{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2025.2.2"}, "schedule": {"url": "https://cfp.securityfest.com/academic-village-2026/schedule/", "version": "Final schedule", "base_url": "https://cfp.securityfest.com", "conference": {"acronym": "academic-village-2026", "title": "Security fest 2026 - Academic village", "start": "2026-05-27", "end": "2026-05-27", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "Europe/Stockholm", "colors": {"primary": "#000000"}, "rooms": [{"name": "Taube Room", "slug": "4-taube-room", "guid": "4d090c93-7ced-545b-b7c6-69b958e2cef7", "description": null, "capacity": 50}], "tracks": [], "days": [{"index": 1, "date": "2026-05-27", "day_start": "2026-05-27T04:00:00+02:00", "day_end": "2026-05-28T03:59:00+02:00", "rooms": {"Taube Room": [{"guid": "b5bcd98f-dd54-5412-88ee-6b4294e41b05", "code": "QBV8LG", "id": 749, "logo": null, "date": "2026-05-27T13:00:00+02:00", "start": "13:00", "duration": "00:10", "room": "Taube Room", "slug": "academic-village-2026-749-opening-remarks", "url": "https://cfp.securityfest.com/academic-village-2026/talk/QBV8LG/", "title": "Opening Remarks", "subtitle": "", "track": null, "type": "Special", "language": "en", "abstract": "The chair for this year's Academic Village, Chalmers University of Technology and Gothenburg University's lecturer of the practice Francisco Blas Izquierdo Riera (klondike) will open the conference.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "FGRBA9", "name": "Francisco Blas Izquierdo Riera (klondike)", "avatar": "https://cfp.securityfest.com/media/avatars/FGRBA9_kYz71BF.png", "biography": "Francisco is an old school hacker with various years of experience as a pentester and CISO, currently he is preparing an Ethical Hacking course at Chalmers as a lecturer of the practice at the same time he work at KITS.", "public_name": "Francisco Blas Izquierdo Riera (klondike)", "guid": "d8c7d75b-9cb5-5f9f-a693-e3ac19969132", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/FGRBA9/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/QBV8LG/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/QBV8LG/", "attachments": []}, {"guid": "17ced673-6e54-5354-b98f-e03b5c830af9", "code": "MXSELJ", "id": 753, "logo": null, "date": "2026-05-27T13:10:00+02:00", "start": "13:10", "duration": "00:50", "room": "Taube Room", "slug": "academic-village-2026-753-endangered-privacy-large-scale-monitoring-of-video-streaming-services", "url": "https://cfp.securityfest.com/academic-village-2026/talk/MXSELJ/", "title": "Endangered Privacy: Large-Scale Monitoring of Video Streaming Services", "subtitle": "", "track": null, "type": "Keynote", "language": "en", "abstract": "Despite the widespread adoption of HTTPS for enhanced web privacy, encrypted network traffic may still leave traces that can lead to privacy breaches. One such case concerns MPEG-DASH, one of the most popular protocols for video streaming, where video identification attacks have exploited the protocol's side-channel vulnerabilities. As shown by several works in recent years, the distinctive traffic patterns generated by DASH's adaptive bitrate streaming reveal streamed content despite TLS-protection. However, these earlier studies have not demonstrated that the vulnerability remains exploitable in large-scale attack scenarios, even when making strong assumptions about network details. To that end, this work presents a protocol-agnostic system capable of identifying videos independent of network layer information, and demonstrates a practical attack over the largest dataset to date, comprising over 240,000 videos covering three entire streaming services. Using a combination of k-d tree search and time series methods, our system achieves an accuracy of over 99.5% in real-time video identification and remains effective even in scenarios involving victims behind VPNs or where Wi-Fi eavesdropping occurs. Since large-scale video identification can compromise user privacy and enable potential mass surveillance of video services, we complement our work with an analysis of the vulnerability root cause when using adaptive bitrate streaming and propose a mitigation strategy to stand against such vulnerabilities. Recognizing the lack of open-source tooling in this domain, we publish an extensive dataset of video fingerprints, network capture data, and tools to foster awareness and prompt timely solutions within the video streaming community to address these privacy concerns effectively.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "UBP9GC", "name": "Romaric Duvignau", "avatar": "https://cfp.securityfest.com/media/avatars/UBP9GC_zUHP2R1.jpg", "biography": "Romaric Duvignau is an Associate Professor in the Distributed Computing and Systems research group at Chalmers University of Technology, Gothenburg, Sweden. His core research focuses on designing data-driven algorithms for distributed applications, addressing challenges in fault tolerance, cybersecurity, privacy, big data and streaming analytics. Prof. Duvignau's current interests include the efficient monitoring of large-scale distributed systems, intelligent data management and decision making in smart grids, federated learning, programmable networks, and network traffic classification. Recipient of Chalmers Pedagogic Prize 2023 and an Honorable Mention Award at USENIX Security 2025.", "public_name": "Romaric Duvignau", "guid": "f96b060d-b28d-5c70-8be3-7e58ef292703", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/UBP9GC/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/MXSELJ/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/MXSELJ/", "attachments": []}, {"guid": "f43609a2-89e3-549f-b9d9-4a49a6c07f57", "code": "LZPLCA", "id": 752, "logo": null, "date": "2026-05-27T14:05:00+02:00", "start": "14:05", "duration": "00:10", "room": "Taube Room", "slug": "academic-village-2026-752-research-at-chalmers-cryptoteam", "url": "https://cfp.securityfest.com/academic-village-2026/talk/LZPLCA/", "title": "Research at Chalmers CryptoTeam", "subtitle": "", "track": null, "type": "Lightning talk", "language": "en", "abstract": "Research in the area of cryptography at Chalmers University of Technology and University of Gothenburg has grown a lot over the last years.\r\n\r\nIn this talk, Assistant Professor Elena Pagnin will walk us over the current research being done at Chalmers covering areas like transparency, protocol verification and homormorphic cryptography and the impact it can have on society.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "QMFMX8", "name": "Elena Pagnin", "avatar": "https://cfp.securityfest.com/media/avatars/QMFMX8_OV44pFb.jpeg", "biography": "Elena Pagnin is an assistant professor at the Information Security Unit since 2022.\r\n\r\nHer research focuses on the design of advanced public key cryptographic primitives and new cryptographic protocols, mainly for authentication or transparency.\r\n\r\nShe has worked on (train of buzzwords): (multi-key) homomorphic signatures, verifiable computations, messaging protocols, privacy-preserving location proximity testing, storage deduplication, distance-bounding protocols, biometric authentication.\r\n\r\nMore detailed info and a complete CV are available at Elena's personal page: https://epagnin.github.io/", "public_name": "Elena Pagnin", "guid": "4bcc9763-ef4d-58fc-83fa-504ad12d36a9", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/QMFMX8/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/LZPLCA/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/LZPLCA/", "attachments": []}, {"guid": "000a03f4-4917-5d9a-9524-5e0c4db0df61", "code": "BVW7LY", "id": 747, "logo": null, "date": "2026-05-27T14:15:00+02:00", "start": "14:15", "duration": "00:20", "room": "Taube Room", "slug": "academic-village-2026-747-spidersapien-client-centric-web-crawler-and-security-scanner", "url": "https://cfp.securityfest.com/academic-village-2026/talk/BVW7LY/", "title": "SpiderSapien: Client-Centric Web Crawler and Security Scanner", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Black-box web application crawling and scanning play an important role for security testing of web applications. Yet state-of-the-art scanners fall short of addressing key characteristics of a modern web application: its extreme dynamism and interactivity on the client side. This paper identifies immersive\r\ninteraction as a key ingredient for scanners to deeply explore modern web applications. We propose SpiderSapien, a client-centric crawler and security scanner. SpiderSapien incorporates a unique combination of high-level, user-facing feedback channels from the web application to achieve immersive interaction in a black-box crawling loop. These feedback channels include both novel methods to detect interactable elements and sensibly order UI interactions, and orthogonally using an LLM to solve forms. In\r\ndoing so, we demonstrate how to reliably discover and test deep states of modern web applications. Furthermore, our modular approach and useful abstraction layer can serve as a building block for future scanners. The evaluation of our approach shows substantial improvements in both code coverage and vulnerability detection over previous work. Our approach increased average code coverage across applications by at least 46% over any other scanner, or 16% when compared to the union of all other\r\nscanners. We find XSS vulnerabilities in 7 web applications, while any other scanner finds XSS in up to 2 applications.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "JPSWTR", "name": "Eric Olsson", "avatar": null, "biography": "Eric Olsson is a researcher and doctoral student in Computer Science and Engineering at Chalmers University of Technology. His primary focus is on information security. He has made significant contributions to web security, specifically in developing frameworks for detecting fake extensions, scanning for stored Cross-Site Scripting (XSS), and securing JavaScript-driven platforms.", "public_name": "Eric Olsson", "guid": "190ebffd-7cf8-5197-adc0-7936260eb633", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/JPSWTR/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/BVW7LY/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/BVW7LY/", "attachments": []}, {"guid": "b8ea5e07-54f1-5a48-8cd9-e279bd29fecf", "code": "Y7HLXA", "id": 756, "logo": null, "date": "2026-05-27T14:35:00+02:00", "start": "14:35", "duration": "00:30", "room": "Taube Room", "slug": "academic-village-2026-756-the-challenge-of-data-sharing-while-respecting-privacy", "url": "https://cfp.securityfest.com/academic-village-2026/talk/Y7HLXA/", "title": "The challenge of data sharing while respecting privacy", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "This talk will delve into the nuanced complexities of\u00a0data\u00a0sharing with\u00a0privacy\u00a0guarantees, focusing on why traditional approaches like\u00a0data\u00a0anonymization and high-level statistical releases fall short of\u00a0protecting individuals\u2019\u00a0privacy. I will argue that\u00a0privacy\u00a0is fundamentally a property of the computation rather than of the input\u00a0data\u00a0or the produced output. This perspective highlights the limitations of treating\u00a0privacy\u00a0as a characteristic that can be \"added\" later in the\u00a0data-processing pipeline. I will discuss how Differential\u00a0Privacy, a new gold standard for\u00a0privacy\u00a0protection, offers a rigorous mathematical framework that inherently preserves\u00a0privacy, thus\u00a0enabling secure and effective\u00a0data\u00a0sharing.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "7FJTVF", "name": "Alejandro Russo", "avatar": "https://cfp.securityfest.com/media/avatars/7FJTVF_HSOXhJ4.jpeg", "biography": "Alejandro Russo is a Full Professor of Computing Science at Chalmers University of Technology and the University of Gothenburg in Sweden. He is also the Co-founder and Chief Scientist at DPella, a tech company that commercializes privacy-preserving data analytics.", "public_name": "Alejandro Russo", "guid": "f65d9c88-ee65-528c-ad7d-d4a5efac15c3", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/7FJTVF/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/Y7HLXA/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/Y7HLXA/", "attachments": []}, {"guid": "562c4708-df2c-5f53-b664-14d1a844f078", "code": "SQNRZZ", "id": 754, "logo": null, "date": "2026-05-27T15:15:00+02:00", "start": "15:15", "duration": "00:30", "room": "Taube Room", "slug": "academic-village-2026-754-snort-meets-transformers-accelerating-transformer-based-network-traffic-classification-for-real-time-performance", "url": "https://cfp.securityfest.com/academic-village-2026/talk/SQNRZZ/", "title": "Snort Meets Transformers: Accelerating Transformer-Based Network Traffic Classification for Real-Time Performance", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Transformer-based models have emerged as a powerful solution for network traffic classification, achieving high accuracy by autonomously learning patterns in raw traffic data. However, their high computational costs make real-time deployment impractical. In contrast, industry-proven tools like Snort and Suricata offer efficient network analysis but rely on manually crafted signatures, resulting in slower updates and limited adaptability to emerging threats.\r\n\r\nIn this work, we propose a cascading model that leverages the strengths of both approaches. During training, a transformer-based model learns traffic patterns, which are then extracted using SHAP analysis to enhance the knowledge base of a signature-based IDS. In deployment, the IDS handles routine classifications, while only complex cases are escalated to the transformer model. Our experiments combining the analysis of ET-BERT with Snort demonstrate a four-fold performance improvement over running only ET-BERT without compromising false positive or false negative rates.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "3MQPLX", "name": "Mohamed Hashim Changrampadi", "avatar": "https://cfp.securityfest.com/media/avatars/3MQPLX_QtEhXjl.jpg", "biography": "Mohamed Hashim Changrampadi is a Doctoral Researcher at Chalmers University of Technology, based in Gothenburg. His work focuses on cybersecurity, network systems, and AI, specifically investigating how to accelerate transformer-based network traffic classification for real-time performance. Prior to his doctoral studies, his research addressed computer vision, including head pose classification using AI fusion.", "public_name": "Mohamed Hashim Changrampadi", "guid": "62de2a52-5244-50f6-a13a-739ce64fc8e4", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/3MQPLX/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/SQNRZZ/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/SQNRZZ/", "attachments": []}, {"guid": "eb59d0d0-e25f-5d4f-86d3-47368e4a6f46", "code": "XCLU83", "id": 746, "logo": null, "date": "2026-05-27T15:45:00+02:00", "start": "15:45", "duration": "00:10", "room": "Taube Room", "slug": "academic-village-2026-746-how-feasible-are-passive-network-attacks-on-5g-networks-and-beyond-a-survey", "url": "https://cfp.securityfest.com/academic-village-2026/talk/XCLU83/", "title": "How Feasible are Passive Network Attacks on 5G Networks and Beyond? A Survey", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Privacy concerns around 5G, the latest generation of mobile networks, are growing, with fears that its deployment may increase exposure to privacy risks. This perception is largely driven by the use of denser deployments of small antenna systems, which enable highly accurate data collection at higher speeds and closer proximity to mobile users. At the same time, 5G's unique radio communication features can make the reproduction of known network attacks more challenging. In particular, passive network attacks, which do not involve direct interaction with the target network and are therefore nearly impossible to detect, remain a pressing concern. Such attacks can reveal sensitive information about users, their devices, and active applications, which may then be exploited through known vulnerabilities or spear-phishing schemes. This survey examines the feasibility of passive network attacks in 5G and beyond (B5G/6G) networks, with emphasis on two major categories: information extraction (system identification, website and application fingerprinting) and geolocation (user identification and position tracking). These attacks are well documented and reproducible in existing wireless and mobile systems, including short-range networks (IEEE 802.11) and, to a lesser extent, LTE. Current evidence suggests that while such attacks remain theoretically possible in 5G, their practical execution is significantly constrained by directional beamforming, high-frequency propagation characteristics, and encryption mechanisms. For B5G and early 6G networks, the lack of public tools and high hardware cost currently renders these attacks infeasible in practice, which highlights a critical gap in our understanding of future network threat models.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "WXSZ8D", "name": "Atmane Ayoub Mansour Bahar (@man)", "avatar": "https://cfp.securityfest.com/media/avatars/WXSZ8D_V486RoP.jpeg", "biography": "Atmane Ayoub Mansour Bahar is a Ph.D. student in Network Security at Chalmers University of Technology in Gothenburg, Sweden. Holding an Engineering degree and an M.Sc. in Computer Systems, his research focuses on 5G network security, passive network attacks, and AI applications in cybersecurity. He is affiliated with the Chalmers Security & Privacy Lab.", "public_name": "Atmane Ayoub Mansour Bahar (@man)", "guid": "14c266f1-4c6a-5763-91a3-e143e396dc3b", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/WXSZ8D/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/XCLU83/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/XCLU83/", "attachments": []}, {"guid": "a4bf0bc0-7bc3-526e-a2e4-74b147d80461", "code": "7ES99S", "id": 755, "logo": null, "date": "2026-05-27T16:00:00+02:00", "start": "16:00", "duration": "00:50", "room": "Taube Room", "slug": "academic-village-2026-755-dns-do-not-spy-on-me", "url": "https://cfp.securityfest.com/academic-village-2026/talk/7ES99S/", "title": "DNS: Do Not Spy on me", "subtitle": "", "track": null, "type": "Keynote", "language": "en", "abstract": "In this keynote Jonathan will walk us through the different ways in which DNS can leak private information about us and what can be done to prevent such leaks.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "SXQRYE", "name": "Jonathan Magnusson", "avatar": "https://cfp.securityfest.com/media/avatars/SXQRYE_Eaj7i1d.jpg", "biography": "I\u2019m a CS PhD student in the PriSec group at Karlstad University (KAU), Sweden since 2021. My research area is Cybersecurity and Network Analysis of the Domain Name System (DNS) and is sponsored by The Swedish Internet Foundation (IIS). My lead supervisor is Tobias Pulls (KAU) and my co-supervisors are Anna Brunstr\u00f6m (KAU) and Johan Stenstam (IIS).", "public_name": "Jonathan Magnusson", "guid": "ef23e632-8997-5414-8026-61513e7385a1", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/SXQRYE/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/7ES99S/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/7ES99S/", "attachments": []}, {"guid": "34a29720-86d7-5640-802c-1617a6a6c4aa", "code": "3YFP7T", "id": 750, "logo": null, "date": "2026-05-27T16:50:00+02:00", "start": "16:50", "duration": "00:10", "room": "Taube Room", "slug": "academic-village-2026-750-closing-remarks", "url": "https://cfp.securityfest.com/academic-village-2026/talk/3YFP7T/", "title": "Closing Remarks", "subtitle": "", "track": null, "type": "Special", "language": "en", "abstract": "The chair for this year's Academic Village, Chalmers University of Technology and Gothenburg University's lecturer of the practice Francisco Blas Izquierdo Riera (klondike) will close the conference.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "FGRBA9", "name": "Francisco Blas Izquierdo Riera (klondike)", "avatar": "https://cfp.securityfest.com/media/avatars/FGRBA9_kYz71BF.png", "biography": "Francisco is an old school hacker with various years of experience as a pentester and CISO, currently he is preparing an Ethical Hacking course at Chalmers as a lecturer of the practice at the same time he work at KITS.", "public_name": "Francisco Blas Izquierdo Riera (klondike)", "guid": "d8c7d75b-9cb5-5f9f-a693-e3ac19969132", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/FGRBA9/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/3YFP7T/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/3YFP7T/", "attachments": []}, {"guid": "8cddb3e0-d06a-5431-9620-58c01483b353", "code": "SEWMDF", "id": 751, "logo": null, "date": "2026-05-27T17:00:00+02:00", "start": "17:00", "duration": "00:30", "room": "Taube Room", "slug": "academic-village-2026-751-go-together-to-the-owasp-event", "url": "https://cfp.securityfest.com/academic-village-2026/talk/SEWMDF/", "title": "Go together to the OWASP event", "subtitle": "", "track": null, "type": "Special", "language": "en", "abstract": "For thos planning to attend, we go together to the OWASP event at Assured's office close to J\u00e4rntorget. If you need a ticket you can grab one at https://www.meetup.com/owasp-gothenburg-meetup-group/events/314872670/", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "A7HAZE", "name": "Academic Village", "avatar": null, "biography": "", "public_name": "Academic Village", "guid": "ab703a50-f8d8-5d64-a5fc-274ea96df81e", "url": "https://cfp.securityfest.com/academic-village-2026/speaker/A7HAZE/"}], "links": [], "feedback_url": "https://cfp.securityfest.com/academic-village-2026/talk/SEWMDF/feedback/", "origin_url": "https://cfp.securityfest.com/academic-village-2026/talk/SEWMDF/", "attachments": []}]}}]}}}