The paper introduces Kumo, a novel security-focused simulator that enables controlled analysis of resource sharing and scheduling risks in serverless cloud environments, demonstrating that scheduler c…

ALPS is an automated, vendor-agnostic framework that enforces least privilege in serverless functions by analyzing code and generating precise security policies, achieving high coverage and significan…

This paper presents Vivace, a serverless system for exact temporal OLAP over interval histories, which addresses the issues of incomplete data and incorrect answers in serverless functions.

This study empirically demonstrates that even highly technical students struggle significantly with the long-term usability and security understanding of Mutual TLS (mTLS) client authentication, sugge…

The paper proposes n-VM, a novel Layer-1 architecture that unifies multiple heterogeneous virtual machines (VMs) onto a shared consensus and state layer, solving cross-chain fragmentation issues.

The paper argues that distributed training algorithms allow developers to evade compute governance regulations by using decentralized hardware, necessitating new detection methods like chip tracking a…

The paper introduces GRIEF, a greybox fuzzer that discovers critical, concurrency-related vulnerabilities in LLM serving systems by treating timed multi-request traces as inputs, finding issues like c…

The paper introduces a secure Federated RAG system that enables confidential retrieval and LLM inference across distributed, private data silos.

The paper proposes a UEFI system utilizing SPDM to authenticate connected PCIe and USB devices, successfully demonstrating that this enhanced security mechanism introduces an acceptable processing ove…

The paper identifies and demonstrates the existence of a covert sublayer, called the Exclusive Network, within the I2P anonymous network, which allows nodes to host services without being discoverable…

The paper proposes DIST-FL, a distributed system using multiple TEEs and an append-only ledger to enhance the security and robustness of federated learning aggregation against server-side adversaries.

SPARK introduces a predictive, traffic-aware autoscaling toolchain for Kubernetes that uses eBPF to enhance security and significantly reduce timeout errors during sudden traffic spikes.

This paper empirically evaluates the performance of the Polars DataFrame engine running within Intel SGX2 enclaves, finding that while the overall security overhead is manageable, the performance is s…

The paper introduces EBCC, an OCI-compatible runtime architecture that manages composite confidential-computing workloads by integrating TEE-backed execution into the standard container lifecycle.

The paper proposes extit{codename}, an architecture that enforces verifiable workflows across untrusted networks by combining hardware-isolated control and kernel-resident data planes, achieving low-…

This paper systematically evaluates simple baseline approaches for using external memory (like SSDs) to solve difficult search problems, specifically focusing on the performance of immediate duplicate…

The paper proposes a zero-trust supply-chain assurance rubric for O-RAN RIC applications to secure the entire lifecycle, from development to runtime.

This pilot study investigates SME readiness for Zero Trust Architecture (ZTA) and proposes a realistic three-stage adoption path based on survey data from IT professionals.

The paper introduces FEDB, a novel confidential database design that eliminates cryptographic operations from the critical query path, significantly reducing performance overhead for secure querying o…

The paper introduces YouTube-Synch, a robust system that successfully replicates content from thousands of YouTube channels to decentralized storage by continuously adapting to and bypassing YouTube's…