CS 195

Week 3 Activity: Colloquium talk @ Pomona

This week, Pomona College hosts a talk by Vasileios Kemerlis, from Brown University, in Seaver North Auditorium on the Pomona campus. The talk begins at 4:15 PM on Thursday.

For students enrolled in CS Colloquium (CS 195):

  • If you’re in Section 1, we expect you to attend the event when it occurs (synchronously). You will need to log your in-person attendance at the event using one of the following messages:
    • Via smartphone: There will be a QR code at the event that you can scan to log your attendance. It will use this website, so it will help to already be logged in on your phone beforehand to make the process smoother.
    • Via paper sign-in: If you don't have a working smartphone, or you have technical difficulties, you can sign in on a paper form at the event. We will manually enter your attendance into the system later.
  • If you're in Section 2, our colleagues at Pomona are hoping to record the talk, but it will take a few days to process the recording (assuming it is recorded successfully). We will post the recording here when it becomes available, so please check back regularly to see if it has been posted.

Building Secure and Trustworthy Software Systems

Abstract

Modern software systems consist of large, monolithic blobs of complex code, and are plagued with vulnerabilities that allow perpetrators to exploit them for profit. This, coupled with the sophistication of modern adversaries, makes the need for effective and targeted defenses more critical than ever. In this talk, I will present our work on developing novel protection mechanisms and exploit prevention techniques that improve the security posture of commodity software. In particular, I will discuss Shuffler, CCR, Egalito, and SysXCHG, four projects whose goal is to harden contemporary codebases, against attacks that exploit memory safety vulnerabilities, without entailing super-privileged components. In addition, I will talk about IvySyn, the first fully-automated system for uncovering memory errors in DL frameworks. IvySyn has already helped the TensorFlow and PyTorch framework developers to identify and fix 60 previously-unknown security vulnerabilities, and was awarded with 40 unique CVEs.

About Vasileios Kemerlis

Vasileios (Vasilis) Kemerlis is an Assistant Professor of Computer Science at Brown University. His research interests are in the areas of systems and software security, with a focus on OS kernel protection, automated software hardening, information-flow tracking, and hardware-assisted security. Many of Vasilis' proposed systems and defensive techniques have been adopted by major vendors, like Intel, Microsoft, and Apple, or open source projects, such as the Linux kernel, Mozilla Firefox, and the Tor Browser. His work on kernel exploitation and defense has received recognition from both the industry and academia, featuring articles in ;login: (the technical journal of USENIX), multiple presentations at Black Hat (BHEU 2014, BHASIA 2017, and BHUSA 2017), as well as significant coverage in press and social media (articles in LWN.net, the Linux Journal, and Dark Reading, notable mention in Hacker News and Reddit); in addition, it won the first prize in the Applied Research competition, at the Cyber Security Awareness Week (CSAW) 2014 conference, and nominated for a Pwnie award in 2015. Lastly, Vasilis' work on fuzz testing ML/DL frameworks for memory errors has helped the TensorFlow and PyTorch developers identify and fix many 0-day vulnerabilities, and was awarded with ~40 CVEs.

Vasilis has also contributed to the design and implementation of Microsoft's primary solution for automatically triaging crash dumps (RETracer), which is now part of the Windows Error Reporting (WER) Platform. In the past, he was a member of the Solaris Core Kernel team at Oracle, where he worked on adding support for full Address Space Layout Randomization (ASLR) in the Solaris OS. Other professional accolades include the NSF CAREER Award, a Distinguished Paper Award in ACM ASIA CCS 2023, and a service award from ACM CCS 2023 and DIMVA 2020 ("Top/Outstanding Reviewer"). Vasilis holds a PhD (2015), MPhil (2013), and MS (2010) in Computer Science from Columbia University, and a BS (2006) in Computer Science from Athens University of Economics and Business.

When and How to Attend

  • Thursday, February 1
    • Location: Seaver North Auditorium, Pomona College
    • Talk runs from 4:15–5:30 PM

Recording for Section 2

(You must be logged in to view this video.)

This video is provided for students in Section 2 of CS 195 (and students in Section 1 who had to miss the talk due to extenuating circumstances). This is a private video, so please do not share it with others.

Required Assessment

To receive full credit for attending this colloquium, complete the assessment:

Please do so at your soonest convenience, within 24 hours of seeing the talk.

(When logged in, completion status appears here.)