🎉 @acm_ccs 2025 in Taipei, Taiwan was a blast!

I had a great time connecting with colleagues and friends at ACM SIGSAC's flagship security conference — a week filled with inspiring research and thoughtful discussions.

I was also deeply honored to receive two awards this year (https://www.sigsac.org/ccs/CCS2025/awards/):

🏅 Distinguished Artifact Award for our paper "PickleBall: Secure Deserialization of Pickle-based Machine Learning Models" (https://infosec.exchange/@vkemerlis/115409982332037503).

🏆 Top Reviewers Award, recognizing service and contributions to the CCS community. I'm especially grateful for this honor, as it marks the third consecutive year (2023, 2024, and 2025) that I've received a service award from CCS — a tradition I'm proud to continue.

Contributing to the community—through both research and reviewing—has been one of the most fulfilling aspects of my academic career. Many thanks to the organizers, colleagues, and students who make CCS such a vibrant and rigorous forum for computer security research!

#acm_ccs #browncs #brownssl 🚀

📢 Last week, Andreas Kellas presented our work on secure deserialization of pickle-based Machine Learning (ML) models at @acm_ccs 2025!

#PickleBall is a static analysis framework that automatically derives and enforces safe deserialization policies for pickle-based machine learning models. It infers permissible object types and load-time behaviors directly from ML-library code and enforces them through a secure, drop-in replacement for Python's pickle module.

This work continues our broader effort to secure deserialization across ecosystems -- building on our earlier research presented by Yaniv David at @ndsssymposium 2024 (https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf), and Neophytos Christou and Andreas Kellas at BlackHat USA 2025 (https://www.blackhat.com/us-25/briefings/schedule/index.html#quack-hindering-deserialization-attacks-via-static-duck-typing-44934), which focused on hardening PHP code against deserialization attacks using a static, duck-typing-based approach.

Joint work with Neophytos Christou (Brown University), Columbia University (Junfeng Yang, Penghui Li), Purdue University (James (Jamie) Davis, Wenxin Jiang), Technion (Yaniv David), and Google (Laurent Simon).

✳️ Paper: https://cs.brown.edu/~vpk/papers/pickleball.ccs25.pdf
💾 Code: https://github.com/columbia/pickleball

#pickleball #mlsec #mlsecops #acm_ccs #brownssl #browncs

Hamed presented our work on configuration-driven system call filtering at #acm_ccs 2022
paper: https://www3.cs.stonybrook.edu/~mikepo/papers/c2c.ccs22.pdf
source code: https://github.com/shamedgh/c2c

As part of our prior work on static code analysis for system call filtering, we noticed that many system calls—including dangerous ones, such as execve()—are correctly not removed because they remain part of the CFG, but they still seemed unnecessary. It turns out that for several server and client applications, obscure configuration options that are rarely used have dependencies on dangerous system calls that are not used by any other part of the program. The default and other common configurations do not depend on them!

C2C uses static code analysis and instrumentation to map configuration options to code, and at runtime reduces the application’s attack surface even further by filtering any system calls required exclusively by disabled features, based on the active configuration.

If you are interested in #fuzzing browser JIT compilers, Lukas Bernhard will present our paper on differential fuzzing to find miscomputation bugs tomorrow at 11:30 in track 1E at #acm_ccs 2022.

Paper: https://synthesis.to/papers/ccs22-jit.pdf