Herbert Bos

Leaving Twitter/X. I can't stand the guy.

@martonbognar @HansWinderix @LeslyAnnDaniel1 @acm_ccs Congrats!

Our paper with @HansWinderix, @LeslyAnnDaniel1, and Frank Piessens received the distinguished paper award at @acm_ccs! If you are interested in mitigating control-flow leakage, read the paper mici.hu/papers/winderi… and check out the repository github.com/proteus-core/l…

@MarcusBotacin @AndreasZeller @moyix Yes, looks interesting. Fwiw, one of our students also worked on fuzzing malware: download.vusec.net/papers/enviral…

Fuzzing malware is not as popular as I believe it should be. Hope this work might foster more research in this direction. I believe my academic peers in fuzzing might be interested on it @AndreasZeller @moyix @herbertbos

[New Paper] Fuzzing and symbolic execution for malware tracing. What if we force malware to run via different paths? Do the same techniques used to find software bug work for finding malware paths? marcusbotacin.github.io/publication/20… Key findings in this thread!

Our paper "SIMurai: Slicing Through the Complexity of SIM Card Security Research" just went public! In this paper, we explore the question: What kind of attacks could a hostile SIM launch against your phone? Surprisingly, a lot.

As it turns out, the secure monitor, Android's most trusted component is full of bugs. @_chli_ and @0ddc0de discovered lots of serious issues @USENIXSecurity though fuzzing. Paper: nebelwelt.net/files/24SEC2.p…

Do you want 0days in Android Trusted Applications using the Global Platform API? Use @0ddc0de's binary static analysis @USENIXSecurity to find type confusions resulting in arbitrary writes. Paper: nebelwelt.net/files/24SEC4.p…

In the last @vu5ec presentation at @USENIXSecurity, @hanyrax discusses GhostRace and explains how attackers can exploit speculative race conditions in the Linux kernel. download.vusec.net/papers/ghostra… @kurmus @c_giuffrida @m4mbr3

@victor_duta presenting the SafeFetch paper about protecting against double fetches: download.vusec.net/papers/safefet… @vu5ec @c_giuffrida @USENIXSecurity Mitchel Aloserij (not on X?)

@bjohannesmeyer presenting our Einstein paper that shows that automating data-only attacks can be easy: download.vusec.net/papers/einstei… @vu5ec @asia_slowinska @c_giuffrida @USENIXSecurity

Happy to report that our InSpectreGadget paper won a Distinguished Paper award at @USENIXSecurity: download.vusec.net/papers/inspect… @vu5ec @SanWieb @HBitmasks @c_giuffrida Here is @SanWieb presenting the paper:

@spendergrsec Maybe we phrased it a bit strongly, without that context. The usenix security paper makes that a bit clearer. Anyway, not intended as a dig at PaX, but a call to *deploy* defenses that stop such attacks.

@spendergrsec Sorry for late reply - not much X these days. Complexity refers mainly to research that crafts attacks with, say, symbex, and aims for, say, Turing completeness -> neither very practical nor needed. Niche refers to application-specific and requiring much knowledge of application.

@herbertbos usenix.org/publications/l… Do you have links of prominent people claiming this? I know we haven't, and will explain in more detail below.

A big thank you to the local organizers in Vienna for hosting an outstanding event! Thanks to the outgoing chair @herbertbos and good luck for 2025 to the PC co-chairs @kcotsneb and Anja Lehmann - follow this space for the CfP and changes for the 2025 Venice edition of EuroS&P.

@kcotsneb @IEEEEUROSP Accurate depiction. True to life.

It was my pleasure to co-chair @IEEEEUROSP 2024 with @herbertbos and learn from him in his role as the senior PC chair. Congratulations on the best senior PC Co-Chair 2024 award!

So... Andy won the ACM Software System Award for MINIX! I feel very proud and privileged to have worked with him (on MINIX 3 and other things)! He is one of the true pioneers of operating systems and one of the reasons i came to @VUamsterdam. acm.org/media-center/2…

Europees Parlementsverkiezing voorspoedig verlopen, uitslag betrouwbaar kiesraad.nl/actueel/nieuws…

Zodra de stembussen gesloten zijn, starten de stembureauleden met het tellen van de stemmen. Dit gebeurt in het openbaar en iedereen mag daarbij aanwezig zijn. Je mag het telproces niet verstoren, dus er gelden enkele regels 👇

Onze Chief Information Security Officer (CISO) Fleur van Leusden @Queen_fennec mocht in de podcast De Technoloog van BNR Nieuwsradio vertellen over hoe we ervoor zorgen dat de verkiezingen veilig, transparant en controleerbaar zijn.

For the first time, 2 @TheOfficialACM flagship conferences in computer systems are colocated in Europe: Rotterdam🎒🚲🌷 ACM ASPLOS'25: asplos-conference.org/asplos-2025-ca… ACM EuroSys'25: 2025.eurosys.org @tudelft @ugent @VUamsterdam @ACMSIGOPS @sigarch @sigplan @EurosysConf

The Belgian presidency has drafted yet another tweaked #chatcontrol proposal. In summary, the proposal remains completely unacceptable. TLDR: All the problems pointed our in our open letters are still there nce.mpi-sp.org/index.php/s/eq… & docs.google.com/document/d/13A… 🧵1/6