I am an Professor of Computer Science and Engineering at The Pennsylvania State University. I am also co-director of the Systems and Internet Infrastructure Security (SIIS) Lab, which is focused on the study of security in diverse network and computer environments. My main research area is computer security. I am interested in tools and techniques to enable developers to build higher integrity computer systems.

Recent News

Professor Jaeger has become the University Lead for the CCDC - Army Research Lab's Cyber Security Research Alliance, a collaborative research project between the U.S. Army, seven universities, and two industrial partners, exploring the Science of Cyberesecurity until 2023.

Professor Jaeger has been selected to serve as the General Chair for the Network and Distributed Systems Security Symposium for 2019 and 2020. Look forward to seeing your there!

Professor Jaeger has been awarded a grant for the DARPA GAPS program with Gang Tan of PSU and researchers at Penn, Columbia, and Perspecta Labs (the PI).

See our recent papers on automated software patching and mobile system security published in 2019 IEEE Symposium on Security and Privacy and the 2019 USENIX Security Symposium (final version not ready yet), respectively.

And my students do great work which produced the news items and highlights below. I am always looking for motivated students interested in software and systems security.

More News

Current Research Highlights

Software Security

Recent research in software security has explored methods for automated software patching from safety properties at the 2019 IEEE S&P, automated exploit generation against strong defenses at the 2018 ACM CCS, automated privilege separation accounting for pointers at the 2017 ACM CCS. Also, see papers on exploiting access control in provenance in ACM TOIT (2017), intrusion detection for long attack paths in ACM TOPS (2017), and securing CFI enforcement in 2017 NDSS.

Mobile Security

Research in mobile systems security has focused on two main problems: (1) protecting users from apps that misuse mobile device sensors, including papers in 2019 USENIX Security Symposium, in 2017 USENIX Security Symposium and 2015 ACSAC and (2) providing a trusted computing base for mobile systems and critical apps, including papers in 2019 IEEE TDSC and 2017 MobiSys. Also, see TrustZone Sprobes paper for a method to prevent kernel code injection.

Systems Security

Research in systems security has focused on two main problems: (1) cloud systems security, including papers on security namespaces for container systems in 2018 USENIX Security and DIFC for cloud systems in 2016 ACSAC and (2) CFI enforcement mechanisms for kernels and userspace, including papers in 2017 ASPLOS and 2016 IEEE Euro S&P. See also the paper on hardware-based shadow stack enforcement 2019 DATE and the mobile security platform papers.

Operating Systems Security Book

My book, Operating System Security, was published by Morgan & Claypool in 2008. This book examines the concepts and techniques applied in the construction of "secure operating systems." Morrie Gasser published Building a Secure Computer System in 1988, which covers the foundations that we envisioned would be used to build secure computer systems (which I highly recommend), but my book covers experiences with those foundations and the subsequent concepts and techniques that have been developed in the following 20 years. Please let me know if you have comments.