Professional Biography for Patrick Drew McDaniel

Biography

Dr. Patrick McDaniel

Patrick McDaniel is a Professor in the Computer Science and Engineering Department at the Pennsylvania State University and co-director of the Systems and Internet Infrastructure Security Laboratory. Patrick's research efforts centrally focus on network, telecommunications, and systems security, language-based security, and technical public policy. Patrick is the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and serves as associate editor of the journals ACM Transactions on Information and System Security, IEEE Transactions on Software Engineering, and IEEE Transactions on Computers. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security including, among others, the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his Ph.D. in 1996 at the University of Michigan, Patrick was a software architect and program manager in the telecommunications industry.

Research Narrative

Patrick McDaniel is the co-director and founder of the Systems and Internet Infrastructure Security Laboratory, a Professor of Computer Science and Engineering at The Pennsylvania State University, and an Adjunct Professor of The Stern School of Business at New York University. Before coming to Penn State, he was a senior technical staff member at AT&T-Research. Professor McDaniel's research focuses on network and computer security. This research has led to major publications in, among others, telecommunications security, secure routing and address management, formal security policy, digital rights management, and distributed systems security.

Patrick is active in the academic security research community. He has authored over 100 books, papers, and reports and given over 100 invited talks. Patrick is the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and serves as associate editor of the journals ACM Transactions on Information and System Security, IEEE Transactions on Software Engineering, and IEEE Transactions on Computers. He has served as the technical program chair for several leading conferences in computer security including the IEEE Symposium on Security and Privacy and the USENIX Security Symposium, and participated in over 50 program committees in the last five years.

Patrick's work on telecommunications security has uncovered serious vulnerabilities in the structure of the existing cellular network widely reported in the popular press. The reported vulnerabilities relate to the misuse of text messaging to congest control channels on the "over-the-air" protocols, thereby preventing the delivery of legitimate voice and data. Working with cellular providers and national carriers, he has extended this work to 3G data services and uncovered similar problems in new standards. Patrick has worked with the FBI, FCC, DHS, Lucent, and now sits on the President's National Security Telecommunications Advisory Committee (NSTAC) in the helping craft national telecommunications public policy and provide avenues to better secure the critical national infrastructure.

Patrick actively participates in national debates on important public policy issues. He was named the principal investigator of the EVEREST project analyzing the security of voting systems used in Ohio. Working directly with the Ohio Secretary of State and leading teams from Penn State, the University of Pennsylvania, and the University of California-Santa Barbara, he directed source code and red-teaming efforts used to illuminate security issues in voting systems and to assess the effectiveness of technical and procedural countermeasures addressing flaws. Extending previous reports in Florida and California, the vulnerabilities and procedures revealed in this report directly informed the election procedures used nationwide in the 2008 Presidential election.

Throughout his career, Professor McDaniel has fostered public awareness of the dangers and solutions of increasingly interdependent online systems and critical infrastructure. Along with his work on the NSTAC, he has worked directly with the FCC and the FBI in understanding the nature of vulnerabilities and their effects in telecommunication networks. Patrick also worked with the Department of Homeland Security and industry to understand and develop practical solutions for securing global network routing.

Professor McDaniel's prior work on online public policy has had significant impact. His work on movie piracy in peer-to-peer networks uncovered major leaks within the production industry, and was used as a principal vehicle for arguing against proposed legislation in congressional hearings. He has also written and spoken frequently on a number of other important policy issues such as usability, privacy, and censorship.

Research Overview

Dr. McDaniel is the co-director of the Systems and Internet Infrastructure Security Laboratory (SIIS). His work has focused on investigating structures and policies for environmental, physical, network, and computer security. Dr. McDaniel's research has led to major publications in telecommunications security, secure routing and address management, security policy (complexity, enforcement, architectures, and protocols), digital rights management, and distributed systems security.

A long-term thrust of his work in systems security has been the exploration of automated policy discovery and enforcement. A security policy is an expression of the desired behavior of an application or environment. Structures and software supporting this definition of policy have yet to fully mature. A limitation of existing approaches is their inability to communicate intent across or between systems. Dr. McDaniel's work seeks to address this limitation through the exploration of algorithms for reconciliation, evaluation, and enforcement of distributed systems policy.

In the areas of network security, Dr. McDaniel has focused on issues and solutions in routing and telecommunications security. Contemporary inter-domain routing protocols are limited by a near universal lack of security. Because of this, the Internet is vulnerable to many attacks upon the routing infrastructure, particularly the signaling mechanisms. Such attacks can result in widespread outages, manipulation or exposure of user traffic, or the loss of control over address space. Working with members of the general security community, students, NSF, and DHS, Dr. McDaniel has developed efficient protocols and cryptographic constructions for secure Internet scale routing protocols. In his evolving work on telecommunications security, Patrick has shown how SMS (text) messaging can be used to mount catastrophic attacks on the cell phone network.