Michalis Polychronakis
@mikepo.bsky.social
Professor, CS Department, Stony Brook University | research on network and system security, network monitoring and measurement, online privacy | https://www.cs.stonybrook.edu/~mikepo/
Paschalis (@pbekos.bsky.social) presenting our work on PII leakage through Meta Pixel at ACM CCS 2025 | paper: www3.cs.stonybrook.edu/~mikepo/pape... | code+data: github.com/pasxalisbeko...
October 16, 2025 at 8:38 AM
Paschalis (@pbekos.bsky.social) presenting our work on PII leakage through Meta Pixel at ACM CCS 2025 | paper: www3.cs.stonybrook.edu/~mikepo/pape... | code+data: github.com/pasxalisbeko...
Arrival time 25:45
July 9, 2025 at 9:36 AM
Arrival time 25:45
Maryam (@mrostamipoor.bsky.social) presenting our work on protecting Kubernetes Secrets at IEEE EuroS&P 2025 | paper: www3.cs.stonybrook.edu/~mikepo/pape... | source code: github.com/mrostamipoor...
July 3, 2025 at 9:35 AM
Maryam (@mrostamipoor.bsky.social) presenting our work on protecting Kubernetes Secrets at IEEE EuroS&P 2025 | paper: www3.cs.stonybrook.edu/~mikepo/pape... | source code: github.com/mrostamipoor...
Maryam (@mrostamipoor.bsky.social) presenting our work on protecting against memory leakage attacks on serverless platforms at NDSS 2025 | paper: www3.cs.stonybrook.edu/~mikepo/pape... | source code: github.com/mrostamipoor...
February 26, 2025 at 7:52 PM
Maryam (@mrostamipoor.bsky.social) presenting our work on protecting against memory leakage attacks on serverless platforms at NDSS 2025 | paper: www3.cs.stonybrook.edu/~mikepo/pape... | source code: github.com/mrostamipoor...
We can have the plain old good Google search results page back on by default! Tested on Firefox and it works great.
www.reddit.com/r/firefox/co...
www.reddit.com/r/firefox/co...
December 18, 2024 at 5:02 PM
We can have the plain old good Google search results page back on by default! Tested on Firefox and it works great.
www.reddit.com/r/firefox/co...
www.reddit.com/r/firefox/co...
The tradition of major security news coinciding with what we teach in class continues. The xz backdoor was found while students are halfway through their implementation of a "plugboard" proxy for securing publicly accessible SSH servers. Answering "what's the point of building this" is now easier..
April 1, 2024 at 7:46 PM
The tradition of major security news coinciding with what we teach in class continues. The xz backdoor was found while students are halfway through their implementation of a "plugboard" proxy for securing publicly accessible SSH servers. Answering "what's the point of building this" is now easier..
It's not a simple failure, it's a catastrophe!
March 19, 2025 at 7:01 PM
It's not a simple failure, it's a catastrophe!
Best explanation of C pointers ever! From the truly wonderful book "C language programming that even a cat can understand" https://archive.org/details/c-2-neko-series-2012
March 19, 2025 at 7:01 PM
Best explanation of C pointers ever! From the truly wonderful book "C language programming that even a cat can understand" https://archive.org/details/c-2-neko-series-2012
Congratulations to Dr. Seyedhamed Ghavamnia (@s_hamedgh) who successfully defended his dissertation! #ProudAdvisor
March 19, 2025 at 7:01 PM
Congratulations to Dr. Seyedhamed Ghavamnia (@s_hamedgh) who successfully defended his dissertation! #ProudAdvisor
C2C uses static code analysis and instrumentation to map configuration options to code, and at runtime reduces the application’s attack surface even further by filtering any system calls required exclusively by disabled features, based on the active configuration.
March 19, 2025 at 7:03 PM
C2C uses static code analysis and instrumentation to map configuration options to code, and at runtime reduces the application’s attack surface even further by filtering any system calls required exclusively by disabled features, based on the active configuration.
It turns out that for several server and client applications, obscure configuration options that are rarely used have dependencies on dangerous system calls that are not used by any other part of the program. The default and other common configurations do not depend on them!
March 19, 2025 at 7:03 PM
It turns out that for several server and client applications, obscure configuration options that are rarely used have dependencies on dangerous system calls that are not used by any other part of the program. The default and other common configurations do not depend on them!
Hamed (@s_hamedgh) presenting our work on configuration-driven system call filtering at @acm_ccs 2022 | paper: https://www3.cs.stonybrook.edu/~mikepo/papers/c2c.ccs22.pdf | source code: https://github.com/shamedgh/c2c
March 19, 2025 at 7:03 PM
Hamed (@s_hamedgh) presenting our work on configuration-driven system call filtering at @acm_ccs 2022 | paper: https://www3.cs.stonybrook.edu/~mikepo/papers/c2c.ccs22.pdf | source code: https://github.com/shamedgh/c2c
Using this mapping, Decap statically analyzes a given program and identifies the subset of capabilities it requires based on the system calls it invokes. Go ahead and try it out, and please send us your feedback! https://github.com/hasanmdme/decap
March 19, 2025 at 7:04 PM
Using this mapping, Decap statically analyzes a given program and identifies the subset of capabilities it requires based on the system calls it invokes. Go ahead and try it out, and please send us your feedback! https://github.com/hasanmdme/decap
After more than two decades since their introduction, we were (not) surprised to find that capabilities are rarely used. Out of 201 setuid programs in Ubuntu 18.04 (2018), only *seven* became capability-aware in Ubuntu 21.10 (2021)!
March 19, 2025 at 7:04 PM
After more than two decades since their introduction, we were (not) surprised to find that capabilities are rarely used. Out of 201 setuid programs in Ubuntu 18.04 (2018), only *seven* became capability-aware in Ubuntu 21.10 (2021)!
Linux solves this problem by dividing superuser privileges into distinct capabilities, each associated with a specific privileged operation. Non-privileged programs are assigned only the specific capabilities they need. Capabilities obviate the need for setuid.
March 19, 2025 at 7:04 PM
Linux solves this problem by dividing superuser privileges into distinct capabilities, each associated with a specific privileged operation. Non-privileged programs are assigned only the specific capabilities they need. Capabilities obviate the need for setuid.
Setuid is a practical solution for allowing users to execute programs with superuser privileges, but it violates the principle of least privilege. Vulnerabilities in setuid programs are prevalent and can lead to arbitrary code execution with root privileges.
March 19, 2025 at 7:03 PM
Setuid is a practical solution for allowing users to execute programs with superuser privileges, but it violates the principle of least privilege. Vulnerabilities in setuid programs are prevalent and can lead to arbitrary code execution with root privileges.
Hamed (@s_hamedgh) presenting our work on deprivileging programs by reducing their capabilities at #RAID2022 @RAID_Conference | paper: https://www3.cs.stonybrook.edu/~mikepo/papers/decap.raid22.pdf | source code: https://github.com/hasanmdme/decap
March 19, 2025 at 7:03 PM
Hamed (@s_hamedgh) presenting our work on deprivileging programs by reducing their capabilities at #RAID2022 @RAID_Conference | paper: https://www3.cs.stonybrook.edu/~mikepo/papers/decap.raid22.pdf | source code: https://github.com/hasanmdme/decap
Reminder: "perpetrator" is way cooler (and more accurate?) than "attacker" [source:
March 19, 2025 at 7:01 PM
Reminder: "perpetrator" is way cooler (and more accurate?) than "attacker" [source:
If your kid breaks your macbook’s screen and you have an ipad, you can use Sidecar for an instant temporary replacement to continue your urgent work..
March 19, 2025 at 7:01 PM
If your kid breaks your macbook’s screen and you have an ipad, you can use Sidecar for an instant temporary replacement to continue your urgent work..
How cool is that? 64 bits of core memory to play with! Available as an electronic kit from https://core64.io by @bikeandfly
March 19, 2025 at 7:02 PM
How cool is that? 64 bits of core memory to play with! Available as an electronic kit from https://core64.io by @bikeandfly
Congratulations to Dr. Nguyen Phong Hoang (@NP_tokumei) who successfully defended his dissertation! #ProudAdvisor
March 19, 2025 at 7:02 PM
Congratulations to Dr. Nguyen Phong Hoang (@NP_tokumei) who successfully defended his dissertation! #ProudAdvisor
Congratulations to Dr. Tapti Palit (@taptipalit) who successfully defended her dissertation! #ProudAdvisor
March 19, 2025 at 7:02 PM
Congratulations to Dr. Tapti Palit (@taptipalit) who successfully defended her dissertation! #ProudAdvisor
Phong (@NP_tokumei) presenting our work on measuring China's DNS censorship at @USENIXSecurity #usesec21 | paper: https://www3.cs.stonybrook.edu/~mikepo/papers/gfwatch.sec21.pdf | dashboard: https://gfwatch.org
March 19, 2025 at 7:02 PM
Phong (@NP_tokumei) presenting our work on measuring China's DNS censorship at @USENIXSecurity #usesec21 | paper: https://www3.cs.stonybrook.edu/~mikepo/papers/gfwatch.sec21.pdf | dashboard: https://gfwatch.org
Phong (@NP_tokumei) presenting our work on IP-based website fingerprinting at @PET_Symposium #PETS21 | paper: https://www3.cs.stonybrook.edu/~mikepo/papers/fingerprinting.pets21.pdf | data set: https://homepage.np-tokumei.net/publication/publication_2021_popets/
March 19, 2025 at 7:02 PM
Phong (@NP_tokumei) presenting our work on IP-based website fingerprinting at @PET_Symposium #PETS21 | paper: https://www3.cs.stonybrook.edu/~mikepo/papers/fingerprinting.pets21.pdf | data set: https://homepage.np-tokumei.net/publication/publication_2021_popets/
DynPTA combines static and dynamic analysis to support large applications with low overhead: it relies on the less precise but linear-time Steensgaard's points-to analysis algorithm, and uses scoped dynamic DFT and other optimizations to elide expensive instrumentation at runtime
March 19, 2025 at 7:04 PM
DynPTA combines static and dynamic analysis to support large applications with low overhead: it relies on the less precise but linear-time Steensgaard's points-to analysis algorithm, and uses scoped dynamic DFT and other optimizations to elide expensive instrumentation at runtime