Articles

Sep 27, 2024
Security

Awarded DARPA Young Faculty Award

I'm excited to announce that I've been recently awarded a DARPA Young Faculty Award (YFA) under the mentorship of Dr. Lok Yan. More details are available on the Ohio State College of Engineering website, to summarize: Carter Yagemann, who joined the Department of Computer Science and Engineering in 2022, was …

May 09, 2024
Security

AI Psychiatry to Appear in USENIX'24

My coauthors and I will be presenting the paper "AI Psychiatry: Forensic Investigation of Deep Learning Networks in Memory Images" at USENIX 2024 in August. Below is a preview of the abstract: Online learning is widely used in production to refine model parameters after initial deployment. This opens several vectors …

Jul 21, 2023
Security

CheatFighter to Appear in RAID'23

My coauthors and I will be presenting the paper "Extracting Threat Intelligence From Cheat Binaries For Anti-Cheating" at RAID 2023 in October. Below is a preview of the abstract: Rampant cheating remains a serious concern for game developers who fear losing loyal customers and revenue. While numerous anti-cheating techniques have …

Feb 24, 2023
Security

A Practical Beginner's Guide to Intel Processor Trace

Greetings, if you're reading this tutorial, chances are you have some interest in Intel Processor Trace (PT) and how it can improve your debugging or program analysis capabilities, but aren't sure how to get started. This is understandable, given that there aren't many practical tutorials on Intel PT and what …

Sep 23, 2022
Security

VulChecker Accepted to USENIX 2023

My coauthors and I will be presenting our work on detecting bugs in source code using machine learning at USENIX Security 2023. Below is a preview of the abstract: In software development, it is critical to detect vulnerabilities in a project as early as possible. Although, deep learning has shown …

Sep 02, 2022
Security

PUMM Accepted to USENIX 2023

My coauthors and I will be presenting our work on preventing use-after-free and double free vulnerabilities at USENIX Security 2023. Below is a preview of the abstract: Critical software is written in memory unsafe languages that are vulnerable to use-after-free and double free bugs. This has led to proposals to …

Aug 31, 2022
Security

Differentiating ARCUS (USENIX'21) and Bunkerbuster (CCS'21)

I've received several questions recently about two papers I published in 2021, one at USENIX (which I'll refer to here as ARCUS) and another at CCS (which I'll refer to as Bunkerbuster). You can find these papers at the USENIX and CCS conference websites, respectively. The question people have is …

Jun 03, 2022
Security

Update Regarding Halibut Bugs (CVE-2021-42612, CVE-2021-42613, CVE-2021-42614)

The bugs that I found using ARCUS in Halibut last year have been issued 3 CVE IDs: CVE-2021-42612 CVE-2021-42613 CVE-2021-42614 To the best of my knowledge, these bugs are now fixed in the latest release version, which at the time of writing is 1.3. Please refer to Halibut's project …

Mar 13, 2022
Security

Faculty Position at The Ohio State University

I have accepted an offer to become an Assistant Professor at The Ohio State University, starting in the Fall 2022 semester. I am currently looking to hire 1 Ph.D. student as a full-time graduate research assistant (GRA). If you are an incoming student and you're interested in cutting edge …

Oct 12, 2021
Security

Case Study: Security Analysis of Halibut

Over the past year I've been studying memory corruption vulnerabilities in Linux C/C++ programs, culminating in the open sourcing of a framework called ARCUS to find and explain them automatically using a combination of dynamic tracing and symbolic analysis. My work has led to two academic conference publications, one …

1 of 7
Next