Publications (All)
View [ by type : by year : all (with superceded) ]
Book Chapters
- Mohammad Sujan Miah, Mu Zhu, Alonso Granados, Nazia Sharmin, Iffat Anjum, Anthony Ortiz, Christopher Kiekintveld, William Enck, and Munindar P. Singh, Optimizing Honey Traffic Using Game Theory and Adversarial Learning, in Cyber Deception: Techniques, Strategies, and Human Aspects, Cham: Springer International Publishing, 2023, pp. 97–124.
[PDF] - Răzvan Deaconescu, William Enck, Mihai Chiroiu, and Luke Deshotels, iOS Security Framework: Understanding the Security of Mobile Phone Platforms, in Encyclopedia of Cryptography and Security, S. Jajodia, P. Samarati, and M. Yung, Eds. Springer Berlin Heidelberg, 2021, pp. 1–5. Living Reference Work.
[PDF] - William Enck and Adwait Nadkarni, Android’s Security Framework-Understanding the Security of Mobile Phone Platforms, in Encyclopedia of Cryptography and Security, S. Jajodia, P. Samarati, and M. Yung, Eds. Springer Berlin Heidelberg, 2021, pp. 1–5. Living Reference Work.
[PDF] - Reham Mohamed, Terrence O’Connor, Markus Miettinen, William Enck, and Ahmad-Reza Sadeghi, HONEYSCOPE: IoT Device Protection with Deceptive Network Views, in Autonomous Cyber Deception: Reasoning, Adaptive Planning, and Evaluation of HoneyThings, E. Al-Shaer, J. Wei, K. W. Hamlen, and C. Wang, Eds. Springer, 2019.
[PDF] - Adwait Nadkarni, Akash Verma, Vasant Tendulkar, and William Enck, Reliable Ad Hoc Smartphone Application Creation for End Users, in Intrusion Detection and Prevention for Mobile Ecosystems, G. Kambourakis, A. Shabtai, K. Kolias, and D. Damopoulos, Eds. CRC Press, 2017.
[PDF] - William Enck, Android’s Security Framework-Understanding the Security of Mobile Phone Platforms, in Encyclopedia of Cryptography and Security, H. C. A. Tilborg and S. Jajodia, Eds. Springer, 2011, pp. 34–37.
- William Enck, ARP Spoofing, in Encyclopedia of Cryptography and Security, H. C. A. Tilborg and S. Jajodia, Eds. Springer, 2011, pp. 48–49.
- Kevin Butler, William Enck, Patrick Traynor, Jennifer Plaster, and Patrick McDaniel, Privacy Preserving Web-Based Email, in Algorithms, Architectures and Information Systems Security, Statistical Science and Interdisciplinary Research, S. N. Bhargab Bhattacharya Susmita Sur-Kolay and A. Bagchi, Eds. World Scientific Computing, 2008.
(extends iciss06b)
Journal Articles
- Yu-Tsung Lee, Haining Chen, William Enck, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Giuseppe Petracca, and Trent Jaeger, PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage, IEEE Transactions on Dependable and Secure Computing, Aug. 2023. (early access).
- Stephan Heuser, Bradley Reaves, Praveen Kumar Pendyala, Henry Carter, Alexandra Dmitrienko, William Enck, Negar Kiyavash, Ahmad-Reza Sadeghi, and Patrick Traynor, Phonion: Practical Protection of Metadata in Telephony Networks, Proceedings on Privacy Enhancing Technologies (PoPETS), vol. 2017, no. 1, Jan. 2017.
- Bradley Reaves, Jasmine Bowers, Sigmund Albert Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, William Enck, and Patrick Traynor, *droid: Assessment and Evaluation of Android Application Analysis Tools, ACM Computing Surveys (CSUR), vol. 49, no. 3, Dec. 2016.
[PDF] - Rui Shu, Peipei Wang, Sigmund A. Gorski III, Benjamin Andow, Adwait Nadkarni, Luke Deshotels, Jason Gionta, William Enck, and Xiaohui Gu, A Study of Security Isolation Techniques, ACM Computing Surveys (CSUR), vol. 49, no. 3, Dec. 2016.
[PDF] - William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, ACM Transactions on Computer Systems (TOCS), vol. 32, no. 2, Jun. 2014.
(extends egc+10) - William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Communications of the ACM, vol. 57, no. 3, Mar. 2014. Research Highlight.
- Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel, Semantically Rich Application-Centric Security in Android, Journal of Security and Communication Networks, vol. 5, no. 6, pp. 658–673, Jun. 2012.
[PDF] (extends omem09) - Patrick Traynor, Kevin Butler, William Enck, Kevin Borders, and Patrick McDaniel, malnets: Large-Scale Malicious Networks via Compromised Wireless Access Points, Journal of Security and Communication Networks, vol. 3, no. 2, pp. 102–113, Mar. 2010.
(supercedes NAS-0048) - Heesook Choi, William Enck, Jaesheung Shin, Patrick McDaniel, and Thomas La Porta, ASR: Anonymous and Secure Reporting of Traffic Forwarding Activity in Mobile Ad Hoc Networks, Wireless Networks (WINET), vol. 15, no. 4, pp. 525–539, May 2009. (Published online October 2007).
[PDF] (extends ces+05) (supercedes NAS-0034) - William Enck, Thomas Moyer, Patrick McDaniel, Subhabrata Sen, Panagiotis Sebos, Sylke Spoerel, Albert Greenberg, Yu-Wei Eric Sung, Sanjay Rao, and William Aiello, Configuration Management at Massive Scale: System Design and Experience, IEEE Journal on Selected Areas in Communications (JSAC), vol. 27, no. 3, pp. 323–335, Apr. 2009.
(extends ems+07) - Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks, IEEE/ACM Transactions on Networking (TON), vol. 17, no. 1, Feb. 2009.
(extends teml06) - William Enck, Machigar Ongtang, and Patrick McDaniel, Understanding Android Security, IEEE Security and Privacy Magazine, vol. 7, no. 1, pp. 50–57, Jan. 2009.
- Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks, Journal of Computer Security, vol. 16, no. 6, Dec. 2008.
(extends etml05) - Wesam Lootah, William Enck, and Patrick McDaniel, TARP: Ticket-based Address Resolution Protocol, Computer Networks, vol. 51, no. 15, pp. 4322–4337, Oct. 2007.
[PDF] (extends lem05)
Conference Publications
- Giacomo Benedetti, Oreofe Solarin, Courtney Miller, Greg Tystahl, William Enck, Christian Kästner, Alexandros Kapravelos, Alessio Merlo, and Luca Verderame, An Empirical Study on Reproducible Packaging in Open-Source Ecosystems, in Proceedings of the IEEE/ACM International Conference on Software Engineering (ICSE), 2025.
- Nathaniel Bennett, Weidong Zhu, Benjamin Simon, Ryon Kennedy, William Enck, Patrick Traynor, and Kevin Butler, RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces, in Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2024.
- Trevor Dunlap, John Speed Meyers, Brad Reaves, and William Enck, Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs, in Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2024.
[PDF] - Trevor Dunlap, Elizabeth Lin, William Enck, and Bradley Reaves, VFCFinder: Pairing Security Advisories and Patches, in Proceedings of the ACM ASIA Conference on Computer and Communications Security (AsiaCCS), 2024.
[PDF] (acceptance rate=19.4%) - K. Virgil English and Nathaniel Bennett and Seaver Thorn and Kevin Butler and William Enck and Patrick Traynor, Examining Cryptography and Randomness Failures in Open-Source Cellular Cores, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), 2024. (best paper).
[PDF] (acceptance rate=21.25%) - Seaver Thorn, K. Virgil English, Kevin Butler, and William Enck, 5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network Functions, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2024.
[PDF] (acceptance rate=21.1%) - Isaac Polinsky, Pubali Datta, Adam Bates, and William Enck, GRASP: Hardening Serverless Applications through Graph Reachability Analysis of Security Policies, in Proceedings of ACM The Web Conference, 2024.
[PDF] (acceptance rate=20.2%) - Elizabeth Lin, Igibek Koishybayev, Trevor Dunlap, William Enck, and Alexandros Kapravelos, UntrustIDE: Exploiting Weaknesses in VS Code Extensions, in Proceedings of the ISOC Network and Distributed Systems Symposium (NDSS), 2024. (distinguished paper).
[PDF] - Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros Kapravelos, and Aravind Machiry, ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions, in Proceedings of the USENIX Security Symposium, 2023, pp. 6983–7000.
[PDF] (acceptance rate=29%) - Trevor Dunlap, Seaver Thorn, William Enck, and Bradley Reaves, Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis, in Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), 2023, pp. 489–505.
[PDF] (acceptance rate=35.0%) - Iffat Anjum, Jessica Sokal, Hafiza Ramzah Rehman, Ben Weintraub, Ethan Leba, William Enck, Cristina Nitarotaru, and Bradley Reaves, MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy, in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2023, pp. 121–132.
[PDF] (acceptance rate=20.4%) - Marcel Fourné, Dominik Wermke, William Enck, Sascha Fahl, and Yasemin Acar, It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security, in Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2023, pp. 1527–1544.
[PDF] (acceptance rate=17%) - Samin Yaseer Mahmud, K. Virgil English, Seaver Thorn, William Enck, Adam Oest, and Muhammad Saad, Analysis of Payment Service Provider SDKs in Android, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2022, pp. 576–590.
[PDF] (acceptance rate=24.1%) - Pubali Datta, Isaac Polinsky, Muhammad Adil Inam, Adam Bates, and William Enck, ALASTOR: Reconstructing the Provenance of Serverless Intrusions, in Proceedings of the USENIX Security Symposium, 2022, pp. 2443–2460.
[PDF] (acceptance rate=18%) - Sigmund Albert Gorski III, Seaver Thorn, William Enck, and Haining Chen, FReD: Identifying File Re-Delegation in Android System Services, in Proceedings of the USENIX Security Symposium, 2022, pp. 1526–1542.
[PDF] (acceptance rate=18%) - Iffat Anjum, Daniel Kostecki, Ethan Leba, Jessica Sokal, Rajit Bharambe, William Enck, Cristina Nita-Rotaru, and Bradley Reaves, Removing the Reliance on Perimeters for Security using Network Views, in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2022, pp. 151–162. (best student paper).
[PDF] - Trevor Dunap, William Enck, and Bradley Reaves, A Study of Application Sandbox Policies in Linux, in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2022, pp. 19–30.
[PDF] - Yu-Tsung Lee, William Enck, Haining Chen, Zhiyun Qian, Ninghui Li, Hayawardh Vijayakumar, Trent Jaeger, Giuseppe Petracca, and Daimeng Wang, PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems, in Proceedings of the USENIX Security Symposium, 2021, pp. 2579–2596.
[PDF] (acceptance rate=18.8%) - Isaac Polinsky, Pubali Datta, Adam Bates, and William Enck, SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless Computing, in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2021, pp. 175–186.
[PDF] - Iffat Anjum, Mu Zhu, Isaac Polinsky, William Enck, Michael K. Reiter, and Munindar Singh, Role-Based Deception in Enterprise Networks, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), 2021, pp. 65–76.
(acceptance rate=24.5%) - Christopher Lentzsch, Sheel Jayesh Shah, Martin Degeling, Benjamin Andow, Anupam Das, and William Enck, Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem, in Proceedings of the ISOC Network and Distributed Systems Symposium (NDSS), 2021.
[PDF] (acceptance rate=15.2%) - Richard Mitev, Anna Pazii, Markus Miettinen, William Enck, and Ahmad-Reza Sadeghi, LeakyPick: IoT Audio Spy Detector, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2020, pp. 694–705.
[PDF] (acceptance rate=23.2%) - Samin Yaseer Mahmud, Akhil Acharya, Benjamin Andow, William Enck, and Bradley Reaves, Cardpliance: PCI DSS Compliance of Android Applications, in Proceedings of the USENIX Security Symposium, Boston, MA, 2020, pp. 1517–1533.
[PDF] (acceptance rate=16.3%) - Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman, Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck, in Proceedings of the USENIX Security Symposium, Boston, MA, 2020, pp. 985–1002.
[PDF] (acceptance rate=16.3%) - Luke Deshotels, Costin Carabas, Jordan Beichler, Razvan Deaconescu, and William Enck, Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS, in Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, 2020, pp. 1056–1070.
[PDF] (acceptance rate=12.3%) - Isaac Polinsky, Kyle Martin, William Enck, and Mike Reiter, n-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), New Orleans, LA, 2020, pp. 235–246.
[PDF] (acceptance rate=20%) - Justin Whitaker, Sathvik Prasad, Bradley Reaves, and William Enck, Thou Shalt Discuss Security: Quantifying the Impacts of Instructions to RFC Authors, in Proceedings of the Conference on Security Standards Research (SSR), 2019, pp. 57–68.
(acceptance rate=35%) - Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie, PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play, in Proceedings of the USENIX Security Symposium, Santa Clara, CA, 2019, pp. 585–602.
[PDF] (acceptance rate=16%) - TJ OConnor, Reham Mohamed, Markus Miettinen, William Enck, Bradley Reaves, and Ahmad-Reza Sadeghi, HomeSnitch: Behavior Transparency and Control for Smart Home IoT Devices, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Miami, FL, 2019, pp. 128–138.
[PDF] (acceptance rate=25.6%) - TJ OConnor, William Enck, and Bradley Reaves, Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Miami, FL, 2019, pp. 140–150. (best paper).
[PDF] (acceptance rate=25.6%) - Sigmund Albert Gorski III and William Enck, ARF: Identifying Re-Delegation Vulnerabilities in Android System Services, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Miami, FL, 2019, pp. 151–161.
[PDF] (acceptance rate=25.6%) - Sanket Goutam, William Enck, and Bradley Reaves, Hestia: Simple Least Privilege Network Policies for Smart Homes, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Miami, FL, 2019, pp. 215–220. (short paper).
[PDF] (acceptance rate=32.2%) - Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, and Alexandre Bartel, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), Dallas, TX, 2019, pp. 25–36.
[PDF] (acceptance rate=23.5%) - Luke Deshotels, Razvan Deaconescu, Costin Carabas, Iulia Manda, William Enck, Mihai Chiroiu, Ninghui Li, and Ahmad-Reza Sadeghi, iOracle: Automated Evaluation of Access Control Policies in iOS, in Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS), Songdo, Incheon, Korea, 2018, pp. 117–131.
[PDF] (acceptance rate=20.0%) - TJ OConnor, William Enck, W. Michael Petullo, and Akash Verma, PivotWall: SDN-Based Information Flow Control, in Proceedings of the ACM Symposium on SDN Research (SOSR), Los Angeles, CA, 2018, pp. 1–14.
[PDF] (acceptance rate=28.6%) - Haining Chen, Ninghui Li, William Enck, Yousra Aafer, and Xiangyu Zhang, Analysis of SEAndroid Policies: Combining MAC and DAC in Android, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, 2017.
(acceptance rate=19.7%) - Benjamin Andow, Akhil Acharya, Dengfeng Li, William Enck, Kapil Singh, and Tao Xie, UiRef: Analysis of Sensitive User Inputs in Android Applications, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2017.
[PDF] (acceptance rate=22.3%) - Ruowen Wang, Ahmed M. Azab, William Enck, Ninghui Li, Peng Ning, Xun Chen, Wenbo Shen, and Yueqiang Cheng, SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android, in Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS), 2017. (distinguished paper).
[PDF] (acceptance rate=18.7%) - Rui Shu, Xiaohui Gu, and William Enck, A Study of Security Vulnerabilities on Docker Hub, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), Scottsdale, Arizona, 2017.
[PDF] - Luke Deshotels, Razvan Deaconescu, Mihai Chiroiu, Lucas Davi, William Enck, and Ahmad-Reza Sadeghi, SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, in Proceedings of the ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, 2016.
[PDF] (acceptance rate=16.5%) - Jason Gionta, William Enck, and Per Larsen, Preventing Kernel Code-Reuse Attacks Through Disclosure Resistant Code Diversification, in Proceedings of the IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, 2016.
(acceptance rate=29.0%) - Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha, Practical DIFC Enforcement on Android, in Proceedings of the USENIX Security Symposium, Austin, TX, 2016.
[PDF] (acceptance rate=15.6%) - Terrence OConnor and William Enck, Code-Stop: Code-Reuse Prevention By Context-Aware Traffic Proxying, in Proceedings of the International Conference on Internet Monitoring and Protection (ICIMP), Valencia, Spain, 2016.
[PDF] (acceptance rate=28%) - Ruowen Wang, William Enck, Douglas Reeves, Xinwen Zhang, Peng Ning, Dingbang Xu, Wu Zhou, and Ahmed Azab, EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, in Proceedings of the USENIX Security Symposium, Washington, DC, 2015.
[PDF] (acceptance rate=15.7%) - Daniel J. Dean, Peipei Wang, Xiaohui Gu, William Enck, and Guoliang Jin, Automatic Server Hang Bug Diagnosis: Feasible Reality or Pipe Dream?, in Proceedings of the IEEE International Conference on Autonomic Computing (ICAC), Grenoble, France, 2015. (short paper).
[PDF] (acceptance rate=27.5%) - Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck, AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context, in Proceedings of the International Conference on Software Engineering (ICSE), Firenze, Italy, 2015.
[PDF] (acceptance rate=18.5%) - Jason Gionta, William Enck, and Peng Ning, HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2015.
[PDF] (acceptance rate=21.3%) - Jason Gionta, Ahmed Azab, William Enck, Peng Ning, and Xiaolan Zhang, SEER: Practical Memory Virus Scanning as a Service, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), New Orleans, LA, 2014.
[PDF] (acceptance rate=19.9%) - Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi, ASM: A Programmable Interface for Extending Android Security, in Proceedings of the USENIX Security Symposium, San Diego, CA, 2014.
[PDF] (acceptance rate=19.1%) (supercedes TUD-CS-2014-0063) - Adwait Nadkarni, Vasant Tendulkar, and William Enck, NativeWrap: Ad Hoc Smartphone Application Creation for End Users, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Oxford, United Kingdom, 2014.
[PDF] (acceptance rate=26.0%) - Tsung-Hsuan Ho, Daniel Dean, Xiaohui Gu, and William Enck, PREC: Practical Root Exploit Containment for Android Devices, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2014.
[PDF] (acceptance rate=16.0%) (supercedes TR-2012-12) - Adwait Nadkarni and William Enck, Preventing Accidental Data Disclosure in Modern Operating Systems, in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, 2013.
[PDF] (acceptance rate=19.8%) - Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie, WHYPER: Towards Automating Risk Assessment of Mobile Applications, in Proceedings of the USENIX Security Symposium, Washington, D.C., 2013.
[PDF] (acceptance rate=16.2%) - Saurabh Chakradeo, Brad Reaves, Patrick Traynor, and William Enck, MAST: Triage for Market-scale Mobile Malware Analysis, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Budapest, Hungary, 2013. (best paper).
[PDF] (acceptance rate=15.1%) - Vaibhav Rastogi, Yan Chen, and William Enck, AppsPlayground: Automatic Large-scale Dynamic Analysis of Android Applications, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2013.
[PDF] (acceptance rate=23.1%) - Vasant Tendulkar, Joe Pletcher, Ashwin Shashidharan, Ryan Snyder, Kevin Butler, and William Enck, Abusing Cloud-based Browsers for Fun and Profit, in Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), Orlando, FL, 2012.
[PDF] (acceptance rate=19.0%) - William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri, A Study of Android Application Security, in Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, 2011.
[PDF] (acceptance rate=17.2%) (supercedes NAS-0144) - William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, in Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, BC, 2010.
[PDF] (acceptance rate=16.1%) (supercedes NAS-0120) - Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel, Semantically Rich Application-Centric Security in Android, in Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), Honolulu, HI, 2009. (best paper).
[PDF] (acceptance rate=19.0%) (supercedes NAS-00116) - William Enck, Machigar Ongtang, and Patrick McDaniel, On Lightweight Mobile Phone Application Certification, in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, 2009.
[PDF] (acceptance rate=18.4%) (supercedes NAS-00113) - William Enck, Patrick McDaniel, and Trent Jaeger, PinUP: Pinning User Files to Known Applications, in Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), Anaheim, CA, 2008.
[PDF] (acceptance rate=24.3%) (supercedes NAS-0063) - William Enck, Kevin Butler, Thomas Richardson, Patrick McDaniel, and Adam Smith, Defending Against Attacks on Main Memory Persistence, in Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), Anaheim, CA, 2008.
[PDF] (acceptance rate=24.3%) (supercedes NAS-0029) - Patrick Traynor, Kevin Butler, William Enck, and Patrick McDaniel, Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems, in Proceedings of the 15th Annual Network and Distributed System Security Symposium, San Diego, CA, 2008.
(acceptance rate=17.7%) (supercedes NAS-0070) - William Enck, Patrick McDaniel, Subhabrata Sen, Panagiotis Sebos, Sylke Spoerel, Albert Greenberg, Sanjay Rao, and William Aiello, Configuration Management at Massive Scale: System Design and Experience, in Proceedings of the USENIX Annual Technical Conference, Santa Clara, CA, 2007.
[PDF] (acceptance rate=23.8%) - Hosam Rowihy, William Enck, Patrick McDaniel, and Thomas La Porta, Limiting Sybil Attacks in Structured P2P Networks, in Proceedings of the IEEE INFOCOM’07 Minisymposium, 2007.
[PDF] (acceptance rate=25%) (supercedes NAS-0017) - Kevin Butler, William Enck, Jennifer Plasterr, Patrick Traynor, and Patrick McDaniel, Privacy-Preserving Web-Based Email, in Proceedings of 2nd International Conference on Information Systems Security (ICISS), Kolkata, India, 2006.
[PDF] (acceptance rate=30.4%) (supercedes NAS-0009) - Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks, in Proceedings of the Twelfth Annual International Conference on Mobile Computing and Networking (MobiCom), Los Angeles, CA, 2006.
[PDF] (acceptance rate=11.7%) (supercedes NAS-0051) - Wesam Lootah, William Enck, and Patrick McDaniel, TARP: Ticket-Based Address Resolution Protocol, in 21st Annual Computer Security Applications Conference (ACSAC), Tuscon, AZ, 2005, pp. 95–103.
[PDF] (acceptance rate=19.2%) (supercedes NAS-0010) - William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks, in Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, 2005, pp. 393–404.
[PDF] (acceptance rate=15.0%) (supercedes NAS-0007) - Heesook Choi, William Enck, Jaesheung Shin, Patrick McDaniel, and Thomas La Porta, Secure Reporting of Traffic Forwarding Activity in Mobile Ad Hoc Networks, in MobiQuitous 2005, San Diego, CA, 2005.
[PDF] (acceptance rate=35%)
Workshop Publications
- Mu Zhu, Mohammad Miah, Nazia Sharmin, Iffat Anjum, Christopher Kiekintveld, William Enck, and Munindar Singh, Optimizing Vulnerability-Driven Honey Traffic Using Game Theory, in Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security (AICS), 2020.
- Benjamin Andow, Adwait Nadkarni, Blake Bassett, William Enck, and Tao Xie, A Study of Grayware on Google Play, in Proceedings of the IEEE Mobile Security Technologies workshop (MoST), 2016.
(acceptance rate=28.6%) - Qian Liu, Anne Collins McLaughlin, Benjamin Watson, William Enck, and Agnes Davis, Multitasking Increases Stress and Insecure Behavior on Mobile Devices, in Proceedings of the International Annual Meeting of the Human Factors and Ergonomics Society (HFES), 2015, pp. 1110–1114.
[PDF] - Jason Gionta, Ahmed Azab, William Enck, Peng Ning, and Xiaolan Zhang, DACSA: A Decoupled Architecture for Cloud Security Analysis, in Proceedings of the 7th Workshop on Cyber Security Experimentation and Test (CSET), 2014.
[PDF] (acceptance rate=40.0%) - Vasant Tendulkar and William Enck, An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities, in Proceedings of the IEEE Mobile Security Technologies workshop (MoST), 2014.
[PDF] (acceptance rate=36.7%) - David Barrera, William Enck, and Paul C. van Oorschot, Meteor: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems, in Proceedings of the IEEE Mobile Security Technologies workshop (MoST), 2012.
[PDF] (acceptance rate=39.3%) (supercedes TR-11-06) - Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor, and Patrick McDaniel, Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST, in Proceedings of the USENIX/ACCURATE Electronic Voting Technology (EVT) Workshop, 2008.
[PDF] (acceptance rate=44.1%) (supercedes NAS-0087,NAS-0088) - William Enck, Sandra Rueda, Yogesh Sreenivasan, Joshua Schiffman, Luke St. Clair, Trent Jaeger, and Patrick McDaniel, Protecting Users from "Themselves", in Proceedings of the 1st ACM Computer Security Architectures Workshop, Alexandria, VA, 2007.
[PDF] (acceptance rate=30%) (supercedes NAS-0073)
Invited Papers
- William Enck, Defending Users Against Smartphone Apps: Techniques and Future Directions, in Proceedings of 7th International Conference on Information Systems Security (ICISS), Kolkata, India, 2011. (Invited).
[PDF] - Luke St. Clair, Lisa Johansen, William Enck, Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Trent Jaeger, Password Exhaustion: Predicting the End of Password Usefulness, in Proceedings of 2nd International Conference on Information Systems Security (ICISS), Kolkata, India, 2006. (Invited).
[PDF] (supercedes NAS-0030)
Columns
- Nusrat Zahan, Elizabeth Lin, Mahzabin Tamanna, William Enck, and Laurie Williams, Software Bills of Materials Are Required. Are We There Yet?, IEEE Security and Privacy Magazine, vol. 21, no. 2, pp. 82–88, Mar. 2023. (column).
- William Enck and Laurie Williams, Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations, IEEE Security and Privacy Magazine, vol. 20, no. 2, pp. 96–100, Mar. 2022. (column, best paper).
[PDF] - William Enck and Adwait Nadkarni, What if the FBI tried to crack an Android phone? We attacked one to find out, The Conversation, Mar. 2016.
[PDF] - Patrick McDaniel and William Enck, Not So Great Expectations: Why Application Markets Haven’t Failed Security, IEEE Security and Privacy Magazine, vol. 8, no. 5, pp. 76–78, Sep. 2010. (Secure Systems issue column).
Poster Abstracts
- Samin Yaseer Mahmud and William Enck, A Study of Security Weaknesses in Android Payment Service Provider SDKs, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, 2022.
- Rayhanur Rahman, William Enck, and Laurie Williams, Do Configuration Management Tools Make Systems More Secure? An Empirical Research Plan, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, 2020.
- Wei Yang, Xusheng Xiao, Rahul Pandita, William Enck, and Tao Xie, Improving Mobile Application Security via Bridging User Expectations and Application Behaviors, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, 2014.
- Agnes Davis, Ashwin Shashidharan, Qian Liu, William Enck, Anne Mclaughlin, and Benjamin Watson, Insecure Behaviors on Mobile Devices under Stress, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, 2014.
- Qian Liu, Juhee Bae, Benjamin Watson, and William Enck, Modeling and Sensing Risky User Behavior based on Mobile Devices, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, 2014.
Tech Reports
- Trevor Dunlap, Elizabeth Lin, William Enck, and Bradley Reaves, VFCFinder: Seamlessly Pairing Security Advisories and Patches. Nov-2023. arXiv:2311.01532.
[PDF] - William Enck, Yasemin Acar, Michel Cukier, Alexandros Kapravelos, Christian Kästner, and Laurie Williams, S3C2 Summit 2023-06: Government Secure Supply Chain Summit. Aug-2023. arXiv:2308.06850.
[PDF] - Trevor Dunlap, Yasemin Acar, Michel Cucker, William Enck, Alexandros Kapravelos, Christian Kastner, and Laurie Williams, S3C2 Summit 2023-02: Industry Secure Supply Chain Summit. Jul-2023. arXiv:2307.16557.
[PDF] - Mindy Tran, Yasemin Acar, Michel Cucker, William Enck, Alexandros Kapravelos, Christian Kastner, and Laurie Williams, S3C2 Summit 2022-09: Industry Secure Suppy Chain Summit. Jul-2023. arXiv:2307.15642.
[PDF] - Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, and Alexandre Bartel, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware. Jan-2019. arXiv:1901.03603.
[PDF] - Razvan Deaconescu, Luke Deshotels, Mihai Bucicoiu, William Enck, Lucas Davi, and Ahmad-Reza Sadeghi, SandBlaster: Reversing the Apple Sandbox. Aug-2016. arXiv:1608.04303.
[PDF] - Adwait Nadkarni, Anmol Sheth, Udi Weinsberg, Nina Taft, and William Enck, GraphAudit: Privacy Auditing for Massive Graph Mining, North Carolina State University, Department of Computer Science, Raleigh, NC, TR-2014-10, Aug. 2014.
- Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi, ASM: A Programmable Interface for Extending Android Security, Intel CRI-SC at TU Darmstadt, North Carolina State University, CASED / TU Darmstadt, TUD-CS-2014-0063, Mar. 2014.
[PDF] - Tsung-Hsuan Ho, Daniel J. Dean, Xiaohui Gu, and William Enck, Less is More: Selective Behavior Learning for Efficient Android Root Exploit Detection, North Carolina State University, Department of Computer Science, Raleigh, NC, TR-2012-12, Sep. 2012.
- David Barrera, William Enck, and Paul C. van Oorschot, Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems, Carleton University, School of Computer Science, Ottawa, ON, Canada, TR-11-06, Apr. 2011.
[PDF] - William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri, A Study of Android Application Security, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0144-2011, Jan. 2011. Updated May 2011.
[PDF] - William Enck and Patrick McDaniel, Federated Information Flow Control for Mobile Phones, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0136-2010, Jul. 2010.
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0120-2010, Feb. 2010. Updated September 2010.
[PDF] - Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel, Semantically Rich Application-Centric Security in Android, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0116-2009, Jun. 2009.
- William Enck, Machigar Ongtang, and Patrick McDaniel, On Lightweight Mobile Phone App Certification, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0113-2009, Apr. 2009.
- William Enck, Machigar Ongtang, and Patrick McDaniel, Mitigating Android Software Misuse Before It Happens, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0094-2008, Sep. 2008. Updated Nov 2008.
[PDF] - Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor, and Patrick McDaniel, Systemic Issues in the and Hart InterCivic Voting System: Reflections Following Project EVEREST, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0088-2008, Apr. 2008.
- Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor, and Patrick McDaniel, Systemic Issues in the and Premier Voting System: Reflections Following Project EVEREST, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0087-2008, Apr. 2008.
- William Enck, Sandra Rueda, Joshua Schiffman, Yogesh Sreenivasan, Luke St. Clair, Trent Jaeger, and Patrick McDaniel, Protecting Users From “Themselves,” Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0073-2007, Jun. 2007.
- Patrick Traynor, Kevin Butler, William Enck, and Patrick McDaniel, Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0070-2007, May 2007.
- William Enck, Patrick McDaniel, and Trent Jaeger, PinUP: Pinning User Files to Known Applications , Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0063-2007, Feb. 2007. Updated August 2008.
- Lisa Johansen, Kevin Butler, William Enck, Patrick Traynor, and Patrick McDaniel, Grains of SANs: Building Storage Area Networks from Memory Spots, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0060-2007, Jan. 2007.
- Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Mitigating Attacks on Open Functionality in SMS-Capable Networks, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0051-2006, Oct. 2006.
- Patrick Traynor, Kevin Butler, William Enck, Kevin Borders, and Patrick McDaniel, \em malnets: Large-Scale Malicious Networks via Compromised Wireless Access Points, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0048-2006, Sep. 2006.
- Heesook Choi, William Enck, Jaesheung Shin, Patrick McDaniel, and Thomas La Porta, ASR: Anonymous and Secure Reporting of Traffic Forwarding Activity in Mobile Ad Hoc Networks, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0034-2006, Mar. 2006.
- William Enck, Kevin Butler, Thomas Richardson, and Patrick McDaniel, Securing Non-Volatile Main Memory, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0029-2006, Feb. 2006.
- Luke St. Clair, Lisa Johansen, William Enck, Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Trent Jaeger, Password Exhaustion: Predicting the End of Password Usefulness, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0030-2006, Feb. 2006.
- Hosam Rowaihy, William Enck, Patrick McDaniel, and Thomas La Porta, Limiting Sybil Attacks in Structured Peer-to-Peer Networks, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0017-2005, Jul. 2005.
- Wesam Lootah, William Enck, and Patrick McDaniel, TARP: Ticket-Based Address Resolution Protocol, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0010-2005, Jun. 2005.
- Patrick Traynor, Kevin Butler, William Enck, Jennifer Plasterr, Scott Weaver, John van Bramer, and Patrick McDaniel, Privacy-Preserving Web-Based Email, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0009-2005, Jun. 2005.
- William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks, Network and Security Center, Department of Computer Science, Pennsylvania State University, NAS-TR-0007-2005, May 2005.
Miscellaneous
- William Enck, 17th USENIX Security Symposium Conference Summaries. USENIX ;login Magazine, Dec-2008.
- Patrick McDaniel, Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor, Matt Blaze, Adam Aviv, Pavol Cerny, Sandy Clark, Eric Cronin, Gaurav Shah, Micah Sherr, Giovanni Vigna, Richard Kemmerer, David Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, William Robertson, Fredrik Valeur, Joseph Lorenzo Hall, and Laura Quilter, EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing. Dec-2007.
[PDF] - William Enck, 16th USENIX Security Symposium Conference Summaries. USENIX ;login Magazine, Dec-2007.