I am an Professor of Computer Science and Engineering at The Pennsylvania State University. I am also co-director of the Systems and Internet Infrastructure Security (SIIS) Lab, which is focused on the study of security in diverse network and computer environments. My main research area is computer security. I am interested in tools and techniques to enable developers to build higher integrity computer systems.

Research News

Professor Jaeger is the Consortium Lead for the CCDC - Army Research Lab's Cyber Security Research Alliance, a collaborative research project between the U.S. Army, seven universities, and two industrial partners, exploring the Science of Cybersecurity through 2023.

See our recent papers published in 2019 IEEE Symposium on Security and Privacy (on automated software patching), the 2019 USENIX Security Symposium (on mobile system security), and the 2019 ACM CCS (on optimizing privilege separation).

Professor Jaeger has been awarded a grant for the DARPA GAPS program with Gang Tan of PSU and researchers at Penn, Columbia, and Perspecta Labs (the PI).

Community Service News

Professor Jaeger has been selected to serve on the International Academic Advisory Board for Phase 3 of the UK's Cyber Security Body of Knowledge Project. We are trying collect and leverage the accumulated knowledge of the cybersecurity research community (thanks to the many reknowned authors for their contributions and to the many esteemed reviewers for improvements).

Professor Jaeger is the General Chair for the Network and Distributed Systems Security Symposium for 2020. Look forward to seeing your there!

Professor Jaeger serves on the Executive Committee for the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) as Past Chair, as well as being a member of the Steering Committee for ACM CCS. Thanks to everyone who contributes to SIGSAC and CCS!

Professor Jaeger now serves as an Associate Editor for IEEE Security & Privacy Magazine. Please submit columns and articles!

More News

Current Research Highlights

Software Security

Recent research in software security has explored methods for automated software patching from safety properties at 2019 IEEE S&P, automated exploit generation against strong defenses at 2018 ACM CCS, and automating performance/security trade-offs for privilege separation at 2019 ACM CCS. Also, see papers on exploiting access control in provenance in ACM TOIT (2017), intrusion detection for long attack paths in ACM TOPS (2017), and securing CFI enforcement in 2017 NDSS.

Mobile Security

Research in mobile systems security has focused on two main problems: (1) protecting users from apps that misuse mobile device sensors, including papers in 2019 USENIX Security Symposium, in 2017 USENIX Security Symposium and 2015 ACSAC and (2) providing a trusted computing base for mobile systems and critical apps, including papers in 2019 IEEE TDSC and 2017 MobiSys. Also, see TrustZone Sprobes paper for a method to prevent kernel code injection.

Systems Security

Research in systems security has focused on two main problems: (1) cloud systems security, including papers on security namespaces for container systems in 2018 USENIX Security and DIFC for cloud systems in 2016 ACSAC and (2) CFI enforcement mechanisms for kernels and userspace, including papers in 2017 ASPLOS and 2016 IEEE Euro S&P. See also the paper on hardware-based shadow stack enforcement 2019 DATE and the mobile security platform papers.

Operating Systems Security Book

My book, Operating System Security, was published by Morgan & Claypool in 2008. This book examines the concepts and techniques applied in the construction of "secure operating systems." Morrie Gasser published Building a Secure Computer System in 1988, which covers the foundations that we envisioned would be used to build secure computer systems (which I highly recommend), but my book covers experiences with those foundations and the subsequent concepts and techniques that have been developed in the following 20 years. Please let me know if you have comments.