News

November 17, 2009:

The paper "On Cellular Botnets: Measuring the impact of Malicious Devices on Cellular Network Core" written by Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jager, and Patrick McDaniel, presented at CCS 2009, was featured on New Scientist .

November 2, 2009:

The Communication Network Research Center (NSRC) will start a new interdisciplinary research center with approximately $35.5 million in funding over 10 years from the Army Reseach Lab. These new center will be extremely beneficial for both the Center and SIIS lab as one of the Center member research laboratories. Congratulations to the NSRC faculty for this achievement and specially to Professor Adam Smith, SIIS lab faculty, as he is one of the researchers in the new center.

October 20, 2009:

Professor Patrick McDaniel was featured on State College News in a faculty Q&A.

October 20, 2009:

SIIS Lab student, Thomas Moyer, has been selected as a finalist to the CSAW Research Award Committee for his work on Scalable Web Content Attestation. This work studies the reasons why trusted hardware is becoming common in computers, but is seeing little adoption. Below, Tom describes his work: "Current commodity trusted hardware is very slow and as such is not used in high load systems, such as web servers. We have built a system that utilizes commodity trusted hardware to provide attestations of both the system state and the content being served with low overhead. We have integrated this system into a web server, and are currently exploring other systems that will benefit from being able to provide attestation of content and system state." Congratulations Tom.

September 15, 2009:

Dr. Patrick McDaniel was awarded two National Science Foundation grants entitled "Security Services in Open Telecomunnications Networks" and "Secure Provenance in High-End Computing Systems". Congratulations Professor McDaniel!. More Information.

September 1, 2009:

Dr. Trent Jaeger was awarded two National Science Foundation grants entitled "Techniques to Retrofit Legacy Code with Security" and "Establishing Integrity in Dynamic Networks of Cyber Physical Devices". Congratulations Professor Jaeger!. More information.

August 28, 2009:

The papers "Semantically Rich Application-Centric Security in Android" written by Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel, "Scalable Web Content Attestation" written by Thomas Moyer, Kevin Butler, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger, and "Justifying Integrity Using a Virtual Machine Verifier" written by Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel, have been accepted at the 25th Annual Computer Security Applications Conference (ACSAC) to be held December 7-11, in Hawaii, USA.

August 15, 2009:

The papers "On Cellular Botnets: Measuring the impact of Malicious Devices on a Cellular Network Core" written by Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, and Patrick McDaniel, and "On Lightweight Mobile Phone Application Certification" written by William Enck, Machigar Ongtang, and Patrick McDaniel, have been accepted at the 16th ACM Conference on Computer and Communications Security (CCS) to be held November 9-13, in Chicago, USA.

August 3, 2009:

Dave King passed his doctoral defense. Congratulations to Dr. King for his great work!

July 9, 2009:

Professor Adam Smith will be receiving the NSF PECASE award from President Obama in a White House ceremony this Fall. "The Presidential Early Career Award for Scientists and Engineers (PECASE) program was established to identify and honor outstanding scientists and engineers that show exceptional potential for leadership at the frontiers of knowledge". Congratulations to Professor Smith.

April 17, 2009:

Professor Patrick McDaniel received the Outstanding Research Award from the Penn State Engineering Society (PSES).The Penn State Engineering Society Outstanding Research Award recognizes individuals who, by their contributions to knowledge, have brought recognition to themselves, the College, and Penn State. Congratulations to Professor McDaniel. Official Announcement

March 9, 2009:

The paper "Analysis of Virtual Machine System Policies" written by Sandra Rueda, Hayawardh Vijayakumar, and Trent Jaeger, has been accepted at the 14th ACM Symposium on Access Control Models (SACMAT) to be held June 3-5 in Italy.

February 26, 2009:

Lockheed Martin has announced a partership with Penn State to develop innovative solutions for the energy sector by funding research and development projects. The research will include advisory and control methods, predictive and diagnostic modeling and simulation, cybersecurity, and the development of a test bed for exploration, experimentation and validations of Advanced Meter Infrastructure and Smart Grid technologies. The SIIS Lab will work on ensuring that Smart Grid implementations are secure, protecting energy users' privacy and guaranteeing billing accuracy for utilities. Lockheed Announcement.

February 25, 2009:

Congratulations to Kevin Butler, who won a Symantec Research Labs Graduate Fellowship. This award recognizes students performing innovative research with real-world value in areas of information security, availability, and integrity. More information is available in Symantec's press release.

February 1, 2009:

Professor Patrick McDaniel is now Area Editor of Secure Systems for the IEEE Magazine in Security and Privacy. "The primary objective of IEEE Security and Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community". Congratulations to Professor McDaniel on his selection.

January 5, 2009:

Graduate student William Enck presented an invited talk/tutorial entitled "Understanding Android's Security Framework" at Georgia Tech University.

December 19, 2008:

The paper "Configuration Management at Massive Scale: System Design and Experience" written by William Enck, Thomas Moyer, Patrick McDaniel, Subhabrata Sen, Panagiotis Sebos, Sylke Spoerel, Albert Greenberg, Yu-Wei Eric Sung, Sanjay Rao, and William Aiello, has been accepted for publication in the IEEE Journal on Selected Areas in Communications (JSAC).

October 29, 2008:

SIIS graduate student William Enck and Professor Patrick McDaniel gave a tutorial entitled "Understanding Android's Security Framework" at the ACM Conference on Computer and Communications Security (CCS). The slides and example programs are publically available.

September 18, 2008:

The research report "Characterizing the Limitations of Third-Party EAS Over Cellular Text Messaging Services" written by Patrick Traynor, Penn State and SIIS Lab alumnus and current Assistant Professor in the school of Computer Science at the Georgia Institute of Technology, has been published by 3G Americas. Press release.

September 10, 2008:

The book "Operating System Security" written by Trent Jaeger is available. The goal of the book is to help system designers and implementors to understand the requirements for operating systems that effectively enforce security and how to balance functionality and security.

September 9, 2008:

Professor Adam Smith received a Faculty Early Career Development award (CAREER) from the National Science Foundation. The CAREER program offers "the National Science Foundation's most prestigious awards in support of junior faculty who exemplify the role of teacher-scholars through outstanding research, excellent education and the integration of education and research within the context of the mission of their organizations." Congratulations to Professor Smith!.

September 5, 2008:

The paper "Implicit Flows: Can't Live With 'Em, Can't Live Without 'Em", written by Dave King, Boniface Hicks, Michael Hicks, and Trent Jaeger, has been accepted at the 4th International Conference on Information Systems Security (ICISS).

August 29, 2008:

PhD candidate Joshua Schiffman has been awarded one of the University Graduate Fellowships. These awards are based on the quality and accomplishments of the students. Congratulations to Joshua on his award.

August 28, 2008:

The book "Security for Telecommunication Networks" written by Patrick Traynor, Patrick McDaniel and Thomas LaPorta is available. The book is designed to help researchers interested in networking and security get involved in securing telecommunication systems.

August 18, 2008:

The papers "PinUP: Pinning User Files to Known Applications" written by William Enck, Patrick McDaniel, and Trent Jaeger, and "Defending Against Attacks on Main Memory Persistence" written by William Enck, Kevin R. B. Butler, Thomas Richardson, Patrick McDaniel, and Adam Smith, and "New Side Channel Attacks Targeting Passwords" written by Albert Tannous, Jonathan Trostle, Mohamed Hassan, Stephen E. McLaughin, and Trent Jaeger have been accepted to the 24th Annual Computer Security Applications Conference (ACSAC) to be held December 8-12 in Anaheim, California.

August 13, 2008:

On August 9, 2008, a federal court judge issued a temporary restraining order against three MIT student researchers to prevent a public presentation about vulnerabilities in the Massachusetts Bay Transit Authority (MBTA) fare payment system. Such legal actions pose significant threat to academic security researchers. A letter supporting an appeal, signed by a number of computer scientists, including the SIIS Lab's Professor Patrick McDaniel, concludes with the following:

"In sum, we are concerned that the pall cast by the temporary restraining order will stifle research efforts and weaken academic computing research programs. In turn, we fear the shadow of the law's ambiguities will reduce our ability to contribute to industrial research in security technologies at the heart of our information infrastructure."

The Electronic Frontier Foundation webpage contains more complete details on the case.

August 1, 2008:

Professor Patrick McDaniel has been selected to serve as Associate Editor of the IEEE Transactions on Computers. IEEE Transactions on Computers is a publication in the fields of computer organizations and and architectures, operating systems, software systems, and communication protocols, real-time systems and embedded systems, digital devices, computer components, and interconnection networks, specification, design, prototyping, and testing methods and tools, performance, fault tolerance, reliability, security, and testability, case studies and experimental and theoretical evaluations, and new applications and trends. Congratulations to Professor McDaniel on his selection to the editorial board.

July 31, 2008:

The paper "Rootkit-Resistant Disks" written by Kevin R. B. Butler, Stephen McLaughlin and Patrick D. McDaniel has been accepted at the 15th ACM Conference on Computer and Communications Security (CCS) to be held October 27 - October 31 in Alexandria, VA.

July 31, 2008:

The paper "Flexible Security Configuration for Virtual Machines" written by Sandra Rueda, Yogesh Sreenivasan and Trent Jaeger has been accepted at the 2nd Computer Security Architecture Workshop (CSAW) to be held in October 31, 2008 at George Mason University in Fairfax, VA, in conjuction with the ACM Conference on Computer and Communications Security (CCS).

July 8, 2008:

The paper "Composition Attacks and Auxiliary Information in Data Privacy" writen by Srivatsava Ranjit Ganta, Shiva Prasad Kasiviswanathan and Adam Smith has been accepted at the 14th Annual ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2008).

June 13, 2008:

The paper "Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST" written by Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor and Patrick McDaniel has been accepted at the USENIX/ACCURATE Electronic Voting Technology (EVT) Workshop.

May 28, 2008:

The paper "Effective Blame for Information-Flow Violations" written by Dave King, Trent Jaeger, Somesh Jha, and Sanjit A. Seshia has been accepted at the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering.

April 21, 2008:

Penn State is among the first universities to be designated a National Center of Academic Excellence in Information Assurance Research (CAE-R) by NSA/DHS for academic years 2008-2013. Congratulations to the SIIS lab members and others throughout the department and university who have helped us obtain this designation through excellence in IA research.

April 8, 2008:

The paper "Verifying Compliance of Trusted Programs" written by Sandra Rueda, Dave King and Trent Jaeger has been accepted at the 17th USENIX Security Symposium.

March 8, 2008:

The paper "Measuring Integrity on Mobile Phone Systems" written by Divya Muthukumaran, Anuj Sawani, Joshua Schiffman, Brian M. Jung and Trent Jaeger has been accepted at the 13th ACM Symposium on Access Control Models and Technologies (SACMAT).

February 27, 2008:

Patrick Traynor passed his doctoral defense. Congratulations to Dr. Traynor for his great work! We wish him good luck in his search for a job in academia.

February 19, 2008:

Patrick McDaniel is presenting the first of five talks in three days on the EVEREST voting study at universities in Ohio. More information, dates, and locations can be found here.

January 18, 2008:

Congratuations to Patrick Traynor, William Enck, Patrick McDaniel, and Tom La Porta as their paper, "Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks", was accepted for publication in the IEEE/ACM Transactions on Networking Journal.

December 14, 2007:

The Ohio Secretary of State has released the EVEREST election system report from the academic team, of which the SIIS lab was a participant. The report can be retrieved here.

November 5, 2007:

Congratulations to Patrick Traynor, Kevin Butler, William Enck, and Patrick McDaniel, whose paper, Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems was accepted at the 15th Annual Network & Distributed System Security Symposium (NDSS'08).

September 14, 2007:

Professor Patrick McDaniel has been selected to serve as the next Editor in Chief of the Association of Computing Machinery Transactions on Internet Technology (ACM TOIT) Journal. Established in the summer of 2001, TOIT is the premiere academic journal in the fields of Internet and Web technologies, and brings together many computing disciplines including computer software engineering, computer programming languages, middleware, database management, security, knowledge discovery and data mining, networking and distributed systems, communications, performance and scalability etc. Patrick will begin his three-year term as EIC immediately.

August 3, 2007:

Boniface Hicks passed his doctoral defense and deserves congratulations for his great achievement and the honor of being the first Ph.D. graduate from the SIIS lab. He will be continuing onto Saint Vincent College in late August. We wish him the best of luck!

April 5,2007:

Congratulations to Patrick Traynor, Patrick McDaniel, and Thomas La Porta whose paper On Attack Causality in Internet-Connected Cellular Networks was accepted at the 16th USENIX Security Symposium to be held in August 2007.

March 10, 2007:

Congratulations to William Enck, Patrick McDaniel, and co-authors, whose paper Configuration Management at Massive Scale: System Design and Experience was accepted at the USENIX Annual Technical Conference to be held in June 2007.

Congratulations as well to Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel whose paper From Trusted to Secure: Building and Executing Applications that Enforce System Security was also accepted at USENIX Annual 2007.

February 28, 2007:

Congratulations to Patrick McDaniel who has been promoted to Senior Member of the IEEE.

January 5, 2007:

Dr. Patrick McDaniel was named associate editor of IEEE Transactions on Software Engineering.

January 3, 2007:

Congratulations to Dr. Patrick McDaniel on receiving the prestigious NSF CAREER Award.

The National Science Foundation established the Faculty Early Career Development (CAREER) program in 1994 in recognition of the critical roles played by faculty members in integrating research and education, and in fostering the natural connections between the processes of learning and discovery. The CAREER program is a Foundation-wide activity that offers NSF's most prestigious awards for junior faculty members, and which embodies NSF's commitment to encourage faculty to practice, and academic institutions to value, integration of research and education. The intent of the program is to provide stable support at a sufficient level and duration to enable awardees to develop careers as outstanding teacher-scholars in the context of the mission of their organization.

December 21, 2006:

The Networking and Security Research Center has recently added Boeing as an associate member company and has been named a Ben Franklin Center of Excellence. These new associations will be extremely beneficial for both the SIIS lab and the Center.

December 17, 2006:

Congratulations to Patrick Traynor, who has been awarded the 2007 Pennsylvania State University Alumni Association Dissertation Award. This award is considered to be among the most prestigious available to Penn State graduate students and recognizes outstanding achievement in scholarship and professional accomplishment.

November 16, 2006:

Congratulations go out to Boniface Hicks and Patrick McDaniel, whose paper Understanding Practical Application Development in Security-typed Languages has won the award for "Best Student Paper" at this year's Annual Computer Security Applications Conference (ACSAC)!

November 2, 2006:

The Penn State College of Engineering has selected Patrick Traynor as one of three nominees for the very prestigious Alumni Association Dissertation Award. The winner of the award will be announced in January. Congratulations Patrick!

August 2006:

Dr. Patrick McDaniel has been selected to be a co-chair of the 2007 IEEE Symposium on Security and Privacy. The symposium will be held in Oakland, CA on May 20-23, 2007.

August 29, 2006:

Congratulations to Dr. Trent Jaeger and Dr. Patrick McDaniel on the recent award of a NSF Computing & Communications Technology grant. This award will support future research in exploiting asymmetry in performance and security requirements for I/O in high-end computing.

August 29, 2006:

Dr. Trent Jaeger and Dr. Patrick McDaniel were recently awarded a Cyber Trust Program grant from the NSF for their work on Shamon: Systems Approaches for Constructing Distributed Trust.

The Shamon (shared reference monitor) system enables the composition of integrity-verified reference monitors on multiple, physical machines into single, coherent unit bound by enforcement function and mandatory access control policy, resulting in consistent security guarantees over distributed applications. These policies are defined over collections of virtual machines, called coalition, which comprise distributed applications.

Congratulations!

July 31, 2006:

Congratulations to Kevin Butler, Patrick Traynor, William Enck, Jennifer Plasterr, and Patrick McDaniel, whose paper Privacy Preserving Web-Based Email was accepted at the 2nd International Conference on Information Systems Security (ICISS 2006).

July 21, 2006:

Congratulations to Kevin Butler and Patrick McDaniel, in collaboration with William Aiello (UBC), whose paper Optimizing BGP Security by Exploiting Path Stability was accepted at the 13th annual ACM Conference on Computer and Communications Security (CCS'06).

Congratulations as well to Matthew Pirretti, Patrick Traynor, and Patrick McDaniel, in collaboration with Brent Waters (SRI), whose paper Secure Attribute-Based Systems was also accepted at CCS'06.

June 27th, 2006

Congratulations to Patrick Traynor, William Enck, Patrick McDaniel, and Tom La Porta, whose paper Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks was accepted to the Twelfth Annual International Conference on Mobile Computing and Networking (MobiCom).

June 26th, 2006

Congratulations to Trent Jaeger, David King, Kevin Butler, et al., whose paper Leveraging IPsec for Distributed Authorization was accepted to the 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks (SecureComm'06).

Also accepted to this conference was the paper of Patrick Traynor, Michael Chien, Scott Weaver, Boniface Hicks, and Patrick McDaniel, Non-Invasive Methods for Host Certification.

April 21st, 2006

Congratulations to Kevin Butler, who won the very selective University Graduate Fellowship.

April 21st , 2006

Congratulations to Luke St.Clair, who was awarded the National Defense Science and Engineering (NDSEG) Fellowship.

March 30th, 2006

Congratulations to Ph.D students William Enck and Luke St.Clair, who were each awarded an Honorable Mention for the 2006 National Science Foundation (NSF) Graduate Research Fellowship.

January 27th, 2006

Congratulations to Dr. Trent Jaeger, whose paper Retrofitting Legacy Code for Authorization Policy Enforcement has been accepted to the IEEE's Symposium on Security and Privacy (Oakland '06). The paper will be presented at the conference in late May.

November 6th, 2005

Congratulations to Drs. Trent Jaeger and Patrick McDaniel, who have each had publications accepted for the Internet Society's Network and Distributed System Security Conference (NDSS'06). The papers, Toward Automated Information-Flow Integrity Verification for Security-Critical Applications and Enterprise Security: A Community of Interest Based Approach will be presented at the conference in early February, 2006.

October 5, 2005

The recent work of SIIS Lab students William Enck, Patrick Traynor, SIIS Lab Director Patrick McDaniel, and NSRC Director Thomas La Porta on the vulnerabilities discovered in the cellular phone networks is available at http://smsanalysis.org. A copy of the paper, which has been accepted at the 2005 ACM Conference on Computer and Communications Security (CCS), is also available. Finally, you can find the New York Times article here.