I am a Professor of Computer Science and Engineering at The Pennsylvania State University. My main research interests are computer and network security, particularly improving the security of operating systems and software in general.

Professor Jaeger is the Consortium Lead for the CCDC - Army Research Lab's Cyber Security Collaborative Research Alliance, a joint government-industry-academia research project exploring the Science of Cybersecurity through 2023.

Professor Jaeger is an Associate Editor-in-Chief for IEEE Security & Privacy Magazine and an Associate Editor for Contributions for the Communications of the ACM. Please submit columns and articles!

And my students do great work which produced the news items and highlights below. I am always looking for motivated students interested in software and systems security.

News Items

Recent Research Highlights

Software Security

Our NDSS 2022 paper proposes DataGuard, the first approach that fully protects safe stack objects from attacks on spatial, type, and temporal memory errors efficiently. DataGuard provides a more accurate memory safety validation analysis that extends stack protection to an average of 91.45% of all stack objects, i.e., those that can only be referenced safely. DataGuard reduces the overhead of using Clang’s Safe Stack defense for protection of the SPEC CPU2006 benchmarks from 11.3% to 4.3%, demonstrating that a comprehensive and accurate analysis can both increase the scope of stack data protection and reduce overheads. Also, see our other NDSS 2022 paper on incremental vulnerability detection and our 2021 ACM TOPS paper on data-oriented attacks.

Mobile Security

Our USENIX Security 2021 paper proposes PolyScope, the first tool for triaging Android systems for the sources of possible filesystem access vulnerabilities comprehensively using their combination of access control policies. PolyScope is a policy analysis tool that: (1) identifies the filesystem resources that subjects are authorized to use that may be modified by their adversaries and (2) determines the specific filesystem operations that require vulnerability testing. Using PolyScope, we detect two previously unknown vulnerabilities and derive vulnerability testing requirements for nine Android and OEM versions. Also, see our 2021 IEEE S&P paper on the Android Scoped Storage defense and our 2021 IEEE Surveys paper on sensor-based threats to IoT and mobile systems.

Systems Security

Our OSDI 2022 paper on KSplit, a new framework for isolating unmodified device drivers in modern, full-featured Linux kernels. KSplit performs automated analyses on the unmodified source code of the kernel and the driver to: 1) identify the state shared between the kernel and driver and 2) to compute the synchronization requirements for this shared state to enable correct and efficient operation. KSplit generates the synchronization code for complex kernel-driver interactions, including for shared concurrency primitives, automatically or provides concrete developer guidance, largely addressing a long-standing problem. Also, see our ACM AsiaCCS paper on Linux Security Module (LSM) performance, our Lightweight Virtual Domains paper, the "Best Paper" Awardee for VEE 2020.

Operating Systems Security Book

My book, Operating System Security, was published by Morgan & Claypool in 2008. This book examines the concepts and techniques applied in the construction of "secure operating systems." It has been taught in security courses around the world. Also, see Morrie Gasser's book Building a Secure Computer System from 1988 for more. Please let me know if you have comments.