Final schedule academic-village-2026 2026-05-27 2026-05-27 1 00:05 https://cfp.securityfest.com Europe/Stockholm Taube Room Special 2026-05-27T13:00:00+02:00 13:00 00:10 The chair for this year's Academic Village, Chalmers University of Technology and Gothenburg University's lecturer of the practice Francisco Blas Izquierdo Riera (klondike) will open the conference. academic-village-2026-749-opening-remarks Francisco Blas Izquierdo Riera (klondike) en false https://cfp.securityfest.com/academic-village-2026/talk/QBV8LG/ https://cfp.securityfest.com/academic-village-2026/talk/QBV8LG/feedback/ Taube Room Keynote 2026-05-27T13:10:00+02:00 13:10 00:50 Despite the widespread adoption of HTTPS for enhanced web privacy, encrypted network traffic may still leave traces that can lead to privacy breaches. One such case concerns MPEG-DASH, one of the most popular protocols for video streaming, where video identification attacks have exploited the protocol's side-channel vulnerabilities. As shown by several works in recent years, the distinctive traffic patterns generated by DASH's adaptive bitrate streaming reveal streamed content despite TLS-protection. However, these earlier studies have not demonstrated that the vulnerability remains exploitable in large-scale attack scenarios, even when making strong assumptions about network details. To that end, this work presents a protocol-agnostic system capable of identifying videos independent of network layer information, and demonstrates a practical attack over the largest dataset to date, comprising over 240,000 videos covering three entire streaming services. Using a combination of k-d tree search and time series methods, our system achieves an accuracy of over 99.5% in real-time video identification and remains effective even in scenarios involving victims behind VPNs or where Wi-Fi eavesdropping occurs. Since large-scale video identification can compromise user privacy and enable potential mass surveillance of video services, we complement our work with an analysis of the vulnerability root cause when using adaptive bitrate streaming and propose a mitigation strategy to stand against such vulnerabilities. Recognizing the lack of open-source tooling in this domain, we publish an extensive dataset of video fingerprints, network capture data, and tools to foster awareness and prompt timely solutions within the video streaming community to address these privacy concerns effectively. academic-village-2026-753-endangered-privacy-large-scale-monitoring-of-video-streaming-services Romaric Duvignau en false https://cfp.securityfest.com/academic-village-2026/talk/MXSELJ/ https://cfp.securityfest.com/academic-village-2026/talk/MXSELJ/feedback/ Taube Room Lightning talk 2026-05-27T14:05:00+02:00 14:05 00:10 Research in the area of cryptography at Chalmers University of Technology and University of Gothenburg has grown a lot over the last years. In this talk, Assistant Professor Elena Pagnin will walk us over the current research being done at Chalmers covering areas like transparency, protocol verification and homormorphic cryptography and the impact it can have on society. academic-village-2026-752-research-at-chalmers-cryptoteam Elena Pagnin en false https://cfp.securityfest.com/academic-village-2026/talk/LZPLCA/ https://cfp.securityfest.com/academic-village-2026/talk/LZPLCA/feedback/ Taube Room Talk 2026-05-27T14:15:00+02:00 14:15 00:20 Black-box web application crawling and scanning play an important role for security testing of web applications. Yet state-of-the-art scanners fall short of addressing key characteristics of a modern web application: its extreme dynamism and interactivity on the client side. This paper identifies immersive interaction as a key ingredient for scanners to deeply explore modern web applications. We propose SpiderSapien, a client-centric crawler and security scanner. SpiderSapien incorporates a unique combination of high-level, user-facing feedback channels from the web application to achieve immersive interaction in a black-box crawling loop. These feedback channels include both novel methods to detect interactable elements and sensibly order UI interactions, and orthogonally using an LLM to solve forms. In doing so, we demonstrate how to reliably discover and test deep states of modern web applications. Furthermore, our modular approach and useful abstraction layer can serve as a building block for future scanners. The evaluation of our approach shows substantial improvements in both code coverage and vulnerability detection over previous work. Our approach increased average code coverage across applications by at least 46% over any other scanner, or 16% when compared to the union of all other scanners. We find XSS vulnerabilities in 7 web applications, while any other scanner finds XSS in up to 2 applications. academic-village-2026-747-spidersapien-client-centric-web-crawler-and-security-scanner Eric Olsson en false https://cfp.securityfest.com/academic-village-2026/talk/BVW7LY/ https://cfp.securityfest.com/academic-village-2026/talk/BVW7LY/feedback/ Taube Room Talk 2026-05-27T14:35:00+02:00 14:35 00:30 This talk will delve into the nuanced complexities of data sharing with privacy guarantees, focusing on why traditional approaches like data anonymization and high-level statistical releases fall short of protecting individuals’ privacy. I will argue that privacy is fundamentally a property of the computation rather than of the input data or the produced output. This perspective highlights the limitations of treating privacy as a characteristic that can be "added" later in the data-processing pipeline. I will discuss how Differential Privacy, a new gold standard for privacy protection, offers a rigorous mathematical framework that inherently preserves privacy, thus enabling secure and effective data sharing. academic-village-2026-756-the-challenge-of-data-sharing-while-respecting-privacy Alejandro Russo en false https://cfp.securityfest.com/academic-village-2026/talk/Y7HLXA/ https://cfp.securityfest.com/academic-village-2026/talk/Y7HLXA/feedback/ Taube Room Talk 2026-05-27T15:15:00+02:00 15:15 00:30 Transformer-based models have emerged as a powerful solution for network traffic classification, achieving high accuracy by autonomously learning patterns in raw traffic data. However, their high computational costs make real-time deployment impractical. In contrast, industry-proven tools like Snort and Suricata offer efficient network analysis but rely on manually crafted signatures, resulting in slower updates and limited adaptability to emerging threats. In this work, we propose a cascading model that leverages the strengths of both approaches. During training, a transformer-based model learns traffic patterns, which are then extracted using SHAP analysis to enhance the knowledge base of a signature-based IDS. In deployment, the IDS handles routine classifications, while only complex cases are escalated to the transformer model. Our experiments combining the analysis of ET-BERT with Snort demonstrate a four-fold performance improvement over running only ET-BERT without compromising false positive or false negative rates. academic-village-2026-754-snort-meets-transformers-accelerating-transformer-based-network-traffic-classification-for-real-time-performance Mohamed Hashim Changrampadi en false https://cfp.securityfest.com/academic-village-2026/talk/SQNRZZ/ https://cfp.securityfest.com/academic-village-2026/talk/SQNRZZ/feedback/ Taube Room Talk 2026-05-27T15:45:00+02:00 15:45 00:10 Privacy concerns around 5G, the latest generation of mobile networks, are growing, with fears that its deployment may increase exposure to privacy risks. This perception is largely driven by the use of denser deployments of small antenna systems, which enable highly accurate data collection at higher speeds and closer proximity to mobile users. At the same time, 5G's unique radio communication features can make the reproduction of known network attacks more challenging. In particular, passive network attacks, which do not involve direct interaction with the target network and are therefore nearly impossible to detect, remain a pressing concern. Such attacks can reveal sensitive information about users, their devices, and active applications, which may then be exploited through known vulnerabilities or spear-phishing schemes. This survey examines the feasibility of passive network attacks in 5G and beyond (B5G/6G) networks, with emphasis on two major categories: information extraction (system identification, website and application fingerprinting) and geolocation (user identification and position tracking). These attacks are well documented and reproducible in existing wireless and mobile systems, including short-range networks (IEEE 802.11) and, to a lesser extent, LTE. Current evidence suggests that while such attacks remain theoretically possible in 5G, their practical execution is significantly constrained by directional beamforming, high-frequency propagation characteristics, and encryption mechanisms. For B5G and early 6G networks, the lack of public tools and high hardware cost currently renders these attacks infeasible in practice, which highlights a critical gap in our understanding of future network threat models. academic-village-2026-746-how-feasible-are-passive-network-attacks-on-5g-networks-and-beyond-a-survey Atmane Ayoub Mansour Bahar (@man) en false https://cfp.securityfest.com/academic-village-2026/talk/XCLU83/ https://cfp.securityfest.com/academic-village-2026/talk/XCLU83/feedback/ Taube Room Keynote 2026-05-27T16:00:00+02:00 16:00 00:50 In this keynote Jonathan will walk us through the different ways in which DNS can leak private information about us and what can be done to prevent such leaks. academic-village-2026-755-dns-do-not-spy-on-me Jonathan Magnusson en false https://cfp.securityfest.com/academic-village-2026/talk/7ES99S/ https://cfp.securityfest.com/academic-village-2026/talk/7ES99S/feedback/ Taube Room Special 2026-05-27T16:50:00+02:00 16:50 00:10 The chair for this year's Academic Village, Chalmers University of Technology and Gothenburg University's lecturer of the practice Francisco Blas Izquierdo Riera (klondike) will close the conference. academic-village-2026-750-closing-remarks Francisco Blas Izquierdo Riera (klondike) en false https://cfp.securityfest.com/academic-village-2026/talk/3YFP7T/ https://cfp.securityfest.com/academic-village-2026/talk/3YFP7T/feedback/ Taube Room Special 2026-05-27T17:00:00+02:00 17:00 00:30 For thos planning to attend, we go together to the OWASP event at Assured's office close to Järntorget. If you need a ticket you can grab one at https://www.meetup.com/owasp-gothenburg-meetup-group/events/314872670/ academic-village-2026-751-go-together-to-the-owasp-event Academic Village en false https://cfp.securityfest.com/academic-village-2026/talk/SEWMDF/ https://cfp.securityfest.com/academic-village-2026/talk/SEWMDF/feedback/