Excited to be co-chairing RAID 2026 (raid2026.org) alongside Tiffany Bao this year!

Looking for a security venue to submit your research? The deadline is just around the corner—April 16, 2026.

CFP: raid2026.org/call.html

Looking forward to seeing you in Lancaster this October (11–14)!

Contributing to the community—through both research and reviewing—has been one of the most fulfilling aspects of my academic career. Many thanks to the organizers, colleagues, and students who make CCS such a vibrant and rigorous forum for computer security research!

#acm_ccs #browncs #brownssl 🚀

🏆 Top Reviewers Award, recognizing service and contributions to the CCS community. I'm especially grateful for this honor, as it marks the third consecutive year (2023, 2024, and 2025) that I've received a service award from CCS — a tradition I'm proud to continue.

🏅 Distinguished Artifact Award for our paper "PickleBall: Secure Deserialization of Pickle-based Machine Learning Models" (bsky.app/profile/vkem...).

🎉 @acm.org CCS 2025 in Taipei, Taiwan was a blast!

I had a great time connecting with colleagues and friends at ACM SIGSAC's flagship security conference — a week filled with inspiring research and thoughtful discussions.

I was also deeply honored to receive two awards this year:

Joint work with Neophytos Christou (Brown University), Columbia University (Junfeng Yang, Penghui Li), Purdue University (Jamie Davis, Wenxin Jiang), Technion (Yaniv David), and Google (Laurent Simon).

✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/columbia/pic...

This work continues our broader effort to secure deserialization across ecosystems -- building on our earlier research presented by Yaniv David at NDSS 2024 (tinyurl.com/mbcevsv6), and Neophytos Christou and Andreas Kellas at BlackHat USA 2025 (tinyurl.com/bdvny4w7).

#PickleBall is a static analysis framework that derives and enforces safe deserialization policies for pickle-based ML models. It infers permissible object types and load-time behaviors directly from ML-library code and enforces them through a secure, drop-in replacement for Python's pickle module.

📢 Last week, Andreas Kellas presented our work on secure deserialization of pickle-based Machine Learning (ML) models at @acm.org CCS 2025!

#pickleball #mlsec #mlsecops #brownssl #browncs

👏 Kudos to Marius Momeu (leading author) who did a terrific job presenting our paper -- joint work Alexander Gaidis (Brown University) and Jasper von der Heidt (TU Munich).

✳️ Paper: cs.brown.edu/~vpk/papers/...
💾 Code: github.com/tum-itsec/iu... (coming soon)

#brownssl #browncs #ieeesp2025

#IUBIK leverages memory tagging (MTE) and pointer authentication (PA), available in #ARM CPUs, to efficiently and effectively isolate attacker-controlled input from security-critical data in the kernel heap.

#iubik #mte #pac #arm #brownssl #browncs #ieeesp2025

📢 Last week, Brown Secure Systems Lab (SSL, gitlab.com/brown-ssl) was at the IEEE Symposium on Security and Privacy (S&P) 2025, where we presented our latest work on hardening OS kernels against attacks that (ab)use heap-based memory-safety vulnerabilities.

#brownssl #browncs #ieeesp2025 🧵

#IUBIK hardens OS kernel code against attacks that (ab)use memory errors via means of: (1) attacker-controlled input isolation, (2) memory tagging (ARM MTE), and pointer encryption (ARM PA).

✳️ cs.brown.edu/~vpk/papers/...
💾 github.com/tum-itsec/iu... (soon)

#iubik #mte #pac #arm #brownssl #browncs

If you're attending the IEEE Symposium on Security and Privacy 2025 and interested in OS/kernel (self-)protection, please stop by the "Memory Safety" track today (Session 3, Track 3, 1PM--2:30PM in Bayview AB) to hear more about #IUBIK from Marius Momeu!

#ieeesp2025 #iubik

Thank you, Xing Gao and the University of Delaware CIS department for the warm welcome, thoughtful discussions, and the tour of the acclaimed CAR (www.thecarlab.org) lab!

#binwrap #sysfilter #nibbler #brownssl

If this area of research interests you, you might also find our recent work on Quack (hardening PHP code against deserialization attacks, NDSS 2024: 📄 cs.brown.edu/~vpk/papers/... 💾 github.com/columbia/quack) worth a look.

✳️ sysfilter (RAID 2020: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/sy...) -- Automated system-call policy extraction and enforcement in binary-only applications.

✳️ Nibbler (ACSAC 2019: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/li...) -- Shared-library code debloating.

I also shared a few highlights from our research efforts over the past five years re: supply-chain security:

✳️ BinWrap (ACM ASIACCS 2023, Distinguished Paper Award 🏆: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/atlas-brown/...) -- HW-assisted (via Intel MPK) sandboxing of native Node.js add-ons.

My talk, titled "Hardening the Software Supply Chain: Practical Post-Compilation Defenses", was part of the SAVES workshop at IEEE MOST. I discussed both the pressing open problems in this evolving field and the next-gen. challenges of protecting critical infra. from software supply chain attacks.

📢 Last week, I had the pleasure of visiting the beautiful University of Delaware (@udelaware.bsky.social) to speak about supply chain security, and reconnect with friends and colleagues!

#brownssl #browncs 🧵

Thank you to my host Charalampos Papamanthou and the Yale CS department for the warm welcome and thoughtful discussion!

It was a real pleasure catching up with friends, colleagues, and students. And with the spring weather fully cooperating, I couldn't resist snapping a few photos of Yale's beautiful campus in the early morning light.

If this area interests you, you might also find BeeBox (strengthening eBPF against transient execution attacks, USENIX Security 2024: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/be...) and IUBIK (leveraging ARM MTE+PA to isolate attacker-controlled data, IEEE S&P 2025) worth a look.

✳️ EPF (USENIX ATC 2023: 📄 cs.brown.edu/~vpk/papers/..., 💾 gitlab.com/brown-ssl/epf) — Exploiting the (e)BPF sub-system for bypassing modern protections and ways to fix this.

#epf #brownssl

(Joint work with @mikepo.bsky.social, Marius Momeu, Vaggelis Atlidakis, Di Jin, and Sergej Proskurin.)

✳️ SafeSLAB (ACM CCS 2024: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/tum-itsec/sa...) — Kernel heap hardening through memory tagging.

#safeslab #brownssl

✳️ xMP (IEEE S&P 2020: 📄 cs.brown.edu/~vpk/papers/..., 💾 github.com/virtsec/xmp) — Selective intra-kernel memory isolation using hardware-assisted virtualization.

#xmp #brownssl

In this "tin anniversary" edition, I reflected on how OS kernel exploitation and defense have evolved over the past decade, and shared highlights from some of our recent work in the field over the last five years:

📢 Honored to return to Yale University last week to speak at the Department of Computer Science colloquium on Operating Systems security -- exactly 10 years after my first talk there on the same topic!

#brownssl #browncs 🧵

📢 I had the great pleasure of discussing some of these works recently at the Computer Systems Seminar at Boston University! (Thank you for the invitation Manuel Egele and @gianlucastringhini.com.)

📽️ www.bu.edu/rhcollab/eve...

🏅Alexander Gaidis has been awarded the "Distinguished Artifact Reviewer" award at the USENIX Security Symposium 2024!
cs.brown.edu/news/2024/09...
#usesec24 #proudadvisor