I am an Professor of Computer Science and Engineering at The Pennsylvania State University. I am also co-director of the Systems and Internet Infrastructure Security (SIIS) Lab, a research laboratory focused on the study of security in diverse network and computer environments.

My main research area is computer security. I am interested in tools and techniques to enable developers to build higher integrity computer systems. This work applies systems and programming language techniques to harden deployments, primarily for the Linux operating system.

Recent News

Current Research Highlights

OS Security

Our recent OS security work has examined OS mechanisms to protect processes from confused deputy attacks -- Process Firewall, see USENIX Security 2014 and ACM EuroSys 2013 -- prevent apps from misusing devices on mobile systems -- see ACSAC 2015 -- and hardware-based enforcement of control-flow integrity and kernel code integrity -- see ASPLOS 2017 (to appear) and IEEE MoST 2014.

Read More

Software Security

Our main focus in software security is to retrofit programs with security code, generally from declarative specifications of security. We have explored retrofitting programs with authorization hooks -- see ESSoS 2015 -- detecting restricted pointer use to enforce control-flow integrity more accurately and more efficiently -- see IEEE European S&P 2016 -- and detecting and removing insecure "copy relocations" -- see NDSS 2017 (to appear).

Read More

Cloud Security

Cloud customers lack visibility in cloud platforms to administer their computations. One particular problem is that cloud services used to administer customer computations have been found to have many vulnerabilities. We extend the OpenStack cloud to enable customers to validate that their cloud commands are performed as expected. See ACSAC 2016, IEEE Cloud 2015, and ACM Cloud Security Workshop 2014.

Read More

Operating Systems Security Book

My book, Operating System Security, was published by Morgan & Claypool in 2008. This book examines the concepts and techniques applied in the construction of "secure operating systems." Morrie Gasser published Building a Secure Computer System in 1988, which covers the foundations that we envisioned would be used to build secure computer systems (which I highly recommend), but my book covers experiences with those foundations and the subsequent concepts and techniques that have been developed in the following 20 years. Please let me know if you have comments.