fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.8K
active users

#usesec24

0 posts0 participants0 posts today
Vasileios Kemerlis<p>As we welcome 2025, I'd like to take a moment to reflect on what an extraordinary year 2024 has been for Brown CS Secure Systems Lab (<a href="https://gitlab.com/brown-ssl/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/</span><span class="invisible"></span></a>). It has been a year of innovation, creativity, and growth—both for the lab and for me personally as its director. Witnessing the passion, dedication, and brilliance of our team—Neophytos Christou, Alexander Gaidis, Marius Momeu, <span class="h-card" translate="no"><a href="https://mastodon.social/@dijin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dijin</span></a></span>, and Vaggelis Atlidakis—has been truly fulfilling and inspiring!</p><p>In 2024, we tackled complex challenges and made significant strides in advancing our research on software hardening and OS kernel protection. Here are some highlights from this remarkable year:</p><p>✳️ Marius Momeu presented <a href="https://infosec.exchange/tags/SafeSlab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SafeSlab</span></a> at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@acm_ccs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>acm_ccs</span></a></span> <a href="https://infosec.exchange/tags/CCS2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCS2024</span></a>. Safeslab hardens the Linux SLUB allocator against exploits that abuse use-after-free (<a href="https://infosec.exchange/tags/UaF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UaF</span></a>) vulnerabilities, using <a href="https://infosec.exchange/tags/Intel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Intel</span></a> <a href="https://infosec.exchange/tags/MPK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MPK</span></a>. (Joint work with Technical University of Munich and <span class="h-card" translate="no"><a href="https://infosec.exchange/@mikepo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mikepo</span></a></span>.)<br>📄 <a href="https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/safes</span><span class="invisible">lab.ccs24.pdf</span></a><br>💾 <a href="https://github.com/tum-itsec/safeslab" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/tum-itsec/safeslab</span><span class="invisible"></span></a></p><p>✳️ Neophytos Christou presented <a href="https://infosec.exchange/tags/Eclipse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Eclipse</span></a> at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@acm_ccs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>acm_ccs</span></a></span> <a href="https://infosec.exchange/tags/CCS2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCS2024</span></a>. Eclipse is a compiler-assisted framework that propagates artificial data dependencies onto sensitive data, preventing the CPU from using attacker-controlled input during speculative execution.<br>📄 <a href="https://cs.brown.edu/~vpk/papers/eclipse.ccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/eclip</span><span class="invisible">se.ccs24.pdf</span></a><br>💾 <a href="https://gitlab.com/brown-ssl/eclipse" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/eclipse</span><span class="invisible"></span></a></p><p>✳️ Di Jin presented <a href="https://infosec.exchange/tags/BeeBox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BeeBox</span></a> at the <span class="h-card" translate="no"><a href="https://infosec.exchange/@usenixassociation" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixassociation</span></a></span> Security Symposium 2024. BeeBox hardens <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> BPF/eBPF against transient execution attacks. <a href="https://infosec.exchange/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a><br>📄 <a href="https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/beebo</span><span class="invisible">x.sec24.pdf</span></a><br>💾 <a href="https://gitlab.com/brown-ssl/beebox" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/beebox</span><span class="invisible"></span></a></p><p>✳️ Yaniv David presented <a href="https://infosec.exchange/tags/Quack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quack</span></a> at the NDSS Symposium 2024. Quack hardens PHP code against deserialization attacks using a novel (static) duck typing-based approach. (Joint work with Andreas D Kellas and Junfeng Yang.) <a href="https://infosec.exchange/tags/NDSSsymposium2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NDSSsymposium2024</span></a><br>📄 <a href="https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/quack</span><span class="invisible">.ndss24.pdf</span></a><br>💾 <a href="https://github.com/columbia/quack" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/columbia/quack</span><span class="invisible"></span></a></p><p>✳️ Marius Momeu presented <a href="https://infosec.exchange/tags/ISLAB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ISLAB</span></a> at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@ACM" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ACM</span></a></span> <a href="https://infosec.exchange/tags/ASIACCS24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ASIACCS24</span></a>. ISLAB hardens SLAB-based (kernel) allocators, against memory errors, via SMAP-assisted isolation. (Joint work with Technical University of Munich and <span class="h-card" translate="no"><a href="https://infosec.exchange/@mikepo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mikepo</span></a></span>.) <a href="https://infosec.exchange/tags/asiaccs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>asiaccs</span></a><br>📄 <a href="https://cs.brown.edu/~vpk/papers/islab.asiaccs24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/islab</span><span class="invisible">.asiaccs24.pdf</span></a><br>💾 <a href="https://github.com/tum-itsec/islab" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/tum-itsec/islab</span><span class="invisible"></span></a></p><p>🏆 <a href="https://infosec.exchange/tags/EPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EPF</span></a> (presented by Di Jin at <span class="h-card" translate="no"><a href="https://infosec.exchange/@usenixassociation" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixassociation</span></a></span> <a href="https://infosec.exchange/tags/ATC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATC</span></a> 2023) was the runner-up for the "Bug of the Year" award ("Weirdest Machine" category) at IEEE Symposium on Security and Privacy LangSec (Language-Theoretic Security) workshop 2024! <a href="https://infosec.exchange/tags/atc23" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>atc23</span></a> <a href="https://infosec.exchange/tags/LangSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LangSec</span></a><br>⌨️ <a href="https://langsec.org/spw24/bugs-of-the-year-awards.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">langsec.org/spw24/bugs-of-the-</span><span class="invisible">year-awards.html</span></a><br>📄 <a href="https://cs.brown.edu/~vpk/papers/epf.atc23.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/epf.a</span><span class="invisible">tc23.pdf</span></a><br>💾 <a href="https://gitlab.com/brown-ssl/epf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/epf</span><span class="invisible"></span></a></p><p>🏅 I am honored and delighted to have received the "Distinguished Reviewer Award" at <span class="h-card" translate="no"><a href="https://mastodon.acm.org/@acm_ccs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>acm_ccs</span></a></span> <a href="https://infosec.exchange/tags/CCS2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCS2024</span></a>!</p><p>🏅Alexander Gaidis has been awarded the "Distinguished Artifact Reviewer" award at the <span class="h-card" translate="no"><a href="https://infosec.exchange/@usenixassociation" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixassociation</span></a></span> Security Symposium 2024!<br><a href="https://cs.brown.edu/news/2024/09/20/brown-cs-phd-student-alexander-j-gaidis-has-been-named-a-usenix-security-2024-distinguished-artifact-reviewer/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/news/2024/09/20/b</span><span class="invisible">rown-cs-phd-student-alexander-j-gaidis-has-been-named-a-usenix-security-2024-distinguished-artifact-reviewer/</span></a><br><a href="https://infosec.exchange/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a> <a href="https://infosec.exchange/tags/proudadvisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proudadvisor</span></a></p><p>📢 I had the great pleasure of discussing some of these works recently at the Computer Systems Seminar at Boston University!<br>📽️ <a href="https://www.bu.edu/rhcollab/events/bu-systems-bu%E2%99%BAs-seminar/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bu.edu/rhcollab/events/bu-syst</span><span class="invisible">ems-bu%E2%99%BAs-seminar/</span></a></p><p><a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/browncs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browncs</span></a> 🚀</p>
ISEC @ TU Graz<p>Lukas Lamster presented his paper “Voodoo: Memory Tagging, Authenticated Encryption, and Error Correction through MAGIC”. <br>Find out more: <a href="https://www.usenix.org/system/files/usenixsecurity24-lamster.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">usenix.org/system/files/usenix</span><span class="invisible">security24-lamster.pdf</span></a> <br><a href="https://mastodon.social/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a> <a href="https://mastodon.social/tags/USENIX2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USENIX2024</span></a></p>
ISEC @ TU Graz<p>Earlier this month <span class="h-card" translate="no"><a href="https://infosec.exchange/@notbobbytables" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>notbobbytables</span></a></span> and <span class="h-card" translate="no"><a href="https://infosec.exchange/@lavados" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lavados</span></a></span> travelled through North America giving talks at Blackhat, Intel and lately USENIX, where they were joined by fellow researchers Lukas Maar and Lukas Lamster! <br><a href="https://mastodon.social/tags/BHUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BHUSA</span></a> <a href="https://mastodon.social/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a> <a href="https://mastodon.social/tags/USENIX2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USENIX2024</span></a></p>
Jan van Acken<p>Random toot mentioning USENIX Security 2024, because nobody else seems to drop anything about it?<br><a href="https://scholar.social/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a> </p><p>(And I thought the output during <a href="https://scholar.social/tags/soups2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>soups2024</span></a> was low... )</p>
mustachio<p>My student, Fangfei Yang will be presenting our work on the Endokernel, secure in process-monitor at @USENIXSecurity '24 today (Aug. 14, 11:15pm Track 3)! <a href="https://infosec.exchange/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a></p><p>Work with: Anjo, Bumjin Im, Weijie Huang, Kelly Kaoudis, Chia-Che Tsai</p><p><a href="https://www.usenix.org/conference/usenixsecurity24/presentation/yang-fangfei" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">usenix.org/conference/usenixse</span><span class="invisible">curity24/presentation/yang-fangfei</span></a></p><p><a href="https://github.com/endokernel/endokernel-paper-ver" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/endokernel/endokern</span><span class="invisible">el-paper-ver</span></a></p>
Vasileios Kemerlis<p>📢 <span class="h-card" translate="no"><a href="https://mastodon.social/@dijin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dijin</span></a></span> will be presenting our work on hardening <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> (e)BPF against transient execution attacks at <span class="h-card" translate="no"><a href="https://bird.makeup/users/usenixsecurity" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>usenixsecurity</span></a></span> '24 tomorrow (Aug. 14, 1:45pm Track 2 -- "Side Channel I: Transient Execution")! Joint work with Alexander J. Gaidis. Paper: <a href="https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cs.brown.edu/~vpk/papers/beebo</span><span class="invisible">x.sec24.pdf</span></a> | Artifact: <a href="https://gitlab.com/brown-ssl/beebox" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/brown-ssl/beebox</span><span class="invisible"></span></a> | <a href="https://infosec.exchange/tags/brownssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brownssl</span></a> <a href="https://infosec.exchange/tags/beebox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>beebox</span></a> <a href="https://infosec.exchange/tags/ebpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ebpf</span></a> <a href="https://infosec.exchange/tags/bpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bpf</span></a> <a href="https://infosec.exchange/tags/usesec24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usesec24</span></a></p>