One bug can manifest multiple behaviors representing different severity levels. Relying on a single behavior misleads bug evaluation and patching. Attentions and solutions are needed! (actually we already have both🤭)

Never imagine that this kinda protection can be so popular when we did our ELOISE project. First Grsecurity, now Apple.

That's interesting. I'm thinking maybe we can launch a competition and invite more people interested in this topic to get involved. Cuz I see a huge potential of studying multiple behaviors of vulnerabilities and how it can contribute to the evolvement of software security.

This paper is really insightful.

I have had this thought for almost one year but just don't know how to do it (in a scientific way so that I can publish papers.)

What I learn from this: 1⃣ exploitability evaluation is challenging but necessary #weirdmachine, 2⃣ security management of open-source software requires enforcement (also exposed via #log4j), 3⃣ we need defenses against cross-cache, 4⃣ Zhenpeng is doing pretty good, congrats!

So pround as part of TUTELARY team Northwestern University Computer Science Credit goes to Zhenpeng Lin. Ad time: I am recruiting research interns and Ph.D. students CU Boulder Engineering 🦬 to focus on pwn, #weirdmachine, and protection design. Contact me if you are interested!

The University of Colorado, Boulder is hiring for an Assistant Professor in Computer Engineering this year. Application is welcome. Repost is Appreciated! cra.org/job/university…

Last section here demonstrates why you want to have the same security functionality across compiled languages (what GCC Rust + plugins can address): research.nccgroup.com/2023/02/06/rus…

Today’s fun: two groups of people caring OS kernel security in one figure. I mean grsecurity and Apple, and I am flattered if you count Boulder in.

SpaceSec 🛰️, the first academic Workshop on Space and Satellite Systems Security (SpaceSec) at NDSS Symposium, will have its second edition on Mar 1, 2024 in San Diego! We accept 4-page & 8-page papers. Submission deadline: Jan 12, 2024, AoE. CfP: spacesec.info

I've been thinking of introducing eBPF for debugging in the undergraduate OS course at Boulder (if I am going to teach it someday in the future). Happy to see it's already happening somewhere else.

Have seen so much evidence when preparing for AIxCC. Absolutely convinced that AI is a game changer.

I'm formalizing memory corruption based on separation logic. Measurability is of course one direction and so is exploitation. However, it's unclear how useful it ultimately will be. Needs more validation efforts. whitehouse.gov/oncd/briefing-… via The White House

Boulder faculty and students are pround of being part of the 42-b3yond-6ug team. Now, take a shot at the meaning of the team name.

eBPF continues to blow my mind! Despite two eBPF-based protection USENIX papers and more in the pipeline, the power of eBPF never cease to amaze me every time I see its another new application. #eBPFeverything

As I said, #eBPFeverything, how about embedding ML models into eBPF for compartmentalization purposes? Check out BlackHat 24 Briefing "Stop! Sandboxing Exploitable Functions and Modules Using In-Kernel Machine Learning" to be presented by Qinrun Dai Seoktae(Alex) Lee Black Hat #BHUSA

This paragraph is false. No clue where they got the idea AUTOSLAB was per-type, not even the referenced blog suggests it. It's per-allocation site. pure.tugraz.at/ws/portalfiles…