I am a Professor of Computer Science and Engineering at The Pennsylvania State University. My main research interests are computer and network security, particularly improving the security of operating systems and software in general.

Professor Jaeger is the Consortium Lead for the CCDC - Army Research Lab's Cyber Security Collaborative Research Alliance, a joint government-industry-academia research project exploring the Science of Cybersecurity through 2023.

Professor Jaeger is an Associate Editor-in-Chief for IEEE Security & Privacy Magazine and an Associate Editor for Contributions for the Communications of the ACM. Please submit columns and articles!

And my students do great work which produced the news items and highlights below. I am always looking for motivated students interested in software and systems security.

News Items

Recent Research Highlights

Software Security

Our NDSS 2022 paper proposes DataGuard, the first approach that fully protects safe stack objects from attacks on spatial, type, and temporal memory errors efficiently. DataGuard provides a more accurate memory safety validation analysis that extends stack protection to an average of 91.45% of all stack objects, i.e., those that can only be referenced safely. DataGuard reduces the overhead of using Clang’s Safe Stack defense for protection of the SPEC CPU2006 benchmarks from 11.3% to 4.3%, demonstrating that a comprehensive and accurate analysis can both increase the scope of stack data protection and reduce overheads. Also, see our other NDSS 2022 paper on incremental vulnerability detection and our 2021 ACM TOPS paper on data-oriented attacks.

Mobile Security

Our USENIX Security 2021 paper proposes PolyScope, the first tool for triaging Android systems for the sources of possible filesystem access vulnerabilities comprehensively using their combination of access control policies. PolyScope is a policy analysis tool that: (1) identifies the filesystem resources that subjects are authorized to use that may be modified by their adversaries and (2) determines the specific filesystem operations that require vulnerability testing. Using PolyScope, we detect two previously unknown vulnerabilities and derive vulnerability testing requirements for nine Android and OEM versions. Also, see our 2021 IEEE S&P paper on the Android Scoped Storage defense and our 2021 IEEE Surveys paper on sensor-based threats to IoT and mobile systems.

Systems Security

Our VEE 2020 paper on Lightweight Virtual Domains (LVDs) was awarded "Best Paper" of the conference. LVDs provide a mechanism to isolate components (e.g., drivers) from the kernel securely within supervisor mode with good performance using the extended page table (EPT) mechanism. LVDs enforce five security invariants to prevent a variety of attacks on the kernel from the isolated components. Through techniques like exitless interrupt delivery, LVDs are able to maintain good kernel performance when using isolated components, incurring less than 5% overhead for the Phoronix benchmarks. Also, see our ACM AsiaCCS paper on Linux Security Module (LSM) performance and our HomeEndorser paper on protecting IoT systems from malicious apps.

Operating Systems Security Book

My book, Operating System Security, was published by Morgan & Claypool in 2008. This book examines the concepts and techniques applied in the construction of "secure operating systems." It has been taught in security courses around the world. Also, see Morrie Gasser's book Building a Secure Computer System from 1988 for more. Please let me know if you have comments.