Carnegie Mellon University

Two students posed on a grey background

April 07, 2026

RSAC Security Scholars Share Their Work on Blockchain Security Education and Trusted Excursion Environments

By Evan Lybrand

INI Communications

For 35 years, the RSA Conference is one of the most significant events for the global cybersecurity community. It has been an opportunity for Information Networking Institute (INI) students to learn about critical topics in cybersecurity, connect with practitioners and widen their networks.   

Each year, the INI selects two students to attend the conference and present their master’s research. For the 2026 conference, Logan O’Brien of the M.S. in Information Security (MSIS) program and Jihu Hwang of the M.S. in Information Technology – Information Security (MSIT-IS) program were selected to be RSAC Security Scholars. They attended the four-day conference in San Francisco, California, to share the findings from their master’s thesis projects during a poster session. 

Logan O'Brien at the RSA ConferenceLogan O’Brien: Vulnerable by Design: Educational Smart Contracts for Teaching Blockchain Security Through Capture the Flag (CTF) Challenges  

Blockchain technologies are a growing tool that is increasingly being implemented in real-world settings. However, these new technologies still face similar vulnerabilities as traditional software, and the next generation of experts needs to be trained to keep these systems safe.  

O’Brien’s work is helping to address that. At RSAC, he presented a poster on his development of a curriculum to teach students how to better keep these new technologies secure. The curriculum uses CTF-style challenges to encourage critical thinking and active problem-solving, with learning objectives attached to each of these challenges. Future work involves testing this curriculum and learner comprehension with graduate-level students.   

“Representing the INI as an RSAC Security Scholar was a defining moment in my graduate journey,” said O’Brien. “The most impactful part was the shift from being a student in the audience to a contributor in the conversation.  

“Presenting my research on secure smart contract development through a ‘learning-by-doing’ approach via CTF challenges allowed me to connect directly with industry leaders and gain vital feedback on the curriculum. Their feedback was practical confirmation that the work we’re doing at Carnegie Mellon has the means to shape the future of cybersecurity." 

Jihu Hwang presenting his poster at RSACJihu Hwang: Securing Retrieval-Augmented Generation with Trusted execution Environments: A Comparative Security Evaluation  

Retrieval-Augmented Generation (RAG), a framework used to improve the trustworthiness of Large Language Models (LLMs), is being deployed with private and sensitive document collections to improve accuracy and reduce hallucination. This adoption comes with its own risks, and Trusted Execution Environments (TEEs) have been used to help improve security in these document collection pipelines. However, there has not been much work to evaluate these TEE-enabled RAG architectures.   

Hwang’s project compared three baseline configurations of TEE-enabled RAG systems with different levels and types of security, including document-level encryption, output filtering, query obfuscation and embedding-level noise injection. The three TEEs were evaluated on security impact, utility degradation and performance. This work resulted in an attack defense evaluation matrix.  

“Sometimes, when I am focused only on classes and immediate assignments I realize that my perspective becomes narrow without me noticing,” said Hwang. “RSAC gave me the opportunity to step back, broaden my perspective and see the bigger picture again. 

“Being able to participate in RSAC as a member of the Security Scholar program was one of the most memorable experiences during my time at INI. Having the opportunity to present my research to people and engage with them directly was incredibly meaningful to me. I was also especially impressed by the chance to meet people from both industry and academia with diverse backgrounds and to see how they approached the same security problems in different ways.”