Carter Yagemann

Carter Yagemann

Assistant Professor of Computer Science and Engineering at the Ohio State University with interests in automated vulnerability discovery, root cause analysis, and exploit prevention.

About

Education

Georgia Institute of Technology (Atlanta, GA), August 2016 - August 2022
Ph.D. Computer Science
Advisors: Professors Wenke Lee and Brendan Saltaformaggio
Thesis: Hardware-Assisted Processor Tracing for Automated Bug Finding and Exploit Prevention

Syracuse University (Syracuse, NY), August 2011 - May 2016
M.S., B.S. (magna cum laude), Computer Science
Advisor: Professor Wenliang (Kevin) Du
Thesis: Intentio Ex Machina: Android Intent Access Control via an Extensible Application Hook

Research Experience

The Ohio State University (Columbus, OH), August 2022 - Present
Assistant Professor

I am a professor at The Ohio State University where I teach classes and conduct research on topics pertaining to systems security, such as automated vulnerability discovery, root cause analysis, and exploit prevention.

Georgia Institute of Technology (Atlanta, GA), July 2016 - August 2022
Research Assistant

My Ph.D. research with Prof. Wenke Lee and Prof. Brendan Saltaformaggio focused on novel hardware-backed approaches for detecting and preventing software vulnerabilities using advanced program analysis techniques and machine learning. I also lead research on HECTOR for the DARPA Artificial Intelligence Mitigations of Emergent Execution (AIMEE) program. I formerly led projects in the Intel Science & Technology Center for Adversary-Resilient Security Analytics and contributed to THEIA for the DARPA Transparent Computing (TC) program.

Syracuse University (Syracuse, NY), May 2014 - May 2016
Research Assistant

During my M.S. research with Prof. Wenliang (Kevin) Du, I created teaching materials on the Shellshock vulnerability found in bash and published first-ever documentation on the Android Intent Firewall, garnering attention from researchers at companies like Square. I also designed an Android framework hook to allow for user level IPC access control between applications and the operating system, which became my thesis topic that received the Syracuse University Graduate School Master of Science Prize.

Industry Experience

JPMorgan Chase & Co. (Syracuse, NY), June 2012 - December 2013
Analyst, Information Technology Security Risk Management

I performed software vulnerability analysis and security penetration testing on large enterprise networks and banking systems. I also designed and implemented programs to increase the efficiency of metrics reporting, along with programs in Python, C, C#, and Java to detect malware, extract critical information from infected system memory and decrypt malicious network traffic.

Frontier Communications (Stamford, CT), June 2011 - August 2011
Web Developer

I worked on the development team for TumTiki, where I helped design and implement their video on demand service.