Biography
Patrick McDaniel is an Associate Professor in the Computer Science and Engineering Department at the Pennsylvania State University and co-director of the Systems and Internet Infrastructure Security Laboratory. Patrick's research efforts centrally focus on network, telecommunications, and systems security, language-based security, and technical and public policy issues in digital media. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security including, among others, the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Patrick is the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and serves as associate editor of the journals ACM Transactions on Information and System Security and IEEE Transactions on Software Engineering. Prior to pursuing his Ph.D. in 1996 at the University of Michigan, Patrick was a software architect and program manager in the telecommunications industry.
Public Policy Overview
Patrick McDaniel is the co-director and founder of the Systems and Internet Infrastructure Security Laboratory, an Associate Professor of Computer Science and Engineering at The Pennsylvania State University, and an Adjunct Professor of the Stern School of Business at New York University. Before coming to Penn State, he was a senior technical staff member at AT&T-Research.
Throughout his career, Professor McDaniel has fostered public awareness of the dangers and solutions of increasingly interdependent online systems and critical infrastructure. He is currently serving on the President's National Security Telecommunications Advisory Panel counseling on public policy for security and best practices in evolving cellular networks. He has worked directly with the FCC and the FBI in understanding the nature of vulnerabilities and their effects in telecommunication networks. Patrick also worked with the Department of Homeland Security and industry as a participant of the SPRI program and within the EMIST/DETER project to understand and develop practical solutions for securing global network routing.
Patrick actively participates in national debates on important public policy issues. He was recently named the principal investigator of the EVEREST project analyzing the security of voting systems used in Ohio. Working directly with the Ohio Secretary of State and leading teams from Penn State, the University of Pennsylvania, and the University of California-Santa Barbara, he is directing source code and red-teaming exercises seeking to further illuminate security issues in voting machines and to assess the effectiveness of technical and procedural countermeasures. Extending previous reports in Florida and California, the vulnerabilities and procedures revealed in this report will directly inform and influence the processes used nationwide in the 2008 Presidential election.
Professor McDaniel's prior work on online public policy has had significant impact. His work on movie piracy in peer-to-peer networks uncovered major leaks within the production industry, and was used as a principle vehicle for arguing against proposed legislation in congressional hearings. He has also written and spoken frequently on a number of other important policy issues such as usability, privacy, and censorship.
Patrick is active in the academic security research community. In his research career, he has authored or co-authored over 90 papers and reports and given over 90 invited talks. He is currently serving as editor-in-chief of the ACM journal Transactions on Internet Security, and serves as associate editor for the journals ACM Transactions on Information and System Security and IEEE Transactions on Software Engineering. He is currently serving as the technical program co-chair of the IEEE Symposium on Security and Privacy, has chaired several other conferences, and participated in over 45 program committees.
Research Overview
Dr. McDaniel is the co-director of the Systems and Internet Infrastructure Security Laboratory (SIIS). His work has focused on investigating structures and policies for environmental, physical, network, and computer security. Dr. McDaniel's research has led to major publications in telecommunications security, secure routing and address management, security policy (complexity, enforcement, architectures, and protocols), digital rights management, and distributed systems security.
A long-term thrust of his work in systems security has been the exploration of automated policy discovery and enforcement. A security policy is an expression of the desired behavior of an application or environment. Structures and software supporting this definition of policy have yet to fully mature. A limitation of existing approaches is their inability to communicate intent across or between systems. Dr. McDaniel's work seeks to address this limitation through the exploration of algorithms for reconciliation, evaluation, and enforcement of distributed systems policy.
In the areas of network security, Dr. McDaniel has focused on issues and solutions in routing and telecommunications security. Contemporary inter-domain routing protocols are limited by a near universal lack of security. Because of this, the Internet is vulnerable to many attacks upon the routing infrastructure, particularly the signaling mechanisms. Such attacks can result in widespread outages, manipulation or exposure of user traffic, or the loss of control over address space. Working with members of the general security community, students, NSF, and DHS, Dr. McDaniel has developed efficient protocols and cryptographic constructions for secure Internet scale routing protocols. In his evolving work on telecommunications security, Patrick has shown how SMS (text) messaging can be used to mount catastrophic attacks on the cell phone network.
patrickmcdaniel.org