SecAssure 2025: The 4th International Workshop on System Security Assurance 

Date: Friday, September 26th 2025

Time: 09:00  - 17:00

Place: Room (TBD)

Programme Schedule

09:30 - 10:30 Session 1: Keynote (together with STM workshop in STM room)

Talk: Should I trust or should I go? A deep dive into the (not so reliable) web PKI trust model

Speaker: Romain Laborde Professor at the University of Toulouse, France

Abstract: The padlock shown in the URL bar of our favorite web browser indicates that we are connected using a secure HTTS connection and providing some sense of security. Unfortunately, the reality is a slightly more complex. The trust model of the underlying Web PKI is invalid, making TLS a colossus with feet of clay. In this talk, we will dive into the trust model of the web PKI ecosystem to understand its weaknesses. I will demonstrate that, from the perspective of trust, each step of the certificate validation process is extremely complex, leaving users uncertain about whether or not they are connected to the correct web server

10:30 - 10:50 Coffee Break 

10:50 - 12:20 Session 2: Cloud & Microservices Security Assurance Chair: Basel Katt

809 Noisy Neighbor: Exploiting RDMA for Resource Exhaustion Attacks in Containerized Clouds 

672 ConLock: Reducing Runtime Attack Surface in Containerized Microservices 

677 Towards Zero-Knowledge Based Private and Verifiable Software Assurance 

12:20  - 13:50 Lunch 

13:50 - 15:20 Session 3: Policy, Compliance and & Threat Assurance   Chair: Sandeep Pirbhulal

681 Assessing the State of Proactive Data Usage Control Enforcement 

712 Modelling Offensive Security Killchains from Compliance Gaps with Security Directives 

850 Security Management of Threats with CyberGraph 

15:20 - 15:40 Coffee Break

15:30 - 16:30 Session 4: Group DIscussion and Closing Remarks   Chair: Basel Katt

Group Discussion: Security Assurance and Emergency Technologies: Challenges and Innovations  

Closing Remarks and Main Takeaways