I am an Professor of Computer Science and Engineering at The Pennsylvania State University. I am also co-director of the Systems and Internet Infrastructure Security (SIIS) Lab, a research laboratory focused on the study of security in diverse network and computer environments.

My main research area is computer security. I am interested in tools and techniques to enable developers to build higher integrity computer systems. This work applies systems and programming language techniques to harden deployments, primarily for the Linux operating system.

Recent News

Current Research Highlights

OS Security

Vulnerabilities often occur because adversaries trick processes into using the wrong resource. The Process Firewall protects processes by blocking access to unsafe resources for the current syscall. See USENIX Security 2014 and EuroSys 2013.

Read More

Retrofit Security

Placing authorization hooks in legacy code is a difficult and error-prone task. We have found that User Choice is a useful metric for guiding placement, enabling the development of semi-automated methods. Appears in the ACM CCS 2012 and report.

Read More

Cloud Security

Cloud customers lack visibility to administer their computations or ensure valid execution. We extend the OpenStack cloud to enable customers to validate that their cloud commands are performed and their computations are run as expected. See Cloud Verifier and CloudArmor.

Read More

Operating Systems Security Book

My book, Operating System Security, was published by Morgan & Claypool in 2008. This book examines the concepts and techniques applied in the construction of "secure operating systems." Morrie Gasser published Building a Secure Computer System in 1988, which covers the foundations that we envisioned would be used to build secure computer systems (which I highly recommend), but my book covers experiences with those foundations and the subsequent concepts and techniques that have been developed in the following 20 years. Please let me know if you have comments.