🎉 @acm.org CCS 2025 in Taipei, Taiwan was a blast!

I had a great time connecting with colleagues and friends at ACM SIGSAC's flagship security conference — a week filled with inspiring research and thoughtful discussions.

I was also deeply honored to receive two awards this year:

📢 Last week, Andreas Kellas presented our work on secure deserialization of pickle-based Machine Learning (ML) models at @acm.org CCS 2025!

#pickleball #mlsec #mlsecops #brownssl #browncs

📢 Last week, Brown Secure Systems Lab (SSL, gitlab.com/brown-ssl) was at the IEEE Symposium on Security and Privacy (S&P) 2025, where we presented our latest work on hardening OS kernels against attacks that (ab)use heap-based memory-safety vulnerabilities.

#brownssl #browncs #ieeesp2025 🧵

Thank you, Xing Gao and the University of Delaware CIS department for the warm welcome, thoughtful discussions, and the tour of the acclaimed CAR (www.thecarlab.org) lab!

#binwrap #sysfilter #nibbler #brownssl

My talk, titled "Hardening the Software Supply Chain: Practical Post-Compilation Defenses", was part of the SAVES workshop at IEEE MOST. I discussed both the pressing open problems in this evolving field and the next-gen. challenges of protecting critical infra. from software supply chain attacks.

It was a real pleasure catching up with friends, colleagues, and students. And with the spring weather fully cooperating, I couldn't resist snapping a few photos of Yale's beautiful campus in the early morning light.

📢 Honored to return to Yale University last week to speak at the Department of Computer Science colloquium on Operating Systems security -- exactly 10 years after my first talk there on the same topic!

#brownssl #browncs 🧵

📢 I had the great pleasure of discussing some of these works recently at the Computer Systems Seminar at Boston University! (Thank you for the invitation Manuel Egele and @gianlucastringhini.com.)

📽️ www.bu.edu/rhcollab/eve...

🏅I was honored and delighted to be awarded the "Distinguished Reviewer Award" at @acm.org #CCS2024!

🏆 #epf (presented by Di Jin at USENIX #ATC2023) was the runner-up for the "Bug of the Year" award at IEEE S&P #LangSec (Language-Theoretic Security) workshop 2024!
⌨️https://langsec.org/spw24/bugs-of-the-year-awards.html | 📄https://cs.brown.edu/~vpk/papers/epf.atc23.pdf | 💾 gitlab.com/brown-ssl/epf

✳️ Marius Momeu presented #islab at @acm.org #ASIACCS2024. ISLAB hardens SLAB-based (kernel) allocators, against memory errors, via SMAP-assisted isolation. (Joint work w/ TUM and @mikepo.bsky.social.)
📄https://cs.brown.edu/~vpk/papers/islab.asiaccs24.pdf | 💾 github.com/tum-itsec/is... #asiaccs

✳️ Yaniv David presented #quack at #NDSSsymposium2024. Quack hardens PHP code against deserialization attacks using a novel duck typing-based approach. (Joint work w/ Columbia Univ.) #NDSSsymposium2024
📄https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf | 💾 github.com/columbia/quack #NDSSsymposium2024

✳️ Di Jin presented #beebox at the USENIX Security Symposium 2024. BeeBox hardens #Linux BPF/eBPF against transient execution attacks.
📄https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf | 💾 gitlab.com/brown-ssl/be... #usesec24 #ebpf #bpf

✳️ Neophytos Christou presented #eclipse at @acm.org #CCS2024: a compiler-asst. frmwk. that adds artificial data deps. to sensitive data, blocking attacker-controlled input from being used during speculative execution.
📄https://cs.brown.edu/~vpk/papers/eclipse.ccs24.pdf | 💾 gitlab.com/brown-ssl/ec...

✳️ Marius Momeu presented #safeslab at @acm.org #CCS2024. Safeslab hardens the Linux SLUB allocator against exploits that abuse #UaF vulnerabilities, using #Intel #MPK. (Joint work w/ TUM and @mikepo.bsky.social.)
📄https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf | 💾 github.com/tum-itsec/sa...