Last week, our group participated in the prestigious IEEE Symposium on Security and Privacy and presented 3 of our newest research papers there.

On Monday, Richard Mitev presented the paper “Don't Shoot the Messenger: Localization Prevention of Satellite Internet Users.” Satellite communication users reveal their location when sending messages, which can lead to highly dangerous situations, especially in regions with ongoing military conflicts. The paper describes how satellite users can use relays to prevent other parties from locating them through triangulation.

On Wednesday, we presented the paper “One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices,” introducing a novel control flow attestation solution called RAGE. It attests to the control flow and enhances the security of embedded devices. Modeling the control flow as graphs and processing them through Unsupervised Graph Neural Networks enables RAGE to detect Code Reuse Attacks despite the usage of memory randomization techniques.

The paper “SoK: A Comprehensive Analysis and Evaluation of Docker Container Attack and Defense Mechanisms” was presented Wednesday afternoon. The paper systematically analyzed static container scanning and run-time anomaly detection approaches. We propose an evaluation framework that comprehensively tests detection techniques' effectiveness using 51 real-world vulnerabilities, providing valuable insights into Docker container security.

On Thursday, Phillip Rieger presented at the co-located workshop on Deep Learning Security (DLS), our newest work on Federated Learning's security. The proposed LayerDBA attack shows vulnerabilities in state-of-the-art backdoor defenses like FoolsGold, which rely on assumptions about the similarity between individual backdoored models.

In addition, the symposium provided room for fruitful discussions within the security community, as well as the exchange of ideas and recent trends in the security field