Modern software system development requires a high degree
of automation in the infrastructure management and
application delivery process. Traditional approaches based
on manual configuration are becoming increasingly
inefficient in environments characterized by frequent
changes, scalability requirements, and the growing
complexity of contemporary systems. As a response to these
challenges, this paper presents a platform that integrates
the concepts of Infrastructure as Code, configuration
automation, and container orchestration into a unified,
fully automated workflow for infrastructure provisioning
and deployment of containerized applications. In this
paper, we proposed a platform that combines the
Infrastructure as Code tool Terraform for definition and
creation of virtual resources, the automation tool Ansible
for automated configuration of the operating environment
and provisioning of a Kubernetes cluster, as well as for
managing Kubernetes applications through Helm charts. This
integration enables the user to initiate the entire
process, from initial infrastructure creation to
application deployment, using only a minimal set of
configuration parameters. The proposed solution was tested
on the private cloud infrastructure of the Laboratory for
Advanced Security Systems at the Faculty of Electronic
Engineering in Nis. As a practical demonstration, the
platform was used to automatically deploy a containerized
application for real-time security data classification. The
results indicate that the integrated approach significantly
accelerates and simplifies the initial system setup,
reduces the tendency to configuration errors, and provides
a standardized and repeatable delivery workflow.

This paper presents design and implementation of a web
application for image steganography usage and comparative
analysis of four techniques: Edge Least Significant Bit
(EdgeLSB), Pixel Value Differencing (PVD), Discrete Cosine
Transform (DCT) and Discrete Wavelet Transform (DWT). To
address the lack of standardized evaluation platforms, a
unified steganography tool was developed to perform
embedding and extraction, as well as to enable evaluation
under identical conditions. The study examines trade-offs
among payload capacity, visual quality and resistance to
hidden data detection, using objective metrics and
steganalysis techniques. The results indicate that PVD and
DWT achieve the most effective balance between high
embedding capacity and image fidelity. EdgeLSB maintains
high visual quality but exhibits lower capacity, while the
proposed DCT implementation is sensitive to coefficient
manipulation, leading to reduced efficiency and challenges
in preserving robustness against detection. Ultimately,
this comparative analysis provides a benchmark for
selecting optimal steganographic methods within the
implemented tool based on specific requirements.

The use of machine learning (ML) in medical diagnostics
brings significant advances in assistance to early disease
detection, but also raises concerns related to the
protection of private medical data. One of the strategies
for privacy-preserving medical diagnostics is processing
encrypted diagnostics data using fully homomorphic
encryption (FHE). This paper presents a systematic
comparison of multiple combinations of ML models and FHE
schemes including: logistic regression, neural networks,
and random forest models across two FHE frameworks, OpenFHE
and Concrete-ML. Choice of FHE scheme fundamentally
constrains which ML operations are practical, with
inference time differences spanning up to four orders of
magnitude. Based on these findings, we implement HeartGuard
AI, a web application performing logistic regression
inference on encrypted patient data using client-side
browser encryption via WebAssembly, achieving 86.13%
accuracy with predictions identical to those obtained when
the same model is evaluated on unencrypted data and 15ms
server-side inference time.

secure multi-party computation requires mechanisms that
protect sensitive data during collaborative processing
while preventing unauthorized access by participants or
infrastructure providers. Trusted execution environments
offer strong protection for data in use, but technologies
such as AMD SEV-SNP primarily secure memory contents and do
not inherently protect data stored on disk. To address this
limitation, a system architecture is proposed that combines
remote attestation, LUKS disk encryption, and a modified
SNPGuard framework to extend confidentiality guarantees to
persistent storage. In the proposed design, a disk manager
running inside a confidential virtual machine without local
persistent storage generates and maintains disk encryption
keys exclusively in protected memory, while an agent
running in a separate confidential virtual machine is
granted access to the decryption key only after successful
mutual attestation. This approach enables secure
provisioning of disk decryption keys and protects data both
at rest and during processing, without exposing key
material to computation participants. The work also
examines existing confidential computing solutions and
supporting technologies, including QEMU, OVMF, initramfs,
and Buildroot, and evaluates the security properties of the
proposed system. The results indicate that the approach
provides a practical foundation for secure multi-party
computation, while also highlighting open challenges
related to centralized trust, disk integrity verification,
and resilience against advanced attacks.

This study analyzes the security and feasibility of
redirecting data within the Fitbit Charge~6 ecosystem. The
communication architecture and data flow are examined to
identify practical redirection points while evaluating
privacy and security constraints. Static analysis of the
Android application shows that complete bypassing the
official cloud infrastructure is infeasible due to the
hardcoded endpoints and server-side controls. Access to
fine-grained physiological and activity metrics is possible
only via the official Fitbit Web Application Programming
Interface (API). An experimental Raspberry Pi setup
incorporating free and open-source software demonstrates
secure local retrieval and storage of user-authorized data
through the Web API, enabling enhanced analysis and
research applications while preserving privacy and security.

This paper presents a hierarchical, multi-model
Network Intrusion Detection System pipeline architecture
implemented using Numaflow on Kubernetes, with Apache Kafka
as a data source. The system builds on prior work with a
two-
layer detection architecture in which a fast, lightweight
Layer 1
model filters confidently classified traffic, escalating
only
suspicious records to a set of heavier, specialized Layer 2
models.
Outputs from both Layer 1 and Layer 2 are combined by an
Arbiter vertex. Main challenge addressed is conditional
routing.
Layer 1’s escalation decision must affect the flow of data
through
topologically separate preprocessing branches, which is not
natively supported by Numaflow. Three routing solutions are
designed and evaluated: reduce vertex join, map vertex join
leveraging Redis, and in-model preprocessing. Results show
that
the reduce vertex approach has the best performance at low
escalation rates, while the map-based approach is better at
higher
escalation rates.

Sa masovnom migracijom poslovnih sistema na cloud
platforme, bezbednost podataka u mirovanju (eng. data at
rest) postaje primarni izazov. Ovaj rad pruža uporednu
analizu kriptografskih mehanizama pet vodećih cloud
provajdera: Google Cloud Platform (GCP), Amazon Web
Services (AWS), Microsoft Azure, IBM Cloud i OVHcloud.
Poseban fokus stavljen je na strategije upravljanja
ključevima gde korisnik zadržava kontrolu (eng.
Customer-Supplied Encryption Keys – CSEK). Rad uključuje
pregled srodnih istraživanja, tehničku analizu arhitekture
enkripcije, tabelarno poređenje bezbednosnih standarda, kao
i praktičnu demonstraciju implementacije CSEK mehanizma.
Rezultati pokazuju da, iako svi provajderi koriste AES-256
standard, postoje značajne tehničke razlike u nivoima
sertifikacije hardverske zaštite (eng. Hardware Security
Module – HSM), stepenu digitalnog suvereniteta i modelima
upravljanja poverenjem.