Talk Title: Building Secure and Trustworthy Operating Systems
Speaker: Vasileios (Vasilis) Kemerlis, Associate Professor, Brown University
Abstract:
Modern operating systems consist of large, monolithic blobs of complex code, and are plagued with vulnerabilities that allow perpetrators to exploit them for profit. This, coupled with the sophistication of modern adversaries, makes the need for effective and targeted defenses more critical than ever. In this talk, I will present our work on developing novel protection mechanisms and exploit prevention techniques that improve the security posture of commodity operating system kernels. In particular, I will discuss xMP and SafeSLAB, two projects whose goal is to harden contemporary OSes, against attacks that exploit memory safety vulnerabilities in kernel code, without using super-privileged software (for example, a hypervisor or VMM). In addition, I will talk about EPF and BeeBox: the former is a new kernel exploitation technique that we developed, which unveils how in-kernel runtime environments, like that of (e)BPF, can be abused to significantly weaken the effectiveness of deployed, state of-the-art kernel defenses (I will also briefly discuss how to mitigate EPF-style attacks); the latter is a new security architecture that hardens (e)BPF against transient execution attacks. Lastly, during the talk, I will delve into the evolution of kernel exploitation and explore the emerging challenges in building secure and trustworthy OSes.
Bio:
Vasileios (Vasilis) Kemerlis is an Associate Professor of Computer Science at Brown University. His research interests are in the areas of systems and software security, with a focus on OS kernel protection, automated software hardening, information-flow tracking, and hardware-assisted security. Many of Vasilis’ proposed systems and defensive techniques have been adopted by major vendors, like Intel, Microsoft, and Apple, or open source projects, such as the Linux kernel, Mozilla Firefox, and the Tor Browser. His work on kernel exploitation and defense won the first prize in the Applied Research competition, at the Cyber Security Awareness Week (CSAW) 2014 conference, and nominated for a Pwnie award in 2015. Lastly, Vasilis’ work on fuzz testing ML/DL frameworks for memory errors has helped the TensorFlow and PyTorch developers identify and fix many 0-day vulnerabilities, and was awarded with ~40 CVEs. Vasilis has also contributed to the design and implementation of Microsoft’s primary solution for automatically triaging crash dumps (RETracer), which is now part of the Windows Error Reporting (WER) platform. In the past, he was a member of the Solaris Core Kernel team at Oracle, where he worked on adding support for full Address Space Layout Randomization (ASLR) in the Solaris OS. Other professional accolades include the NSF CAREER Award, a Distinguished Paper Award in ACM ASIA CCS 2023, two service awards from ACM CCS (2023 and 2024; “Top/Distinguished Reviewer”), and a service award from DIMVA 2020 (“Outstanding Reviewer”). Vasilis holds a PhD (2015), MPhil (2013), and MS (2010) in Computer Science from Columbia University, and a BS (2006) in Computer Science from Athens University of Economics and Business.