As a member of the Systems and Internet Infrastructure Security (SIIS) Laboratory, I am involved in a diverse range of research projects. While my current research focuses on mobile phone operating system security, however, I have also worked in telecommunications security, secure architectures, network protocols, and privacy tools.
Android Security
Emerging mobile phone operating systems providing open APIs will enable widespread innovation. However, this openness simultaneously exposes network providers, handset and OS developers, and users to increased risk. We seek to mitigate these threats by understanding emerging platforms and building stronger security mechanisms.
The Google Android mobile phone platform is one of the most anticipated smartphone operating systems. We have dedicated significant effort towards understanding exactly how Android enforces security polices, and how developers can create more security applications. To facilitate the understanding and education of security on the Android platform, we have created a tutorial entitled "Understanding Android's Security Framework," which was presented at the ACM Conference on Computer and Communications Security (CCS). We have made the slides and example application source code publicly available.
PinUP
Users commonly download, patch, and use applications such as email clients, office applications, and media-players from the Internet. Such applications are run with the user's full permissions. Because system protections do not differentiate applications from each other, any malcode present in the downloaded software can compromise or otherwise leak all user data. Interestingly, our investigations show that inter-application sharing is well-defined, following recognizable workflows. The degenerate and most frequent workflow exists when files are only access by the application that creates them; however more complex workflows can be modeled as stages in the lifetime of data (e.g., writing, compiling, linking, and executing an application). We have also found that inter-user sharing, commonly done between systems, follows predictable patterns. This reality represents an opportunity for new protection schemes. We propose the PinUP access control overlay system that "pins" files to specific applications. More information can be found on the SIIS Lab PinUP Page along with source code for our implementation.
Related Publications
William Enck, Patrick McDaniel, and Trent Jaeger, PinUP: Protecting User Files by Reducing Application Access. Technical Report NAS-TR-0063-2007, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, February 2007. Updated January 2008.
William Enck, Sandra Rueda, Yogesh Sreenivasan, Joshua Schiffman,
Luke St. Clair, Trent Jaeger, and Patrick McDaniel. Protecting Users
from "Themselves". Proceedings of the 1st ACM Computer Security
Architectures Workshop, November 2007. Alexandria, VA.
(acceptance rate=30%) [pdf]
Telecommunications Security
Securing national infrastructure such as the telecommunications network is of utmost importance. We discovered vulnerabilities in the celluar phone network that allow a careful attacker to deny voice service to metropolitain areas the size of Manhattan with little more than a cable modem by sending SMS messages from the Internet. We extended our original analysis by building a detailed GSM simulator. Through a combination of simulation and mathematical modeling, we derived a deeper understanding of the necessary preconditions for an attack, as well as an array of mitigation techniques. This work was the primary focus of my Masters thesis.
Related Publications
Patrick Traynor, William Enck, Patrick McDaniel, and Tom La Porta,
Mitigating Attacks on Open Functionality in SMS-Capable Cellular
Networks. IEEE/ACM Transactions on Networking (TON). (to
appear).
(extends teml06)
Patrick Traynor, William Enck, Patrick McDaniel, and Tom La Porta,
Exploiting Open Functionality in SMS-Capable Cellular Networks.
Journal of Computer Security. (to appear).
(extends etml05)
Patrick Traynor, William Enck, Patrick McDaniel, and Tom La Porta.
Mitigating Attacks on Open Functionality in SMS-Capable Cellular
Networks. Proceedings of the Twelfth Annual International
Conference on Mobile Computing and Networking (MobiCom),
September 2006. Los Angeles, CA.
(acceptance rate=11.7%) [pdf]
William Enck, Patrick Traynor, Patrick McDaniel, and Tom La Porta.
Exploiting Open Functionality in SMS-Capable Cellular Networks.
Proceedings of the 12th ACM Conference on Computer and
Communications Security (CCS), pages 393--404, November 2005.
Alexandria, VA.
(acceptance rate=15.0%)
[pdf]
Secure Non-Volatile Main Memory
Non-volatile memories provide energy efficiency, tolerance against power failure, and "instant-on" power-up. These memories are likely to replace traditional volatile memory in next-generation laptops and desktops. However, the move to non-volatile memory introduces new vulnerabilities; sensitive data such as passwords and keys residing in main memory persists across reboots and can be probed during hardware suspension.
We propose a Memory Encryption Control Unit (MECU) to address the vulnerabilities introduced by non-volatile memories. The MECU encrypts all memory transfers between the level 2 cache and main memory. The keys used to encrypt memory blocks are derived from secret information present on removable authentication tokens, e.g., smart card, or other similar secure storage devices. This provides protection against physical attacks in absence of the token.
We evaluated a MECU-enhanced architecture using the SimpleScalar hardware simulation framework on several hardware benchmarks. The performance analysis shows that we can secure non-volatile memories with minimal overhead---the majority of memory accesses are delayed by less than 1 ns, with limited degradation subsiding within 670 milliseconds of a system resume. In effect, we provide zero-cost steady state confidentiality for main memory.
Related Publications
William Enck, Kevin Butler, Thomas Richardson, and Patrick McDaniel, Securing Non-Volatile Main Memory. Technical Report NAS-TR-0029-2006, Network and Security Research Center, February 2006.
TARP
IP networks fundamentally rely on the Address Resolution Protocol (ARP) for proper operation. Unfortunately, vulnerabilities in the ARP protocol enable a raft of IP-based impersonation, man-in-the-middle, or DoS attacks. Current proposed countermeasures to these vulnerabilities do not simultaneously address backward compatibility and cost requirements. To combat this problem, we propose a Ticket-based Address Resolution Protocol (TARP) where a local authority distributes attestations (tickets) binding pairs of MAC and IP addresses.
Related Publications
Wesam Lootah, William Enck, and Patrick McDaniel, TARP: Ticket-based
Address Resolution Protocol. Computer Networks, Elsevier,
51(15):4322--4337, October, 2007.
(extends lem05) [pdf]
Wesam Lootah, William Enck, and Patrick McDaniel. TARP: Ticket-Based
Address Resolution Protocol. 21st Annual Computer Security
Applications Conference (ACSAC), pages 95--103, December 2005.
Tuscon, AZ.
(acceptance rate=19.2%) [pdf]