Contact Information
Penn State University344 IST Building
University Park, PA 16802
Email: enck at cse.psu.edu
Phone: 814-863-7745
I am a fifth year graduate student working on a doctoral degree from the Department of Computer Science and Engineering (CSE) at The Pennsylvania State University (PSU). Within the CSE department, I am a member of the Systems and Internet Infrastructure Security (SIIS) Laboratory, which is a part of the Networking and Security Research Center (NSRC). I began my graduate studies at Penn State in the fall of 2004 as a Masters student and continued into the PhD program in the fall of 2006 under the supervision of my advisor Dr. Patrick McDaniel.
My Masters research considered the security disconnect between the Internet and SMS-capable telecommunications networks. My co-author Patrick Traynor (now faculty at Georgia Tech) and I discovered vulnerabilities in the cellular phone network that allow an Denial of Service attack using Internet-originated SMS messages to disrupt voice service to large metropolitan areas. Along with our advisors Dr. Patrick McDaniel and Dr. Thomas La Porta, we published our initial findings at the 2005 ACM Conference on Computer and Communications Security (CCS) and was covered by the New York Times. We further investigated and characterized the problem with mathematical modeling and simulation to propose and evaluate mitigation strategies. This work was published in the 2006 ACM International Conference on Mobile Computing and Networking (MobiCom).
As a PhD candidate, I am investigating various areas of operating systems security. My focus is on mobile phone (smartphone) OS security architectures, for which I draw from past experiences in OS and network security to evaluate existing implementations. In general, I am interested in the vast spectrum of system security. I participated in the 2007 Ohio security evaluation of voting equipment (EVEREST), performing source code analysis and penetration testing. I have also designed new OS access control mechanisms, looked at forthcoming vulnerabilities as main memory switches to non-volatile technologies, and researched secure network protocols, privacy tools, and trusted computing. A more full description of my research can be found on my research page.
News
October 29, 2008
Professor Patrick McDaniel and I gave a tutorial entitled "Understanding Android's Security Framework" at the ACM Conference on Computer and Communications Security (CCS). Our presentation slides and the example applications (including source code) have been made publically available.
August 18, 2008
Our paper, "PinUP: Pinning User Files to Known Applications" was accepted to the 24th Annual Computer Security Applications Conference (ACSAC).
August 18, 2008
Our paper, "Defending Against Attacks on Main Memory Persistence" was accepted to the 24th Annual Computer Security Applications Conference (ACSAC).
July 30, 2008
I presented a poster on our PinUP access control project during the USENIX Security Symposium in San Jose, CA.
July 29, 2008
I presented our USENIX/ACCURATE Electronic Voting Technology (EVT) workshop paper, which was co-located with USENIX Security in San Jose, CA.
May 21, 2008
Our paper, "Systemic Issues in the Hart InterCivic and Premier Voting System: Reflections Following Project EVEREST", has been accepted at the USENIX/ACCURATE Electronic Voting Technology (EVT) Workshop.