Vasileios Kemerlis
@vkemerlis.bsky.social
Professor @Brown CS. Brown Hat. Research on systems and software security. 🏴☠️🇬🇷🇺🇸 https://cs.brown.edu/~vpk
Contributing to the community—through both research and reviewing—has been one of the most fulfilling aspects of my academic career. Many thanks to the organizers, colleagues, and students who make CCS such a vibrant and rigorous forum for computer security research!
#acm_ccs #browncs #brownssl 🚀
#acm_ccs #browncs #brownssl 🚀
October 21, 2025 at 4:12 AM
🏆 Top Reviewers Award, recognizing service and contributions to the CCS community. I'm especially grateful for this honor, as it marks the third consecutive year (2023, 2024, and 2025) that I've received a service award from CCS — a tradition I'm proud to continue.
October 21, 2025 at 4:12 AM
🏆 Top Reviewers Award, recognizing service and contributions to the CCS community. I'm especially grateful for this honor, as it marks the third consecutive year (2023, 2024, and 2025) that I've received a service award from CCS — a tradition I'm proud to continue.
🏅 Distinguished Artifact Award for our paper "PickleBall: Secure Deserialization of Pickle-based Machine Learning Models" (bsky.app/profile/vkem...).
October 21, 2025 at 4:12 AM
🏅 Distinguished Artifact Award for our paper "PickleBall: Secure Deserialization of Pickle-based Machine Learning Models" (bsky.app/profile/vkem...).
Joint work with Neophytos Christou (Brown University), Columbia University (Junfeng Yang, Penghui Li), Purdue University (Jamie Davis, Wenxin Jiang), Technion (Yaniv David), and Google (Laurent Simon).
✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/columbia/pic...
✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/columbia/pic...
October 21, 2025 at 2:22 AM
Joint work with Neophytos Christou (Brown University), Columbia University (Junfeng Yang, Penghui Li), Purdue University (Jamie Davis, Wenxin Jiang), Technion (Yaniv David), and Google (Laurent Simon).
✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/columbia/pic...
✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/columbia/pic...
This work continues our broader effort to secure deserialization across ecosystems -- building on our earlier research presented by Yaniv David at NDSS 2024 (tinyurl.com/mbcevsv6), and Neophytos Christou and Andreas Kellas at BlackHat USA 2025 (tinyurl.com/bdvny4w7).
October 21, 2025 at 2:22 AM
This work continues our broader effort to secure deserialization across ecosystems -- building on our earlier research presented by Yaniv David at NDSS 2024 (tinyurl.com/mbcevsv6), and Neophytos Christou and Andreas Kellas at BlackHat USA 2025 (tinyurl.com/bdvny4w7).
#PickleBall is a static analysis framework that derives and enforces safe deserialization policies for pickle-based ML models. It infers permissible object types and load-time behaviors directly from ML-library code and enforces them through a secure, drop-in replacement for Python's pickle module.
October 21, 2025 at 2:22 AM
#PickleBall is a static analysis framework that derives and enforces safe deserialization policies for pickle-based ML models. It infers permissible object types and load-time behaviors directly from ML-library code and enforces them through a secure, drop-in replacement for Python's pickle module.
👏 Kudos to Marius Momeu (leading author) who did a terrific job presenting our paper -- joint work Alexander Gaidis (Brown University) and Jasper von der Heidt (TU Munich).
✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/tum-itsec/iu... (coming soon)
#brownssl #browncs #ieeesp2025
✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/tum-itsec/iu... (coming soon)
#brownssl #browncs #ieeesp2025
May 19, 2025 at 2:02 PM
👏 Kudos to Marius Momeu (leading author) who did a terrific job presenting our paper -- joint work Alexander Gaidis (Brown University) and Jasper von der Heidt (TU Munich).
✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/tum-itsec/iu... (coming soon)
#brownssl #browncs #ieeesp2025
✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/tum-itsec/iu... (coming soon)
#brownssl #browncs #ieeesp2025
#IUBIK hardens OS kernel code against attacks that (ab)use memory errors via means of: (1) attacker-controlled input isolation, (2) memory tagging (ARM MTE), and pointer encryption (ARM PA).
✳️ cs.brown.edu/~vpk/papers/...
💾 github.com/tum-itsec/iu... (soon)
#iubik #mte #pac #arm #brownssl #browncs
✳️ cs.brown.edu/~vpk/papers/...
💾 github.com/tum-itsec/iu... (soon)
#iubik #mte #pac #arm #brownssl #browncs
May 12, 2025 at 4:41 PM
#IUBIK hardens OS kernel code against attacks that (ab)use memory errors via means of: (1) attacker-controlled input isolation, (2) memory tagging (ARM MTE), and pointer encryption (ARM PA).
✳️ cs.brown.edu/~vpk/papers/...
💾 github.com/tum-itsec/iu... (soon)
#iubik #mte #pac #arm #brownssl #browncs
✳️ cs.brown.edu/~vpk/papers/...
💾 github.com/tum-itsec/iu... (soon)
#iubik #mte #pac #arm #brownssl #browncs
Thank you, Xing Gao and the University of Delaware CIS department for the warm welcome, thoughtful discussions, and the tour of the acclaimed CAR (www.thecarlab.org) lab!
#binwrap #sysfilter #nibbler #brownssl
#binwrap #sysfilter #nibbler #brownssl
May 12, 2025 at 3:05 PM
Thank you, Xing Gao and the University of Delaware CIS department for the warm welcome, thoughtful discussions, and the tour of the acclaimed CAR (www.thecarlab.org) lab!
#binwrap #sysfilter #nibbler #brownssl
#binwrap #sysfilter #nibbler #brownssl
If this area of research interests you, you might also find our recent work on Quack (hardening PHP code against deserialization attacks, NDSS 2024: 📄 cs.brown.edu/~vpk/papers/... 💾 github.com/columbia/quack) worth a look.
cs.brown.edu
May 12, 2025 at 3:05 PM
If this area of research interests you, you might also find our recent work on Quack (hardening PHP code against deserialization attacks, NDSS 2024: 📄 cs.brown.edu/~vpk/papers/... 💾 github.com/columbia/quack) worth a look.
✳️ sysfilter (RAID 2020: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/sy...) -- Automated system-call policy extraction and enforcement in binary-only applications.
✳️ Nibbler (ACSAC 2019: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/li...) -- Shared-library code debloating.
✳️ Nibbler (ACSAC 2019: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/li...) -- Shared-library code debloating.
cs.brown.edu
May 12, 2025 at 3:05 PM
✳️ sysfilter (RAID 2020: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/sy...) -- Automated system-call policy extraction and enforcement in binary-only applications.
✳️ Nibbler (ACSAC 2019: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/li...) -- Shared-library code debloating.
✳️ Nibbler (ACSAC 2019: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/li...) -- Shared-library code debloating.
I also shared a few highlights from our research efforts over the past five years re: supply-chain security:
✳️ BinWrap (ACM ASIACCS 2023, Distinguished Paper Award 🏆: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/atlas-brown/...) -- HW-assisted (via Intel MPK) sandboxing of native Node.js add-ons.
✳️ BinWrap (ACM ASIACCS 2023, Distinguished Paper Award 🏆: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/atlas-brown/...) -- HW-assisted (via Intel MPK) sandboxing of native Node.js add-ons.
cs.brown.edu
May 12, 2025 at 3:05 PM
I also shared a few highlights from our research efforts over the past five years re: supply-chain security:
✳️ BinWrap (ACM ASIACCS 2023, Distinguished Paper Award 🏆: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/atlas-brown/...) -- HW-assisted (via Intel MPK) sandboxing of native Node.js add-ons.
✳️ BinWrap (ACM ASIACCS 2023, Distinguished Paper Award 🏆: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/atlas-brown/...) -- HW-assisted (via Intel MPK) sandboxing of native Node.js add-ons.
My talk, titled "Hardening the Software Supply Chain: Practical Post-Compilation Defenses", was part of the SAVES workshop at IEEE MOST. I discussed both the pressing open problems in this evolving field and the next-gen. challenges of protecting critical infra. from software supply chain attacks.
May 12, 2025 at 3:05 PM
My talk, titled "Hardening the Software Supply Chain: Practical Post-Compilation Defenses", was part of the SAVES workshop at IEEE MOST. I discussed both the pressing open problems in this evolving field and the next-gen. challenges of protecting critical infra. from software supply chain attacks.
Thank you to my host Charalampos Papamanthou and the Yale CS department for the warm welcome and thoughtful discussion!
April 6, 2025 at 7:32 PM
Thank you to my host Charalampos Papamanthou and the Yale CS department for the warm welcome and thoughtful discussion!
It was a real pleasure catching up with friends, colleagues, and students. And with the spring weather fully cooperating, I couldn't resist snapping a few photos of Yale's beautiful campus in the early morning light.
April 6, 2025 at 7:32 PM
It was a real pleasure catching up with friends, colleagues, and students. And with the spring weather fully cooperating, I couldn't resist snapping a few photos of Yale's beautiful campus in the early morning light.
If this area interests you, you might also find BeeBox (strengthening eBPF against transient execution attacks, USENIX Security 2024: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/be...) and IUBIK (leveraging ARM MTE+PA to isolate attacker-controlled data, IEEE S&P 2025) worth a look.
cs.brown.edu
April 6, 2025 at 7:32 PM
If this area interests you, you might also find BeeBox (strengthening eBPF against transient execution attacks, USENIX Security 2024: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/be...) and IUBIK (leveraging ARM MTE+PA to isolate attacker-controlled data, IEEE S&P 2025) worth a look.
✳️ EPF (USENIX ATC 2023: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/epf) — Exploiting the (e)BPF sub-system for bypassing modern protections and ways to fix this.
#epf #brownssl
(Joint work with @mikepo.bsky.social, Marius Momeu, Vaggelis Atlidakis, Di Jin, and Sergej Proskurin.)
#epf #brownssl
(Joint work with @mikepo.bsky.social, Marius Momeu, Vaggelis Atlidakis, Di Jin, and Sergej Proskurin.)
cs.brown.edu
April 6, 2025 at 7:32 PM
✳️ EPF (USENIX ATC 2023: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/epf) — Exploiting the (e)BPF sub-system for bypassing modern protections and ways to fix this.
#epf #brownssl
(Joint work with @mikepo.bsky.social, Marius Momeu, Vaggelis Atlidakis, Di Jin, and Sergej Proskurin.)
#epf #brownssl
(Joint work with @mikepo.bsky.social, Marius Momeu, Vaggelis Atlidakis, Di Jin, and Sergej Proskurin.)
✳️ SafeSLAB (ACM CCS 2024: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/tum-itsec/sa...) — Kernel heap hardening through memory tagging.
#safeslab #brownssl
#safeslab #brownssl
cs.brown.edu
April 6, 2025 at 7:32 PM
✳️ SafeSLAB (ACM CCS 2024: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/tum-itsec/sa...) — Kernel heap hardening through memory tagging.
#safeslab #brownssl
#safeslab #brownssl
✳️ xMP (IEEE S&P 2020: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/virtsec/xmp) — Selective intra-kernel memory isolation using hardware-assisted virtualization.
#xmp #brownssl
#xmp #brownssl
cs.brown.edu
April 6, 2025 at 7:32 PM
✳️ xMP (IEEE S&P 2020: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/virtsec/xmp) — Selective intra-kernel memory isolation using hardware-assisted virtualization.
#xmp #brownssl
#xmp #brownssl