🎉 @acm_ccs 2025 in Taipei, Taiwan was a blast!

I had a great time connecting with colleagues and friends at ACM SIGSAC's flagship security conference — a week filled with inspiring research and thoughtful discussions.

I was also deeply honored to receive two awards this year (https://www.sigsac.org/ccs/CCS2025/awards/):

🏅 Distinguished Artifact Award for our paper "PickleBall: Secure Deserialization of Pickle-based Machine Learning Models" (https://infosec.exchange/@vkemerlis/115409982332037503).

🏆 Top Reviewers Award, recognizing service and contributions to the CCS community. I'm especially grateful for this honor, as it marks the third consecutive year (2023, 2024, and 2025) that I've received a service award from CCS — a tradition I'm proud to continue.

Contributing to the community—through both research and reviewing—has been one of the most fulfilling aspects of my academic career. Many thanks to the organizers, colleagues, and students who make CCS such a vibrant and rigorous forum for computer security research!

#acm_ccs #browncs #brownssl 🚀

📢 Last week, Andreas Kellas presented our work on secure deserialization of pickle-based Machine Learning (ML) models at @acm_ccs 2025!

#PickleBall is a static analysis framework that automatically derives and enforces safe deserialization policies for pickle-based machine learning models. It infers permissible object types and load-time behaviors directly from ML-library code and enforces them through a secure, drop-in replacement for Python's pickle module.

This work continues our broader effort to secure deserialization across ecosystems -- building on our earlier research presented by Yaniv David at @ndsssymposium 2024 (https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf), and Neophytos Christou and Andreas Kellas at BlackHat USA 2025 (https://www.blackhat.com/us-25/briefings/schedule/index.html#quack-hindering-deserialization-attacks-via-static-duck-typing-44934), which focused on hardening PHP code against deserialization attacks using a static, duck-typing-based approach.

Joint work with Neophytos Christou (Brown University), Columbia University (Junfeng Yang, Penghui Li), Purdue University (James (Jamie) Davis, Wenxin Jiang), Technion (Yaniv David), and Google (Laurent Simon).

✳️ Paper: https://cs.brown.edu/~vpk/papers/pickleball.ccs25.pdf
💾 Code: https://github.com/columbia/pickleball

#pickleball #mlsec #mlsecops #acm_ccs #brownssl #browncs

📢 Last week, Brown Secure Systems Lab (SSL, https://gitlab.com/brown-ssl/) was at the IEEE Symposium on Security and Privacy (S&P) 2025, where we presented our latest work on hardening OS kernels against attacks that (ab)use heap-based memory-safety vulnerabilities. #IUBIK leverages memory tagging (MTE) and pointer authentication (PA), available in #ARM CPUs, to efficiently and effectively isolate attacker-controlled input from security-critical data in the kernel heap.

👏 Kudos to Marius Momeu (leading author) who did a terrific job presenting our paper -- joint work with Alexander Gaidis (Brown University) and Jasper von der Heidt (Technical University of Munich).

✳️ Paper: https://cs.brown.edu/~vpk/papers/iubik.sp25.pdf

💾 Code: https://github.com/tum-itsec/iubik (coming soon)

#iubik #mte #pac #acm #brownssl #browncs #ieeesp2025

📢 Last week, I had the pleasure of visiting the beautiful University of Delaware to speak about supply chain security, and reconnect with friends and colleagues!

My talk, titled "Hardening the Software Supply Chain: Practical Post-Compilation Defenses", was part of the SAVES (Securing Autonomous Vehicle Ecosystems and Supply Chains) workshop at IEEE MOST (International Conference on Mobility: Operations, Services, and Technologies -- https://ieeemobility.org/MOST2025/). I discussed both the pressing open problems in this rapidly evolving field and the next-generation challenges of protecting critical infrastructure from software supply chain attacks.

I also shared a few highlights from our recent research efforts over the past five years re: supply-chain security:

✳️ BinWrap (ACM ASIACCS 2023, Distinguished Paper Award 🏆: 📄 https://cs.brown.edu/~vpk/papers/binwrap.asiaccs23.pdf, 💾 https://github.com/atlas-brown/binwrap) -- HW-assisted (via Intel MPK) sandboxing of native Node.js add-ons.

✳️ sysfilter (RAID 2020: 📄 https://cs.brown.edu/~vpk/papers/sysfilter.raid20.pdf, 💾 https://gitlab.com/brown-ssl/sysfilter) -- Automated system-call policy extraction and enforcement in binary-only applications.

✳️ Nibbler (ACSAC 2019: 📄 https://cs.brown.edu/~vpk/papers/nibbler.acsac19.pdf, 💾 https://gitlab.com/brown-ssl/libfilter) -- Shared-library code debloating.

(Joint work with Nikos Vasilakis, Sotiris Ioannidis, Georgios Portokalidis, Rodrigo Fonseca, Di Jin, Grigoris Ntousakis, George Christou, David Williams-King, Ioannis Agadakos, and Nicholas DeMarinis.)

If this area of research interests you, you might also find our recent work on Quack (hardening PHP code against deserialization attacks, NDSS 2024: 📄 https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf 💾 https://github.com/columbia/quack) worth a look.

Thank you, Xing Gao and the University of Delaware CIS department for the warm welcome, thoughtful discussions, and the tour of the acclaimed CAR (https://www.thecarlab.org) lab!

#binwrap #sysfilter #nibbler #brownssl

📢 Honored to return to Yale University last week to speak at the Department of Computer Science colloquium on Operating Systems security -- exactly 10 years after my first talk there on the same topic!

In this "tin anniversary" edition, I reflected on how OS kernel exploitation and defense have evolved over the past decade, and shared highlights from some of our recent work in the field over the last five years:

✳️ xMP (IEEE S&P 2020: 📄 https://cs.brown.edu/~vpk/papers/xmp.sp20.pdf, 💾 https://github.com/virtsec/xmp) — Selective intra-kernel memory isolation using hardware-assisted virtualization.

✳️ SafeSLAB (ACM CCS 2024: 📄 https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf, 💾 https://github.com/tum-itsec/safeslab) — Kernel heap hardening through memory tagging.

✳️ EPF (USENIX ATC 2023: 📄 https://cs.brown.edu/~vpk/papers/epf.atc23.pdf, 💾 https://gitlab.com/brown-ssl/epf) — Exploiting the (e)BPF sub-system for bypassing modern protections and ways to fix this.

(Joint work with @mikepo, Marius Momeu, Vaggelis Atlidakis, @dijin, and Sergej Proskurin.)

If this area of research interests you, you might also find our recent work on BeeBox (strengthening eBPF against transient execution attacks, USENIX Security 2024: 📄 https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf, 💾 https://gitlab.com/brown-ssl/beebox) and IUBIK (leveraging memory tagging and pointer authentication to isolate attacker-controlled data in kernel space, to appear in IEEE S&P 2025) worth a look.

It was a real pleasure catching up with friends, colleagues, and students. And with the spring weather fully cooperating, I couldn't resist snapping a few photos of Yale's beautiful campus in the early morning light.

Thank you to my host Charalampos Papamanthou and the Yale CS department for the warm welcome and thoughtful discussion!

#xmp #safeslab #epf #brownssl

As we welcome 2025, I'd like to take a moment to reflect on what an extraordinary year 2024 has been for Brown CS Secure Systems Lab (https://gitlab.com/brown-ssl/). It has been a year of innovation, creativity, and growth—both for the lab and for me personally as its director. Witnessing the passion, dedication, and brilliance of our team—Neophytos Christou, Alexander Gaidis, Marius Momeu, @dijin, and Vaggelis Atlidakis—has been truly fulfilling and inspiring!

In 2024, we tackled complex challenges and made significant strides in advancing our research on software hardening and OS kernel protection. Here are some highlights from this remarkable year:

✳️ Marius Momeu presented #SafeSlab at @acm_ccs #CCS2024. Safeslab hardens the Linux SLUB allocator against exploits that abuse use-after-free (#UaF) vulnerabilities, using #Intel #MPK. (Joint work with Technical University of Munich and @mikepo.)
📄 https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf
💾 https://github.com/tum-itsec/safeslab

✳️ Neophytos Christou presented #Eclipse at @acm_ccs #CCS2024. Eclipse is a compiler-assisted framework that propagates artificial data dependencies onto sensitive data, preventing the CPU from using attacker-controlled input during speculative execution.
📄 https://cs.brown.edu/~vpk/papers/eclipse.ccs24.pdf
💾 https://gitlab.com/brown-ssl/eclipse

✳️ Di Jin presented #BeeBox at the @usenixassociation Security Symposium 2024. BeeBox hardens #Linux BPF/eBPF against transient execution attacks. #usesec24
📄 https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf
💾 https://gitlab.com/brown-ssl/beebox

✳️ Yaniv David presented #Quack at the NDSS Symposium 2024. Quack hardens PHP code against deserialization attacks using a novel (static) duck typing-based approach. (Joint work with Andreas D Kellas and Junfeng Yang.) #NDSSsymposium2024
📄 https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf
💾 https://github.com/columbia/quack

✳️ Marius Momeu presented #ISLAB at @ACM #ASIACCS24. ISLAB hardens SLAB-based (kernel) allocators, against memory errors, via SMAP-assisted isolation. (Joint work with Technical University of Munich and @mikepo.) #asiaccs
📄 https://cs.brown.edu/~vpk/papers/islab.asiaccs24.pdf
💾 https://github.com/tum-itsec/islab

🏆 #EPF (presented by Di Jin at @usenixassociation #ATC 2023) was the runner-up for the "Bug of the Year" award ("Weirdest Machine" category) at IEEE Symposium on Security and Privacy LangSec (Language-Theoretic Security) workshop 2024! #atc23 #LangSec
⌨️ https://langsec.org/spw24/bugs-of-the-year-awards.html
📄 https://cs.brown.edu/~vpk/papers/epf.atc23.pdf
💾 https://gitlab.com/brown-ssl/epf

🏅 I am honored and delighted to have received the "Distinguished Reviewer Award" at @acm_ccs #CCS2024!

🏅Alexander Gaidis has been awarded the "Distinguished Artifact Reviewer" award at the @usenixassociation Security Symposium 2024!
https://cs.brown.edu/news/2024/09/20/brown-cs-phd-student-alexander-j-gaidis-has-been-named-a-usenix-security-2024-distinguished-artifact-reviewer/
#usesec24 #proudadvisor

📢 I had the great pleasure of discussing some of these works recently at the Computer Systems Seminar at Boston University!
📽️ https://www.bu.edu/rhcollab/events/bu-systems-bu%E2%99%BAs-seminar/

#brownssl #browncs 🚀

📢 Off to #SaltLakeCity, #Utah for attending
@acm_ccs 2024! Brown Secure Systems Lab (https://gitlab.com/brown-ssl/) has a strong representation in #CCS2024:

* Marius Momeu will be presenting #SafeSlab: our work on hardening the Linux SLUB allocator, against exploits that abuse use-after-free (#UaF) vulnerabilities, using #Intel #MPK (Session 3-4, Software Security: Memory Safety and Error Detection) | https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf | https://github.com/tum-itsec/safeslab. (Joint work with Technical University of Munich and Stony Brook University.)

* Neophytos Christou will be talking about #Eclipse: a compiler-assisted framework for hardening C/C++ applications against speculative memory-error abuse attacks (Session 8-4, Software Security: Program Analysis and Security Enhancement) | https://cs.brown.edu/~vpk/papers/eclipse.ccs24.pdf | https://gitlab.com/brown-ssl/eclipse. (Joint work with Alexander Gaidis and Vaggelis Atlidakis.)

Brown CS participates in ACM CCS with five papers in total this year! In addition to the above, if interested, take a look at the following great (crypto/applied crypto) papers:

- PathGES: An Efficient and Secure Graph Encryption Scheme for Shortest Path Queries (Session 8-5, Applied Crypto: Crypto Applied to cloud computing and machine learning)

- Reconstructing with Even Less: Amplifying Leakage and Drawing Graphs (Session 9-6, Applied Crypto: Customized cryptographic solutions)

- RSA-Based Dynamic Accumulator without Hashing into Primes (Session 9-1, Applied Crypto: Integrity and Authentication)

#brownssl | #eclipse | #safeslab | #CCS2024