Protecting complex networked systems before adversaries attack

Cybersecurity is a widely recognized concern that is becoming ever more important yet remains far from being solved. With information technology now being pervasive across most aspects of our private and public lives, and with increasing digitization and use of information processes in new domains, protecting systems and information remains critical. Dr. Angelos Keromytis, Associate Professor of Computer Science, at Columbia University, is interested in protecting these complex, networked systems while keeping them stable. The challenge however is that such systems, by definition, have many components that are themselves not easily understood, and are put together in a way that defies easy understanding. Dr. Keromytis and his team work to close the gaps available to adversaries and to enable systems that are “transparent” to their users and operators. By unraveling the pathways intruders use to infiltrate our networking systems, Dr. Keromytis is able to also develop systems that are inherently resilient to attacks by using novel techniques borrowed from nature or other fields.

Networking systems are becoming more complex as technology develops. Therefore, opportunities for attackers have become more prevalent as gaps in our understanding have unearthed opportunities for adversaries, allowing them to successfully intrude while remaining hidden. Dr. Keromytis’ work seeks to restore and enhance the trust of such networking systems for users on the basis of strong guarantees and user control. Aimed at practical applications, his work is helping to confront the growing necessity for cybersecurity in our modern world. With a tireless work ethic, supported by his numerous publications, 30 issued patents, and other tangible outcomes, in addition to a creative approach to cybersecurity, Dr. Keromytis’ research will continue to have an impact. Furthermore, his experience differentiates him from many researchers within his field as he has worked within academics, commercial industry, and for the government and therefore, understands the varying perspectives that weigh in for a holistic picture of where cybersecurity is headed.

Current research includes:

  • Detecting Attacks:  libDFT is a versatile and practical dynamic data flow tracking mechanism that provides insight into program execution by tracing how information is handled by a running application. This allows Dr. Keromytis and his team to detect a variety of attacks and to establish causal chains of system component interaction that can help answer the "why" question.

  • CloudFence: CloudFence is a framework build on libDFT that allows users to independently audit the treatment of their private data by third-party online services, through the intervention of the cloud provider that hosts these services.

  • Making Attacks a Challenge: MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution, adaptation, and misdirection as first-rate design principles. Dr. Keromytis’ goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary’s ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success.

  • ASSURE: is a system that introduces rescue points to recover software from unknown faults, while maintaining both system integrity and availability, by mimicking system behavior under known error conditions.

  • Spy in the Sandbox: Dr. Keromytis and his team have identified a new way that hackers can spy on PC users. By illuminating the ways in which hackers can gain access to computer systems, he and his team are working to mitigate their ability to do so. In other words, by understanding how hackers might gain insights, Dr. Keromytis can prevent them from doing so in the first place. More about Dr. Keromytis’ Spy in the Sandbox project can be found here.


Dr. Angelos Keromytis’ first exposure to computer security came when he was a high school student in Greece and was invited to visit a neighborhood friend who was a college student at a nearby Statistics department. While visiting, he saw his first unix terminal and was so intrigued that he spent more than four hours exploring it. In his meandering, he came across a system utility that administrators used to manage the system and before long, he managed to elevate his privileges to be a system administrator through what is now called “command injection”. Because his “hack” occurred in the early 90’s, the system administrators were amused by Dr. Keromytis’ exploit and congratulated him on finding the vulnerability without causing any damage.

After going to college the following year and pursuing a similar line of learning and exploration, the administrators at his college decided that before he broke something in the system, they needed to include him in its care. Therefore, he was invited, during his freshmen year, to work as a system administrator at the Computing Center for the University of Crete. This opportunity led to a part-time job offer while still in school with the first commercial Greek ISP, where he was largely responsible for security.

Additionally, while in college, Dr. Keromytis had the chance to take a class on security from an adjunct professor who had recently received his Ph.D. from Columbia University. After only a few weeks, the two of them started working on a project together for a company in New York to investigate a firewall program they were considering expanding. Their relationship blossomed into a strong mentorship and friendship in which Dr. Keromytis was eventually introduced to a professor at the University of Pennsylvania, who eventually became his Ph.D. advisor.

Dr. Keromytis continues to enjoy research within cybersecurity because of its constant evolution and its adversarial nature. At the same time, he likes taking a broad view of problems and exploring unorthodox approaches and solutions to them, which is a natural fit for the research process!

In his free time, aside from research, Dr. Keromytis has a passion for scuba diving and remarks that being an “avid scuba diver doesn’t even begin to cover it.” After his wife suggested becoming certified in 2003, his passion took off. He now teaches instructors and regularly is exploring underwater. In fact, he even presided over a wedding ceremony for two former graduate students on the seafloor!



ACM CCS 2013 Test of Time Award

"Countering Code-Injection Attacks With Instruction-Set Randomization" Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. In Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), pp. 272 - 280. October 2003, Washington, DC

Elected ACM Distinguished Scientist in 2012

Best paper award

"REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points" Georgios Portokalidis and Angelos D. Keromytis. In Proceedings of the 6th International Workshop on Security (IWSEC), pp. 16 - 32. November 2011, Tokyo, Japan.

Best paper award

"ROP Payload Detection Using Speculative Code Execution" Michalis Polychronakis and Angelos D. Keromytis. In Proceedings of the 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 58 - 65. October 2011, Fajardo, PR.