Four papers from UBC Security & Privacy Group accepted at top-tier conference for cybersecurity research

UBC Computer Science researchers present topics ranging from internet censorship to intrusion detection systems to cryptographic algorithms at the 34th USENIX Security Symposium 

As our lives become increasingly integrated into the digital world, cyber safety is more important than ever. Cyber safety includes both internet security, which is protection against threats, and online privacy, which is how personal and sensitive data are viewed and handled. Computer scientists in security and privacy research find ways to anticipate threats and create safeguards to ensure our digital safety. 

This year, from August 13-15, 2025, researchers, practitioners and system programmers are gathering at the annual USENIX Security Symposium in Seattle, Washington to discuss the latest advances in the security and privacy of computer systems and networks. UBC Computer Science researchers from the Security & Privacy Group had several papers accepted: 

Dr. Nguyen Phong Hoang’s group and collaborators developed a new large-scale, multi-protocol measurement system called “IRBlock” to measure internet censorship by the Great Firewall of Iran. The paper, “IRBlock: A Large-Scale Measurement Study of the Great Firewall of Iran,” was led by UBC Computer Science graduate students Jonas Tai and Karthik Nishanth Sengottuvelavan. IRBlock analyzed Iran’s entire IP address space and found that their firewall inadvertently overblocked many domains and restricted access to benign websites. 

Dr. Thomas Pasquier’s group and collaborators introduced a new intrusion detection system called ORTHRUS, which monitors networks and systems for suspicious activity using a type of machine learning method called graph neural networks. The paper, “ORTHRUS: Achieving High Quality of Attribution in Provenance-based Intrusion Detection Systems,” was led by visiting Ph.D. students Baoxiang Jiang and Tristan Bilot. The researchers showed that ORTHRUS has high detection performance while significantly reducing manual inspection and can ease the burden of work on security analysts. 

Dr. Pasquier and collaborators, including UBC Computer Science Ph.D. student Zefeng Li, also conducted a comprehensive analysis of state-of-the-art provenance-based intrusion detection systems. The paper, “Sometimes Simpler is Better: A Comprehensive Analysis of State-of-the-Art Provenance-Based Intrusion Detection Systems,” uncovers shortcomings in the design and experimental methodology of these systems and demonstrate that, at times, simpler and less computationally-intensive designs deliver comparable results. 

Dr. Aastha Mehta and collaborators presented a new ciphertext side-channel vulnerability in AMD's implementation of their Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) feature. In the paper, “Relocate-Vote: Using Sparsity Information to Exploit Ciphertext Side-Channels,” the researchers show that the vulnerability can be used to break security guarantees of confidential virtual machines in the cloud and leak sensitive data from medical imaging applications and sparse language models. AMD has added a new policy for virtual machines to protect themselves from a compromised hypervisor. The researchers also propose software mitigation strategies against the attacks.