Research Areas

Modern OS Security

Consumer operating systems are changing. Android, iOS, and Windows 8 place a high priority on the user-application experience. They provide new abstractions for developing user-applications: applications fill the screen; they have complex lifecycles that respond to user and system events; and they use semantically rich OS provided application programming interfaces (APIs) such as “get location,” “take picture,” and “search address book.” These functional changes caused OS designers to rethink security. The new application abstractions both enable and necessitate assigning each user application to a unique protection domain, rather than executing all user applications with the user’s ambient authority (the norm in traditional OSes such as Windows and UNIX).

While modern operating systems improve on the protection model of traditional desktop and server OSes, they are insufficient. My research seeks to explore modern OS security and identify novel ways of improving their protection models. For example, applications do not operate in isolation. They frequently share data. Therefore, simple sandbox isolation is insufficient. Instead, security should be based on information flow. However, information flow control (IFC) cannot be blindly applied. My work on Aquifer defines a new IFC model based on user interface workflows.

  1. Ruowen Wang, Ahmed M. Azab, William Enck, Ninghui Li, Peng Ning, Xun Chen, Wenbo Shen, and Yueqiang Cheng. SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android, Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS), April, 2017. (distinguished paper).
    (acceptance rate=18.7%)
  2. Luke Deshotels, Razvan Deaconescu, Mihai Chiroiu, Lucas Davi, William Enck, and Ahmad-Reza Sadeghi. SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, Proceedings of the ACM Conference on Computer and Communications Security (CCS), October, 2016. Vienna, Austria.
    (acceptance rate=16.5%)
  3. Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha. Practical DIFC Enforcement on Android, Proceedings of the USENIX Security Symposium, August, 2016. Austin, TX.
    (acceptance rate=15.6%)
  4. Ruowen Wang, William Enck, Douglas Reeves, Xinwen Zhang, Peng Ning, Dingbang Xu, Wu Zhou, and Ahmed Azab. EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, Proceedings of the USENIX Security Symposium, August, 2015. Washington, DC.
    (acceptance rate=15.7%)
  5. Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi. ASM: A Programmable Interface for Extending Android Security, Proceedings of the USENIX Security Symposium, August, 2014. San Diego, CA.
    (acceptance rate=19.1%) (supercedes TUD-CS-2014-0063)
  6. Tsung-Hsuan Ho, Daniel Dean, Xiaohui Gu, and William Enck. PREC: Practical Root Exploit Containment for Android Devices, Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), March, 2014. San Antonio, TX.
    (acceptance rate=16.0%) (supercedes TR-2012-12)
  7. Adwait Nadkarni William Enck. Preventing Accidental Data Disclosure in Modern Operating Systems, Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), November, 2013. Berlin, Germany.
    (acceptance rate=19.8%)
  8. Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel. Semantically Rich Application-Centric Security in Android, Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), December, 2009. Honolulu, HI. (best paper).
    (acceptance rate=19.0%) (supercedes NAS-00116)
  9. William Enck, Machigar Ongtang, and Patrick McDaniel. On Lightweight Mobile Phone Application Certification, Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), November, 2009. Chicago, IL.
    (acceptance rate=18.4%) (supercedes NAS-00113)

Discovered Vulnerabilties

Using NLP for Security

While researching Android application analysis, we frequently found that the results of static and dynamic program analysis come with the caveat: unless the user expected X to happen. For example, TaintDroid can identify when geographic location is sent to a remote server, but it required a human to review the leak as well as the description of the application, the user interface, and any EULAs that may have been presented to the user. My research seeks to bridge the semantic gap between application functionality and user expectations through the application of natural language processing (NLP) and textual analysis. For example, Whyper uses NLP to analyze the description of applications provided by their developers. The semantic model extracted from the description is compared with the permissions the application requests to determine if the permissions are expected. Whyper is just the beginning. My research continues to explore different ways in which NLP and textual analysis can be applied to enhance security analysis.

  1. Benjamin Andow, Akhil Acharya, Dengfeng Li, William Enck, Kapil Singh, and Tao Xie. UiRef: Analysis of Sensitive User Inputs in Android Applications, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July, 2017.
    (acceptance rate=22.3%)
  2. Benjamin Andow, Adwait Nadkarni, Blake Bassett, William Enck, and Tao Xie. A Study of Grayware on Google Play, Proceedings of the IEEE Mobile Security Technologies workshop (MoST), May, 2016.
    (acceptance rate=28.6%)
  3. Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. WHYPER: Towards Automating Risk Assessment of Mobile Applications, Proceedings of the USENIX Security Symposium, August, 2013. Washington, D.C..
    (acceptance rate=16.2%)

Android Application Analysis

A key driver behind the popularity of smartphones is the diversity and number of available third-party applications. Application markets such as the Google Play Store for Android and the Apple App Store for iOS provide over a million applications each. Android users can also download applications from third-party markets, which are popular in Asia. My research studies the security and privacy of Android applications using static and dynamic analysis. It has identified vulnerabilities, privacy-infringing functionality, as well as malware. For example, we developed TaintDroid and used it to identify that geographic location is frequently sent to advertisement servers without users’ knowledge. TaintDroid has been released as open source and has been used in many follow on studies and systems. In a related project, we created a decompiler for Android applications and developed a set of Fortify SCA rules to identify vulnerabilities and dangerous behavior. We used these rules to study 1,100 popular applications and reported a breadth study of our findings. Many of the areas of our findings have been expanded on by other researchers in the field. My research continues to apply static and dynamic analysis techniques to studying malware as well as security and privacy concerns in Android applications.

  1. Benjamin Andow, Akhil Acharya, Dengfeng Li, William Enck, Kapil Singh, and Tao Xie. UiRef: Analysis of Sensitive User Inputs in Android Applications, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July, 2017.
    (acceptance rate=22.3%)
  2. Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context, Proceedings of the International Conference on Software Engineering (ICSE), May, 2015. Firenze, Italy.
    (acceptance rate=18.5%)
  3. William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, ACM Transactions on Computer Systems (TOCS) 32(2), June, 2014.
    (extends egc+10)
  4. William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Communications of the ACM 57(3), March, 2014. Research Highlight.
  5. Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. WHYPER: Towards Automating Risk Assessment of Mobile Applications, Proceedings of the USENIX Security Symposium, August, 2013. Washington, D.C..
    (acceptance rate=16.2%)
  6. Saurabh Chakradeo, Brad Reaves, Patrick Traynor, and William Enck. MAST: Triage for Market-scale Mobile Malware Analysis, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), April, 2013. Budapest, Hungary. (best paper).
    (acceptance rate=15.1%)
  7. Vaibhav Rastogi, Yan Chen, and William Enck. AppsPlayground: Automatic Large-scale Dynamic Analysis of Android Applications, Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), February, 2013. San Antonio, TX.
    (acceptance rate=23.1%)
  8. William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A Study of Android Application Security, Proceedings of the 20th USENIX Security Symposium, August, 2011. San Francisco, CA.
    (acceptance rate=17.2%) (supercedes NAS-0144)
  9. William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), October, 2010. Vancouver, BC.
    (acceptance rate=16.1%) (supercedes NAS-0120)

Telecommunications Security

Securing national infrastructure such as the telecommunications network is of utmost importance. We discovered vulnerabilities in the celluar phone network that allow a careful attacker to deny voice service to metropolitain areas the size of Manhattan with little more than a cable modem by sending SMS messages from the Internet. We extended our original analysis by building a detailed GSM simulator. Through a combination of simulation and mathematical modeling, we derived a deeper understanding of the necessary preconditions for an attack, as well as an array of mitigation techniques.

  1. Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta. Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks, IEEE/ACM Transactions on Networking (TON) 17(1), February, 2009.
    (extends teml06)
  2. Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta. Exploiting Open Functionality in SMS-Capable Cellular Networks, Journal of Computer Security 16(6), December, 2008.
    (extends etml05)
  3. Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta. Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks, Proceedings of the Twelfth Annual International Conference on Mobile Computing and Networking (MobiCom), September, 2006. Los Angeles, CA.
    (acceptance rate=11.7%) (supercedes NAS-0051)
  4. William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta. Exploiting Open Functionality in SMS-Capable Cellular Networks, Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), 393–404, November, 2005. Alexandria, VA.
    (acceptance rate=15.0%) (supercedes NAS-0007)