Education

Pennsylvania State University, University Park, PA

Ph.D., Computer Science and Engineering, May 2011
Dissertation: Analysis Techniques for Mobile Operating System Security
Advisor: Dr. Patrick McDaniel

Pennsylvania State University, University Park, PA

M.S., Computer Science and Engineering, May 2006
Thesis: Analysis of Open-Functionality in SMS-Capable Cellular Networks
Advisor: Dr. Patrick McDaniel

Pennsylvania State University, University Park, PA

B.S., Computer Engineering, with Honors and Highest Distinction, May 2004
Thesis Title: Study of Adaptive Routing Algorithms for NoC Architectures
Thesis Supervisor: Dr. Chita R. Das

Academic and Research Appointments

Assistant Professor, North Carolina State University, 2011-present

Research Assistant, The Pennsylvania State University, 2005-2011

• Investigated security of mobile phone operating systems, Funded by NSF CNS-0721579, CNS-0905447, Jun. 2007 - May 2011.
• Continued investigation and development of the PRESTO automated router configuration system, Funded by AT&T, Jan. 2006 - May 2007.
• Investigated telecommunications security, network security, and trusted computing, Jun.-Dec. 2005.

Lead Graduate Student, Systems and Internet Infrastructure Security (SIIS) Laboratory, The Pennsylvania State University, Jan. 2009 - Aug. 2010

Administrative and logistical lead student in the SIIS lab. Ran weekly meetings of 12+ members, met with students individually for mentoring and development of leadership and research skills. Responsible for most daily operational activities in the lab.

co-Instructor, Mobile Phone Security, The Pennsylvania State University, Jan.-May. 2009

co-Instructor for CSE597a, a graduate seminar on mobile phone operating system security.

Instructor, Communication Networks, The Pennsylvania State University, Jun.-Aug. 2007

Instructor for EE/CSE 458, the senior undergraduate course on computer networking.

Teaching Assistant, Microcomputer Laboratory, The Pennsylvania State University, Jan.-May 2005

Provided hands-on aid for CSE473, the undergraduate embedded systems development course.

Industrial Experience

Research Intern, Intel Labs, Seattle, WA, Summer 2009

Developed a system-wide information flow tracking system for the Android mobile phone platform.

Research Intern, AT&T Research, Florham Park, NJ, Summer 2006

Developed a system for massive-scale automated router configuration deployment.

Summer Intern, IBM Corp., Poughkeepsie, NY, Summer 2003

Performed error propagation logic testing for the zSeries mainframe process hardware caches.

Systems Administrator, Lebanon MobileFone Inc., Lebanon, PA, Summers 2000-2002 and 2004

Administrated Web and Email servers. Designed spam detection system for the ISP. Performed corporate and residential installation of wired and wireless broadband equipment. Repaired personal computers and performed phone and on-site customer technical support.

Selected Publications

• William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A Study of Android Application Security, Proceedings of the 20th USENIX Security Symposium, August, 2011. San Francisco, CA.
  (acceptance rate=17.2%) [pdf]
• William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox , Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010. Vancouver, BC.
  (acceptance rate=16.1%)
• William Enck, Machigar Ongtang, and Patrick McDaniel. On Lightweight Mobile Phone Application Certification. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), November 2009. Chicago, IL.
  (acceptance rate=18.4%) [pdf]
• William Enck, Patrick McDaniel, and Trent Jaeger. PinUP: Pinning User Files to Known Applications. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), December 2008. Anaheim, CA.
  (acceptance rate=24.3%) [pdf]
• William Enck, Kevin Butler, Thomas Richardson, Patrick McDaniel, and Adam Smith. Defending Against Attacks on Main Memory Persistence. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), December 2008. Anaheim, CA.
  (acceptance rate=24.3%) [pdf]
• William Enck, Patrick McDaniel, Subhabrata Sen, Panagiotis Sebos, Sylke Spoerel, Albert Greenberg, Sanjay Rao, and William Aiello. Configuration Management at Massive Scale: System Design and Experience. Proceedings of the USENIX Annual Technical Conference, June 2007. Santa Clara, CA.
  (acceptance rate=23.8%) [pdf]
• William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta. Exploiting Open Functionality in SMS-Capable Cellular Networks. Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), pages 393--404, November 2005. Alexandria, VA.
  (acceptance rate=15.0%) [pdf]

Student Advising

Current PhD Students

• Adwait Nadkarni
• Ashwin Shashidharan
• Tsung-Hsuan (Anson) Ho (co-advisor)
• Albert Gorski

Current Masters Students

• Vasant Tendulkar
• Andrew Branscomb (co-advisor)

Current PhD Committees

• Yongmin Tan (advised by Dr. Xiaohui Gu)
• Kamal K.C. (advised by Dr. Xiaohui Gu)
• Wei Wei (advised by Dr. Ting Yu)
• Michael Grace (advised by Dr. Xuxian Jiang)
• Wu Zhou (advised by Dr. Xuxian Jiang)
• Xi Gi (advised by Dr. Emerson Murphy-Hill)

Past Masters Students

• Adwait Nadkarni

Past PhD Committees

• Yongmin Tan (advised by Dr. Xiaohui Gu)

Honors

• National Science Foundation Faculty Early Career Development Award (CAREER), 2013.
• CGS/ProQuest Distinguished Dissertation Award Nominee, 2012
• Alumni Association Dissertation Award, Pennsylvania State University, 2010-2011.
• Graduate Research Assistant Award, Department of Computer Science and Engineering, The Pennsylvania State University, April 2010.
• Best Paper, 25th Annual Computer Security Applications Conference, with co-authors Machigar Ongtang, Stephen McLaughlin, and Patrick McDaniel, December 2009.
• Google Security and Product Safety Acknowledgement in recognition of efforts in improving the security of the Google Android cellular phone operating system.
• USENIX Student Travel Awards, USENIX Security, 2007; USENIX Security, 2008; USENIX OSDI, 2010.
• ACM Student Travel Award, ACM CCS, 2009.
• National Science Foundation Graduate Research Fellowship, Honorable Mention, 2006.
• H. Thomas and Dorothy Willits Hallowell Scholarship, Pennsylvania State University, 2003.
• Chris Mader Scholarship, Pennsylvania State University, 2002.
• Lockheed Martin Engineering Scholars Award, Pennsylvania State University, 2002.
• Richard A. McQuade Memorial Scholarship, Pennsylvania State University, 2001.

Affiliations

• The Association for Computing Machinery (ACM)
• The Institute of Electrical and Electronics Engineers (IEEE)
• USENIX Advanced Computing Systems Association (USENIX)
• Information Systems Security Association (ISSA)

Professional Activities

Conference and Workshop Organization

• ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), co-chair, 2011, 2012.
• ACM Conference on Computer and Communications Security (CCS), Poster PC Member, 2011, 2013.
• ACM Conference on Data and Application Security and Privacy (CODASPY), PC Member, 2013, 2014.
• ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), PC Member, 2013.
• Annual Computer Security Applications Conference (ACSAC), PC Member, 2013.
• AsiaCCS Workshop on Security in Embedded Systems and Smartphones, PC Member, 2013.
• DFRWS Annual Digital Forensics Conference, PC Member, 2012, 2013.
• Financial Cryptography and Data Security (FC), PC Member, 2013.
• ICDE Workshop on Secure Data Management on Smartphones and Mobiles, PC Member, 2012.
• IEEE LCN Workshop on Security in Communications Networks (SICK), PC Member, 2012.
• IEEE Symposium on Security and Privacy (Oakland), PC Member, 2012, 2013.
• Information Security Conference (ISC), PC Member, 2009.
• International Conference on Information Security and Assurance (ISA), PC Member, 2009.
• International Conference on Information Systems Security (ICISS), PC Member, 2007, 2012, 2013
• International Conference on Information Technology (ICIT), PC Member, 2009.
• International Conference on Internet Monitoring and Protection (ICIMP), PC Member, 2009, 2010, 2011, 2012, 2013.
• International Conference on Parallel and Distributed Systems (ICPADS), PC Member, 2013.
• International Conference on Privacy and Security in Mobile Systems (PRISMS), PC Member, 2013.
• International Conference on Trust and Trustworthy Computing (TRUST), PC Member, 2013.
• International ICST Conference on Security and Privacy in Mobile Information and Communication Systems (MobiSec), PC Member, 2012.
• International Workshop on Security (IWSEC), PC Member, 2010, 2011.
• International Workshop on Trustworthy Embedded Devices (TrustED), PC Member, 2011, 2012, 2013.
• International World Wide Web Conference (WWW), PC Member, 2012
• ISOC Network and Distributed System Security Symposium (NDSS), PC Member, 2013, 2014.
• New Security Paradigms Workshop (NSPW), PC Member, 2012, 2013.
• USENIX Security Symposium, PC Member, 2011, 2012, 2013 ; Poster Session Chair, 2013.
• USENIX Workshop on Hot Topics in Security (HotSec), PC Member, 2012.

Reviewer

Reviewer (Journal and Book): ACM Computing Surveys, 2009, 2011; ACM Transactions on Information and System Security (TISSEC), 2008, 2011; ACM Transactions on Internet Technology (TOIT), 2006, 2009, 2010; ACM Transactions on Mobile Computing (TMC), 2012, 2013; Handbook of Computer Networks, 2006; IBM Journal of Research and Development, 2013; IEEE Communications Letters, 2008, 2009; IEEE Security and Privacy Magazine, 2010; IEEE Transactions on Computers, 2009; IEEE Transactions on Dependable and Secure Computing, 2012; IEEE Transactions on Information Forensics and Security, 2012; IEEE Transactions on Software Engineering, 2007, 2010; International Journal of Information Security, 2013; Journal of Autonomic and Trusted Computing (JoATC), 2006; Security and Communication Networks (SCN), 2011; Software: Practice and Experience (SPE), 2013; Transactions on Computational Science (Springer-Verlag), 2010.

Reviewer (Conference and Workshop): ACM Computer Security Architecture Workshop (CSAW), 2008; ACM Conference on Computer and Communications Security (CCS), 2008, 2010, 2011, 2012, 2013; ACM Symposium on Access Control Models and Technology (SACMAT), 2006, 2008, 2009; Annual Computer Security Applications Conference (ACSAC), 2005, 2006, 2007, 2009, 2010, 2012; European Symposium on Research in Computer Security (ESORICS), 2005; Financial Cryptography (FC), 2007; International Conference on Availability, Reliability and Security (ARES), 2009; International Conference on Cryptology and Network Security (CANS), 2009; International Conference on Distributed Computing Systems (ICDCS), 2008; International Conference on Emerging Trends in Information and Communications Security (ETRICS), 2006; International Conference on Information Systems Security (ICISS), 2006, 2008; International Conference on Mobile Computing and Networking (MobiCom), 2011; International Conference on Mobile Systems, Applications, and Services (MobiSys), 2012; International ICST Conference on Security and Privacy in Communication Networks (SecureComm), 2011; International World Wide Web Conference (WWW), 2010; International Workshop on Security (IWSec), 2006, 2007; IEEE Computer Security Foundations Symposium (CSF), 2011; IEEE Conference on Computer Communications (Infocom), 2007; IEEE Symposium on Security and Privacy (Oakland), 2007, 2008, 2011; ISOC Network and Distributed System Security Symposium (NDSS), 2007, 2009; USENIX Annual Technical Conference, 2010; USENIX Security Symposium, 2006, 2007, 2008, 2009; USENIX Workshop on Hot Topics in Security (HotSec), 2008, 2010; Workshop on Virtual Machine Security (VMSec), 2008.

Public Speaking

Invited Talks

• Smartphone Security. Qualcomm, Santa Clara, CA, May, 2013.
• Smartphone Security: Concerns and Defenses. The US Department of Justice and US Department of State West African Cybersecurity and Cybercrime Workshop, Accra, Ghana, January, 2013.
• Smartphone Security: Concerns and Defenses. Black Data Processing Associates (BDPA), Triangle Chapter, RTP, NC, November, 2012.
• Defending Users Against Smartphone Apps: Techniques and Future Directions. University of North Carolina, Chapel Hill, Chapel Hill, NC, November, 2012.
• Defending Users Against Smartphone Apps: Techniques and Future Directions. Purdue University, West Lafayette, IN, September, 2012.
• Smartphone Security: Concerns and Defenses. The US Department of Justice and US Department of State West African Cybersecurity and Cybercrime Workshop, Dakar, Senegal, September, 2012.
• Analysis Techniques for Mobile Operating System Security. State of North Carolina OITS Security Liaisons Meeting, Raleigh, NC, June, 2012.
• Defending Users Against Smartphone Apps: Techniques and Future Directions. University of Washington, Seattle, WA, April, 2012.
• Analysis Techniques for Mobile Operating System Security. Raleigh ISSA Chapter, Raleigh, NC, April, 2012.
• Defending Users Against Smartphone Apps: Techniques and Future Directions. Keynote - International Conference on Information Systems Security (ICISS), Kolkata, India, December, 2012.
• Analysis Techniques for Mobile Operating System Security. Georgetown University, Washington, DC, March, 2011.
• Analysis Techniques for Mobile Operating System Security. University of Southern California, Los Angeles, CA, February, 2011.
• Analysis Techniques for Mobile Operating System Security. University of Maryland, College Park, MD, February, 2011.
• Analysis Techniques for Mobile Operating System Security. Naval Postgraduate School, Monterey, CA, February, 2011.
• Analysis Techniques for Mobile Operating System Security. Polytechnic Institute of New York University, New York, NY, January, 2011.
• Analysis Techniques for Mobile Operating System Security. Carleton University, Ottawa, ON, Canada, January, 2011.
• Analysis Techniques for Mobile Operating System Security. North Carolina State University, Raleigh, NC, November, 2010.
• TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. University of Pennsylvania, Philadelphia, PA, October, 2010.
• Enhanced Security Policy Frameworks for Android. Carleton University, Ottawa, ON, CA, March, 2010.
• On Lightweight Mobile Phone Certification. University of Delaware, Newark, DE, March, 2010.
• On Lightweight Mobile Phone Certification. University of Notre Dame, South Bend, IN, October, 2009.}
• Understanding Android's Security Framework. University of Washington, Seattle, WA, July, 2009.
• Understanding Android's Security Framework. Georgia Institute of Technology, Atlanta, GA, January, 2009.

Presentations

• A Study of Android Application Security. 20th USENIX Security Symposium, San Francisco, CA, August, 2011.
• TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, BC, Canada, October, 2010.
• On Lightweight Mobile Phone Certification. 16th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, November, 2009.
• Lightweight Information Tracking for Mobile Phones. 18th USENIX Security Symposium, Montreal, QC, CA, August, 2009. Works in Progress.
• Defending Against Attacks on Main Memory Persistence. 24th Annual Computer Security Applications Conference (ACSAC), Anaheim, CA, December, 2008.
• PinUP: Pinning User Files to Known Applications. 24th Annual Computer Security Applications Conference (ACSAC), Anaheim, CA, December, 2008.
• PinUP: Pinning User Files to Known Applications. 17th USENIX Security Symposium, San Jose, CA, August, 2008. Poster Session.
• Systematic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST. USENIX/ACCURATE Electronic Voting Technology Workshop, San Jose, CA, July, 2008.
• Protecting User Files by Reducing Application Access. 16th USENIX Security Symposium. Boston, MA, August, 2007. Works in Progress.
• PRESTO: A tool for Configuration Management at a Massive Scale. USENIX Annual Technical Conference. Santa Clara, CA, June, 2007.
• PRESTO: A tool for Configuration Management at a Massive Scale. Workshop on Programmable Routers for the Extensible Services of TOmorrow (PRESTO). Princeton, NJ, May, 2007.
• Mitigating DoS Through Basic TPM Operations. 14th USENIX Security Symposium. Baltimore, MD, August, 2005. Works in Progress.

Tutorials

• Understanding Android's Security Framework. 15th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October, 2008. Joint tutorial with Patrick McDaniel.

Panels

• Building Security into Modern Mobile Platforms. Federal Trade Commission (FTC) public forum on Mobile Security: Potential Threats and Solutions, Washington D.C., June, 2013. (link)
• Mobile Security Issues. The US Department of Justice and US Department of State West African Cybersecurity and Cybercrime Workshop, Accra, Ghana, January, 2013.
• Mobile Security Issues. The US Department of Justice and US Department of State West African Cybersecurity and Cybercrime Workshop, Dakar Senegal, September, 2012.