Claudio Migliorelli

Welcome to my website. My name is Claudio. I am a Predoctoral Researcher at IBM Research Zürich and a PhD Student at EPFL, in Switzerland — supervised by Mathias Payer and co-supervised by Anil Kurmus. I am funded by an SNSF Grant (LinSpecteur). I have a Master's Degree in Computer Engineering from Politecnico di Milano and a Bachelor's Degree in Computer Science and Engineering from University of Rome "Tor Vergata".

My work is focused on the broad area of kernel security and hardening. More broadly, my work connects three areas: kernel-level heap feng shui, which studies how predictable allocator states can make exploitation more reliable; automated exploit generation, which helps distinguish truly dangerous kernel bugs from the large volume of issues found by fuzzers; and operating system hardening, which aims to reduce the impact and practicality of exploitation through stronger isolation and defensive design.

I use Emacs and I’m a strong supporter of open-source software. I run Linux and I developed some patches for the kernel that have been accepted and merged into the Linux kernel’s source tree (see kernel contributions).

Publications

Discovering, Characterizing, and Exploiting Controllable-Copy Objects for Kernel Data-Only Attacks with CopyKat (to appear)
- Jacob Koschel, Andrea Mambretti, Alessandro Sorniotti, Pietro Moretto, Claudio Migliorelli, Andrea Di Dio, Cristiano Giuffrida, Anil Kurmus.
- 35th USENIX Security Symposium (USENIX Security), Baltimore, USA, August 2026.
Cross-Cache Attacks for the Linux Kernel via PCP Massaging [PDF, BIB, YT]
- Claudio Migliorelli, Andrea Mambretti, Alessandro Sorniotti, Vittorio Zaccaria, Anil Kurmus.
- Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2026.

Teaching and Supervision

The following is an overview of the courses for which I have served as a teaching assistant. My duties generally include conducting interactive exercise and laboratory sessions, as well as preparing quizzes, exercises, and related course materials:

Software Security (EPFL, 2026)

I supervise (and have supervised) students working on both Master’s theses and practical projects. Since 2023, I have served as a project assistant for the Advanced Operating Systems Master's course at Politecnico di Milano, a role I continue to hold. Over the years, I have proposed numerous kernel security related projects and guided students through their development. Below is a quick overview of some of such projects:

Hijacking system calls via direct table modification [link]
UAF-OOB pivoting attack in the SLUB allocator [link]
Page-level UAF using struct pipe_buffer (and struct page pointer corruption) [link]
Cross-cache attacks via page reclamation [link]

Service

I have served as a reviewer for the following conferences and journals:

USENIX '26 (External Reviewer)

Invited talks and presentations

Advanced Operating Systems Master's course - Politecnico di Milano, Milan, Italy

Exploiting and Mitigating Memory Corruption in the Linux kernel

December 2025.
Cyber Resilience Network for the Canton of Zurich (CYREN): Cybersecurity Summer School - IBM Research, Zürich, Switzerland

Memory Massaging techniques in the Linux kernel

July 2025.

Contact

If you'd like to get in touch, email is the best way to reach me. You can also find me on a few other platforms.

E-mail: claudio.migliorelli@epfl.ch
GitHub: https://github.com/migliio
Mastodon: https://infosec.exchange/@migliio
Twitter: https://twitter.com/migliio
dblp: https://dblp.org/pid/317/4986

You can find my GPG key below.