Session 10A: Confidential Computing 2

Authors, Creators & Presenters: Qihang Zhou (Institute of Information Engineering, Chinese Academy of Sciences), Wenzhuo Cao (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences), Peng Liu (The Pennsylvania State University, USA), Shengzhi Zhang (Department of Computer Science, Metropolitan College, Boston University, USA), Jiayun Chen (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Shaowen Xu (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Zhenyu Song (Institute of Information Engineering, Chinese Academy of Science)

PAPER
RContainer: A Secure Container Architecture through Extending ARM CCA Hardware Primitives

Containers have become widely adopted in cloud platforms due to their efficient deployment and high resource utilization. However, their weak isolation has always posed a significant security concern. In this paper, we propose RContainer, a novel secure container architecture that protects containers from untrusted operating systems and enforces strong isolation among containers by extending ARM Confidential Computing Architecture (CCA) hardware primitives. RContainer introduces a small, trusted mini-OS that runs alongside the deprivileged OS, responsible for monitoring the control flow between the operating system and containers. Additionally, RContainer uses shim-style isolation, creating an isolated physical address space called con-shim for each container at the kernel layer through the Granule Protection Check mechanism. We have implemented RContainer on ARMv9-A Fixed Virtual Platform and ARMv8 hardware SoC for security analysis and performance evaluation. Experimental results demonstrate that RContainer can significantly enhance container security with a modest performance overhead and a minimal Trusted Computing Base (TCB).

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – RContainer appeared first on Security Boulevard.

Government security leaders are struggling. Cyber investments are lagging. Resources are being cut. The problem is getting worse. Let’s explore solutions.

The post Cybersecurity’s New Business Case: Fraud appeared first on Security Boulevard.

How Can Non-Human Identities Enhance AI Security? What are the key challenges faced by organizations in managing cybersecurity for machine identities? With digital systems continue to evolve, cybersecurity professionals are increasingly focusing on the protection and management of Non-Human Identities (NHIs). These machine identities play a pivotal role in ensuring robust AI security and better […]

The post How is AI security evolving for better protection? appeared first on Entro.

The post How is AI security evolving for better protection? appeared first on Security Boulevard.

How Does Non-Human Identities (NHI) Impact Digital Secrets Management? Is your organization adequately prepared to manage non-human identities (NHIs) and protect your digital secrets? That’s a critical question. With cyber threats become more sophisticated, the role of NHIs in digital secrets management becomes increasingly vital. These machine identities are crucial in secure networks, especially in […]

The post Can you trust AI with your digital secrets management? appeared first on Entro.

The post Can you trust AI with your digital secrets management? appeared first on Security Boulevard.

Is Your Organization Missing Out on the Value of Non-Human Identities in Digital Security? The rapid expansion of cloud environments has ushered in a powerful yet complex challenge: managing digital identities that aren’t tied to any one person. These Non-Human Identities (NHIs), which often take the form of machine identities, are integral to a secure […]

The post How do NHIs deliver value in digital security landscapes? appeared first on Entro.

The post How do NHIs deliver value in digital security landscapes? appeared first on Security Boulevard.

The Strategic Role of Non-Human Identities in AI-Powered Cybersecurity Operations What is the role of Non-Human Identities (NHIs) in achieving seamless security for your organization? With digital continues to expand, cybersecurity professionals face the challenges of managing complex systems and ensuring secure operations. NHIs, which are essentially machine identities, play a pivotal role, acting as […]

The post How does AI ensure calm in cybersecurity operations? appeared first on Entro.

The post How does AI ensure calm in cybersecurity operations? appeared first on Security Boulevard.

Session 10A: Confidential Computing 2

Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University)

PAPER
Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution

Cloud based Spark platform is a tempting approach for sharing data, as it allows data users to easily analyze the data while the owners to efficiently share the large volume of data. However, the absence of a robust policy enforcement mechanism on Spark hinders the data owners from sharing their data due to the risk of private data breach. In this respect, we found that malicious data users and cloud managers can easily leak the data by constructing a policy violating physical plan, compromising the Spark libraries, or even compromising the Spark cluster itself. Nonetheless, current approaches fail to securely and generally enforce the policies on Spark, as they do not check the policies on physical plan level, and they do not protect the integrity of data analysis pipeline. This paper presents Laputa, a secure policy enforcement framework on Spark. Specifically, Laputa designs a pattern matching based policy checking on the physical plans, which is generally applicable to Spark applications with more fine-grained policies. Then, Laputa compartmentalizes Spark applications based on confidential computing, by which the entire data analysis pipeline is protected from the malicious data users and cloud managers. Meanwhile, Laputa preserves the usability as the data users can run their Spark applications on Laputa with minimal modification. We implemented Laputa, and evaluated its security and performance aspects on TPC-H, Big Data benchmarks, and real world applications using ML models. The evaluation results demonstrated that Laputa correctly blocks malicious Spark applications while imposing moderate performance overheads.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Secure Data Analytics appeared first on Security Boulevard.

Security teams are under constant pressure to do more with the same resources. Manual processes, fragmented tools, and inefficient workflows can slow teams down and pull focus away from what matters most.

In this live webinar, experienced security practitioners share how they’ve escaped the constraints of limited

The post [Webinar] Doing More With Less: How Security Teams Escape Manual Work with Efficient Workflows appeared first on Security Boulevard.

Learn about the key differences between DAST and pentesting, the emerging role of AI pentesting, their roles in security testing, and which is right for your business.

The post DAST vs Penetration Testing: Key Differences in 2026 appeared first on Security Boulevard.

ISO 27001 is an internationally recognized standard that defines the requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) within an organization. First introduced in 1999, the standard has evolved through multiple revisions to address changing security needs. The most recent update, ISO 27001:2022, was released on October 25, 2022, […]

The post ISO 27001:2013 vs 2022 – A Quick Comparison Guide appeared first on Kratikal Blogs.

The post ISO 27001:2013 vs 2022 – A Quick Comparison Guide appeared first on Security Boulevard.

The digital landscape is evolving at a rapid pace, and so are the threats that target organizations. With cyberattacks becoming more sophisticated and diverse, traditional security solutions often struggle to keep up. Businesses today need a more unified, proactive, and intelligent approach to detect and respond to threats. This is where Extended Detection and Response

The post Extended Detection and Response (XDR): A New Era in Cybersecurity appeared first on Seceon Inc.

The post Extended Detection and Response (XDR): A New Era in Cybersecurity appeared first on Security Boulevard.

Artificial intelligence (AI) systems rarely fail in obvious ways. No red error screen. No crashed service. No broken button. They fail quietly. Outputs look confident...Read More

The post Shift Left QA for AI Systems. Catching Model Risk Before Production appeared first on ISHIR | Custom AI Software Development Dallas Fort-Worth Texas.

The post Shift Left QA for AI Systems. Catching Model Risk Before Production appeared first on Security Boulevard.

How Do Organizations Secure Machine Identities Effectively? Have you ever considered how machine identities, or Non-Human Identities (NHIs), impact cybersecurity in cloud environments? NHIs act as the digital passports for machines, governing how they interact with systems and data. With organizations increasingly relying on automated systems and cloud-based services, effective NHI management is more crucial […]

The post How do NHIs empower agile cybersecurity strategies? appeared first on Entro.

The post How do NHIs empower agile cybersecurity strategies? appeared first on Security Boulevard.

How Can AI Revolutionize Compliance Management? Are you leveraging AI technologies to optimize compliance management in your organization? Where compliance requirements continue to grow more complex across industries, the integration of Artificial Intelligence (AI) into compliance management is becoming increasingly essential. The call for efficient compliance management resonates especially with organizations operating in sectors such […]

The post Can AI manage compliance requirements efficiently? appeared first on Entro.

The post Can AI manage compliance requirements efficiently? appeared first on Security Boulevard.

The Crucial Intersection: Non-Human Identities and AI in Cybersecurity What role do Non-Human Identities (NHIs) play in cybersecurity? Traditional human-centric security measures are no longer sufficient. The emergence of NHIs, or machine identities, is reshaping how organizations approach security threats, particularly when integrated with Proactive Agentic AI for threat detection. Understanding Non-Human Identities: A New […]

The post How proactive can Agentic AI be in threat detection? appeared first on Entro.

The post How proactive can Agentic AI be in threat detection? appeared first on Security Boulevard.

How Do Non-Human Identities (NHIs) Shape the Future of Cybersecurity? Have you ever considered the risks associated with the identities of machines in your network? With cybersecurity professionals continue to confront increasingly complex threats, a crucial, often overlooked area is the management of Non-Human Identities (NHIs) and their associated secrets. Integrating NHI management into an […]

The post Can managing NHIs keep companies ahead in cybersecurity? appeared first on Entro.

The post Can managing NHIs keep companies ahead in cybersecurity? appeared first on Security Boulevard.

Session 10A: Confidential Computing 2

Authors, Creators & Presenters: Weili Wang (Southern University of Science and Technology), Honghan Ji (ByteDance Inc.), Peixuan He (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology)

PAPER
WAVEN: WebAssembly Memory Virtualization for Enclaves

The advancement of trusted execution environments (TEEs) has enabled the confidential computing paradigm and created new application scenarios for WebAssembly (Wasm). "Wasm+TEE" designs achieve in-enclave multi-tenancy with strong isolation, facilitating concurrent execution of untrusted code instances from multiple users. However, the linear memory model of Wasm lacks efficient cross-module data sharing and fine-grained memory access control, significantly restricting its applications in certain confidential computing scenarios where secure data sharing is essential (e.g., confidential stateful FaaS and data marketplaces). In this paper, we propose WAVEN (WebAssembly Memory Virtualization for ENclaves), a novel WebAssembly memory virtualization scheme, to enable memory sharing among Wasm modules and page-level access control. We implement WAVEN atop WAMR, a popular Wasm runtime for TEEs, and empirically demonstrate its efficiency and effectiveness. To the best of our knowledge, our work represents the first approach that enables cross-module memory sharing with fine-grained memory access control in Wasm.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – WAVEN: WebAssembly Memory Virtualization For Enclaves appeared first on Security Boulevard.

Written by Vivek Ramachandran, SquareX Founder, for Forbes Technology Council. This article originally appeared here.

If you lived through the 1990s, you’ll remember the first of the “ browser wars,” where Netscape and Internet Explorer fiercely competed for market dominance. Then Google launched Chromium in 2008, and this battle effectively ended. The past 17 years have been relatively quiet in the browser space-most new challengers, including Edge, are built on Chromium, and Chrome has slowly grown to own over 70% of the market. Until now.

This is the year of AI browsers. Following the release of Perplexity’s Comet and OpenAI’s ChatGPT Atlas, Atlassian made a deal to acquire The Browser Company. Even incumbents like Chrome, Edge and Firefox have released their own AI features for their consumer browsers. So, what’s driving this sudden browser renaissance?

Why Do Companies Want To Own The Browser Space?

Thanks to hyperscalers and the pandemic, the past decade has seen a major shift in the modern way of working. Most enterprise applications are now SaaS apps, and, in 2022, around 62% of enterprise data was stored in the cloud (with that number expected to be much higher today)-both of which are accessed through browsers. Effectively, the browser has become the new endpoint.

In other words, by owning the browser space, one owns an essential infrastructure layer-the single point of access to every application, workflow and data that users interact with online. This is partly why the U.S. Department of Justice attempted to force Google to divest Chrome, and why the proposition of owning the browser space is so compelling to many technology companies.

Technological “Why Now?”: The AI Evolution

Since ChatGPT’s launch in November 2022, generative AI (GenAI) has evolved through three distinct generations, each expanding AI’s scope of action and potential impact. The first generation introduced LLM-powered AI chatbots such as ChatGPT and Claude, as well as specialized API wrappers like Grammarly and GitHub Copilot. However, it wasn’t until January 2025 that OpenAI released Operator, the first true browser AI agent that can autonomously act on the user’s behalf, performing tasks like booking flight tickets and scheduling meetings. This served as the foundation for AI browsers.

For many technology companies, AI browsers became an unprecedented strategic opportunity to enter the browser race-a market that had been virtually impenetrable for over a decade due to Google’s dominance. With the release of agentic AI, it’s now possible to build AI browsers capable of autonomous reasoning, decision making and executing complex multistep tasks. New entrants can now offer value by changing the way people fundamentally browse the internet, making the AI browser a more compelling differentiator from incumbent consumer browsers than any browser innovation we’ve seen in recent years.

Security Implications Of AI Browsers: The Weakest Link

Yet, one major security implication of AI browsers is that security teams are now dealing with autonomous agents that complete tasks on the user’s behalf without the security awareness of an employee. Already, we’ve been seeing attacks on AI browsers that lead to these AI agents exfiltrating data, downloading malware and providing unauthorized access to enterprise apps without the user knowing. These AI browsers have the same privilege level as users, allowing them to access every enterprise app and sensitive information that the user can access.

Unfortunately, traditional security solutions like SASE/SSEs have no way to differentiate between tasks performed by a user and those performed by the AI browser, as the network traffic originates from the same browser. As AI agents and AI browsers become the new “weakest link,” this calls for the security industry to rethink the way enterprise security infrastructure is built, taking into account agentic identity, agentic data loss prevention (DLP) and attacks on agentic workflows.

In an increasingly agentic future, the browser won’t only act as a window to the web but as the primary workspace for autonomous agents and human-AI collaboration. This shift will make browsers more powerful, intelligent and deeply personalized, but also heighten the urgency for advanced browser security, as more sensitive actions and data flow through them than ever before.

Secure Any Browser and Any Device

SquareX’s browser extension turns any browser on any device into an enterprise-grade secure browser. SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively defend against browser-native threats including rogue AI agents, Last Mile Reassembly Attacks, malicious extensions and identity attacks. Unlike dedicated enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, delivering security without compromising user experience.

Visit sqrx.com to learn more or sign up for an enterprise pilot.

Browser Wars, Continued: Why Everyone Is Building Their Own AI Browser was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Browser Wars, Continued: Why Everyone Is Building Their Own AI Browser appeared first on Security Boulevard.

Recent remarks from BlackRock CEO Larry Fink have pointed toward the need for a single, unified blockchain for tokenized markets, and have intensified the focus on platforms capable of handling institutional-scale liquidity, compliance, and settlement. With its long track record in smart contracts, extensive developer ecosystem, and growing role in regulated financial products, Ethereum is now emerging as the most likely candidate to serve as the settlement layer for tokenized capital markets.

Why Asset Managers Prefer Familiar Infrastructure

In an X post, the Ethereum Daily shared a video in which BlackRock CEO Larry Fink made it clear that tokenization is necessary. Speaking at the World Economic Forum, Fink said the financial system must move rapidly toward digitization, adding that a single, common blockchain could reduce corruption and improve transparency across the global markets.

While Fink did not name a specific network, the most plausible candidate could be ETH, based on BlackRock’s own initiatives and public statements that emphasized the role of ETH in asset tokenization. The firm has consistently highlighted ETH as a core platform for its on-chain strategy. Meanwhile, BlackRock launched its BUIDL tokenized money market fund directly on ETH, a product that has already grown to over $2 billion in total value locked. “There’s no second best,” Ethereum Daily noted.

In the staking space, Bitmine has turned Ethereum staking into a multi-billion-dollar business. An analyst known as Milk Road has revealed that the company now has 1.83 million ETH staked, worth roughly $6 million at current prices, and plans to scale that figure toward 4.2 million ETH over time. Over the past months, Bitmine Immersion Technologies Inc. (BMNR) has accounted for nearly 50% of all new ETH entering the staking queue.

Staking at this scale is important because it removes ETH from the liquid supply and locks it into long-term infrastructure rather than keeping it for short-term trading. When one player is willing to commit billions of dollars worth of ETH to staking, it reflects confidence in ETH’s future economic prospects. A lower liquid supply, combined with sustained network demand, will create structural pressure over time.

How Support Built Through Multiple Market Cycles

Analyst Milk Road has also highlighted that Ethereum is holding near a critical support zone around $3,000, hovering just above the lower boundary of its long-term rising structure, an area that has acted as a stress test for ETH throughout the cycle. Historically, when ETH drifts into this area, the market will need to decide whether the weakness is temporary or structural.

The $2,750 level remains the key line because it has repeatedly stopped downside pressure after macro-driven or narrative-driven pullbacks, making it a reliable floor for the broader trend. As long as ETH holds above that level, the broader multi-year uptrend will remain intact.

Over the years, Ethereum staking has become one of the most vital and successful aspects of the broader ETH ecosystem, with big companies steadily jumping into the field. The majority of these companies, especially Bitmine Immersion, are revolutionizing ETH staking, turning it into a massive financial sector and edge.

Bitmine Monetized Ethereum Staking At Scale

After the entry of institutional investors, Ethereum staking has been transformed into a significant business opportunity from a technical requirement. At the forefront of this evolution is Bitmine Immersion Technologies Inc. (BMNR), a leading digital asset platform dedicated to improving the ETH ecosystem.

With its remarkable involvement in ETH staking, Bitmine Immersion is proving just how large this opportunity can be. The digital asset platform has successfully transformed Ethereum staking into a multi-billion-dollar enterprise by growing its validator operations and staking infrastructure.

As outlined by Milk Road on the social media platform X, the company intends to increase its present investment of 1.83 million ETH, valued at approximately $6 billion at current rates, to 4.2 million ETH. Bitmine’s plan and robust participation in ETH staking are a clear sign of the growing institutional appetite for on-chain yield.

This expansion demonstrates how staking is now about creating profitable, long-lasting businesses around ETH’s proof-of-stake economy rather than just protecting the network. Over the past month, Bitmine has been responsible for almost half of all new ETH entering the staking queue. 

Milk Road stated that staking at this scale removes Ethereum from the liquid supply and locks it away in long-term infrastructure rather than short-term trading. When a single player expresses a willingness to commit billions of dollars’ worth of ETH to staking, it points to an increased confidence in ETH’s future economics.

According to the expert, structural pressure is created by a reduced liquid supply and ongoing network demand over time. Given the sustained growth in institutional staking, Milk Road is confident that ETH’s price will move higher in the foreseeable future.

ETH Powering Crypto Native Financial Rails

With crypto native financial rails expanding, Ethereum is increasingly being positioned as the core infrastructure for major financial firms. JP Morgan asset management firm has confirmed this narrative with its latest fund launched on the ETH network.

Milk Road has reported that JP Morgan has introduced a tokenized money market fund on ETH, which is now live and already holds over $100 million in US treasuries. The rails are native to cryptocurrency, and the product appears to be traditional finance.

In reality, there is no separation, and there is only a financial product operating on the trains that make the most sense. Interestingly, this is how institutions move into new systems. “Incrementally, and only after the rules are clear enough to deploy real capital. Once they are live, they don’t leave,” Milk Road stated.