Ntousakis, Kemerlis, Vasilakis, And Collaborators Win The ACM ASIACCS ‘23 Distinguished Paper Award

Click the links that follow for more news about Vasileois KemerlisNikos Vasilakis, and other recent accomplishments by our faculty.

The 18th Association for Computing Machinery Asia Conference on Computer and Communications Security was held from July 10 to July 14 in Melbourne, Australia. Bestowed annually, the ACM ASIACCS Distinguished Paper Award is given to outstanding papers presented at the conference. Brown CS faculty members Vasileios Kemerlis and Nikos Vasilakis and visiting research fellow Grigoris Ntousakis received the 2023 award for their paper, “BinWrap: Hybrid Protection Against Native Node.js Add-Ons”. Other collaborators include George Christou of FORTH-ICS (Foundation for Research and Technology – Institute of Computer Science) in Crete, Greece, Sotiris Ioannidis of the Technical University of Crete, Greece, and Eric Lahtinen of Aarno Labs in Cambridge, Massachusetts.

The paper focuses on the security challenges faced by modern applications written in high-level programming languages such as JavaScript, acknowledging that the presence of even a single memory-unsafe piece of code can compromise the security of entire applications. The authors created a new software system, called BinWrap, that introduces a hybrid permission model designed to protect both binary-only add-ons and their higher-level wrappers. To guard memory-unsafe code fragments, BinWrap first infers both sets of permissions automatically and then ensures that the execution of such fragments—even if misbehaved—will comply with these permissions.  The paper’s results demonstrate that BinWrap reduces access to sensitive resources and defends against real-world exploits.

“Software supply-chain security has become a critical concern. Today’s software systems employ large and complex dependencies, which introduce serious security risks even in otherwise benign and high-quality software systems,” Nikos says. “BinWrap is part of a broader effort to address these concerns by building a threat-specific toolchain that eliminates software supply-chain risks mostly automatically – with little, if any, developer involvement.”

Nikos' research group operates in the areas of software systems, programming languages, and security. The group currently focuses on automatically enhancing systems with new capabilities — “automating in desired features and automating away inessential complexity”, as stated on his website. His supply-chain security efforts involve co-organizing ACM SCORED ‘23, a new workshop on software supply-chain security, and co-leading a new multi-institutional effort on securing continuous integration pipelines, such as GitHub Actions, against software supply-chain threats.

Vasileios is the director of the Brown Secure Systems Lab and is mainly interested in software, hardware, and systems security, with a focus on information flow tracking, software hardening, fuzz testing, and OS kernel protection. He also teaches classes that cover topics surrounding software security and exploitation.

Grigoris, a current Master’s student at the Technical University of Crete and Brown CS visiting research fellow, conducts research revolving around simplifying, improving, and securing the development process for developers through dynamic program analysis. He’s created a blog post detailing the research involved in the BinWrap publication, which can be found here.

For more information, click the link that follows to contact Brown CS Communications Manager Jesse C. Polhemus.