Overview

I am an Professor of Computer Science and Engineering at The Pennsylvania State University (officially July 1, 2013). I am also co-director of the Systems and Internet Infrastructure Security (SIIS) Lab, a research laboratory focused on the study of security in diverse network and computer environments.

My main research area is computer security. I am interested in tools and techniques to enable developers to build higher integrity computer systems. This work applies systems and programming language techniques to harden deployments, primarily for the Linux operating system. I publish mainly in security conferences, but also in software engineering and operating systems conferences.

Recent News

Current Research Highlights

Name Resolution

System calls that resolve names are vulnerable to a variety of attacks. We find program bugs automatically by producing a test case whenever an adversary can modify a name resolution. Appears in the 2012 USENIX Security Symposium.

Read More

Hook Placement

Placing authorization hooks in legacy code is a difficult and error-prone task. We have found that user choice is a useful metric for guiding placement, enabling the development of semi-automated methods. Appears in the 2012 ACM CCS.

Read More

Cloud Verifier

Cloud computing enables use of remote resources, but customers lack visibility to administer their computations. Our Cloud Verifier enables customers to verify that their cloud computations are configured as expected. Sponsored by the NSF.

Read More

Operating Systems Security Book

My book, Operating System Security, was published by Morgan & Claypool in 2008. This book examines the concepts and techniques applied in the construction of "secure operating systems." Morrie Gasser published Building a Secure Computer System in 1988, which covers the foundations that we envisioned would be used to build secure computer systems (which I highly recommend), but my book covers experiences with those foundations and the subsequent concepts and techniques that have been developed in the following 20 years. Please let me know if you have comments.