Session 5D: Side Channels 1

Authors, Creators & Presenters: Lukas Maar (Graz University of Technology), Jonas Juffinger (Graz University of Technology), Thomas Steinbauer (Graz University of Technology), Daniel Gruss (Graz University of Technology), Stefan Mangard (Graz University of Technology)

PAPER
KernelSnitch: Side Channel-Attacks On Kernel Data Structures

The sharing of hardware elements, such as caches, is known to introduce microarchitectural side-channel leakage. One approach to eliminate this leakage is to not share hardware elements across security domains. However, even under the assumption of leakage-free hardware, it is unclear whether other critical system components, like the operating system, introduce software-caused side-channel leakage. In this paper, we present a novel generic software side-channel attack, KernelSnitch, targeting kernel data structures such as hash tables and trees. These structures are commonly used to store both kernel and user information, e.g., metadata for userspace locks. KernelSnitch exploits that these data structures are variable in size, ranging from an empty state to a theoretically arbitrary amount of elements. Accessing these structures requires a variable amount of time depending on the number of elements, i.e., the occupancy level. This variance constitutes a timing side channel, observable from user space by an unprivileged, isolated attacker. While the timing differences are very low compared to the syscall runtime, we demonstrate and evaluate methods to amplify these timing differences reliably. In three case studies, we show that KernelSnitch allows unprivileged and isolated attackers to leak sensitive information from the kernel and activities in other processes. First, we demonstrate covert channels with transmission rates up to 580 kbit/s. Second, we perform a kernel heap pointer leak in less than 65 s by exploiting the specific indexing that Linux is using in hash tables. Third, we demonstrate a website fingerprinting attack, achieving an F1 score of more than 89 %, showing that activity in other user programs can be observed using KernelSnitch. Finally, we discuss mitigations for our hardware-agnostic attacks.

---

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – KernelSnitch: Side Channel-Attacks On Kernel Data Structures appeared first on Security Boulevard.

Guardian readers share their views on a proposed shorter working week for educators

As a teacher who already works four days (albeit I don’t get paid for the fifth), I can wholeheartedly say it has transformed my relationship with the job (‘Bring it on!’: growing support in England for four-day week in schools, 9 December). I no longer have the dread of weekends and holidays with insurmountable mountains of work. The move to a four-day teaching week would need to be thought about carefully.

I, for one, would not want to have one full day out of school – this would mean four straight days of teaching. In most schools, a day not teaching would equate to five planning, preparation and assessment periods (PPAs).

Continue reading...

© Photograph: PA

© Photograph: PA

© Photograph: PA

St. Lawrence College has announced its continued participation in the Ontario Learn and Stay Grant (OLSG) for the 2026-27 academic year — a program that was developed to address critical health-care worker shortages in eastern Ontario communities. Read More

A new study of roughly 80,000 bachelor's degree recipients from a large urban public college system finds that characteristics of a graduate's first job can explain nearly two-thirds of the otherwise-unexplained earnings gap between students from low-income and high-income families five years after graduation. The research [PDF], published as an NBER working paper by economists at Columbia University, tracked graduates from 2010 to 2017 using administrative education data linked to state unemployment insurance records. Low-income students -- defined as those receiving Pell grants throughout their undergraduate enrollment -- earned about 12% less than their high-income peers at the five-year mark. A substantial gap of roughly $4,900 persisted even after the researchers controlled for GPA, college attended, major, and other pre-graduation characteristics. That residual gap fell to about $1,700 once first-job variables entered the equation. Graduates from lower-income families tended to start at employers paying lower average wages and were less likely to have their first job secured before graduation. Just 34% of low-income graduates continued at a pre-graduation employer compared to 40% of their higher-income peers. The firms employing low-income graduates paid average wages that were 18% lower than those employing high-income graduates. The researchers say that while the study cannot establish causation, the patterns suggest that supporting low-income students during their transition from college to the labor market may be a fruitful area for policy intervention.

Read more of this story at Slashdot.

Notoriously difficult entrance exam is regarded as gateway to economic security and even a good marriage

The chief organiser of South Korea’s notoriously gruelling university entrance exams has resigned – after complaints that an English test he designed was too difficult.

Passing the exam, known locally as the Suneung, is essential for admission to prestigious universities and regarded as a gateway to upward social mobility, economic security and even a good marriage.

Continue reading...

© Photograph: Chung Sung-Jun/Getty Images

© Photograph: Chung Sung-Jun/Getty Images

© Photograph: Chung Sung-Jun/Getty Images

Session 5C: Federated Learning 1

Authors, Creators & Presenters: Duanyi Yao (Hong Kong University of Science and Technology), Songze Li (Southeast University), Xueluan Gong (Wuhan University), Sizai Hou (Hong Kong University of Science and Technology), Gaoning Pan (Hangzhou Dianzi University)

PAPER
URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning

Vertical Federated Learning (VFL) is a collaborative learning paradigm designed for scenarios where multiple clients share disjoint features of the same set of data samples. Albeit a wide range of applications, VFL is faced with privacy leakage from data reconstruction attacks. These attacks generally fall into two categories: honest-but-curious (HBC), where adversaries steal data while adhering to the protocol; and malicious attacks, where adversaries breach the training protocol for significant data leakage. While most research has focused on HBC scenarios, the exploration of malicious attacks remains limited. Launching effective malicious attacks in VFL presents unique challenges: 1) Firstly, given the distributed nature of clients' data features and models, each client rigorously guards its privacy and prohibits direct querying, complicating any attempts to steal data; 2) Existing malicious attacks alter the underlying VFL training task, and are hence easily detected by comparing the received gradients with the ones received in honest training. To overcome these challenges, we develop URVFL, a novel attack strategy that evades current detection mechanisms. The key idea is to integrate a discriminator with auxiliary classifier that takes a full advantage of the label information and generates malicious gradients to the victim clients: on one hand, label information helps to better characterize embeddings of samples from distinct classes, yielding an improved reconstruction performance; on the other hand, computing malicious gradients with label information better mimics the honest training, making the malicious gradients indistinguishable from the honest ones, and the attack much more stealthy. Our comprehensive experiments demonstrate that URVFL significantly outperforms existing attacks, and successfully circumvents SOTA detection methods for malicious attacks. Additional ablation studies and evaluations on defenses further underscore the robustness and effectiveness of URVFL

---

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – URVFL: Undetectable Data Reconstruction Attack On Vertical Federated Learning appeared first on Security Boulevard.

Bridget Phillipson says £3bn scheme focussed on local state schools will ‘transform lives’, after rise in parent appeals

The government is to invest £3bn in creating bespoke places within local state schools for pupils with special educational needs and disabilities (Send), a crucial part of its efforts to grapple with England’s rising numbers of children facing social and mental health problems.

The plan announced by Bridget Phillipson, the education secretary, to create up to 60,000 places within mainstream schools, will be partly funded by the suspension of a group of planned free schools, saving an estimated £600m in the coming years. The remaining £2.4bn will come from departmental spending outlined in November’s budget.

Continue reading...

© Photograph: Jaimi Joy/Reuters

© Photograph: Jaimi Joy/Reuters

© Photograph: Jaimi Joy/Reuters

The Limestone District School Board (LDSB) has achieved its strongest Education Quality and Accountability Office (EQAO) performance in four years, according to a report released recently. Read More

Session 5C: Federated Learning 1

Authors, Creators & Presenters: Dzung Pham (University of Massachusetts Amherst), Shreyas Kulkarni (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst)

PAPER
RAIFLE: Reconstruction Attacks on Interaction-based Federated Learning with Adversarial Data Manipulation

Federated learning has emerged as a promising privacy-preserving solution for machine learning domains that rely on user interactions, particularly recommender systems and online learning to rank. While there has been substantial research on the privacy of traditional federated learning, little attention has been paid to the privacy properties of these interaction-based settings. In this work, we show that users face an elevated risk of having their private interactions reconstructed by the central server when the server can control the training features of the items that users interact with. We introduce RAIFLE, a novel optimization-based attack framework where the server actively manipulates the features of the items presented to users to increase the success rate of reconstruction. Our experiments with federated recommendation and online learning-to-rank scenarios demonstrate that RAIFLE is significantly more powerful than existing reconstruction attacks like gradient inversion, achieving high performance consistently in most settings. We discuss the pros and cons of several possible countermeasures to defend against RAIFLE in the context of interaction-based federated learning. Our code is open-sourced at https://github.com/dzungvpham/raifle
______________

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – RAIFLE: Reconstruction Attacks On Interaction-Based Federated Learning appeared first on Security Boulevard.

We’d like to hear from UK students who are – or are planning to – live at home while studying at university

We’d like to find out about students who are living at home while studying at university, rather than living in student accommodation or a flat share.

Why have you taken the decision to live at home? What are the positives and negatives? How has the cost of living affected your university experience and student social life? Are you happy living at home or would you prefer to move out?

Continue reading...

© Photograph: Joe Giddens/PA

© Photograph: Joe Giddens/PA

© Photograph: Joe Giddens/PA

Since the Supreme Court struck down the federal prohibition on sports betting in 2018, 39 states have legalized the activity, and college campuses have emerged as ground zero for what appears to be a generational gambling problem among young men. A 2023 NCAA survey found that 60% of college students have gambled on sports, and 16% of 18-to-22-year-olds engage in what the organization classifies as problematic gambling. A Siena University poll from January found that 28% of men aged 18-to-34 who use sports-betting apps have had trouble meeting a financial obligation because of a lost bet. Timothy Fong, a psychiatry professor at UCLA, says every one of his recent clients has been an 18-to-24-year-old man seeking help for a sports-betting or cryptocurrency addiction. John Simonian, a personal-bankruptcy lawyer in Rhode Island, says he never used to see young men filing for bankruptcy -- now it's common. On November 7th, the NCAA announced it had uncovered three separate betting scandals in men's basketball where athletes intentionally played poorly in games on which they or a friend had placed wagers.

Read more of this story at Slashdot.

Manchester Metropolitan University again wins top spot for climate and social justice in league table

More universities have severed ties with fossil fuel companies, banning them from recruitment fairs and refusing to advertise roles in the industry, according to the latest higher education league table.

The analysis found that eight more universities had signed up to end recruitment ties with the fossil fuel industry - an increase of 80% since last year. This means 18 higher education institutions, or 12% of the sector, now refuse to advertise roles with fossil fuel companies to their students.

Continue reading...

© Photograph: Joe Giddens/PA

© Photograph: Joe Giddens/PA

© Photograph: Joe Giddens/PA

No parent should worry about their child’s safety while they work. But a crisis in our early-years sector is shielding predators such as Vincent Chan

I remember those initial heart-wrenching days and weeks leaving my daughter, aged nine months, at the nursery. She was distraught as I left, and I – like so many parents – headed off to work feeling guilty for leaving her, wondering if I was doing the right thing. Every parent does the research and nursery visits, reads the Ofsted reports and assumes that the staff in their chosen nursery will have the necessary qualifications and training to take care of their child. Obviously, there will be hiccups along the way, but never in your wildest nightmares do you think your child might be physically – or worse still, sexually – abused.

Yet the harrowing case of Vincent Chan, a former nursery worker in Camden, north London, who pleaded guilty to nine counts of sexual assault and 17 counts of taking or making indecent photos of children, hit the headlines last week, leaving parents with young children across the country feeling physically sick and asking the question: How did this happen? Tragically, this is not an isolated case.

Munira Wilson is Liberal Democrat MP for Twickenham

Do you have an opinion on the issues raised in this article? If you would like to submit a response of up to 300 words by email to be considered for publication in our letters section, please click here.

Continue reading...

© Photograph: Dominic Lipinski/PA

© Photograph: Dominic Lipinski/PA

© Photograph: Dominic Lipinski/PA

Qualifications watchdog launches consultation amid complaints from pupils about writing fatigue in exams

Students could be sitting some of their GCSEs and A-levels on a laptop by the end of the decade, according to England’s qualifications watchdog.

Amid complaints from pupils of writing fatigue in exams because their hand muscles “are not strong enough”, Ofqual is launching a three-month public consultation about the introduction of onscreen assessments.

Continue reading...

© Photograph: David Davies/PA

© Photograph: David Davies/PA

© Photograph: David Davies/PA

More than £10bn was committed to building new schools between 2014-15 and 2023-24, compared with £6.8bn for rebuilding existing schools

Conservative governments spent £325m creating 67 free schools that subsequently failed or disappeared, many through lack of demand, according to data revealed by a freedom of information request.

The figures from the Department for Education (DfE) show that the government committed more than £10bn to building new schools between 2014-15 and 2023-24, compared with £6.8bn for rebuilding existing schools, which critics say left England with a backlog of crumbling and decaying buildings.

Continue reading...

© Photograph: Ian Forsyth/Getty Images

© Photograph: Ian Forsyth/Getty Images

© Photograph: Ian Forsyth/Getty Images

Session 5C: Federated Learning 1

Authors, Creators & Presenters: Phillip Rieger (Technical University of Darmstadt), Alessandro Pegoraro (Technical University of Darmstadt), Kavita Kumari (Technical University of Darmstadt), Tigist Abera (Technical University of Darmstadt), Jonathan Knauer (Technical University of Darmstadt), Ahmad-Reza Sadeghi (Technical University of Darmstadt)

PAPER
SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks in Split Learning

Split Learning (SL) is a distributed deep learning approach enabling multiple clients and a server to collaboratively train and infer on a shared deep neural network (DNN) without requiring clients to share their private local data. The DNN is partitioned in SL, with most layers residing on the server and a few initial layers and inputs on the client side. This configuration allows resource-constrained clients to participate in training and inference. However, the distributed architecture exposes SL to backdoor attacks, where malicious clients can manipulate local datasets to alter the DNN's behavior. Existing defenses from other distributed frameworks like Federated Learning are not applicable, and there is a lack of effective backdoor defenses specifically designed for SL. We present SafeSplit, the first defense against client-side backdoor attacks in Split Learning (SL). SafeSplit enables the server to detect and filter out malicious client behavior by employing circular backward analysis after a client's training is completed, iteratively reverting to a trained checkpoint where the model under examination is found to be benign. It uses a two-fold analysis to identify client-induced changes and detect poisoned models. First, a static analysis in the frequency domain measures the differences in the layer's parameters at the server. Second, a dynamic analysis introduces a novel rotational distance metric that assesses the orientation shifts of the server's layer parameters during training. Our comprehensive evaluation across various data distributions, client counts, and attack scenarios demonstrates the high efficacy of this dual analysis in mitigating backdoor attacks while preserving model utility.

---

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks In Split Learning appeared first on Security Boulevard.

Session 5C: Federated Learning 1

Authors, Creators & Presenters: Xiaochen Zhu (National University of Singapore & Massachusetts Institute of Technology), Xinjian Luo (National University of Singapore & Mohamed bin Zayed University of Artificial Intelligence), Yuncheng Wu (Renmin University of China), Yangfan Jiang (National University of Singapore), Xiaokui Xiao (National University of Singapore), Beng Chin Ooi (National University of Singapore)

PAPER
Passive Inference Attacks on Split Learning via Adversarial Regularization

Split Learning (SL) has emerged as a practical and efficient alternative to traditional federated learning. While previous attempts to attack SL have often relied on overly strong assumptions or targeted easily exploitable models, we seek to develop more capable attacks. We introduce SDAR, a novel attack framework against SL with an honest-but-curious server. SDAR leverages auxiliary data and adversarial regularization to learn a decodable simulator of the client's private model, which can effectively infer the client's private features under the vanilla SL, and both features and labels under the U-shaped SL. We perform extensive experiments in both configurations to validate the effectiveness of our proposed attacks. Notably, in challenging scenarios where existing passive attacks struggle to reconstruct the client's private data effectively, SDAR consistently achieves significantly superior attack performance, even comparable to active attacks. On CIFAR-10, at the deep split level of 7, SDAR achieves private feature reconstruction with less than 0.025 mean squared error in both the vanilla and the U-shaped SL, and attains a label inference accuracy of over 98% in the U-shaped setting, while existing attacks fail to produce non-trivial results.

---

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Passive Inference Attacks On Split Learning Via Adversarial Regularization appeared first on Security Boulevard.

They face long hours, mediocre pay and, at worst, no job, but their optimism is astonishing – let’s support them better

• Prof Devi Sridhar is chair of global public health at the University of Edinburgh

When I mentioned to colleagues in the NHS that I was helping with admissions interviews for medical students, several responded with the same wry smile and weary shrug: “Do they know what they’re getting into?” Anyone working with the health service over the past few decades has seen the job conditions get tougher, salaries stagnate and idealism erode within a crumbling system. Brexit, Covid, austerity and the rise in the cost of living haven’t helped.

From the students’ perspectives, they’ve gone through a lot to get here too. Not just the usual high-level academic performance and résumé-building either. This is a group who dealt with school closures and lockdowns during impressionable years, many come from crowded schools with little support and coaching, and yet they’ve found a way to persevere.

Prof Devi Sridhar is chair of global public health at the University of Edinburgh

Fit Forever: Wellness for midlife and beyond: On Wednesday 28 January 2026, join Annie Kelly, Devi Sridhar, Joel Snape and Mariella Frostrup, as they discuss how to enjoy longer and healthier lives, with expert advice and practical tips. Book tickets here or at guardian.live

Continue reading...

© Photograph: Gary Calton/The Observer

© Photograph: Gary Calton/The Observer

© Photograph: Gary Calton/The Observer

Report finds children at Mossbourne Victoria Park traumatised by disciplinary measures ‘designed to humiliate’

Staff at a London academy instilled a “climate of fear” among pupils, with a drive for academic success likely to have harmed vulnerable children including those with special needs, according to a damning independent investigation.

The report by Sir Alan Wood, one of the country’s foremost experts in children’s services, found that staff at Mossbourne Victoria Park Academy (MVPA) routinely used measures “designed to humiliate pupils”, frequently shouting at them and isolating them in corridors as part of “a harsh and damaging disciplinary culture”.

Continue reading...

© Photograph: Sophia Evans/The Observer

© Photograph: Sophia Evans/The Observer

© Photograph: Sophia Evans/The Observer

They have unleashed irresponsible innovations on the world and their slop generators have flooded academia, says Dr Craig Reeves

I’m not surprised to read that the field of artificial intelligence research is complaining about being overwhelmed by the very slop that it has pioneered (Artificial intelligence research has a slop problem, academics say: ‘It’s a mess’, 6 December). But this is a bit like bears getting indignant about all the shit in the woods.

It serves AI researchers right for the irresponsible innovations that they’ve unleashed on the world, without ever bothering to ask the rest of us whether we wanted it.

Continue reading...

© Photograph: Dado Ruvić/Reuters

© Photograph: Dado Ruvić/Reuters

© Photograph: Dado Ruvić/Reuters

Teaching methods | Holly stripped bare | Cricket in state schools | Flat Earth Society physics prize | Impact School of Motoring

As a retired teacher with family and friends who are still in the profession, I must take exception to John Harris’s assertion that our current method of education consists of “standing in front of 30 kids and shouting at them for an hour” (The right’s callous overdiagnosis bandwagon is rolling. Wes Streeting should not be on it, 7 December). At no point in my career would this have been regarded as an acceptable method of teaching any children, regardless of their individual needs or learning styles.
Jane Caley
Sutton Coldfield, West Midlands

• Susie White was lucky to find holly with berries (Country diary, 8 December). The one in my front garden had had the inner berries eaten by wood pigeons some time ago, and now the rest have gone – after a flock of redwings took the ones at the ends of the branches that the fat pigeons couldn’t get to. Not a single flash of scarlet remains.
Copland Smith
Whalley Range, Manchester

Continue reading...

© Photograph: Ableimages/Getty Images

© Photograph: Ableimages/Getty Images

© Photograph: Ableimages/Getty Images

A tenured USC professor is arguing that universities need to fundamentally rethink their value proposition as AI rapidly closes the gap on human instruction and a loneliness epidemic grips the generation most likely to be sitting in their lecture halls. Eric Anicich, an associate professor at USC's Marshall School of Business, wrote in the Los Angeles Times that nearly three-quarters of 16- to 24-year-olds now report feeling lonely, young adults spend 70% less time with friends in person compared to two decades ago, and a growing majority of Gen Z college graduates say their degree was a "waste of money." Anicich points to a recent Harvard study finding that students using an AI tutor learned more than twice as much as those in traditional active-learning classes, and did so in less time. The implication is stark: if instruction becomes abundant and cheap, colleges must sell what remains scarce -- genuine human community. He notes that his doctoral training included zero coursework on teaching, a norm he says persists across academia. His proposal: fund student life as seriously as research labs, hire professional "experience designers," and treat rituals and collaborative projects as core curriculum rather than amenities.

Read more of this story at Slashdot.

Our UN report reveals the link between the online misogyny and offline crimes that are hounding women out of public life

Networked misogyny is now firmly established as a key tactic in the 21st-century authoritarian’s playbook. This is not a new trend – but it is now being supercharged by generative AI tools that make it easier, quicker and cheaper than ever to perpetrate online violence against women in public life – from journalists to human rights defenders, politicians and activists.

The objectives are clear: to help justify the rollback of gender equality and women’s reproductive rights; to chill women’s freedom of expression and their participation in democratic deliberation; to discredit truth-tellers; and to pave the way for the consolidation of authoritarian power.

Dr Julie Posetti is the director of the Information Integrity Initiative at TheNerve, a digital forensics lab founded by Nobel laureate Maria Ressa. She is also a professor of journalism and chair of the Centre for Journalism and Democracy at City St George’s, University of London.

Do you have an opinion on the issues raised in this article? If you would like to submit a response of up to 300 words by email to be considered for publication in our letters section, please click here.

Continue reading...

© Photograph: Guglielmo Mangiapane/Reuters

© Photograph: Guglielmo Mangiapane/Reuters

© Photograph: Guglielmo Mangiapane/Reuters

Why proposals for a shorter working week are winning over teachers and parents – despite the logistical headaches

“A wonderful idea”, “Bring it on!”, “Yes!”, “Brilliant!”, “Absolutely”. If enthusiasm were all it took to change policy, a four-day week in England’s schools would be all but guaranteed.

A Guardian report this week saying that the 4 Day Week Foundation has urged the government to pilot a four-day working week in schools in England and Wales to boost teacher wellbeing and recruitment attracted hundreds of thousands of readers.

Continue reading...

© Photograph: PA Wire/PA

© Photograph: PA Wire/PA

© Photograph: PA Wire/PA

AI is the second-largest major at M.I.T. after computer science, reports the New York Times. (Alternate URL here and here.) Though that includes students interested in applying AI in biology and health care — it's just the beginning: This semester, more than 3,000 students enrolled in a new college of artificial intelligence and cybersecurity at the University of South Florida in Tampa. At the University of California, San Diego, 150 first-year students signed up for a new A.I. major. And the State University of New York at Buffalo created a stand-alone "department of A.I. and society," which is offering new interdisciplinary degrees in fields like "A.I. and policy analysis...." [I]nterest in understanding, using and learning how to build A.I. technologies is soaring, and schools are racing to meet rising student and industry demand. Over the last two years, dozens of U.S. universities and colleges have announced new A.I. departments, majors, minors, courses, interdisciplinary concentrations and other programs. "This is so cool to me to have the opportunity to be at the forefront of this," one 18-year-old told the New York Times. Their article points out 62% of America's computing programs reported drops in undergraduate enrollment this fall, according to a report in October from the Computing Research Association. "One reason for the dip: student employment concerns." Thanks to long-time Slashdot reader theodp for sharing the article.

Read more of this story at Slashdot.

Today America's college professors "struggle to accommodate the many students with an official disability designation," reports the Atlantic, "which may entitle them to extra time, a distraction-free environment, or the use of otherwise-prohibited technology." Their staff writer argues these accommodations "have become another way for the most privileged students to press their advantage." [Over the past decade and a half] the share of students at selective universities who qualify for accommodations — often, extra time on tests — has grown at a breathtaking pace. At the University of Chicago, the number has more than tripled over the past eight years; at UC Berkeley, it has nearly quintupled over the past 15 years. The increase is driven by more young people getting diagnosed with conditions such as ADHD, anxiety, and depression, and by universities making the process of getting accommodations easier. The change has occurred disproportionately at the most prestigious and expensive institutions. At Brown and Harvard, more than 20 percent of undergraduates are registered as disabled. At Amherst, that figure is 34 percent. Not all of those students receive accommodations, but researchers told me that most do. The schools that enroll the most academically successful students, in other words, also have the largest share of students with a disability that could prevent them from succeeding academically. "You hear 'students with disabilities' and it's not kids in wheelchairs," one professor at a selective university, who requested anonymity because he doesn't have tenure, told me. "It's just not. It's rich kids getting extra time on tests...." Recently, mental-health issues have joined ADHD as a primary driver of the accommodations boom. Over the past decade, the number of young people diagnosed with depression or anxiety has exploded. L. Scott Lissner, the ADA coordinator at Ohio State University, told me that 36 percent of the students registered with OSU's disability office have accommodations for mental-health issues, making them the largest group of students his office serves. Many receive testing accommodations, extensions on take-home assignments, or permission to miss class. Students at Carnegie Mellon University whose severe anxiety makes concentration difficult might get extra time on tests or permission to record class sessions, Catherine Samuel, the school's director of disability resources, told me. Students with social-anxiety disorder can get a note so the professor doesn't call on them without warning... Some students get approved for housing accommodations, including single rooms and emotional-support animals. Other accommodations risk putting the needs of one student over the experience of their peers. One administrator told me that a student at a public college in California had permission to bring their mother to class. This became a problem, because the mom turned out to be an enthusiastic class participant. Professors told me that the most common — and most contentious — accommodation is the granting of extra time on exams... Several of the college students I spoke with for this story said they knew someone who had obtained a dubious diagnosis... The surge itself is undeniable. Soon, some schools may have more students receiving accommodations than not, a scenario that would have seemed absurd just a decade ago. Already, at one law school, 45 percent of students receive academic accommodations. Paul Graham Fisher, a Stanford professor who served as co-chair of the university's disability task force, told me, "I have had conversations with people in the Stanford administration. They've talked about at what point can we say no? What if it hits 50 or 60 percent? At what point do you just say 'We can't do this'?" This year, 38 percent of Stanford undergraduates are registered as having a disability; in the fall quarter, 24 percent of undergraduates were receiving academic or housing accommodations.

Read more of this story at Slashdot.

We want to hear from UK parents with experience in temporary accommodation about the impact on their lives, family and schooling

More than 172,000 children were living in temporary accommodation in England at the end of June, according to the latest quarterly official figures from October.

That represented an 8.2% rise on the same period last year. There are now more than 130,000 households households living in temporary accommodation in England, the figures showed.

Continue reading...

© Photograph: Ben Birchall/PA

© Photograph: Ben Birchall/PA

© Photograph: Ben Birchall/PA

A brand new report from Pathways to Education Canada is shedding light on the growing crisis among Canada’s young people. Read More

FTC action takes center stage as the U.S. Federal Trade Commission has announced strong enforcement steps against education technology (Edtech) provider Illuminate Education, following a major data breach that exposed the personal information of more than 10 million students across the United States. The agency said the company failed to implement reasonable security measures despite promising schools and parents that student information was protected.

Why the Agency Intervened

FTC complaint outlines a series of allegations against the Wisconsin-based company, which provides cloud-based software tools for schools. According to the complaint, Illuminate Education claimed it used industry-standard practices to safeguard student information but failed to put in place basic security controls. The Illuminate Education data breach incident dates back to December 2021 when a hacker accessed the company’s cloud databases using login credentials belonging to a former employee who had left the company more than three years earlier. This lapse allowed unauthorized access to data belonging to 10.1 million students, including email addresses, home addresses, dates of birth, academic records, and sensitive health information. FTC officials said the company ignored warnings as early as January 2020, when a third-party vendor alerted them to several vulnerabilities in their systems. The data security failures included weak access controls, gaps in threat detection, and a lack of proper vulnerability monitoring and patch management. The agency also noted that student data was stored in plain text until at least January 2022, increasing the severity of the breach.

FTC Action: Requirements Under the Proposed Order

As part of the proposed settlement, the FTC will require Illuminate Education to adopt a comprehensive information security program and follow stricter privacy obligations. The proposed FTC order includes several mandatory steps:

• Deleting any personal information that is no longer required for service delivery.
• Following a transparent, publicly available data retention schedule that explains why data is collected and when it will be deleted.
• Implementing a detailed information security program to protect the confidentiality and integrity of personal information.
• Notifying the FTC when the company reports a data breach to any federal, state, or local authority.

The order also prohibits the company from misrepresenting its data security practices or delaying breach notifications to school districts and families. The FTC said Illuminate had waited nearly two years before informing some districts about the breach, impacting more than 380,000 students. The Commission has voted unanimously to advance the complaint and proposed order for public comment. It will be published in the Federal Register, where stakeholders can share feedback for 30 days before the FTC decides whether to finalize the consent order.

FTC Action and State-Level Enforcement

Alongside the federal enforcement, the state data breach settlement adds another layer of accountability. Attorneys General from California, Connecticut, and New York recently announced a $5.1 million settlement with Illuminate Education for failing to adequately protect student data during the same 2021 cyber incident. California will receive $3.25 million in civil penalties, and the settlement includes strict requirements designed to improve the company’s cybersecurity safeguards. With more than 434,000 California students affected, this marks one of the largest enforcement actions under the California K-12 Pupil Online Personal Information Protection Act (KOPIPA). State officials emphasized that educational technology companies must prioritize the security of children’s data, which often includes highly sensitive information like medical details and learning records.

Singapore's Ministry of Education has announced that secondary school students will be banned from using smartphones and smartwatches throughout the entire school day starting January 2026, extending current restrictions beyond regular lesson time to cover recess, co-curricular activities, and supplementary lessons. Under the new guidelines, students must store their phones in designated areas like lockers or keep them in their school bags. Smartwatches also fall under the ban because they enable messaging and social media access, which the ministry says can lead to distractions and reduced peer interaction. Schools may allow exceptions where necessary. Some secondary schools adopted these tighter rules after they were announced for primary schools in January 2025, and the ministry reports improved student well-being and more physical interaction during breaks at those schools. The ministry is also moving the default sleep time for school-issued personal learning devices from 11pm to 10.30pm starting January.

Read more of this story at Slashdot.

The skills that future graduates will most need in an age of automation -- creative thinking, critical analysis, the capacity to learn new things -- are precisely those that a growing body of research suggests may be eroded by inserting AI into the educational process, yet universities across the United States are now racing to embed the technology into every dimension of their curricula. Ohio State University announced this summer that it would integrate AI education into every undergraduate program, and the University of Florida and the University of Michigan are rolling out similar initiatives. An MIT study offers reason for caution: researchers divided subjects into three groups and had them write essays over several months using ChatGPT, Google Search, or no technology at all. The ChatGPT group produced vague, poorly reasoned work, showed the lowest levels of brain activity on EEG, and increasingly relied on cutting and pasting from other sources. The authors concluded that LLM users "consistently underperformed at neural, linguistic, and behavioral levels" over the four-month period. Justin Reich, director of MIT's Teaching Systems Lab, recently wrote in The Chronicle of Higher Education that rushed educational efforts to incorporate new technology have "failed regularly, and sometimes catastrophically."

Read more of this story at Slashdot.

Almost two-thirds of registered U.S. voters "say that a four-year college degree isn't worth the cost," according to a new NBC News poll: Just 33% agree a four-year college degree is "worth the cost because people have a better chance to get a good job and earn more money over their lifetime," while 63% agree more with the concept that it's "not worth the cost because people often graduate without specific job skills and with a large amount of debt to pay off." In 2017, U.S. adults surveyed were virtually split on the question — 49% said a degree was worth the cost and 47% said it wasn't. When CNBC asked the same question in 2013 as part of its All American Economic Survey, 53% said a degree was worth it and 40% said it was not. The eye-popping shift over the last 12 years comes against the backdrop of several major trends shaping the job market and the education world, from exploding college tuition prices to rapid changes in the modern economy — which seems once again poised for radical transformation alongside advances in AI... Remarkably, less than half of voters with college degrees see those degrees as worth the cost: 46% now, down from 63% in 2013... The upshot is that interest in technical, vocational and two-year degree programs has soared. "The 20-point decline over the last 12 years among those who say a degree is worth it — from 53% in 2013 to 33% now — is reflected across virtually every demographic group."

Read more of this story at Slashdot.

An analysis of submissions to next year's International Conference on Learning Representations has found that roughly one in five peer reviews were fully generated by AI, a discovery that came after researchers including Carnegie Mellon's Graham Neubig grew suspicious of feedback on their manuscripts that seemed unusually verbose and requested non-standard statistical analyses. Neubig posted on X offering a reward for anyone who could scan the conference's submissions for AI-generated text, and Max Spero, CEO of detection tool developer Pangram Labs, responded the next day. Pangram screened all 19,490 studies and 75,800 peer reviews submitted to ICLR 2026, finding that 21% of reviews were fully AI-generated and more than half showed signs of AI use. The conference had permitted AI tools for polishing text but prohibited falsified content. Each reviewer was assigned five papers to review in two weeks on average -- a load that senior programme chair Bharath Hariharan described as "much higher than what has been done in the past."

Read more of this story at Slashdot.

Session 4B: Audio Security

Authors, Creators & Presenters:

PAPER
VoiceRadar: Voice Deepfake Detection using Micro-Frequency And Compositional Analysis
Recent advancements in synthetic speech generation, including text-to-speech (TTS) and voice conversion (VC) models, allow the generation of convincing synthetic voices, often referred to as audio deepfakes. These deepfakes pose a growing threat as adversaries can use them to impersonate individuals, particularly prominent figures, on social media or bypass voice authentication systems, thus having a broad societal impact. The inability of state-of-the-art verification systems to detect voice deepfakes effectively is alarming. We propose a novel audio deepfake detection method, VoiceRadar, that augments machine learning with physical models to approximate frequency dynamics and oscillations in audio samples. This significantly enhances detection capabilities. VoiceRadar leverages two main physical models: (i) the Doppler effect to understand frequency changes in audio samples and (ii) drumhead vibrations to decompose complex audio signals into component frequencies. VoiceRadar identifies subtle variations, or micro-frequencies, in the audio signals by applying these models. These micro-frequencies are aggregated to compute the observed frequency, capturing the unique signature of the audio. This observed frequency is integrated into the machine learning algorithm's loss function, enabling the algorithm to recognize distinct patterns that differentiate human-produced audio from AI-generated audio. We constructed a new diverse dataset to comprehensively evaluate VoiceRadar, featuring samples from leading TTS and VC models. Our results demonstrate that VoiceRadar outperforms existing methods in accurately identifying AI-generated audio samples, showcasing its potential as a robust tool for audio deepfake detection.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – VoiceRadar: Voice Deepfake Detection Using Micro-Frequency And Compositional Analysis appeared first on Security Boulevard.

Session4A: IoT Security

Authors, Creators & Presenters: Eman Maali (Imperial College London), Omar Alrawi (Georgia Institute of Technology), Julie McCann (Imperial College London)

PAPER
Evaluating Machine Learning-Based IoT Device Identification Models for Security Applications

With the proliferation of IoT devices, network device identification is essential for effective network management and security. Many exhibit performance degradation despite the potential of machine learning-based IoT device identification solutions. Degradation arises from the assumption of static IoT environments that do not account for the diversity of real-world IoT networks, as devices operate in various modes and evolve over time. In this paper, we evaluate current IoT device identification solutions using curated datasets and representative features across different settings. We consider key factors that affect real-world device identification, including modes of operation, spatio-temporal variations, and traffic sampling, and organise them into a set of attributes by which we can evaluate current solutions. We then use machine learning explainability techniques to pinpoint the key causes of performance degradation. This evaluation uncovers empirical evidence of what continuously identifies devices, provides valuable insights, and practical recommendations for network operators to improve their IoT device identification in operational deployments

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Machine Learning-Based loT Device Identification Models For Security Applications appeared first on Security Boulevard.

Session4A: IoT Security

Authors, Creators & Presenters: Haoqiang Wang, Yiwei Fang (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Indiana University Bloomington), Yichen Liu (Indiana University Bloomington), Ze Jin (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Indiana University Bloomington), Emma Delph (Indiana University Bloomington), Xiaojiang Du (Stevens Institute of Technology), Qixu Liu (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Luyi Xing (Indiana University Bloomington)

---

PAPER

Hidden and Lost Control: on Security Design Risks in IoT User-Facing Matter Controller

Matter is emerging as an IoT industry--unifying standard, aiming to enhance the interoperability among diverse smart home products, enabling them to work securely and seamlessly together. With many popular IoT vendors increasingly supporting Matter in consumer IoT products, we perform a systematic study to investigate how and whether vendors can integrate Matter securely into IoT systems and how well Matter as a standard supports vendors' secure integration. By analyzing Matter development model in the wild, we reveal a new kind of design flaw in user-facing Matter control capabilities and interfaces, called UMCCI flaws, which are exploitable vulnerabilities in the design space and seriously jeopardize necessary control and surveillance capabilities of Matter-enabled devices for IoT users. Therefore we built an automatic tool called UMCCI Checker, enhanced by the large-language model in UI analysis, which enables automatically detecting UMCCI flaws without relying on real IoT devices. Our tool assisted us with studying and performing proof-of-concept attacks on 11 real Matter devices of 8 popular vendors to confirm that the UMCCI flaws are practical and common. We reported UMCCI flaws to related vendors, which have been acknowledged by CSA, Apple, Tuya, Aqara, etc. To help CSA and vendors better understand and avoid security flaws in developing and integrating IoT standards like Matter, we identify two categories of root causes and propose immediate fix recommendations.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Hidden And Lost Control: On Security Design Risks In loT User-Facing Matter Controller appeared first on Security Boulevard.

Session4A: IoT Security

Authors, Creators & Presenters: Hangtian Liu (Information Engineering University), Lei Zheng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Shuitao Gan (Laboratory for Advanced Computing and Intelligence Engineering), Chao Zhang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zicong Gao (Information Engineering University), Hongqi Zhang (Henan Key Laboratory of Information Security), Yishun Zeng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zhiyuan Jiang (National University of Defense Technology), Jiahai Yang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University)

PAPER

EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via Routing Analysis [https://www.ndss-symposium.org/wp-con...](https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbEEzMmJxSkNwUUhDUkMteHZraTQ1blZ5Sk0zUXxBQ3Jtc0tuZldzQXZxQXJaOGt0VDU2RGNPdGVSbnMzcWxiTVZ1UmJsTzcyaUlCTFdvbmhoWnZRdWQ0UlJiUEs4ekR1UXNCNF9KQmp4UGxKOG5kMHdBdHBiaWh6ckxFaGphY0JVRDZDQ21jUWcyREx2Qy1XVTJqWQ&q=https%3A%2F%2Fwww.ndss-symposium.org%2Fwp-content%2Fuploads%2F2025-399-paper.pdf&v=qXDD2iiIeCg) Hidden web interfaces, i.e., undisclosed access channels in IoT devices, introduce great security risks and have resulted in severe attacks in recent years. However, the definition of such threats is vague, and few solutions are able to discover them. Due to their hidden nature, traditional bug detection solutions (e.g., taint analysis, fuzzing) are hard to detect them. In this paper, we present a novel solution EAGLEYE to automatically expose hidden web interfaces in IoT devices. By analyzing input requests to public interfaces, we first identify routing tokens within the requests, i.e., those values (e.g., actions or file names) that are referenced and used as index by the firmware code (routing mechanism) to find associated handler functions. Then, we utilize modern large language models to analyze the contexts of such routing tokens and deduce their common pattern, and then infer other candidate values (e.g., other actions or file names) of these tokens. Lastly, we perform a hidden-interface directed black-box fuzzing, which mutates the routing tokens in input requests with these candidate values as the high-quality dictionary. We have implemented a prototype of EAGLEYE and evaluated it on 13 different commercial IoT devices. EAGLEYE successfully found 79 hidden interfaces, 25X more than the state-of-the-art (SOTA) solution IoTScope. Among them, we further discovered 29 unknown vulnerabilities including backdoor, XSS (cross-site scripting), command injection, and information leakage, and have received 7 CVEs.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – EAGLEYE: Exposing Hidden Web Interfaces In loT Devices Via Routing Analysis appeared first on Security Boulevard.

Session4A: IoT Security

Authors, Creators & Presenters: Christopher Ellis (The Ohio State University), Yue Zhang (Drexel University), Mohit Kumar Jangid (The Ohio State University), Shixuan Zhao (The Ohio State University), Zhiqiang Lin (The Ohio State University)

PAPER

Deanonymizing Device Identities via Side-channel Attacks in Exclusive-use IoTs & Mitigation Wireless technologies like Bluetooth Low Energy (BLE) and Wi-Fi are essential to the Internet of Things (IoT), facilitating seamless device communication without physical connections. However, this convenience comes at a cost--exposed data exchanges that are susceptible to observation by attackers, leading to serious security and privacy threats such as device tracking. Although protocol designers have traditionally relied on strategies like address and identity randomization as a countermeasure, our research reveals that these attacks remain a significant threat due to a historically overlooked, fundamental flaw in exclusive-use wireless communication. We define exclusive-use as a scenario where devices are designed to provide functionality solely to an associated or paired device. The unique communication patterns inherent in these relationships create an observable boolean side-channel that attackers can exploit to discover whether two devices "trust" each other. This information leak allows for the deanonymization of devices, enabling tracking even in the presence of modern countermeasures. We introduce our tracking attacks as IDBleed and demonstrate that BLE and Wi-Fi protocols that support confidentiality, integrity, and authentication remain vulnerable to deanonymization due to this fundamental flaw in exclusive-use communication patterns. Finally, we propose and quantitatively evaluate a generalized, privacy-preserving mitigation we call Anonymization Layer to find a negligible 2% approximate overhead in performance and power consumption on tested smartphones and PCs.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Deanonymizing Device Identities Via Side-Channel Attacks In Exclusive-Use IoTs appeared first on Security Boulevard.

SESSION
Session 3D: AI Safety

-----------

-----------

Authors, Creators & Presenters: Yan Pang (University of Virginia), Aiping Xiong (Penn State University), Yang Zhang (CISPA Helmholtz Center for Information Security), Tianhao Wang (University of Virginia)

-----------

PAPER
Towards Understanding Unsafe Video Generation
Video generation models (VGMs) have demonstrated the capability to synthesize high-quality output. It is important to understand their potential to produce unsafe content, such as violent or terrifying videos. In this work, we provide a comprehensive understanding of unsafe video generation.

First, to confirm the possibility that these models could indeed generate unsafe videos, we choose unsafe content generation prompts collected from 4chan and Lexica, and three open-source SOTA VGMs to generate unsafe videos. After filtering out duplicates and poorly generated content, we created an initial set of 2112 unsafe videos from an original pool of 5607 videos. Through clustering and thematic coding analysis of these generated videos, we identify 5 unsafe video categories: Distorted/Weird, Terrifying, Pornographic, Violent/Bloody, and Political. With IRB approval, we then recruit online participants to help label the generated videos. Based on the annotations submitted by 403 participants, we identified 937 unsafe videos from the initial video set. With the labeled information and the corresponding prompts, we created the first dataset of unsafe videos generated by VGMs. We then study possible defense mechanisms to prevent the generation of unsafe videos. Existing defense methods in image generation focus on filtering either input prompt or output results. We propose a new approach called sysname, which works within the model's internal sampling process. sysname can achieve 0.90 defense accuracy while reducing time and computing resources by 10 times when sampling a large number of unsafe prompts. Our experiment includes three open-source SOTA video diffusion models, each achieving accuracy rates of 0.99, 0.92, and 0.91, respectively. Additionally, our method was tested with adversarial prompts and on image-to-video diffusion models, and achieved nearly 1.0 accuracy on both settings. Our method also shows its interoperability by improving the performance of other defenses when combined with them.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Towards Understanding Unsafe Video Generation appeared first on Security Boulevard.

SESSION
Session 3D: AI Safety

-----------

-----------

Authors, Creators & Presenters: Haotian Zhu (Nanjing University of Science and Technology), Shuchao Pang (Nanjing University of Science and Technology), Zhigang Lu (Western Sydney University), Yongbin Zhou (Nanjing University of Science and Technology), Minhui Xue (CSIRO's Data61)

-----------

PAPER
GAP-Diff: Protecting JPEG-Compressed Images From Diffusion-Based Facial Customization
Text-to-image diffusion model's fine-tuning technology allows people to easily generate a large number of customized photos using limited identity images. Although this technology is easy to use, its misuse could lead to violations of personal portraits and privacy, with false information and harmful content potentially causing further harm to individuals. Several methods have been proposed to protect faces from customization via adding protective noise to user images by disrupting the fine-tuned models.
Unfortunately, simple pre-processing techniques like JPEG compression, a normal pre-processing operation performed by modern social networks, can easily erase the protective effects of existing methods. To counter JPEG compression and other potential pre-processing, we propose GAP-Diff, a framework of Generating data with Adversarial Perturbations for text-to-image Diffusion models using unsupervised learning-based optimization, including three functional modules. Specifically, our framework learns robust representations against JPEG compression by backpropagating gradient information through a pre-processing simulation module while learning adversarial characteristics for disrupting fine-tuned text-to-image diffusion models. Furthermore, we achieve an adversarial mapping from clean images to protected images by designing adversarial losses against these fine-tuning methods and JPEG compression, with stronger protective noises within milliseconds. Facial benchmark experiments, compared to state-of-the-art protective methods, demonstrate that GAP-Diff significantly enhances the resistance of protective noise to JPEG compression, thereby better safeguarding user privacy and copyrights in the digital world.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – GAP-Diff: Protecting JPEG-Compressed Images From Diffusion-Based Facial Customization appeared first on Security Boulevard.

SESSION
Session 3D: AI Safety

-----------

-----------

Authors, Creators & Presenters: Shuo Shao (Zhejiang University), Yiming Li (Zhejiang University), Hongwei Yao (Zhejiang University), Yiling He (Zhejiang University), Zhan Qin (Zhejiang University), Kui Ren (Zhejiang University)

-----------

PAPER
Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution
Ownership verification is currently the most critical and widely adopted post-hoc method to safeguard model copyright. In general, model owners exploit it to identify whether a given suspicious third-party model is stolen from them by examining whether it has particular properties 'inherited' from their released models. Currently, backdoor-based model watermarks are the primary and cutting-edge methods to implant such properties in the released models. However, backdoor-based methods have two fatal drawbacks, including harmfulness and ambiguity. The former indicates that they introduce maliciously controllable misclassification behaviors ( backdoor) to the watermarked released models. The latter denotes that malicious users can easily pass the verification by finding other misclassified samples, leading to ownership ambiguity.

In this paper, we argue that both limitations stem from the 'zero-bit' nature of existing watermarking schemes, where they exploit the status (misclassified) of predictions for verification. Motivated by this understanding, we design a new watermarking paradigm "Explanation as a Watermark (EaaW)", that implants verification behaviors into the explanation of feature attribution instead of model predictions. Specifically, EaaW embeds a 'multi-bit' watermark into the feature attribution explanation of specific trigger samples without changing the original prediction. We correspondingly design the watermark embedding and extraction algorithms inspired by explainable artificial intelligence. In particular, our approach can be used for different tasks (image classification and text generation). Extensive experiments verify the effectiveness and harmlessness of our EaaW and its resistance to potential attacks.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Explanation As A Watermark appeared first on Security Boulevard.

SESSION
Session 3D: Al Safety

-----------

-----------

Authors, Creators & Presenters: Yutong Wu (Nanyang Technological University), Jie Zhang (Centre for Frontier AI Research, Agency for Science, Technology and Research (A*STAR), Singapore), Florian Kerschbaum (University of Waterloo), Tianwei Zhang (Nanyang Technological University)

-----------

PAPER
THEMIS: Regulating Textual Inversion for Personalized Concept Censorship

Personalization has become a crucial demand in the Generative AI technology. As the pre-trained generative model (e.g., stable diffusion) has fixed and limited capability, it is desirable for users to customize the model to generate output with new or specific concepts. Fine-tuning the pre-trained model is not a promising solution, due to its high requirements of computation resources and data. Instead, the emerging personalization approaches make it feasible to augment the generative model in a lightweight manner. However, this also induces severe threats if such advanced techniques are misused by malicious users, such as spreading fake news or defaming individual reputations. Thus, it is necessary to regulate personalization models (i.e., achieve concept censorship) for their development and advancement. In this paper, we focus on the regulation of a popular personalization technique dubbed textbf{Textual Inversion (TI)}, which can customize Text-to-Image (T2I) generative models with excellent performance. TI crafts the word embedding that contains detailed information about a specific object. Users can easily add the word embedding to their local T2I model, like the public Stable Diffusion (SD) model, to generate personalized images. The advent of TI has brought about a new business model, evidenced by the public platforms for sharing and selling word embeddings (e.g., Civitai [1]). Unfortunately, such platforms also allow malicious users to misuse the word embeddings to generate unsafe content, causing damages to the concept owners. We propose THEMIS to achieve the personalized concept censorship. Its key idea is to leverage the backdoor technique for good by injecting positive backdoors into the TI embeddings. Briefly, the concept owner selects some sensitive words as triggers during the training of TI, which will be censored for normal use. In the subsequent generation stage, if a malicious user combines the sensitive words with the personalized embeddings as final prompts, the T2I model will output a pre-defined target image rather than images including the desired malicious content. To demonstrate the effectiveness of THEMIS, we conduct extensive experiments on the TI embeddings with Latent Diffusion and Stable Diffusion, two prevailing open-sourced T2I models. The results demonstrate that THEMIS is capable of preventing Textual Inversion from cooperating with sensitive words meanwhile guaranteeing its pristine utility. Furthermore, THEMIS is general to different uses of sensitive words, including different locations, synonyms, and combinations of sensitive words. It can also resist different types of potential and adaptive attacks. Ablation studies are also conducted to verify our design.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

##################

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – THEMIS: Regulating Textual Inversion For Personalized Concept Censorship appeared first on Security Boulevard.

SESSION
Session 3D: Al Safety

-----------

-----------

Authors, Creators & Presenters: Miaomiao Wang (Shanghai University), Guang Hua (Singapore Institute of Technology), Sheng Li (Fudan University), Guorui Feng (Shanghai University)

-----------

PAPER
A Key-Driven Framework for Identity-Preserving Face Anonymization

Virtual faces are crucial content in the metaverse. Recently, attempts have been made to generate virtual faces for privacy protection. Nevertheless, these virtual faces either permanently remove the identifiable information or map the original identity into a virtual one, which loses the original identity forever. In this study, we first attempt to address the conflict between privacy and identifiability in virtual faces, where a key-driven face anonymization and authentication recognition (KFAAR) framework is proposed. Concretely, the KFAAR framework consists of a head posture-preserving virtual face generation (HPVFG) module and a key-controllable virtual face authentication (KVFA) module. The HPVFG module uses a user key to project the latent vector of the original face into a virtual one. Then it maps the virtual vectors to obtain an extended encoding, based on which the virtual face is generated. By simultaneously adding a head posture and facial expression correction module, the virtual face has the same head posture and facial expression as the original face. During the authentication, we propose a KVFA module to directly recognize the virtual faces using the correct user key, which can obtain the original identity without exposing the original face image. We also propose a multi-task learning objective to train HPVFG and KVFA. Extensive experiments demonstrate the advantages of the proposed HPVFG and KVFA modules, which effectively achieve both facial anonymity and identifiability.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – A Key-Driven Framework For Identity-Preserving Face Anonymization appeared first on Security Boulevard.

An anonymous reader shares a report: "In the 2024-2025 school year, homeschooling continued to grow across the United States, increasing at an average rate of 5.4%," Angela Watson of the Johns Hopkins University School of Education's Homeschool Hub wrote earlier this month. "This is nearly three times the pre-pandemic homeschooling growth rate of around 2%." She added that more than a third of the states from which data is available report their highest homeschooling numbers ever, even exceeding the peaks reached when many public and private schools were closed during the pandemic. After COVID-19 public health measures were suspended, there was a brief drop in homeschooling as parents and families returned to old habits. That didn't last long. Homeschooling began surging again in the 2023-2024 school year, with that growth continuing last year. Based on numbers from 22 states (not all states have released data, and many don't track homeschoolers), four report declines in the ranks of homeschooled children -- Delaware, the District of Columbia, Hawaii, and Tennessee -- while the others report growth from around 1 percent (Florida and Louisiana) to as high as 21.5 percent (South Carolina). The latest figures likely underestimate growth in homeschooling since not all DIY families abide by registration requirements where they exist, and because families who use the portable funding available through increasingly popular Education Savings Accounts to pay for homeschooling costs are not counted as homeschoolers in several states, Florida included. As a result, adds Watson, "we consider these counts as the minimum number of homeschooled students in each state."

Read more of this story at Slashdot.

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology)

-----------

PAPER
Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse
For decades, law enforcement and commercial entities have attempted botnet takedowns with mixed success. These efforts, relying on DNS sink-holing or seizing C&C infrastructure, require months of preparation and often omit the cleanup of left-over infected machines. This allows botnet operators to push updates to the bots and re-establish their control. In this paper, we expand the goal of malware takedowns to include the covert and timely removal of frontend bots from infected devices. Specifically, this work proposes seizing the malware's built-in update mechanism to distribute crafted remediation payloads. Our research aims to enable this necessary but challenging remediation step after obtaining legal permission. We developed ECHO, an automated malware forensics pipeline that extracts payload deployment routines and generates remediation payloads to disable or remove the frontend bots on infected devices. Our study of 702 Android malware shows that 523 malware can be remediated via ECHO's takedown approach, ranging from covertly warning users about malware infection to uninstalling the malware.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse appeared first on Security Boulevard.

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Zhixiu Guo (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jun Dai, Xiaoyan Sun (Department of Computer Science, Worcester Polytechnic Institute), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China)

-----------

PAPER
What's Done Is Not What's Claimed: Detecting and Interpreting Inconsistencies in App Behaviors
The widespread use of mobile apps meets user needs but also raises security concerns. Current security analysis methods often fall short in addressing user concerns as they do not parse app behavior from the user's standpoint, leading to users not fully understanding the risks within the apps and unknowingly exposing themselves to privacy breaches. On one hand, their analysis and results are usually presented at the code level, which may not be comprehensible to users. On the other hand, they neglect to account for the users' perceptions of the app behavior. In this paper, we aim to extract user-related behaviors from apps and explain them to users in a comprehensible natural language form, enabling users to perceive the gap between their expectations and the app's actual behavior, and assess the risks within the inconsistencies independently. Through experiments, our tool InconPreter is shown to effectively extract inconsistent behaviors from apps and provide accurate and reasonable explanations. InconPreter achieves an inconsistency identification precision of 94.89% on our labeled dataset, and a risk analysis accuracy of 94.56% on widely used Android malware datasets. When applied to real-world (wild) apps, InconPreter identifies 1,664 risky inconsistent behaviors from 413 apps out of 10,878 apps crawled from Google Play, including the leakage of location, SMS, and contact information, as well as unauthorized audio recording, etc., potentially affecting millions of users. Moreover, InconPreter can detect some behaviors that are not identified by previous tools, such as unauthorized location disclosure in various scenarios (e.g. taking photos, chatting, and enabling mobile hotspots, etc.). We conduct a thorough analysis of the discovered behaviors to deepen the understanding of inconsistent behaviors, thereby helping users better manage their privacy and providing insights for privacy design in further app development.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Detecting And Interpreting Inconsistencies In App Behaviors appeared first on Security Boulevard.

-----------

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Yuqing Yang (The Ohio State University), Yue Zhang (Drexel University), Zhiqiang Lin (The Ohio State University)

-----------

PAPER
Understanding Miniapp Malware: Identification, Dissection, and Characterization
Super apps, serving as centralized platforms that manage user information and integrate third-party miniapps, have revolutionized mobile computing but also introduced significant security risks from malicious miniapps. Despite the mandatory miniapp vetting enforced to the built-in miniapp store, the threat of evolving miniapp malware persists, engaging in a continual cat-and-mouse game with platform security measures. However, compared with traditional paradigms such as mobile and web computing, there has been a lack of miniapp malware dataset available for the community to explore, hindering the generation of crucial insights and the development of robust detection techniques. In response to this, this paper addresses the scarcely explored territory of malicious miniapp analysis, dedicating over three year to identifying, dissecting, and examining the risks posed by these miniapps, resulting in the first miniapp malware dataset now available to aid future studies to enhance the security of super app ecosystems. To build the dataset, our primary focus has been on the WeChat platform, the largest super app, hosting millions of miniapps and serving a billion users. Over an extensive period, we collected over 4.5 million miniapps, identifying a subset (19, 905) as malicious through a rigorous cross-check process: 1) applying static signatures derived from real-world cases, and 2) confirming that the miniapps were delisted and removed from the market by the platform. With these identified samples, we proceed to characterize them, focusing on their lifecycle including propagation, activation, as well as payload execution. Additionally, we analyzed the collected malware samples using real-world cases to demonstrate their practical security impact. Our findings reveal that these malware frequently target user privacy, leverage social network sharing capabilities to disseminate unauthorized services, and manipulate the advertisement-based revenue model to illicitly generate profits. These actions result in significant privacy and financial harm to both users and the platform.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Understanding Miniapp Malware: Identification, Dissection, And Characterization appeared first on Security Boulevard.

-----------

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Yizhe Shi (Fudan University), Zhemin Yang (Fudan University), Kangwei Zhong (Fudan University), Guangliang Yang (Fudan University), Yifan Yang (Fudan University), Xiaohan Zhang (Fudan University), Min Yang (Fudan University)

PAPER
The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps
In recent years, the app-in-app paradigm, involving super-app and mini-app, has been becoming increasingly popular in the mobile ecosystem. Super-app platforms offer mini-app servers access to a suite of powerful and sensitive services, including payment processing and mini-app analytics. This access empowers mini-app servers to enhance their offerings with robust and practical functionalities and better serve their mini-apps. To safeguard these essential services, a credential-based authentication system has been implemented, facilitating secure access between super-app platforms and mini-app servers. However, the design and workflow of the crucial credential mechanism still remain unclear. More importantly, its security has not been comprehensively understood or explored to date. In this paper, we conduct the first systematic study of the credential system in the app-in-app paradigm and draw the security landscape of credential leakage risks. Consequently, our study shows that 21 popular super-app platforms delegate sensitive services to mini-app servers with seven types of credentials. Unfortunately, these credentials may suffer from leakage threats caused by malicious mini-app users, posing serious security threats to both super-app platforms and mini-app servers. Then, we design and implement a novel credential security verification tool, called KeyMagnet, that can effectively assess the security implications of credential leakage. To tackle unstructured and dynamically retrieved credentials in the app-in-app paradigm, KeyMagnet extracts and understands the semantics of credential-use in mini-apps and verifies their security. Last, by applying KeyMagnet on 413,775 real-world mini-apps of 6 super-app platforms, 84,491 credential leaks are detected, spanning over 54,728 mini-apps. We confirm credential leakage can cause serious security hazards, such as hijacking the accounts of all mini-app users and stealing users' sensitive data. In response, we have engaged in responsible vulnerability disclosure with the corresponding developers and are actively helping them resolve these issues. At the time of writing, 89 reported issues have been assigned with CVE IDs.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

The post NDSS 2025 – The Skeleton Keys: A Large Scale Analysis Of Credential Leakage In Mini-Apps appeared first on Security Boulevard.

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Xiangyu Guo (University of Toronto), Akshay Kawlay (University of Toronto), Eric Liu (University of Toronto), David Lie (University of Toronto)

-----------

PAPER
EvoCrawl: Exploring Web Application Code and State using Evolutionary Search
As more critical services move onto the web, it has become increasingly important to detect and address vulnerabilities in web applications. These vulnerabilities only occur under specific conditions: when 1) the vulnerable code is executed and 2) the web application is in the required state. If the application is not in the required state, then even if the vulnerable code is executed, the vulnerability may not be triggered. Previous work naively explores the application state by filling every field and triggering every JavaScript event before submitting HTML forms. However, this simplistic approach can fail to satisfy constraints between the web page elements, as well as input format constraints. To address this, we present EvoCrawl, a web crawler that uses evolutionary search to efficiently find different sequences of web interactions. EvoCrawl finds sequences that can successfully submit inputs to web applications and thus explore more code and server-side states than previous approaches. To assess the benefits of EvoCrawl we evaluate it against three state-of-the-art vulnerability scanners on ten web applications. We find that EvoCrawl achieves better code coverage due to its ability to execute code that can only be executed when the application is in a particular state. On average, EvoCrawl achieves a 59% increase in code coverage and successfully submits HTML forms 5x more frequently than the next best tool. By integrating IDOR and XSS vulnerability scanners, we used EvoCrawl to find eight zero-day IDOR and XSS vulnerabilities in WordPress, HotCRP, Kanboard, ImpressCMS, and GitLab.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – EvoCrawl: Exploring Web Application Code And State Using Evolutionary Search appeared first on Security Boulevard.

SESSION
Session 3B: Wireless, Cellular & Satellite Security

-----------

-----------

Authors, Creators & Presenters: Philipp Mackensen (Ruhr University Bochum), Paul Staat (Max Planck Institute for Security and Privacy), Stefan Roth (Ruhr University Bochum), Aydin Sezgin (Ruhr University Bochum), Christof Paar (Max Planck Institute for Security and Privacy), Veelasha Moonsamy (Ruhr University Bochum)

-----------

PAPER

-----------

Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces

-----------

Wireless communication infrastructure is a cornerstone of modern digital society, yet it remains vulnerable to the persistent threat of wireless jamming. Attackers can easily create radio interference to overshadow legitimate signals, leading to denial of service. The broadcast nature of radio signal propagation makes such attacks possible in the first place, but at the same time poses a challenge for the attacker: The jamming signal does not only reach the victim device but also other neighboring devices, preventing precise attack targeting. In this work, we solve this challenge by leveraging the emerging RIS technology, for the first time, for precise delivery of jamming signals. In particular, we propose a novel approach that allows for environment-adaptive spatial control of wireless jamming signals, granting a new degree of freedom to perform jamming attacks. We explore this novel method with extensive experimentation and demonstrate that our approach can disable the wireless communication of one or multiple victim devices while leaving neighboring devices unaffected. Notably, our method extends to challenging scenarios where wireless devices are very close to each other: We demonstrate complete denial-of-service of a Wi-Fi device while a second device located at a distance as close as 5 mm remains unaffected, sustaining wireless communication at a data rate of 25 Mbit/s. Lastly, we conclude by proposing potential countermeasures to thwart RIS-based spatial domain wireless jamming attacks.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Spatial-Domain Wireless Jamming With Reconfigurable Intelligent Surfaces appeared first on Security Boulevard.