#acm_ccs — Public Fediverse posts

🎉 @acm_ccs 2025 in Taipei, Taiwan was a blast!

I had a great time connecting with colleagues and friends at ACM SIGSAC's flagship security conference — a week filled with inspiring research and thoughtful discussions.

I was also deeply honored to receive two awards this year (https://www.sigsac.org/ccs/CCS2025/awards/):

🏅 Distinguished Artifact Award for our paper "PickleBall: Secure Deserialization of Pickle-based Machine Learning Models" (https://infosec.exchange/@vkemerlis/115409982332037503).

🏆 Top Reviewers Award, recognizing service and contributions to the CCS community. I'm especially grateful for this honor, as it marks the third consecutive year (2023, 2024, and 2025) that I've received a service award from CCS — a tradition I'm proud to continue.

Contributing to the community—through both research and reviewing—has been one of the most fulfilling aspects of my academic career. Many thanks to the organizers, colleagues, and students who make CCS such a vibrant and rigorous forum for computer security research!

#acm_ccs #browncs #brownssl 🚀

📢 Last week, Andreas Kellas presented our work on secure deserialization of pickle-based Machine Learning (ML) models at @acm_ccs 2025!

#PickleBall is a static analysis framework that automatically derives and enforces safe deserialization policies for pickle-based machine learning models. It infers permissible object types and load-time behaviors directly from ML-library code and enforces them through a secure, drop-in replacement for Python's pickle module.

This work continues our broader effort to secure deserialization across ecosystems -- building on our earlier research presented by Yaniv David at @ndsssymposium 2024 (https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf), and Neophytos Christou and Andreas Kellas at BlackHat USA 2025 (https://www.blackhat.com/us-25/briefings/schedule/index.html#quack-hindering-deserialization-attacks-via-static-duck-typing-44934), which focused on hardening PHP code against deserialization attacks using a static, duck-typing-based approach.

Joint work with Neophytos Christou (Brown University), Columbia University (Junfeng Yang, Penghui Li), Purdue University (James (Jamie) Davis, Wenxin Jiang), Technion (Yaniv David), and Google (Laurent Simon).

✳️ Paper: https://cs.brown.edu/~vpk/papers/pickleball.ccs25.pdf
💾 Code: https://github.com/columbia/pickleball

#pickleball #mlsec #mlsecops #acm_ccs #brownssl #browncs

📢 Off to #Copenhagen, #Denmark for #acm_ccs 2023! Alexander Gaidis will be presenting our work on adaptive system call filtering (SysXCHG) in session 6D (Kernel & Syscalls) -- Nov 28, 3PM-4PM. https://cs.brown.edu/~vpk/papers/sysxchg.ccs23.pdf | https://gitlab.com/brown-ssl/sysxchg | #brownssl #sysxchg