I am an Professor of Computer Science and Engineering at The Pennsylvania State University. I am also co-director of the Systems and Internet Infrastructure Security (SIIS) Lab, a research laboratory focused on the study of security in diverse network and computer environments.

My main research area is computer security. I am interested in tools and techniques to enable developers to build higher integrity computer systems. This work applies systems and programming language techniques to harden deployments, primarily for the Linux operating system. I publish mainly in security conferences, but also in software engineering and operating systems conferences.

Recent News

Current Research Highlights

Process Firewall

Vulnerabilities often occur because adversaries trick processes into using the wrong resource. The Process Firewall protects processes by blocking access to unsafe resources for the current syscall. See EuroSys 2013 and USENIX 2012.

Read More

Hook Placement

Placing authorization hooks in legacy code is a difficult and error-prone task. We have found that User Choice is a useful metric for guiding placement, enabling the development of semi-automated methods. Appears in the 2012 ACM CCS.

Read More

Cloud Verifier

Cloud computing enables use of remote resources, but customers lack visibility to administer their computations. Our Cloud Verifier enables customers to verify that their cloud computations are configured as expected. See TRUST 2012 and CSAW 2013.

Read More

Operating Systems Security Book

My book, Operating System Security, was published by Morgan & Claypool in 2008. This book examines the concepts and techniques applied in the construction of "secure operating systems." Morrie Gasser published Building a Secure Computer System in 1988, which covers the foundations that we envisioned would be used to build secure computer systems (which I highly recommend), but my book covers experiences with those foundations and the subsequent concepts and techniques that have been developed in the following 20 years. Please let me know if you have comments.