home
PickleBall: Secure Deserialization of Pickle-based Machine Learning Models
Andreas D. Kellas, Neophytos Christou, Wenxin Jiang, Penghui Li,
Laurent Simon, Yaniv David, Vasileios P. Kemerlis, James C. Davis, Junfeng
Yang
ACM Conference on Computer and Communications Security (CCS), Oct 2025.
QUACK: Hindering Deserialization Attacks via Static Duck Typing
Yaniv David, Neophytos Christou, Andreas D. Kellas, Vasileios P. Kemerlis, and Junfeng Yang
Network and Distributed System Security Symposium (NDSS), Feb 2024.
Divergent Representations: When Compiler Optimizations Enable Exploitation
Andreas D. Kellas, Alan Cao, Peter Goodman, and Junfeng Yang
IEEE Workshop on Offensive Technologies (WOOT), May 2023.
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
Meghna Pancholi, Andreas D. Kellas, Vasileios P. Kemerlis, and Simha Sethumadhavan
ArXiv preprint arXiv:2204.06131, 2022.