as GitHub, GitLab, and Bitbucket used to add functionality. Significantly, these forges are used to enforce security controls. However, due to the lack of an open protocol for ensuring a repository's integrity, forges cannot prove themselves to be trustworthy, and have to carry the responsibility of being non-verifiable trusted third parties in modern software supply chains. In this paper, we present gittuf, a system that decentralizes Git security and enables every user to contribute to collectively enforcing the repository's security. First, gittuf enables distributing of policy declaration and management responsibilities among more parties such that no single user is trusted entirely or unilaterally. Second, gittuf decentralizes the tracking of repository activity, ensuring that a single entity cannot manipulate repository events. Third, gittuf decentralizes policy enforcement by enabling all developers to independently verify the policy, eliminating the single point of trust placed in the forge as the only arbiter for whether a change in the repository is authorized. Thus, gittuf can provide strong security guarantees in the event of a compromise of the centralized forge, the underlying infrastructure, or a subset of privileged developers trusted to set policy. gittuf also implements policy features that can protect against unauthorized changes to branches and tags i.e., pushes as well as files/folders i.e., commits. Our analysis of gittuf shows that its properties and policy features provide protections against previously seen version control system attacks. In addition, our evaluation of gittuf shows it is viable even for large repositories with a high volume of activity such as those of Git and Kubernetes (less than 4% storage overhead and under 0.59s of time to verify each push).

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Rethinking Trust In Forge-Based Git Security appeared first on Security Boulevard.

Session 9D: Github + OSN Security

Authors, Creators & Presenters: Aditya Sirish A Yelgundhalli (New York University), Patrick Zielinski (New York University), Reza Curtmola (New Jersey Institute of Technology), Justin Cappos (New York University)

PAPER
Rethinking Trust In Forge-Based Git Security

Git is the most popular version control system today, with Git forges such as GitHub, GitLab, and Bitbucket used to add functionality. Significantly, these forges are used to enforce security controls. However, due to the lack of an open protocol for ensuring a repository's integrity, forges cannot prove themselves to be trustworthy, and have to carry the responsibility of being non-verifiable trusted third parties in modern software supply chains. In this paper, we present gittuf, a system that decentralizes Git security and enables every user to contribute to collectively enforcing the repository's security. First, gittuf enables distributing of policy declaration and management responsibilities among more parties such that no single user is trusted entirely or unilaterally. Second, gittuf decentralizes the tracking of repository activity, ensuring that a single entity cannot manipulate repository events. Third, gittuf decentralizes policy enforcement by enabling all developers to independently verify the policy, eliminating the single point of trust placed in the forge as the only arbiter for whether a change in the repository is authorized. Thus, gittuf can provide strong security guarantees in the event of a compromise of the centralized forge, the underlying infrastructure, or a subset of privileged developers trusted to set policy. gittuf also implements policy features that can protect against unauthorized changes to branches and tags i.e., pushes as well as files/folders i.e., commits. Our analysis of gittuf shows that its properties and policy features provide protections against previously seen version control system attacks. In addition, our evaluation of gittuf shows it is viable even for large repositories with a high volume of activity such as those of Git and Kubernetes (less than 4% storage overhead and under 0.59s of time to verify each push).

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Rethinking Trust In Forge-Based Git Security appeared first on Security Boulevard.