Claudio Migliorelli

Claudio Migliorelli

Welcome to my website. My name is Claudio. I am a Predoctoral Researcher at IBM Research Zürich and a PhD Student at EPFL, in Switzerland — supervised by Mathias Payer and co-supervised by Anil Kurmus. I am funded by an SNSF Grant (LinSpecteur). I have a Master's Degree in Computer Engineering from Politecnico di Milano and a Bachelor's Degree in Computer Science and Engineering from University of Rome "Tor Vergata".

My work is focused on the broad area of kernel security and hardening.

I use Emacs and I’m a strong supporter of open-source software. I run Linux and I developed some patches for the kernel that have been accepted and merged into the Linux kernel’s source tree (see kernel contributions).

Publications

  • Cross-Cache Attacks for the Linux Kernel via PCP Massaging [PDF, BIB]
    • Claudio Migliorelli, Andrea Mambretti, Alessandro Sorniotti, Vittorio Zaccaria, Anil Kurmus.
    • Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2026.

Research interests

My research focuses on strengthening the security of the Linux kernel. More broadly, I work across three tightly connected areas:

  • Kernel‑Level Heap Feng Shui — interacting with the kernel through legitimate interfaces (such as system calls) while subtly influencing its memory layout. By inducing predictable allocator states, it transforms fragile exploitation primitives into stable, reliable ones—and in doing so, reveals the design principles needed for the next generation of kernel hardening.
  • Automated Exploit Generation (AEG) — distinguishing truly dangerous kernel vulnerabilities from the large volume of issues uncovered daily by modern fuzzers like syzkaller. By automatically analyzing what capabilities a bug grants an attacker and whether exploitable kernel objects are within reach, AEG helps identify which flaws are likely exploitable, allowing security teams to prioritize timely fixes.
  • Operating System Hardening and Compartmentalization — reducing the practicality of exploitation altogether rather than attempting to patch every single bug. This involves reinforcing critical kernel components and introducing isolation mechanisms that limit the impact of successful attacks. It’s a wide-ranging field that unites many techniques, each contributing to increasing the cost and complexity of exploiting kernel vulnerabilities.

Teaching and Supervision

The following is an overview of the courses for which I have served as a teaching assistant. My duties generally include conducting interactive exercise and laboratory sessions, as well as preparing quizzes, exercises, and related course materials:

I supervise (and have supervised) students working on both Master’s theses and practical projects. Since 2023, I have served as a project assistant for the Advanced Operating Systems Master's course at Politecnico di Milano, a role I continue to hold. Over the years, I have proposed numerous kernel security related projects and guided students through their development. Below is a quick overview of some of such projects:

  • Hijacking system calls via direct table modification [link]
  • UAF-OOB pivoting attack in the SLUB allocator [link]
  • Page-level UAF using struct pipe_buffer (and struct page pointer corruption) [link]
  • Cross-cache attacks via page reclamation [link]

Service

I have served as a reviewer for the following conferences and journals:

  • USENIX '26 (External Reviewer)

Invited talks and presentations

Contact

If you'd like to get in touch, email is the best way to reach me. You can also find me on a few other platforms.