Carter Yagemann

Assistant Professor of Computer Science and Engineering at the Ohio State University with interests in automated vulnerability discovery, root cause analysis, exploit prevention, and cyber-physical security.

Security Articles

Oct 12, 2021
Security

Case Study: Security Analysis of Halibut

Over the past year I've been studying memory corruption vulnerabilities in Linux C/C++ programs, culminating in the open sourcing of a framework called ARCUS to find and explain them automatically using a combination of dynamic tracing and symbolic analysis. My work has led to two academic conference publications, one …

Sep 06, 2021
Security

Bunkerbuster to Appear in CCS'21

My coauthors and I will be presenting the paper, Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis, at CCS 2021. Below is a preview of the abstract: The increasing cost of successful cyberattacks has caused a mindset shift, whereby defenders now employ proactive defenses, namely software bug hunting, alongside …

Aug 31, 2021
Security

MARSARA to Appear in CCS'21

My coauthors and I will be presenting a paper on "Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks" at CCS 2021. Below is a preview of the abstract: Provenance-based causal analysis of audit logs has proven to be an invaluable method of investigating system intrusions. However, it also …

May 26, 2021
Security

"Modeling Large-Scale Manipulation in Open Stock Markets" to Appear in IEEE Security & Privacy

An article my coauthors and I wrote on automated large-scale market manipulation will be appearing in the November issue of IEEE Security & Privacy. It is currently available early access here. Below is the abstract: This article studies the feasibility of using a botnet to automate stock market manipulation, incorporating data …

Feb 08, 2021
Security

ARCUS System and Dataset Released

We have released the source code and evaluation dataset for "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems," which will be appearing at USENIX Security 2021 in August, 2021. The paper will be ready for publication in about a month.

Dec 12, 2020
Security

Vulnerability Root Cause Analysis Approach "ARCUS" to Appear in USENIX'21

My coauthors and I will be presenting a paper "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems" at USENIX Security 2021 in August, 2021. Below is a preview of the abstract: End-host runtime monitors (e.g., CFI, system call IDS) flag processes in response to symptoms of a …

Oct 26, 2020
Security

"Justitia" Biometric Privacy to Appear in ASIACCS'21

My coauthors and I will be presenting the paper "Cryptographic Key Derivation from Biometric Inferences for Remote Authentication" at Asia CCS 2021 in June of next year. Below is a preview of the abstract: Biometric authentication is getting increasingly popular because of its appealing usability and improvements in biometric sensors …

Oct 04, 2020
Security

"Bot2Stock" to Appear in ACSAC'20

My coauthors and I will be presenting a paper "On the Feasibility of Automating Stock Market Manipulation" at ACSAC 2020 in December. Below is a preview of the abstract: This work presents the first findings on the feasibility of using botnets to automate stock market manipulation. Our analysis incorporates data …

Jun 29, 2020
Security

New CVE Published (CVE-2020-14931)

CVE-2020-14931 has been assigned for a vulnerability I found in DMitry. The details are available here. This issue is currently being patched.

Jun 18, 2020
Security

Fuzzers Suck: New 0-Day Shows We Need To Do Better

Fuzz testing (more commonly known as "fuzzing") has become a predominate technique for bug hunting because it's easy to deploy and yields results. Academic security research is now flooded with papers on the topic — USENIX Security alone accepted 7 papers in the 2020 Fall submission cycle — many of which propose …

Previous
2 of 4
Next