Vasileios Kemerlis Wins An NSF CAREER Award For Adaptive Hardening, Debloating, And Hardware-Assisted Protection
- Posted by Jesse Polhemus
- on March 21, 2023
“The need for exploit mitigations is more critical than ever,” says Brown CS faculty member Vasileios (Vasilis) Kemerlis, “and even more so when it comes to critical infrastructure. Despite years of research, software hardening still revolves around a ‘protect everything, the same way, all the time, at the same intensity’ approach that works well only with defenses that have negligible performance overhead and are oblivious to the settings in which the hardened software is used.”
But an alternative is possible, and Vasileios has just received a National Science Foundation (NSF) CAREER Award to help create it. CAREER Awards are given in support of outstanding junior faculty teacher-scholars who excel at research, education, and integration of the two within the context of an organizational mission.
To address this overarching problem, Vasileios proposes a next-generation security architecture that enables defenses to be constantly in flux, fostering the strategic deployment of robust protection mechanisms – heavyweight, yet principled and effective – as and where needed. The goal is to infuse systems with the ability to dynamically adapt their defenses and functionality along several dimensions by elevating the techniques of hardening rectification and hardening agility to first-rate principles.
“The benefits of an adaptive approach to software security are manifold,” Vasileios says. “First, hardening agility creates a diversified and unpredictable environment, which naturally breaks the monoculture of defenses and hinders the ability of adversaries to use ‘canned’ recipes for bypassing exploit mitigations. Second, hardening rectification allows software to make the best use of the hardening capabilities that a particular setting offers, and dynamically adapt the deployed defenses to meet certain needs. For instance, it could intensify the hardening level to protect against an active exploitation attempt or selectively turn off redundant protections to increase performance and preserve power.”
Vasileios joins multiple previous Brown CS winners of the award, including (most recently) Srinath Sridhar, Malte Schwarzkopf, Daniel Ritchie, and George Konidaris.
For more information, click the link that follows to contact Brown CS Communications Manager Jesse C. Polhemus.