Academia and more

Cristian Cadar , Luís Pina , John Regehr What should you do if you’re worried that someone might have exploited a compiler bug to introduce a backdoor into code that you are running? One option is to find a bug-free compiler. Another is to run versions of the code produced by multiple compilers and to compare the results (of course, under the additional assumption that the same bug does not affect all the compilers). For some programs, such as those whose only effect is to produce a text file, comparing the output is easy. For others, such as servers, this is more difficult and specialized system support is required. Today we’ll look at using Varan the Unbelievable to defeat the sudo backdoor from the PoC||GTFO article. Varan is a multi-version execution system that exploits the fact that if you have some unused cores, running additional copies of a program can be cheap. Varan designates a leader process whose system call activity is recorded in a shared ring buffer, and on...

As in all scientific disciplines, peer review plays a core role in computer science research. But one aspect that sets apart our discipline from others is that most areas of computer science are driven by conference rather than journal publications. This has been discussed numerous times, and whether our community should change its publication culture is a controversial subject; just Google "conferences vs. journals in computer science" if you are not familiar with this debate. One key advantage of conference publications is their quick reviewing cycle, which is often assumed to be in conflict with a careful, high-quality reviewing process. While the high reviewing load and the tight deadlines imposed on program committee (PC) members of top conferences do indeed endanger the peer review process, I argue that the conference reviewing process is in many ways of higher-quality than that used by journals. I will discuss two such aspects below. (1) Conference reviewing puts a...