Contact Information
Penn State University344 IST Building
University Park, PA 16802
I am a doctoral candidate in the Department of Computer Science and Engineering (CSE) at The Pennsylvania State University (PSU). Within the CSE department, I am a member of the Systems and Internet Infrastructure Security (SIIS) Laboratory, which is a part of the Networking and Security Research Center (NSRC). I began my graduate studies at Penn State in the fall of 2004 as a Masters student and continued into the PhD program in the fall of 2006 under the supervision of my advisor Dr. Patrick McDaniel.
My Masters research considered the security disconnect between the Internet and SMS-capable telecommunications networks. My co-author Patrick Traynor (now faculty at Georgia Tech) and I discovered vulnerabilities in the cellular phone network that allow a Denial of Service attack using Internet-originated SMS messages to disrupt voice service to large metropolitan areas. Along with our advisors Dr. Patrick McDaniel and Dr. Thomas La Porta, we published our initial findings at the 2005 ACM Conference on Computer and Communications Security (CCS) and was covered by The New York Times. We further investigated and characterized the problem with mathematical modeling and simulation to propose and evaluate mitigation strategies. This work was published in the 2006 ACM International Conference on Mobile Computing and Networking (MobiCom).
As a PhD candidate, I am investigating various areas of operating systems security. My focus is on mobile phone (smartphone) OS security architectures, for which I draw from past experiences in OS and network security to evaluate existing implementations. In general, I am interested in the vast spectrum of system security. I participated in the 2007 Ohio security evaluation of voting equipment (EVEREST), performing source code analysis and penetration testing. I have also designed new OS access control mechanisms, looked at forthcoming vulnerabilities as main memory switches to non-volatile technologies, and researched secure network protocols, privacy tools, and trusted computing. A more full description of my research can be found on my research page.
News
August 23, 2010
I was invited to the USENIX Security 2011 Program Committee.
July 21, 2010
Our paper, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones" was accepted to the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI'10).
April 26, 2010
I was awarded the Graduate Research Assistant Award in CSE.
March 30, 2010
I visited Carleton University in Ottawa to discuss mobile phone security and presented a talk entitled "Enhanced Security Policy Frameworks for Android."
March 24, 2010
I visited the University of Delaware and gave a seminar talk on my work, "On Lightweight Mobile Phone Application Certification."
January 18, 2010
I passed my comprehensive exams/dissertation proposal!