Carter Yagemann

Carter Yagemann

Assistant Professor of Computer Science and Engineering at The Ohio State University, specializing in systems and software security, including vulnerability discovery, exploit prevention, fault injection, cyber-physical systems, and financial market security.

Articles

VerDiff Vulnerability Presence Verification to Appear in ACSAC 2025

My coauthors and I will be presenting the paper "VerDiff: Vulnerability Presence Verification for Comprehensive Reporting Using Constraint Programming" at the Annual Computer Security Applications Conference (ACSAC) in December. Below is a preview of the abstract: Security practitioners often rely on a collaborative ecosystem of analysts and authorities to publicly …

DiscScope Decompiler Study to Appear in ASIACCS 2025

My coauthors and I will be presenting the paper "An Empirical Study of C Decompilers: Performance Metrics and Error Taxonomy" at ACM ASIACCS 2025 in August. Below is a preview of the abstract: Decompilation aims to simplify reverse engineering by transforming binary code into a high-level representation, such as C-like …

GoSonar to Appear in IEEE S&P 2025

My coauthors and I will be presenting the paper "GoSonar: Detecting Logical Vulnerabilities in Memory Safe Language Using Inductive Constraint Reasoning" at IEEE S&P 2025 in May. Below is a preview of the abstract: As the global community advocates for the adoption of memory-safe programming languages, a significant research …

Awarded DARPA Young Faculty Award

I'm excited to announce that I've been recently awarded a DARPA Young Faculty Award (YFA) under the mentorship of Dr. Lok Yan. More details are available on the Ohio State College of Engineering website, to summarize: Carter Yagemann, who joined the Department of Computer Science and Engineering in 2022, was …

AI Psychiatry to Appear in USENIX'24

My coauthors and I will be presenting the paper "AI Psychiatry: Forensic Investigation of Deep Learning Networks in Memory Images" at USENIX 2024 in August. Below is a preview of the abstract: Online learning is widely used in production to refine model parameters after initial deployment. This opens several vectors …

CheatFighter to Appear in RAID'23

My coauthors and I will be presenting the paper "Extracting Threat Intelligence From Cheat Binaries For Anti-Cheating" at RAID 2023 in October. Below is a preview of the abstract: Rampant cheating remains a serious concern for game developers who fear losing loyal customers and revenue. While numerous anti-cheating techniques have …

A Practical Beginner's Guide to Intel Processor Trace

Greetings, if you're reading this tutorial, chances are you have some interest in Intel Processor Trace (PT) and how it can improve your debugging or program analysis capabilities, but aren't sure how to get started. This is understandable, given that there aren't many practical tutorials on Intel PT and what …

VulChecker Accepted to USENIX 2023

My coauthors and I will be presenting our work on detecting bugs in source code using machine learning at USENIX Security 2023. Below is a preview of the abstract: In software development, it is critical to detect vulnerabilities in a project as early as possible. Although, deep learning has shown …

PUMM Accepted to USENIX 2023

My coauthors and I will be presenting our work on preventing use-after-free and double free vulnerabilities at USENIX Security 2023. Below is a preview of the abstract: Critical software is written in memory unsafe languages that are vulnerable to use-after-free and double free bugs. This has led to proposals to …

Differentiating ARCUS (USENIX'21) and Bunkerbuster (CCS'21)

I've received several questions recently about two papers I published in 2021, one at USENIX (which I'll refer to here as ARCUS) and another at CCS (which I'll refer to as Bunkerbuster). You can find these papers at the USENIX and CCS conference websites, respectively. The question people have is …