fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.8K
active users

#brownssl

0 posts0 participants0 posts today
Vasileios Kemerlis<p>📢 Last week, Brown Secure Systems Lab (SSL, <a href="https://gitlab.com/brown-ssl/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/</span><span class="invisible"></span></a>) was at the IEEE Symposium on Security and Privacy (S&amp;P) 2025, where we presented our latest work on hardening OS kernels against attacks that (ab)use heap-based memory-safety vulnerabilities. <a href="https://infosec.exchange/tags/IUBIK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IUBIK</span></a> leverages memory tagging (MTE) and pointer authentication (PA), available in <a href="https://infosec.exchange/tags/ARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ARM</span></a> CPUs, to efficiently and effectively isolate attacker-controlled input from security-critical data in the kernel heap.</p><p>👏 Kudos to Marius Momeu (leading author) who did a terrific job presenting our paper -- joint work with Alexander Gaidis (Brown University) and Jasper von der Heidt (Technical University of Munich).</p><p>✳️ Paper: <a href="https://cs.brown.edu/~vpk/papers/iubik.sp25.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/iubik</span><span class="invisible">.sp25.pdf</span></a> </p><p>💾 Code: <a href="https://github.com/tum-itsec/iubik" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/tum-itsec/iubik</span><span class="invisible"></span></a> (coming soon)</p><p><a href="https://infosec.exchange/tags/iubik" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iubik</span></a> <a href="https://infosec.exchange/tags/mte" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mte</span></a> <a href="https://infosec.exchange/tags/pac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pac</span></a> <a href="https://infosec.exchange/tags/acm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acm</span></a> <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/browncs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browncs</span></a> <a href="https://infosec.exchange/tags/ieeesp2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ieeesp2025</span></a></p>
Vasileios Kemerlis<p>📢 Last week, I had the pleasure of visiting the beautiful University of Delaware to speak about supply chain security, and reconnect with friends and colleagues!</p><p>My talk, titled "Hardening the Software Supply Chain: Practical Post-Compilation Defenses", was part of the SAVES (Securing Autonomous Vehicle Ecosystems and Supply Chains) workshop at IEEE MOST (International Conference on Mobility: Operations, Services, and Technologies -- <a href="https://ieeemobility.org/MOST2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ieeemobility.org/MOST2025/</span><span class="invisible"></span></a>). I discussed both the pressing open problems in this rapidly evolving field and the next-generation challenges of protecting critical infrastructure from software supply chain attacks.</p><p>I also shared a few highlights from our recent research efforts over the past five years re: supply-chain security:</p><p>✳️ BinWrap (ACM ASIACCS 2023, Distinguished Paper Award 🏆: 📄 <a href="https://cs.brown.edu/~vpk/papers/binwrap.asiaccs23.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/binwr</span><span class="invisible">ap.asiaccs23.pdf</span></a>, 💾 <a href="https://github.com/atlas-brown/binwrap" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/atlas-brown/binwrap</span><span class="invisible"></span></a>) -- HW-assisted (via Intel MPK) sandboxing of native Node.js add-ons.</p><p>✳️ sysfilter (RAID 2020: 📄 <a href="https://cs.brown.edu/~vpk/papers/sysfilter.raid20.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/sysfi</span><span class="invisible">lter.raid20.pdf</span></a>, 💾 <a href="https://gitlab.com/brown-ssl/sysfilter" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/sysfilter</span><span class="invisible"></span></a>) -- Automated system-call policy extraction and enforcement in binary-only applications.</p><p>✳️ Nibbler (ACSAC 2019: 📄 <a href="https://cs.brown.edu/~vpk/papers/nibbler.acsac19.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/nibbl</span><span class="invisible">er.acsac19.pdf</span></a>, 💾 <a href="https://gitlab.com/brown-ssl/libfilter" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/libfilter</span><span class="invisible"></span></a>) -- Shared-library code debloating.</p><p>(Joint work with Nikos Vasilakis, Sotiris Ioannidis, Georgios Portokalidis, Rodrigo Fonseca, Di Jin, Grigoris Ntousakis, George Christou, David Williams-King, Ioannis Agadakos, and Nicholas DeMarinis.)</p><p>If this area of research interests you, you might also find our recent work on Quack (hardening PHP code against deserialization attacks, NDSS 2024: 📄 <a href="https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/quack</span><span class="invisible">.ndss24.pdf</span></a> 💾 <a href="https://github.com/columbia/quack" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/columbia/quack</span><span class="invisible"></span></a>) worth a look.</p><p>Thank you, Xing Gao and the University of Delaware CIS department for the warm welcome, thoughtful discussions, and the tour of the acclaimed CAR (<a href="https://www.thecarlab.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">thecarlab.org</span><span class="invisible"></span></a>) lab!</p><p><a href="https://infosec.exchange/tags/binwrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>binwrap</span></a> <a href="https://infosec.exchange/tags/sysfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysfilter</span></a> <a href="https://infosec.exchange/tags/nibbler" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nibbler</span></a> <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a></p>
Vasileios Kemerlis<p>📢 Honored to return to Yale University last week to speak at the Department of Computer Science colloquium on Operating Systems security -- exactly 10 years after my first talk there on the same topic!</p><p>In this "tin anniversary" edition, I reflected on how OS kernel exploitation and defense have evolved over the past decade, and shared highlights from some of our recent work in the field over the last five years:</p><p>✳️ xMP (IEEE S&amp;P 2020: 📄 <a href="https://cs.brown.edu/~vpk/papers/xmp.sp20.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/xmp.s</span><span class="invisible">p20.pdf</span></a>, 💾 <a href="https://github.com/virtsec/xmp" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/virtsec/xmp</span><span class="invisible"></span></a>) — Selective intra-kernel memory isolation using hardware-assisted virtualization.</p><p>✳️ SafeSLAB (ACM CCS 2024: 📄 <a href="https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/safes</span><span class="invisible">lab.ccs24.pdf</span></a>, 💾 <a href="https://github.com/tum-itsec/safeslab" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/tum-itsec/safeslab</span><span class="invisible"></span></a>) — Kernel heap hardening through memory tagging.</p><p>✳️ EPF (USENIX ATC 2023: 📄 <a href="https://cs.brown.edu/~vpk/papers/epf.atc23.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/epf.a</span><span class="invisible">tc23.pdf</span></a>, 💾 <a href="https://gitlab.com/brown-ssl/epf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/epf</span><span class="invisible"></span></a>) — Exploiting the (e)BPF sub-system for bypassing modern protections and ways to fix this.</p><p>(Joint work with <span class="h-card" translate="no"><a href="https://infosec.exchange/@mikepo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mikepo</span></a></span>, Marius Momeu, Vaggelis Atlidakis, <span class="h-card" translate="no"><a href="https://mastodon.social/@dijin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dijin</span></a></span>, and Sergej Proskurin.)</p><p>If this area of research interests you, you might also find our recent work on BeeBox (strengthening eBPF against transient execution attacks, USENIX Security 2024: 📄 <a href="https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/beebo</span><span class="invisible">x.sec24.pdf</span></a>, 💾 <a href="https://gitlab.com/brown-ssl/beebox" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/beebox</span><span class="invisible"></span></a>) and IUBIK (leveraging memory tagging and pointer authentication to isolate attacker-controlled data in kernel space, to appear in IEEE S&amp;P 2025) worth a look.</p><p>It was a real pleasure catching up with friends, colleagues, and students. And with the spring weather fully cooperating, I couldn't resist snapping a few photos of Yale's beautiful campus in the early morning light.</p><p>Thank you to my host Charalampos Papamanthou and the Yale CS department for the warm welcome and thoughtful discussion!</p><p><a href="https://infosec.exchange/tags/xmp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xmp</span></a> <a href="https://infosec.exchange/tags/safeslab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>safeslab</span></a> <a href="https://infosec.exchange/tags/epf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>epf</span></a> <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a></p>
Vasileios Kemerlis<p>As we welcome 2025, I'd like to take a moment to reflect on what an extraordinary year 2024 has been for Brown CS Secure Systems Lab (<a href="https://gitlab.com/brown-ssl/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/</span><span class="invisible"></span></a>). It has been a year of innovation, creativity, and growth—both for the lab and for me personally as its director. Witnessing the passion, dedication, and brilliance of our team—Neophytos Christou, Alexander Gaidis, Marius Momeu, <span class="h-card" translate="no"><a href="https://mastodon.social/@dijin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dijin</span></a></span>, and Vaggelis Atlidakis—has been truly fulfilling and inspiring!</p><p>In 2024, we tackled complex challenges and made significant strides in advancing our research on software hardening and OS kernel protection. Here are some highlights from this remarkable year:</p><p>✳️ Marius Momeu presented <a href="https://infosec.exchange/tags/SafeSlab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SafeSlab</span></a> at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@acm_ccs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>acm_ccs</span></a></span> <a href="https://infosec.exchange/tags/CCS2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCS2024</span></a>. Safeslab hardens the Linux SLUB allocator against exploits that abuse use-after-free (<a href="https://infosec.exchange/tags/UaF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UaF</span></a>) vulnerabilities, using <a href="https://infosec.exchange/tags/Intel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Intel</span></a> <a href="https://infosec.exchange/tags/MPK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MPK</span></a>. (Joint work with Technical University of Munich and <span class="h-card" translate="no"><a href="https://infosec.exchange/@mikepo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mikepo</span></a></span>.)<br>📄 <a href="https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/safes</span><span class="invisible">lab.ccs24.pdf</span></a><br>💾 <a href="https://github.com/tum-itsec/safeslab" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/tum-itsec/safeslab</span><span class="invisible"></span></a></p><p>✳️ Neophytos Christou presented <a href="https://infosec.exchange/tags/Eclipse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Eclipse</span></a> at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@acm_ccs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>acm_ccs</span></a></span> <a href="https://infosec.exchange/tags/CCS2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCS2024</span></a>. Eclipse is a compiler-assisted framework that propagates artificial data dependencies onto sensitive data, preventing the CPU from using attacker-controlled input during speculative execution.<br>📄 <a href="https://cs.brown.edu/~vpk/papers/eclipse.ccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/eclip</span><span class="invisible">se.ccs24.pdf</span></a><br>💾 <a href="https://gitlab.com/brown-ssl/eclipse" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/eclipse</span><span class="invisible"></span></a></p><p>✳️ Di Jin presented <a href="https://infosec.exchange/tags/BeeBox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BeeBox</span></a> at the <span class="h-card" translate="no"><a href="https://infosec.exchange/@usenixassociation" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixassociation</span></a></span> Security Symposium 2024. BeeBox hardens <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> BPF/eBPF against transient execution attacks. <a href="https://infosec.exchange/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a><br>📄 <a href="https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/beebo</span><span class="invisible">x.sec24.pdf</span></a><br>💾 <a href="https://gitlab.com/brown-ssl/beebox" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/beebox</span><span class="invisible"></span></a></p><p>✳️ Yaniv David presented <a href="https://infosec.exchange/tags/Quack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quack</span></a> at the NDSS Symposium 2024. Quack hardens PHP code against deserialization attacks using a novel (static) duck typing-based approach. (Joint work with Andreas D Kellas and Junfeng Yang.) <a href="https://infosec.exchange/tags/NDSSsymposium2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NDSSsymposium2024</span></a><br>📄 <a href="https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/quack</span><span class="invisible">.ndss24.pdf</span></a><br>💾 <a href="https://github.com/columbia/quack" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/columbia/quack</span><span class="invisible"></span></a></p><p>✳️ Marius Momeu presented <a href="https://infosec.exchange/tags/ISLAB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ISLAB</span></a> at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@ACM" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ACM</span></a></span> <a href="https://infosec.exchange/tags/ASIACCS24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ASIACCS24</span></a>. ISLAB hardens SLAB-based (kernel) allocators, against memory errors, via SMAP-assisted isolation. (Joint work with Technical University of Munich and <span class="h-card" translate="no"><a href="https://infosec.exchange/@mikepo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mikepo</span></a></span>.) <a href="https://infosec.exchange/tags/asiaccs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>asiaccs</span></a><br>📄 <a href="https://cs.brown.edu/~vpk/papers/islab.asiaccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/islab</span><span class="invisible">.asiaccs24.pdf</span></a><br>💾 <a href="https://github.com/tum-itsec/islab" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/tum-itsec/islab</span><span class="invisible"></span></a></p><p>🏆 <a href="https://infosec.exchange/tags/EPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EPF</span></a> (presented by Di Jin at <span class="h-card" translate="no"><a href="https://infosec.exchange/@usenixassociation" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixassociation</span></a></span> <a href="https://infosec.exchange/tags/ATC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATC</span></a> 2023) was the runner-up for the "Bug of the Year" award ("Weirdest Machine" category) at IEEE Symposium on Security and Privacy LangSec (Language-Theoretic Security) workshop 2024! <a href="https://infosec.exchange/tags/atc23" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>atc23</span></a> <a href="https://infosec.exchange/tags/LangSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LangSec</span></a><br>⌨️ <a href="https://langsec.org/spw24/bugs-of-the-year-awards.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">langsec.org/spw24/bugs-of-the-</span><span class="invisible">year-awards.html</span></a><br>📄 <a href="https://cs.brown.edu/~vpk/papers/epf.atc23.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/epf.a</span><span class="invisible">tc23.pdf</span></a><br>💾 <a href="https://gitlab.com/brown-ssl/epf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/epf</span><span class="invisible"></span></a></p><p>🏅 I am honored and delighted to have received the "Distinguished Reviewer Award" at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@acm_ccs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>acm_ccs</span></a></span> <a href="https://infosec.exchange/tags/CCS2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCS2024</span></a>!</p><p>🏅Alexander Gaidis has been awarded the "Distinguished Artifact Reviewer" award at the <span class="h-card" translate="no"><a href="https://infosec.exchange/@usenixassociation" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixassociation</span></a></span> Security Symposium 2024!<br><a href="https://cs.brown.edu/news/2024/09/20/brown-cs-phd-student-alexander-j-gaidis-has-been-named-a-usenix-security-2024-distinguished-artifact-reviewer/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/news/2024/09/20/b</span><span class="invisible">rown-cs-phd-student-alexander-j-gaidis-has-been-named-a-usenix-security-2024-distinguished-artifact-reviewer/</span></a><br><a href="https://infosec.exchange/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a> <a href="https://infosec.exchange/tags/proudadvisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proudadvisor</span></a></p><p>📢 I had the great pleasure of discussing some of these works recently at the Computer Systems Seminar at Boston University!<br>📽️ <a href="https://www.bu.edu/rhcollab/events/bu-systems-bu%E2%99%BAs-seminar/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bu.edu/rhcollab/events/bu-syst</span><span class="invisible">ems-bu%E2%99%BAs-seminar/</span></a></p><p><a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/browncs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browncs</span></a> 🚀</p>
Vasileios Kemerlis<p>📢 Off to <a href="https://infosec.exchange/tags/SaltLakeCity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaltLakeCity</span></a>, <a href="https://infosec.exchange/tags/Utah" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Utah</span></a> for attending<br><span class="h-card" translate="no"><a href="https://mastodon.acm.org/@acm_ccs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>acm_ccs</span></a></span> 2024! Brown Secure Systems Lab (<a href="https://gitlab.com/brown-ssl/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/</span><span class="invisible"></span></a>) has a strong representation in <a href="https://infosec.exchange/tags/CCS2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCS2024</span></a>:<br> <br>* Marius Momeu will be presenting <a href="https://infosec.exchange/tags/SafeSlab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SafeSlab</span></a>: our work on hardening the Linux SLUB allocator, against exploits that abuse use-after-free (<a href="https://infosec.exchange/tags/UaF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UaF</span></a>) vulnerabilities, using <a href="https://infosec.exchange/tags/Intel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Intel</span></a> <a href="https://infosec.exchange/tags/MPK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MPK</span></a> (Session 3-4, Software Security: Memory Safety and Error Detection) | <a href="https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/safes</span><span class="invisible">lab.ccs24.pdf</span></a> | <a href="https://github.com/tum-itsec/safeslab" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/tum-itsec/safeslab</span><span class="invisible"></span></a>. (Joint work with Technical University of Munich and Stony Brook University.)</p><p>* Neophytos Christou will be talking about <a href="https://infosec.exchange/tags/Eclipse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Eclipse</span></a>: a compiler-assisted framework for hardening C/C++ applications against speculative memory-error abuse attacks (Session 8-4, Software Security: Program Analysis and Security Enhancement) | <a href="https://cs.brown.edu/~vpk/papers/eclipse.ccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/eclip</span><span class="invisible">se.ccs24.pdf</span></a> | <a href="https://gitlab.com/brown-ssl/eclipse" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/eclipse</span><span class="invisible"></span></a>. (Joint work with Alexander Gaidis and Vaggelis Atlidakis.)</p><p>Brown CS participates in ACM CCS with five papers in total this year! In addition to the above, if interested, take a look at the following great (crypto/applied crypto) papers:</p><p> - PathGES: An Efficient and Secure Graph Encryption Scheme for Shortest Path Queries (Session 8-5, Applied Crypto: Crypto Applied to cloud computing and machine learning)</p><p>- Reconstructing with Even Less: Amplifying Leakage and Drawing Graphs (Session 9-6, Applied Crypto: Customized cryptographic solutions)</p><p>- RSA-Based Dynamic Accumulator without Hashing into Primes (Session 9-1, Applied Crypto: Integrity and Authentication)</p><p><a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> | <a href="https://infosec.exchange/tags/eclipse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eclipse</span></a> | <a href="https://infosec.exchange/tags/safeslab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>safeslab</span></a> | <a href="https://infosec.exchange/tags/CCS2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCS2024</span></a></p>
Vasileios Kemerlis<p>📢 <span class="h-card" translate="no"><a href="https://mastodon.social/@dijin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dijin</span></a></span> will be presenting our work on hardening <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> (e)BPF against transient execution attacks at <span class="h-card" translate="no"><a href="https://bird.makeup/users/usenixsecurity" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixsecurity</span></a></span> '24 tomorrow (Aug. 14, 1:45pm Track 2 -- "Side Channel I: Transient Execution")! Joint work with Alexander J. Gaidis. Paper: <a href="https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/beebo</span><span class="invisible">x.sec24.pdf</span></a> | Artifact: <a href="https://gitlab.com/brown-ssl/beebox" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/beebox</span><span class="invisible"></span></a> | <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/beebox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>beebox</span></a> <a href="https://infosec.exchange/tags/ebpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ebpf</span></a> <a href="https://infosec.exchange/tags/bpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bpf</span></a> <a href="https://infosec.exchange/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a></p>
Vasileios Kemerlis<p>EPF was the runner-up for the "Bug of the Year" award ("Weirdest Machine" category) at <span class="h-card" translate="no"><a href="https://bird.makeup/users/ieeessp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ieeessp</span></a></span> LangSec (Language-Theoretic Security workshop) 2024! <a href="https://langsec.org/spw24/bugs-of-the-year-awards.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">langsec.org/spw24/bugs-of-the-</span><span class="invisible">year-awards.html</span></a> | <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/epf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>epf</span></a></p>
Vasileios Kemerlis<p>Marius Momeu at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@ACM" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ACM</span></a></span> ASIA CCS 2024 presenting our work on hardening SLAB-based (kernel) allocators, against memory errors, via SMAP-assisted isolation -- joint work with <span class="h-card" translate="no"><a href="https://wisskomm.social/@tu_muenchen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tu_muenchen</span></a></span>, Sergej Proskurin, and <span class="h-card" translate="no"><a href="https://infosec.exchange/@mikepo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mikepo</span></a></span> | <a href="https://cs.brown.edu/~vpk/papers/islab.asiaccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/islab</span><span class="invisible">.asiaccs24.pdf</span></a> | <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/islab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>islab</span></a></p>
Vasileios Kemerlis<p>It's official now, I got tenure 😎 🤘. I'm beyond grateful to all my students, collaborators, mentors, letter writers, and colleagues that made this happen -- thank you all!! <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> </p><p><a href="https://cs.brown.edu/news/2024/05/20/vasileios-kemerlis-and-ellie-pavlick-receive-promotions/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/news/2024/05/20/v</span><span class="invisible">asileios-kemerlis-and-ellie-pavlick-receive-promotions/</span></a></p>
Vasileios Kemerlis<p>📢 Off to <a href="https://infosec.exchange/tags/Copenhagen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Copenhagen</span></a>, <a href="https://infosec.exchange/tags/Denmark" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Denmark</span></a> for <a href="https://infosec.exchange/tags/acm_ccs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acm_ccs</span></a> 2023! Alexander Gaidis will be presenting our work on adaptive system call filtering (SysXCHG) in session 6D (Kernel &amp; Syscalls) -- Nov 28, 3PM-4PM. <a href="https://cs.brown.edu/~vpk/papers/sysxchg.ccs23.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/sysxc</span><span class="invisible">hg.ccs23.pdf</span></a> | <a href="https://gitlab.com/brown-ssl/sysxchg" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/sysxchg</span><span class="invisible"></span></a> | <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/sysxchg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysxchg</span></a></p>
Vasileios Kemerlis<p>📢 Alexander Gaidis presented our (joint with Intel STORM team) work on FineIBT earlier this week at RAID 2023! FineIBT enhances forward-edge, hardware-assisted CFI schemes, like Intel IBT, with fine-grain enforcement capabilities. <a href="https://cs.brown.edu/~vpk/papers/fineibt.raid23.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/finei</span><span class="invisible">bt.raid23.pdf</span></a> | <a href="https://gitlab.com/brown-ssl/fineibt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/fineibt</span><span class="invisible"></span></a> | <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/fineibt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fineibt</span></a></p>
Vasileios Kemerlis<p>Brown Secure Systems Lab (<a href="https://gitlab.com/brown-ssl/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/</span><span class="invisible"></span></a>) had a strong representation <span class="h-card" translate="no"><a href="https://infosec.exchange/@usenixassociation" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixassociation</span></a></span> sponsored events this year! Neophytos Christou presented IvySyn at USENIX Security Symposium (SEC) '23, while Di Jin talked about EPF at USENIX Annual Technical Conference (ATC) '23 earlier in July!</p><p>IvySyn fuzzes Deep Learning (DL) frameworks (TensorFlow, PyTorch) for memory-safety bugs and automatically synthesizes Python code snippets for triggering the respective vulnerabilities | <a href="https://www.usenix.org/.../usenixse.../presentation/christou" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">usenix.org/.../usenixse.../pre</span><span class="invisible">sentation/christou</span></a> | <a href="https://gitlab.com/brown-ssl/ivysyn" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/ivysyn</span><span class="invisible"></span></a></p><p>EPF (ab)uses the (e)BPF interpreter for bypassing various kernel hardening mechanisms in Linux -- we also introduce a set of lightweight defenses against EPF-style attacks | <a href="https://www.usenix.org/conference/atc23/presentation/jin" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">usenix.org/conference/atc23/pr</span><span class="invisible">esentation/jin</span></a> | <a href="https://gitlab.com/brown-ssl/epf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/epf</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/ivysyn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ivysyn</span></a> <a href="https://infosec.exchange/tags/epf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>epf</span></a> <a href="https://infosec.exchange/tags/usenix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usenix</span></a> <a href="https://infosec.exchange/tags/atc23" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>atc23</span></a> <a href="https://infosec.exchange/tags/usesec23" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec23</span></a></p>
Vasileios Kemerlis<p>BinWrap won one of the Distinguished Paper awards at <a href="https://infosec.exchange/tags/ASIACCS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ASIACCS</span></a> 2023!! Extremely grateful to the technical program committee for this honor -- thank you, ASIACCS! <a href="https://infosec.exchange/tags/binwrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>binwrap</span></a> <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a></p>
Vasileios Kemerlis<p>📢 Our work on abusing/hardening the <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> BPF interpreter for/against kernel exploitation has been accepted at the 2023 <span class="h-card"><a href="https://infosec.exchange/@usenixassociation" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixassociation</span></a></span> Annual Technical Conference (USENIX ATC)! Joint work with Di Jin and Vaggelis Atlidakis<br> | <a href="https://cs.brown.edu/~vpk/papers/epf.atc23.pdf" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/epf.a</span><span class="invisible">tc23.pdf</span></a> | <a href="https://infosec.exchange/tags/epf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>epf</span></a> <a href="https://infosec.exchange/tags/cbpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cbpf</span></a> <a href="https://infosec.exchange/tags/ebpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ebpf</span></a> <a href="https://infosec.exchange/tags/bpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bpf</span></a> <a href="https://infosec.exchange/tags/atc23" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>atc23</span></a> <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a></p>
Vasileios Kemerlis<p>📢 Our work on hardening Node.js against memory-safety vulnerabilities in native (C/C++) add-ons has been accepted at <a href="https://infosec.exchange/tags/ASIACCS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ASIACCS</span></a> 2023! Joint work with Nikos Vasilakis, Sotiris Ioannidis, Aarno Labs, Grigoris Ntousakis, and George Christou! <a href="https://infosec.exchange/tags/binwrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>binwrap</span></a> <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a></p>
Vasileios Kemerlis<p>📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security<br> 2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | <a href="https://arxiv.org/abs/2209.14921" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2209.14921</span><span class="invisible"></span></a> | <a href="https://gitlab.com/brown-ssl/ivysyn" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/ivysyn</span><span class="invisible"></span></a> | 39 CVEs 😎 🤘 💣 | <a href="https://infosec.exchange/tags/ivysyn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ivysyn</span></a> <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/usenixsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usenixsecurity</span></a> <a href="https://infosec.exchange/tags/usesec23" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec23</span></a></p>