I have a diverse set of research generally in the areas of security, systems and networking. Below are highlights of the main active research projects I am currently involved in (with citations from the last 4 years). There are a great many more areas I am involved in that are not documented here. More detailed information about my historical research can be obtained from the publications, vita and laboratory webpage.
Telecommunications Security
Description: The nature of telecommunications networks is rapidly changing. Mobile phone frameworks such as Android and Openmoko invite developers and end users to build applications, modify the behavior of the phone, and use network services in novel ways. This offers a promising opportunity to create new, valuable markets and modes of communication. However, the move to open systems alters the underlying performance and security assumptions upon which the network was based. In ongoing work, we have shown that such changes lead to vulnerabilities ranging from merely vexing phone glitches to catastrophic network failures. The current infrastructure lacks the basic protections needed to protect an increasingly open network, and it is unclear what new stresses and threats open systems and services will introduce.
This research seeks to formally and experimentally investigate vulnerabilities and defensive infrastructure addressing vulnerabilities in open cellular operating systems and telecommunications networks. This includes the development of infrastructure for the analysis, configuration, and enforcement of security policy in mobile phones and the networks on which they reside.
- PI, TC: Medium: Collaborative Research: Security Services in Open Telecommunications Networks, NSF (CNS), $594,941, (08/01/09-08/01/12).PI, Characterizing and Mitigating Wireless Systems Vulnerabilities, Defense University Research Instrumentation Program (DURIP), Army Research Office (ARO), $150,000, (05/22/09-05/21/10).PI, Integrity Management for ICT Development, Bell Labs Network Reliability and Security Office, Alcatel-Lucent , $100,000, (11/30/08-11/30/09).Co-PI, Protecting Services for Emerging Wireless Telecommunications Infrastructure, NSF (CNS), $658,032, (09/01/07-08/31/11).
- Patrick Traynor, Chaitrali Amrutkar, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta, From Mobile Phones to Responsible Devices. Journal of Security and Communication Networks (SCN), 2010. to appear.William Enck, Machigar Ongtang, and Patrick McDaniel, Understanding Android Security. IEEE Security & Privacy Magazine, 7(1):50--57, January/February, 2009.Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel. Semantically Rich Application-Centric Security in Android. Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), pages 340-349, December 2009. Honolulu, Hawaii. (best paper). Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks. Journal of Computer Security, 16(6):713-742, Febraury, 2009. Boniface Hicks, Sandra Rueda, Luke St. Clair, Trent Jaeger, and Patrick McDaniel. A Logical Specification and Analysis for SELinux MLS. 12th ACM Symposium on Access Control Models and Technologies (SACMAT), ACM, June 2007. Sophia Antipolis, France. William Enck, Machigar Ongtang, and Patrick McDaniel. On Lightweight Mobile Phone App Certification. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), pages 235-245, November 2009. Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Thomas La Porta, and Patrick McDaniel. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), pages 223-234, November 2009. Patrick Traynor, Patrick McDaniel, and Thomas La Porta. On Attack Causality in Internet-Connected Cellular Networks. Proceedings of the 16th USENIX Security Symposium, August 2007. Boston, MA. Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta. Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks. Proceedings of the Twelfth Annual International Conference on Mobile Computing and Networking (MobiCom), pages 182-193, September 2006. Los Angeles, CA.
Information Flow/High Integrity Systems
Description: Increasingly prevalent and costly vulnerabilities in software systems mandate stronger guarantees than provided by widely used, ad hoc, informal, and social assurance practices. Such practices are common be- cause there exists no tractable framework for proving or even broadly reasoning about the correctness of an implementation based on a scientific ground truth. Built on decades of rigorous work on the foundations of security, the information flow and integrity guarantees provided by emerging programming languages and systems are now reaching practicality. However, it is not known how to apply these technologies to provide high-assurance systems. This research investigate architectures exploiting these new capabilities, with a focus security typed languages (e.g., Jif), MAC systems (e.g., SELiniux), and integrity measurement (e.g., TPMs).
- Co-PI, System-Wide Information Flow Enforcement, BAA 06-11-IFKA, "National Intelligence Community Enterprise Cyber Assurance Program", $496,000, (2/1/07-8/1/08).PI, CAREER: Realizing Practical High Assurance through Security-Typed Information Flow Systems, NSF (CNS), $400,000, (1/2/07-1/1/12).Co-PI, CT-IS: Shamon: Systems Approaches for Constructing Distributed Trust, NSF (CNS), $400,000, (9/1/06-8/31/10).PI, Collaborative Research: CT-T: Flexible, Decentralized Information-flow Control for Dynamic Environments, NSF (CFF), $234,585, (8/1/05-7/31/08).PI, Extending Developer Tools for Security-typed Languages, Software Engineering Research Center, Sponsor: Motorola, $23,200, (7/1/05-6/30/06).
- Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Brent Waters, Secure Attribute-Based Systems. Journal of Computer Security (JCS), 2010. to appear. Boniface Hicks, Sandra Rueda, Luke St. Clair, Trent Jaeger, and Patrick McDaniel, A Logical Specification and Analysis for SELinux MLS Policy. ACM Transactions on Information and System Security (TISSEC), 2010. to appear. Kevin Butler, Sunam Ryu, Patrick Traynor, and Patrick McDaniel, Leveraging Identity-based Cryptography for Node ID Assignment in Structured P2P Systems. IEEE Transactions on Parallel and Distributed Systems (TPDS), 20(12):1803-1815, December, 2009. Patrick Traynor, Michael Chien, Scott Weaver, Boniface Hicks, and Patrick McDaniel, Non-Invasive Methods for Host Certification. ACM Transactions on Information and System Security (TISSEC), 11(3), 2008. Thomas Moyer, Kevin Butler, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger. Scalable Asynchronous Web Content Attestation. Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), pages 95-104, December 2009. Honolulu, Hawaii. Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel. Justifying Integrity Using a Virtual Machine Verifier. Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), pages 83-92, December 2009. Honolulu, Hawaii. William Enck, Patrick McDaniel, and Trent Jaeger. PinUP: Pinning User Files to Known Applications. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), December 2008. William Enck, Kevin Butler, Thomas Richardson, Patrick McDaniel, and Adam Smith. Defending Against Attacks on Main Memory Persistence. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), December 2008. Patrick Traynor, Kevin Butler, William Enck, and Patrick McDaniel. Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems. ISOC Network and Distributed System Security Symposium (NDSS), February 2008. San Diego, CA. Luke St. Clair, Joshua Schiffman, Trent Jaeger, and Patrick McDaniel. Establishing and Sustaining System Integrity via Root of Trust Installation. 23rd Annual Computer Security Applications Conference (ACSAC), pages 19-29, December 2007. Miami, FL. Boniface Hicks, Tim Misiak, and Patrick McDaniel. Channels: Runtime System Infrastructure for Security-typed Languages. 23rd Annual Computer Security Applications Conference (ACSAC), pages 443-452, December 2007. Miami, FL. Dhananjay Bapat, Kevin Butler, and Patrick McDaniel. Towards Automated Privilege Separation. Proceedings of 2nd International Conference on Information Systems Security (short paper), December 2007. Delhi, India. Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel. From Trusted to Secure: Building and Executing Applications that Enforce System Security. Proceedings of the USENIX Annual Technical Conference, June 2007. Santa Clara, CA.
Storage Security and Data Provenance
Description: As computing models change, so too do the demands on storage. Distributed and virtualized systems introduce new vulnerabilities, assumptions, and performance requirements on disks. However, traditional storage systems have very limited capacity to implement needed "advanced storage" features such as integrity and data isolation. This is largely due to the simple interfaces and limited computing resources provided by commodity hard-drives. A new generation of storage devices affords better opportunities to meet these new models, but little is known about how to exploit them. This research is focused on the investigation of security architectures that use advanced storage techniques to address security, performance, and functional requirements of emerging environments.
One area of smart storage that is being carefully studied is its use to implement a provenance system. The value of data maintained by a computing system can only be determined by understanding its origins and pedigree. Data provenance provides this information by documenting the entities, systems, and processes that operate on data of interest-in effect providing a historical record of the lifetime of the data and its sources. The generated evidence supports important forensic activities such as data-dependency analysis, error detection and recovery, and auditing and compliance analysis. Although widely sought after in high-end computing systems supporting applications such as bioinformatics, scientific computing and intelligence systems, existing services for data provenance are limited in scope and depth.
- PI, NSF HECURA: Collaborative Research: Secure Provenance in High-End Computing Systems, NSF (CCF), $307,073, (08/1/09-8/31/13).Co-PI, Exploiting Asymmetry in Performance and Security Requirements for I/O in High-end Computing, NSF (CFF), $699,690, (9/1/06-8/31/10).
- Kevin Butler, Stephen McLaughlin, and Patrick McDaniel. Non-Volatile Memory and Disks: Avenues for Policy Architectures. Proceedings of the 1st ACM Computer Security Architectures Workshop, November 2007. Alexandria, VA.[pdf]Kevin Butler, Stephen McLaughlin, and Patrick McDaniel, Rootkit-Resistant Disks. 15th ACM Conference on Computer and Communications Security (CCS'08), Alexandria, VA, USA. November 2008.[pdf]Patrick McDaniel, Kevin Butler, Stephen McLaughlin, Radu Sion, Erez Zadok, and Marianne Winslett, Towards a Secure and Efficient System for End-to-End Provenance, February 2010. To appear.
SmartGrid Security
Description: As SmartGrid development progresses, new technologies like AMI, microgrids and transmission and distribution automation introduce new vulnerabilities into the electric grid and the world at large. In order for society to make informed decisions about the deployment and implementation of these devices, detailed information about these vulnerabilities and the necessary mitigation strategies is necessary. The objective of this research is to analyze the security vulnerabilites of SmartGrid devices and to develop mitigation strategies. Much of the work to date has focused on pentration testing of commercial smart meters and their communication interfaces (see papers below).
- co-PI, Managing Security and Vulnerability Risks in the Smart Grid, Institute for CyberScience and The Penn State Institutes of Energy and the Environment, $31,000, (08/1/09-12/16/09).PI, Smart Grid Cyber Security Research, Lockheed Martin, $250,000, (1/1/10-12/16/10).PI, Utility Grid Automation and Risk Management, Lockheed Martin, $400,000, (11/30/08-12/16/09).
- Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel. Energy Theft in the Advanced Metering Infrastructure. In the 4th International Workshop on Critical Information Infrastructure Security, September 2009. Bonn, Germany.[pdf]Patrick McDaniel and Stephen McLaughlin, Security and Privacy Challenges in the Smart Grid. IEEE Security & Privacy Magazine, (3):75-77, May/June, 2009.[pdf]
Network Security
Description: Networking as a discipline and the Internet as an artifact have changed just about everything in our society in the last 15 years. One area that has been neglected (to our great misery and continued peril) is that of protecting the network that serves us. This research focuses on addressing the threats against these increasingly complex networks. One core area I have been involved in is the study of routing security. As the Internet's de facto interdomain routing protocol, the Border Gateway Protocol (BGP) is the glue that holds the disparate parts of the Internet together. A major limitation of BGP is its failure to adequately address security. Recent high-profile outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design of BGP and the ubiquity of its deployment have frustrated past efforts at securing inter- domain routing. I have explored the limitations and advantages of proposed security extensions to BGP, and attempted to understand why no solution has yet struck an adequate balance between comprehensive security and deployment cost.
Much of my professional background prior to returning to graduate school focused on networking, and this work is a logical extension that past. While I am not as involved in networking and networking security as I once was (modulo telecommunications security), I still find opportunities to study diverse subjects.
- Co-PI, Security for Internet/IMS Convergence, Cisco, $100,000, (9/1/07-8/31/08).PI, Automated Configuration with the PRESTO Network Management Platform, AT&T, $50,000, (6/1/06-5/31/07).PI, Testbed for Network-Scale Countermeasure Evaluation, Cisco, $45,938, (9/1/05-8/31/06).Co-PI, NSF CyberTrust: Collaborative Research: Testing and Benchmarking Methodologies for Future Network Security Mechanisms (EMIST), NSF/DHS, $363,000, (8/1/04-8/31/06).
- Patrick Traynor, Kevin Butler, William Enck, Kevin Borders, and Patrick McDaniel, malnets: Large-Scale Malicious Networks via Compromised Wireless Access Points. Journal of Security and Communication Networks (SCN), 2010. to appear. [pdf]Kevin Butler, Toni Farley, Patrick McDaniel, and J. Rexford, A Survey of BGP Security Issues and Solutions. Proceedings of the IEEE, 2010(1):100-122, January, 2010. [pdf]Heesook Choi, William Enck, Jaesheung Shin, Patrick McDaniel, and Thomas La Porta, ASR: Anonymous and Secure Reporting of Traffic Forwarding Activity in Mobile Ad Hoc Networks. Wireless Networks (WINET), ACM/Kluwer, 15(4):525--539, MAY, 2009. Wesam Lootah, William Enck, and Patrick McDaniel, TARP: Ticket-based Address Resolution Protocol. Computer Networks, Elsevier, 51(15):4322--4337, October, 2007.