Carter Yagemann

Carter Yagemann

Assistant Professor of Computer Science and Engineering at the Ohio State University with interests in automated vulnerability discovery, root cause analysis, exploit prevention, and cyber-physical security.

About

The Ohio State University (2022–Present)
Assistant Professor

I am an Assistant Professor of Computer Science and Engineering at The Ohio State University where I teach classes and conduct research on topics pertaining to systems security, such as automated vulnerability discovery, root cause analysis, exploit prevention, and cyber-physical security. Prior to joining Ohio State, I received my Ph.D. in Computer Science from the Georgia Institute of Technology and my B.S. and M.S. in Computer Science from Syracuse University. I also worked at JPMorgan Chase in ethical hacking and cyber-threat intelligence. My research interests also include malware analysis, machine learning, and agent-based simulation.


Education

Georgia Institute of Technology (2016–2022)
Ph.D. Computer Science
Advisors: Professors Wenke Lee and Brendan Saltaformaggio
Thesis: Hardware-Assisted Processor Tracing for Automated Bug Finding and Exploit Prevention


Syracuse University (2011–2016)
M.S., B.S. (magna cum laude), Computer Science
Advisor: Professor Wenliang (Kevin) Du
Thesis: Intentio Ex Machina: Android Intent Access Control via an Extensible Application Hook


Prior Research Experience

Georgia Institute of Technology (2016–2022)
Research Assistant

My Ph.D. research with Prof. Wenke Lee and Prof. Brendan Saltaformaggio focused on novel hardware-backed approaches for detecting and preventing software vulnerabilities using advanced program analysis techniques and machine learning. I also lead research on HECTOR for the DARPA Artificial Intelligence Mitigations of Emergent Execution (AIMEE) program. I formerly led projects in the Intel Science & Technology Center for Adversary-Resilient Security Analytics and contributed to THEIA for the DARPA Transparent Computing (TC) program.


Syracuse University (2014–2016)
Research Assistant

During my M.S. research with Prof. Wenliang (Kevin) Du, I created teaching materials on the Shellshock vulnerability found in bash and published first-ever documentation on the Android Intent Firewall, garnering attention from researchers at companies like Square. I also designed an Android framework hook to allow for user level IPC access control between applications and the operating system, which became my thesis topic that received the Syracuse University Graduate School Master of Science Prize.


Prior Industry Experience

JPMorgan Chase & Co. (2012–2013)
Analyst, Information Technology Security Risk Management

I performed software vulnerability analysis and security penetration testing on large enterprise networks and banking systems. I also designed and implemented programs to increase the efficiency of metrics reporting, along with programs in Python, C, C#, and Java to detect malware, extract critical information from infected system memory and decrypt malicious network traffic.


Frontier Communications (2011–2011)
Web Developer

I worked on the development team for TumTiki, where I helped design and implement features for their video-on-demand (VoD) service.