*Date and Location* 1 July 2026, *16:00* Universität Bern, Hauptgebäude, Hochschulstrasse 4, Seminarraum 206

*Speaker* Alessandro Sorniotti IBM Research - Zurich

*Title* Automating Linux Kernel Security: From Bug Discovery to Exploit Synthesis

*Abstract* This talk presents a high-level view of modern approaches to Linux kernel security, spanning both offensive and defensive perspectives. We outline a pipeline that starts from bug discovery -- leveraging fuzzing and sanitizers -- and progresses through primitive and object analysis toward automated exploit generation (AEG). Key ideas include extracting attacker-controlled inputs via symbolic and concolic techniques, reasoning about bug "capabilities" and systematically matching them with target objects to construct viable exploitation paths. We also briefly discuss how these insights feed into defensive tooling, such as exploitability assessment, bug ranking, and patch assistance, highlighting opportunities for automation across the vulnerability lifecycle.

*Brief bio* Alessandro Sorniotti is a Principal Research Scientist working in system security and applied cryptography. His research has spanned operating systems and low-level software security -- covering vulnerability discovery, exploit development, and automated analysis -- as well as applied cryptography and blockchain technologies. In that space, he has worked on protocols and systems for distributed trust, digital assets, and secure transaction processing. More recently, his work has explored automation and data-driven approaches for vulnerability analysis, exploitability assessment, and patching, bridging offensive and defensive security across domains.

---

Please note the earlier talk by Judith Senn at 15:00.

See you there!

Christian Cachin

--- Christian Cachin email: christian.cachin@unibe.ch Cryptology and Data Security Group web: crypto.unibe.ch/cc Institute of Computer Science tel: +41 31 684 8560 University of Bern Neubrückstrasse 10, CH-3012 Bern, Switzerland