William H Enck

security, systems security

William Enck is a Professor in the Department of Computer Science at the North Carolina State University where he is co-director of the Secure Computing Institute (SCI) and director of the Wolfpack Security and Privacy Research (WSPR) laboratory. Prof. Enck’s research interests span the broad area of systems security with applications to the software supply chain, 5G and cloud infrastructure, mobile platforms, Internet of Things (IoT), and networks. In particular, his work in mobile application security has led to significant consumer awareness and changes to platforms, as well as a SIGOPS Hall of Fame Award. He is currently serving as Secretary for the USENIX Board of Directors, as associate editor for ACM TOPS, and on the steering committee of the USENIX Security Symposium. He was program co-chair of USENIX Security 2018 and is program co-chair of the 2024 and 2025 IEEE Symposium on Security and Privacy (S&P).

Works (128)

Updated: April 4th, 2024 07:32

2024 journal article

PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage

IEEE Transactions on Dependable and Secure Computing.

By: Y. Lee*, H. Chen*, W. Enck n, H. Vijayakumar*, N. Li*, Z. Qian*, G. Petracca*, T. Jaeger*

UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: ORCID
Added: January 2, 2024

2023 conference paper

ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

Proceedings of the USENIX Security Symposium, 6983–7000. https://www.usenix.org/conference/usenixsecurity23/presentation/muralee

By: S. Muralee, I. Koishybayev, A. Nahapetyan, G. Tystahl, B. Reaves, A. Bianchi, W. Enck, A. Kapravelos, A. Machiry

Event: USENIX Security Symposium at Anaheim, CA

www.usenix.org
Source: NC State University Libraries
Added: January 13, 2024

2023 article

Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis

2023 IEEE 8TH EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY, EUROS&P, pp. 489–505.

By: T. Dunlap n, S. Thorn n, W. Enck n & B. Reaves n

Event: IEEE Computer Society

TL;DR: Differential Alert Analysis is introduced to discover vulnerability fixes in software projects and provides a powerful, accurate primitive for software projects, code analysis tools, vulnerability databases, and researchers to characterize and enhance the security of software supply chains. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: September 11, 2023

2023 article

It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security

2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, pp. 1527–1544.

By: M. Fourne, D. Wermke, W. Enck, S. Fahl & Y. Acar

Sources: Web Of Science, NC State University Libraries
Added: September 5, 2023

2023 conference paper

It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security

Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P 2023).

By: M. Fourné, D. Wermke, W. Enck, S. Fahl & Y. Acar

Source: ORCID
Added: January 2, 2024

2023 conference paper

MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy

Proceedings of the 28th ACM Symposium on Access Control Models and Technologies, 121–132.

By: I. Anjum n, J. Sokal*, H. Rehman n, B. Weintraub*, E. Leba*, W. Enck n, C. Nita-Rotaru*, B. Reaves n

TL;DR: MSNetViews is presented, which extends a single, globally-defined and managed, enterprise network security policy to many geographically distributed sites and shows that for an enterprise with globally distributed sites, the average time for policy state to settle after a user roams to a new site is well below two seconds. (via Semantic Scholar)
Source: ORCID
Added: January 2, 2024

2023 journal article

S3C2 Summit 2023-06: Government Secure Supply Chain Summit

ArXiv Preprint ArXiv:2308.06850.

By: W. Enck, Y. Acar, M. Cukier, A. Kapravelos, C. Kästner & L. Williams

Source: ORCID
Added: January 2, 2024

2023 journal article

S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit

ArXiv Preprint ArXiv:2307.15642.

By: M. Tran, Y. Acar, M. Cucker, W. Enck, A. Kapravelos, C. Kastner, L. Williams

Source: ORCID
Added: January 2, 2024

2023 journal article

Software Bills of Materials Are Required. Are We There Yet?

IEEE Security & Privacy, 21(2), 82–88.

By: N. Zahan n, E. Lin n, M. Tamanna n, W. Enck n & L. Williams n

TL;DR: The top five benefits and challenges of adopting software bill of materials (SBOM) are outlined, identified by reviewing 200 Internet articles. (via Semantic Scholar)
Source: ORCID
Added: January 2, 2024

2023 journal article

VFCFinder: Seamlessly Pairing Security Advisories and Patches

ArXiv Preprint ArXiv:2311.01532.

By: T. Dunlap, E. Lin, W. Enck & B. Reaves

Source: ORCID
Added: January 2, 2024

2022 conference paper

${$ALASTOR$}$: Reconstructing the Provenance of Serverless Intrusions

31st USENIX Security Symposium (USENIX Security 22), 2443–2460.

By: P. Datta, I. Polinsky, M. Inam, A. Bates & W. Enck

Source: ORCID
Added: January 2, 2024

2022 conference paper

${$FReD$}$: Identifying File ${$Re-Delegation$}$ in Android System Services

31st USENIX Security Symposium (USENIX Security 22), 1525–1542.

By: S. Gorski III, S. Thorn, W. Enck & H. Chen

Source: ORCID
Added: January 2, 2024

2022 conference paper

A Study of Application Sandbox Policies in Linux

Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies, 19–30.

By: T. Dunlap, W. Enck & B. Reaves

Source: ORCID
Added: January 2, 2024

2022 article

Analysis of Payment Service Provider SDKs in Android

PROCEEDINGS OF THE 38TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, ACSAC 2022, pp. 576–590.

By: S. Mahmud n, K. English n, S. Thorn n, W. Enck n, A. Oest* & M. Saad*

TL;DR: The proposed AARDroid is proposed for statically assessing payment SDKs against OWASP’s MASVS industry standard for mobile application security, and the value of applying security analysis at the SDK granularity is demonstrated to prevent the widespread deployment of insecure code. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: October 16, 2023

2022 chapter

Optimizing Honey Traffic Using Game Theory and Adversarial Learning

In Cyber Deception: Techniques, Strategies, and Human Aspects (pp. 97–124). Springer.

By: M. Miah, M. Zhu, A. Granados, N. Sharmin, I. Anjum, A. Ortiz, C. Kiekintveld, W. Enck, M. Singh

Source: ORCID
Added: January 2, 2024

2022 article

Reflections on a Decade of Mobile Security Research

PROCEEDINGS OF THE 15TH ACM CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '22), pp. 2–2.

By: W. Enck n

author keywords: Smartphone security; mobile app security; mobile device security
TL;DR: This talk will reflect on the advances and knowledge gained through mobile security research and what these results mean for the broader area of security research. (via Semantic Scholar)
UN Sustainable Development Goal Categories
7. Affordable and Clean Energy (OpenAlex)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: March 6, 2023

2022 conference paper

Removing the Reliance on Perimeters for Security using Network Views

Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies, 151–162.

By: I. Anjum, D. Kostecki, E. Leba, J. Sokal, R. Bharambe, W. Enck, C. Nita-Rotaru, B. Reaves

Source: ORCID
Added: January 2, 2024

2022 journal article

Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations

IEEE SECURITY & PRIVACY, 20(2), 96–100.

By: W. Enck n & L. Williams n

TL;DR: Three summits are held with a diverse set of organizations and the top five challenges in software supply chain security are reported on. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: May 31, 2022

2021 article

Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem

28TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2021).

By: C. Lentzsch*, S. Shah n, B. Andow*, M. Degeling*, A. Das n & W. Enck n

TL;DR: The first large-scale analysis of Alexa skills is performed, obtained from seven different skill stores totaling to 90,194 unique skills, revealing several limitations that exist in the current skill vetting process and providing some suggestions for strengthening the overall ecosystem and thereby enhance transparency for end-users. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 30, 2021

2021 conference paper

PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems

30th ${$USENIX$}$ Security Symposium (${$USENIX$}$ Security 21).

By: Y. Lee, W. Enck, H. Chen, H. Vijayakumar, N. Li, Z. Qian, D. Wang, G. Petracca, T. Jaeger

Source: ORCID
Added: January 2, 2024

2021 conference paper

Role-Based Deception in Enterprise Networks

Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, 65–76.

By: I. Anjum, M. Zhu, I. Polinsky, W. Enck, M. Reiter & M. Singh

Source: ORCID
Added: January 2, 2024

2021 conference paper

SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless Computing

Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, 175–186.

By: I. Polinsky, P. Datta, A. Bates & W. Enck

Source: ORCID
Added: January 2, 2024

2020 conference paper

Actions speak louder than words: Entity-sensitive privacy policy and data flow analysis with policheck

Proceedings of the 29th USENIX Security Symposium (USENIX Security'20).

By: B. Andow, S. Mahmud, J. Whitaker, W. Enck, B. Reaves, K. Singh, S. Egelman

Source: ORCID
Added: January 2, 2024

2020 conference paper

Analysis of Access Control Enforcement in Android

Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, 117–118.

By: W. Enck

Source: ORCID
Added: January 2, 2024

2020 conference paper

Cardpliance: PCI DSS compliance of android applications

Proceedings of the 29th USENIX Conference on Security Symposium, 1517–1533.

By: S. Mahmud, A. Acharya, B. Andow, W. Enck & B. Reaves

Source: ORCID
Added: January 2, 2024

2020 conference paper

Do configuration management tools make systems more secure? an empirical research plan

Proceedings of the 7th Symposium on Hot Topics in the Science of Security, 1–2.

By: M. Rahman, W. Enck & L. Williams

Source: ORCID
Added: January 2, 2024

2020 article

Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS

2020 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2020), pp. 1056–1070.

By: L. Deshotels n, C. Carabas, J. Beichler n, R. Deaconescu* & W. Enck n

Event: IEEE

author keywords: access control; iOS; iPhone; inter-process communication; fuzzer; attack surface; automation; policy analysis
TL;DR: Using Kobold, multiple NSXPC services with confused deputy vulnerabilities and daemon crashes are discovered, including the ability to activate the microphone, disable access to all websites, and leak private data stored in iOS File Providers. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: March 8, 2021

2020 article

LeakyPick: IoT Audio Spy Detector

36TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2020), pp. 694–705.

By: R. Mitev*, A. Pazii*, M. Miettinen*, W. Enck n & A. Sadeghi*

TL;DR: The LeakyPick architecture is presented, which enables the detection of the smart home devices that stream recorded audio to the Internet in response to observing a sound and provides a cost effective approach to help regular consumers monitor their homes for sound-triggered devices that unexpectedly transmitaudio to the cloud. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: September 13, 2021

2020 journal article

Optimizing Vulnerability-Driven Honey Traffic Using Game Theory

ArXiv Preprint ArXiv:2002.09069.

By: I. Anjum, M. Miah, M. Zhu, N. Sharmin, C. Kiekintveld, W. Enck, M. Singh

Source: ORCID
Added: January 2, 2024

2020 conference paper

nm-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, 235–246.

By: I. Polinsky, K. Martin, W. Enck & M. Reiter

Source: ORCID
Added: January 2, 2024

2019 article

ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware

PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19), pp. 25–36.

By: S. Gorski n, B. Andow n, A. Nadkarni*, S. Manandhar*, W. Enck n, E. Bodden*, A. Bartel*

TL;DR: This paper proposes Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks, and uses ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: July 1, 2019

2019 article

ARF: Identifying Re-Delegation Vulnerabilities in Android System Services

PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 151–162.

By: S. Gorski n & W. Enck n

Event: ACM

TL;DR: The proposed Android Re-delegation Finder (ARF) analysis framework analyzes an interconnected graph of entry points in system services, deriving calling dependencies, annotating permission checks, and identifying potentially vulnerable deputies that improperly expose information or functionality to third-party applications. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 19, 2019

2019 article

Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things

PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 140–150.

By: T. OConnor n, W. Enck n & B. Reaves n

Event: ACM

TL;DR: This paper seeks to better understand smart home device security by studying the vendor design decisions surrounding IoT telemetry messaging protocols, specifically, the behaviors taken when an IoT device loses connectivity, and finds that 22 of 24 studied devices suffer from critical design flaws. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 19, 2019

2019 article

HOMESNITCH: Behavior Transparency and Control for Smart Home IoT Devices

PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 128–139.

By: T. OConnor n, R. Mohamed*, M. Miettinen*, W. Enck n, B. Reaves n & A. Sadeghi*

Event: ACM

TL;DR: HomeSnitch is presented, a building block for enhancing smart home transparency and control by classifying IoT device communication by semantic behavior (e.g., heartbeat, firmware check, motion detection) and the utility of network-level services to classify behaviors of and enforce control on smart home devices. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 19, 2019

2019 journal article

HONEYSCOPE: IoT device protection with deceptive network views

Autonomous Cyber Deception: Reasoning, Adaptive Planning, and Evaluation of HoneyThings, 167–181.

By: R. Mohamed, T. O’Connor, M. Miettinen, W. Enck & A. Sadeghi

Source: ORCID
Added: January 2, 2024

2019 article

Hestia: Simple Least Privilege Network Policies for Smart Homes

PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 215–220.

By: S. Goutam n, W. Enck n & B. Reaves n

Event: ACM

author keywords: IoT & network security; smart home; least privilege policy
TL;DR: Hestia drastically improves smart home security without complex, unwieldy policies or lengthy learning of device behaviors, and perhaps more importantly, smart home owners need only specify which devices are controllers. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 19, 2019

2019 conference paper

PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play.

USENIX Security Symposium, 585–602.

By: B. Andow, S. Mahmud, W. Wang, J. Whitaker, W. Enck, B. Reaves, K. Singh, T. Xie

Source: ORCID
Added: January 2, 2024

2019 article

Selected Papers From the 2018 USENIX Security Symposium

IEEE SECURITY & PRIVACY, Vol. 17, pp. 7–8.

By: W. Enck n & T. Benzel*

TL;DR: The articles presented in this special section were presented at the 27th USENIX Security Symposium, that was held 15–17 August 2018 in Baltimore, Maryland. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: July 29, 2019

2019 article

Thou Shalt Discuss Security: Quantifying the Impacts of Instructions to RFC Authors

PROCEEDINGS OF THE 5TH ACM WORKSHOP ON SECURITY STANDARDISATION RESEARCH WORKSHOP (SSR '19), pp. 57–68.

By: J. Whitaker n, S. Prasad n, B. Reaves n & W. Enck n

author keywords: Requests for Comments; Internet Standards; Network Security; Text Analysis
Sources: Web Of Science, NC State University Libraries, ORCID
Added: September 14, 2020

2018 article

PivotWall: SDN-Based Information Flow Control

PROCEEDINGS OF THE SYMPOSIUM ON SDN RESEARCH (SOSR'18). Presented at the ACM.

By: T. OConnor n, W. Enck n, W. Petullo* & A. Verma n

Event: ACM

author keywords: Software Defined Networking; Information Flow Control
TL;DR: The utility of information flow tracking as a defense against advanced network-level attacks is demonstrated and it is shown that PivotWall incurs minimal impact on network throughput and latency for untainted traffic and less than 58% overhead for tainted traffic. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: November 11, 2019

2018 article

Programmable interface for extending security of application-based operating system

Enck, W. H., Nadkarni, A. P., Sadeghi, A.-R., & Heuser, S. (2018, March).

By: W. Enck, A. Nadkarni, A. Sadeghi & S. Heuser

Source: ORCID
Added: January 2, 2024

2018 conference paper

iOracle: Automated Evaluation of Access Control Policies in iOS

Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 117–131.

By: L. Deshotels, R. Deaconescu, C. Carabas, I. Manda, W. Enck, M. Chiroiu, N. Li, A. Sadeghi

Event: ACM

Source: ORCID
Added: January 2, 2024

2017 conference paper

A Study of Security Vulnerabilities on Docker Hub

Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 269–280.

By: R. Shu, X. Gu & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2017 conference paper

Analysis of SEAndroid Policies: Combining MAC and DAC in Android

Proceedings of the 33rd Annual Computer Security Applications Conference, 553–565.

By: H. Chen, N. Li, W. Enck, Y. Aafer & X. Zhang

Event: ACM

Source: ORCID
Added: January 2, 2024

2017 journal article

Phonion: Practical Protection of Metadata in Telephony Networks

Proceedings on Privacy Enhancing Technologies, 2017(1), 170–187.

By: S. Heuser, B. Reaves, P. Pendyala, H. Carter, A. Dmitrienko, W. Enck, N. Kiyavash, A. Sadeghi, P. Traynor

Source: ORCID
Added: January 2, 2024

2017 journal article

Policy by Example: An Approach for Security Policy Specification

ArXiv Preprint ArXiv:1707.03967.

By: A. Nadkarni, W. Enck, S. Jha & J. Staddon

Source: ORCID
Added: January 2, 2024

2017 chapter

Reliable Ad Hoc Smartphone Application Creation for End Users

In Intrusion Detection and Prevention for Mobile Ecosystems (pp. 65–98). CRC Press Taylor & Francis Group, 6000 Broken Sound Parkway NW, Suite 300 ….

By: A. Nadkarni, A. Verma, V. Tendulkar & W. Enck

Source: ORCID
Added: January 2, 2024

2017 conference paper

SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 612–624.

By: R. Wang, A. Azab, W. Enck, N. Li, P. Ning, X. Chen, W. Shen, Y. Cheng

Event: ACM

Source: ORCID
Added: January 2, 2024

2017 journal article

The Use of Functional Data Analysis to Evaluate Activity in a Spontaneous Model of Degenerative Joint Disease Associated Pain in Cats

PLOS ONE, 12(1), e0169576.

By: M. Gruen n, M. Alfaro-Córdoba n, A. Thomson n, A. Worth n, A. Staicu n & B. Lascelles n

Contributors: M. Gruen n, M. Alfaro-Córdoba n, A. Thomson n, A. Worth n, A. Staicu n & B. Lascelles n

Ed(s): J. Harezlak

MeSH headings : Accelerometry; Animals; Cat Diseases / physiopathology; Cats; Female; Male; Motor Activity / physiology; Osteoarthritis / physiopathology; Osteoarthritis / veterinary
TL;DR: Functional data analysis provides insight into the pattern of activity in cats, and an alternative method for analyzing accelerometry data that incorporates fluctuations in activity across the day. (via Semantic Scholar)
UN Sustainable Development Goal Categories
Sources: Web Of Science, NC State University Libraries, ORCID, Crossref
Added: August 6, 2018

2017 conference paper

UiRef: analysis of sensitive user inputs in Android applications

Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 23–34.

By: B. Andow, A. Acharya, D. Li, W. Enck, K. Singh & T. Xie

Event: ACM

Source: ORCID
Added: January 2, 2024

2016 journal article

* droid: Assessment and Evaluation of Android Application Analysis Tools

ACM Computing Surveys (CSUR), 49(3), 55.

By: B. Reaves, J. Bowers, S. Gorski III, O. Anise, R. Bobhate, R. Cho, H. Das, S. Hussain ...

Source: ORCID
Added: January 2, 2024

2016 article

A Study of Grayware on Google Play

2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2016), pp. 224–233.

By: B. Andow n, A. Nadkarni n, B. Bassett*, W. Enck n & T. Xie*

Event: IEEE

TL;DR: It is hypothesized enhancing analysis with text analytics can effectively reduce human effort when triaging grayware, and it is shown how even relatively simple heuristics can quickly triage apps that take advantage of users in an undesirable way. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2016 journal article

A Study of Security Isolation Techniques

ACM COMPUTING SURVEYS, 49(3).

By: R. Shu n, P. Wang n, S. Gorski n, B. Andow n, A. Nadkarni n, L. Deshotels n, J. Gionta n, W. Enck n, X. Gu n

author keywords: Security isolation; access control; resilient architectures
TL;DR: This article provides a hierarchical classification structure for grouping different security isolation techniques by systematically classifying different approaches and analyzing their properties. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2016 conference paper

Code-Stop: Code-Reuse Prevention By Context-Aware Traffic Proxying

Proceedings of the Conference on Internet Monitoring and Protection (ICIMP), Barcelona, Spain, 22–26.

By: T. OConnor & W. Enck

Source: ORCID
Added: January 2, 2024

2016 conference paper

Practical ${$DIFC$}$ Enforcement on Android

25th USENIX Security Symposium (USENIX Security 16), 1119–1136.

By: A. Nadkarni, B. Andow, W. Enck & S. Jha

Source: ORCID
Added: January 2, 2024

2016 conference paper

Practical DIFC Enforcement on Android.

USENIX Security Symposium, 1119–1136.

By: A. Nadkarni, B. Andow, W. Enck & S. Jha

Source: ORCID
Added: January 2, 2024

2016 conference paper

Practical DIFC enforcement on android

Proceedings of the 25th USENIX Security Symposium, 1119–1136.

By: A. Nadkarni, B. Andow, W. Enck & S. Jha

Source: NC State University Libraries
Added: August 6, 2018

2016 conference paper

Preventing kernel code-reuse attacks through disclosure resistant code diversification

2016 ieee conference on communications and network security (cns), 189–197.

By: J. Gionta n, W. Enck n & P. Larsen*

Event: IEEE

TL;DR: This paper proposes KHide, a system that thwarts kernel code-reuse attacks by combining fine-grained software diversity techniques and memory disclosure protection, and implements KHide for the Linux kernel, showing that KHide provides comprehensive protection against the threat ofkernel code- reuse with acceptable performance impact. (via Semantic Scholar)
Sources: NC State University Libraries, NC State University Libraries, ORCID
Added: August 6, 2018

2016 conference paper

SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 704–716.

By: L. Deshotels, R. Deaconescu, M. Chiroiu, L. Davi, W. Enck & A. Sadeghi

Event: ACM

Source: ORCID
Added: January 2, 2024

2016 journal article

Sandblaster: Reversing the apple sandbox

ArXiv Preprint ArXiv:1608.04303.

By: R. Deaconescu, L. Deshotels, M. Bucicoiu, W. Enck, L. Davi & A. Sadeghi

Source: ORCID
Added: January 2, 2024

2016 conference paper

Text analytics for security: tutorial

Proceedings of the Symposium and Bootcamp on the Science of Security, 124–125.

By: T. Xie & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2016 journal article

droid: Assessment and Evaluation of Android Application Analysis Tools

ACM COMPUTING SURVEYS, 49(3).

By: B. Reaves*, J. Bowers*, S. Gorski n, O. Anise*, R. Bobhate*, R. Cho*, H. Das*, S. Hussain* ...

author keywords: Android; application security; program analysis
TL;DR: The first systematization of Android security research that analyzes applications is performed, characterizing the work published in more than 17 top venues since 2010 and finding not only that significant work remains to be done in terms of research coverage but also that the tools suffer from significant issues. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 6, 2018

2015 article

AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context

2015 IEEE/ACM 37TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, VOL 1, Vol. 1, pp. 303–313.

By: W. Yang*, X. Xiao*, B. Andow n, S. Li*, T. Xie* & W. Enck n

Event: IEEE

TL;DR: This work introduces AppContext, an approach of static program analysis that extracts the contexts of security-sensitive behaviors to assist app analysis in differentiating between malicious and benign behaviors. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2015 article

Automatic Server Hang Bug Diagnosis: Feasible Reality or Pipe Dream?

2015 IEEE INTERNATIONAL CONFERENCE ON AUTONOMIC COMPUTING, pp. 127–132.

By: D. Dean n, P. Wang n, X. Gu n, W. Enck n & G. Jin n

Event: IEEE

author keywords: hang bugs; characteristic study; performance
TL;DR: This paper presents a characteristic study of 177 real software hang bugs from 8 common open source server systems and describes two major problems while applying existing rule-based bug detection techniques to those bugs. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2015 conference paper

EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning

Proceedings of the USENIX Security Symposium, 351–366. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/wang-ruowen

By: R. Wang, W. Enck, D. Reeves, X. Zhang, P. Ning, D. Xu, W. Zhou, A. Azab

Event: USENIX Security Symposium at Washington, D.C.

www.usenix.org
Source: NC State University Libraries
Added: January 13, 2024

2015 conference paper

Hidem: Protecting the contents of userspace memory in the face of disclosure vulnerabilities

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, 325–336.

By: J. Gionta, W. Enck & P. Ning

Event: ACM

Source: ORCID
Added: January 2, 2024

2015 conference paper

Multitasking Increases Stress and Insecure Behavior on Mobile Devices

Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 59(1), 1110–1114.

By: Q. Liu, A. McLaughlin, B. Watson, W. Enck & A. Davis

Event: SAGE Publications

Source: ORCID
Added: January 2, 2024

2014 conference paper

${$ASM$}$: A Programmable Interface for Extending Android Security

23rd USENIX Security Symposium (USENIX Security 14), 1005–1019.

By: S. Heuser, A. Nadkarni, W. Enck & A. Sadeghi

Source: ORCID
Added: January 2, 2024

2014 conference paper

ASM: A Programmable Interface for Extending Android Security.

USENIX Security Symposium, 1005–1019.

By: S. Heuser, A. Nadkarni, W. Enck & A. Sadeghi

Source: ORCID
Added: January 2, 2024

2014 journal article

An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities

ArXiv Preprint ArXiv:1410.7745.

By: V. Tendulkar & W. Enck

Source: ORCID
Added: January 2, 2024

2014 conference paper

Dacsa: A decoupled architecture for cloud security analysis

Proceedings of the 7th Workshop on Cyber Security Experimentation and Test.

By: J. Gionta, A. Azab, W. Enck, P. Ning & X. Zhang

Source: ORCID
Added: January 2, 2024

2014 report

GraphAudit: Privacy Auditing for Massive Graph Mining

North Carolina State University. Dept. of Computer Science.

By: A. Nadkarni, A. Sheth, U. Weinsberg, N. Taft & W. Enck

Source: ORCID
Added: January 2, 2024

2014 article

Guest Editors' Introduction: Special Issue on Security and Privacy in Mobile Platforms

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, Vol. 11, pp. 209–210.

By: G. Ahn*, W. Enck n & D. Shin*

TL;DR: The articles in this special issue focus on the use of computer security and privacy applications in mobile communication platforms. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2014 conference paper

Improving mobile application security via bridging user expectations and application behaviors

Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 32.

By: W. Yang, X. Xiao, R. Pandita, W. Enck & T. Xie

Event: ACM

Source: ORCID
Added: January 2, 2024

2014 conference paper

Insecure behaviors on mobile devices under stress

Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 31.

By: A. Davis, A. Shashidharan, Q. Liu, W. Enck, A. McLaughlin & B. Watson

Event: ACM

Source: ORCID
Added: January 2, 2024

2014 conference paper

Modeling and sensing risky user behavior on mobile devices

Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 33.

By: Q. Liu, J. Bae, B. Watson, A. McLaughhlin & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2014 conference paper

NativeWrap: ad hoc smartphone application creation for end users

Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks, 13–24.

By: A. Nadkarni, V. Tendulkar & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2014 conference paper

PREC: practical root exploit containment for android devices

Proceedings of the 4th ACM conference on Data and application security and privacy, 187–198.

By: T. Ho, D. Dean, X. Gu & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2014 conference paper

SEER: practical memory virus scanning as a service

Proceedings of the 30th Annual Computer Security Applications Conference, 186–195.

By: J. Gionta, A. Azab, W. Enck, P. Ning & X. Zhang

Event: ACM

Source: ORCID
Added: January 2, 2024

2014 journal article

TaintDroid: An Information Flow Tracking System for Real-Time Privacy Monitoring on Smartphones

COMMUNICATIONS OF THE ACM, 57(3), 99–106.

By: W. Enck n, P. Gilbert*, B. Chun*, L. Cox*, J. Jung*, P. McDaniel*, A. Sheth*

TL;DR: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 6, 2018

2014 journal article

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

ACM TRANSACTIONS ON COMPUTER SYSTEMS, 32(2).

By: W. Enck n, P. Gilbert*, S. Han*, V. Tendulkar n, B. Chun*, L. Cox*, J. Jung*, P. McDaniel*, A. Sheth*

Event: USENIX Association

author keywords: Design; Security; Performance; Information-flow tracking; privacy monitoring; smartphones; mobile apps
TL;DR: TaintDroid is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data and enabling realtime analysis by leveraging Android’s virtualized execution environment. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2014 conference paper

Tutorial: Text Analytics for Security

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 1540–1541.

By: W. Enck & T. Xie

Event: ACM

Source: ORCID
Added: January 2, 2024

2013 conference paper

AppsPlayground: automatic security analysis of smartphone applications

Proceedings of the third ACM conference on Data and application security and privacy, 209–220.

By: V. Rastogi, Y. Chen & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2013 chapter

Automatic Security Analysis of Android Applications

In Android Security and Mobile Cloud Computing. Springer.

By: V. Rastogi, Y. Chen & W. Enck

Source: ORCID
Added: January 2, 2024

2013 conference paper

MAST: triage for market-scale mobile malware analysis

Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, 13–24.

By: S. Chakradeo, B. Reaves, P. Traynor & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2013 conference paper

Preventing accidental data disclosure in modern operating systems

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 1029–1042.

By: A. Nadkarni & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2013 conference paper

WHYPER: towards automating risk assessment of mobile applications

Proceedings of the 22nd USENIX Security Symposium, Washington DC, USA, 14–16.

By: R. Pandita, X. Xiao, W. Yang, W. Enck & T. Xie

Source: ORCID
Added: January 2, 2024

2012 conference paper

Abusing cloud-based browsers for fun and profit

Proceedings of the 28th Annual Computer Security Applications Conference, 219–228.

By: V. Tendulkar, R. Snyder, J. Pletcher, K. Butler, A. Shashidharan & W. Enck

Event: ACM

Source: ORCID
Added: January 2, 2024

2012 conference paper

Meteor: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems

IEEE MoST: Mobile Security Technologies Workshop.

By: D. Barrera, W. Enck & P. Oorschot

Source: ORCID
Added: January 2, 2024

2012 journal article

Semantically rich application-centric security in Android

SECURITY AND COMMUNICATION NETWORKS, 5(6), 658–673.

By: M. Ongtang*, S. McLaughlin*, W. Enck n & P. McDaniel*

Event: Ieee

author keywords: security; android; smartphones
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2011 conference paper

A Study of Android Application Security.

USENIX Security Symposium.

By: W. Enck, D. Octeau, P. McDaniel & S. Chaudhuri

Source: ORCID
Added: January 2, 2024

2011 chapter

ARP Spoofing

In Encyclopedia of Cryptography and Security (pp. 48–49). Springer US.

By: W. Enck

Source: ORCID
Added: January 2, 2024

2011 thesis

Analysis Techniques for Mobile Operating System Security

The Pennsylvania State University.

By: W. Enck

Source: ORCID
Added: January 2, 2024

2011 chapter

Android’s Security Framework--Understanding the Security of Mobile Phone Platforms

In Encyclopedia of Cryptography and Security (pp. 34–37). Springer US.

By: W. Enck

Source: ORCID
Added: January 2, 2024

2011 chapter

Defending Users against Smartphone Apps: Techniques and Future Directions

In Information Systems Security (pp. 49–70).

By: W. Enck n

Event: Springer Berlin Heidelberg

TL;DR: The current state of smartphone research is discussed, including efforts in designing new OS protection mechanisms, as well as performing security analysis of real apps, to offer insight into what works, what has clear limitations, and promising directions for future research. (via Semantic Scholar)
Sources: Crossref, NC State University Libraries, ORCID
Added: June 6, 2020

2011 report

Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems

Technical report, School of Computer Science, Carleton University, http ….

By: D. Barrera, W. Enck & P. Oorschot

Source: ORCID
Added: January 2, 2024

2010 journal article

Not so great expectations: Why application markets haven't failed security

IEEE Security & Privacy, 8(5), 76–78.

By: P. McDaniel & W. Enck

Source: ORCID
Added: January 2, 2024

2010 journal article

malnets: large-scale malicious networks via compromised wireless access points

Security and Communication Networks, 3(2-3), 102–113.

By: P. Traynor*, K. Butler*, W. Enck*, P. McDaniel* & K. Borders

author keywords: malware; routing; security
TL;DR: This work shows that malnets are not only feasible but can be efficiently deployed, and uses a sampling of available exploits to demonstrate the construction of multi-vector, multi-platform worms capable of targeting wireless routers. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Sources: Crossref, NC State University Libraries, ORCID
Added: June 6, 2020

2009 journal article

ASR: anonymous and secure reporting of traffic forwarding activity in mobile ad hoc networks

Wireless Networks, 15(4), 525–539.

By: H. Choi*, W. Enck*, J. Shin*, P. McDaniel* & T. La Porta*

author keywords: MANET; Security; Anonymity; Packet forwarding; Monitoring; Secure link layer acknowledgment; Secure reporting protocol
TL;DR: A protocol that uses nodes on the data path to securely produce packet-forwarding reports and the integrity and authenticity of reports are preserved through the use of secure link layer acknowledgments and monitoring reports. (via Semantic Scholar)
Sources: Crossref, NC State University Libraries, ORCID
Added: November 7, 2020

2009 journal article

Configuration management at massive scale: system design and experience

IEEE Journal on Selected Areas in Communications, 27(3), 323–335.

By: W. Enck, T. Moyer, P. McDaniel, S. Sen, P. Sebos, S. Spoerel, A. Greenberg, Y. Sung, S. Rao, W. Aiello

Source: ORCID
Added: January 2, 2024

2009 journal article

Mitigating attacks on open functionality in SMS-capable cellular networks

IEEE/ACM Transactions on Networking (TON), 17(1), 40–53.

By: P. Traynor, W. Enck, P. McDaniel & T. Porta

Source: ORCID
Added: January 2, 2024

2009 conference paper

On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security, 235–245.

By: W. Enck, M. Ongtang & P. McDaniel

Event: ACM

Source: ORCID
Added: January 2, 2024

2009 journal article

Understanding Android Security.

IEEE Security & Privacy, 7(1), 50–57.

By: W. Enck, M. Ongtang, P. McDaniel & others

Source: ORCID
Added: January 2, 2024

2008 conference paper

Defending against attacks on main memory persistence

2008 Annual Computer Security Applications Conference (ACSAC), 65–74.

By: W. Enck, K. Butler, T. Richardson, P. McDaniel & A. Smith

Event: IEEE

Source: ORCID
Added: January 2, 2024

2008 journal article

Exploiting open functionality in SMS-capable cellular networks

Journal of Computer Security, 16(6), 713–742.

By: P. Traynor, W. Enck, P. Mcdaniel & T. La Porta

Source: ORCID
Added: January 2, 2024

2008 journal article

Mitigating Android software misuse before it happens

Pennsylvania State University, Tech. Rep. NAS-TR-0094-2008.

By: W. Enck, M. Ongtang & P. McDaniel

Source: ORCID
Added: January 2, 2024

2008 conference paper

Pinup: Pinning user files to known applications

2008 Annual Computer Security Applications Conference (ACSAC), 55–64.

By: W. Enck, P. McDaniel & T. Jaeger

Event: IEEE

Source: ORCID
Added: January 2, 2024

2008 conference paper

Realizing massive-scale conditional access systems through attribute-based cryptosystems

In Proceedings of the ISOC Network & Distributed System Security Symposium (NDSS).

By: P. Traynor, K. Butler, W. Enck & P. McDaniel

Source: ORCID
Added: January 2, 2024

2008 conference paper

Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST

Proceedings of the USENIX/ACCURATE Electronic Voting Technology (EVT) Workshop.

By: K. Butler, W. Enck, H. Hursti, S. McLaughlin, P. Traynor & P. McDaniel

Source: ORCID
Added: January 2, 2024

2007 conference paper

Configuration Management at Massive Scale: System Design and Experience

Proceedings of the USENIX Annual Technical Conference, 73–86. https://www.usenix.org/legacy/events/usenix07/tech/enck.html

By: W. Enck, P. McDaniel, S. Sen, P. Sebos, S. Spoerel, A. Greenberg, S. Rao, W. Aiello

Event: USENIX Annual Technical Conference at Santa Clara, CA

www.usenix.org
Source: NC State University Libraries
Added: January 13, 2024

2007 report

Grains of SANs: Building Storage Area Networks from Memory Spots

Technical Report NASTR-0060-2007, Network and Security Research Center ….

By: L. Johansen, K. Butler, W. Enck, P. Traynor & P. McDaniel

Source: ORCID
Added: January 2, 2024

2007 conference paper

Limiting sybil attacks in structured p2p networks

INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, 2596–2600.

By: H. Rowaihy, W. Enck, P. McDaniel & T. La Porta

Event: IEEE

Source: ORCID
Added: January 2, 2024

2007 conference paper

Protecting users from themselves

Proceedings of the 2007 ACM workshop on Computer security architecture, 29–36.

By: W. Enck, S. Rueda, J. Schiffman, Y. Sreenivasan, L. St Clair, T. Jaeger, P. McDaniel

Event: ACM

Source: ORCID
Added: January 2, 2024

2007 journal article

TARP: Ticket-based address resolution protocol

Computer Networks, 51(15), 4322–4337.

By: W. Lootah*, W. Enck* & P. McDaniel*

author keywords: network security; ARP security
TL;DR: TARP implements security by distributing centrally issued secure MAC/IP address mapping attestations through existing ARP messages and improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols. (via Semantic Scholar)
Sources: Crossref, NC State University Libraries, ORCID
Added: August 28, 2020

2006 thesis

Analysis of Open Functionality in SMS-capable Cellular Networks

Pennsylvania State University.

By: W. Enck

Source: ORCID
Added: January 2, 2024

2006 conference paper

Mitigating attacks on open functionality in SMS-capable cellular networks

Proceedings of the 12th annual international conference on Mobile computing and networking, 182–193.

By: P. Traynor, W. Enck, P. McDaniel & T. La Porta

Event: ACM

Source: ORCID
Added: January 2, 2024

2006 chapter

Password Exhaustion: Predicting the End of Password Usefulness

In Information Systems Security (pp. 37–55).

By: L. Clair*, L. Johansen*, W. Enck*, M. Pirretti*, P. Traynor*, P. McDaniel*, T. Jaeger*

TL;DR: An analytical model for computation is developed to understand the time required to recover random passwords and concludes that past systems vulnerable to offline attacks will be obsolete in 5-15 years and a large number of these systems are already obsolete. (via Semantic Scholar)
Sources: Crossref, NC State University Libraries, ORCID
Added: August 28, 2020

2006 chapter

Privacy Preserving Web-Based Email

In Information Systems Security (Vol. 3, pp. 116–131).

By: K. Butler*, W. Enck*, J. Plasterr*, P. Traynor* & P. McDaniel*

Event: Springer Berlin Heidelberg

TL;DR: This paper creates virtual channels over online services (e.g., Google's Gmail, Microsoft's Hotmail) through which messages and cryptographic keys are delivered and creates a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. (via Semantic Scholar)
Sources: ORCID, Crossref, NC State University Libraries
Added: August 28, 2020

2006 article proceedings

TARP: Ticket-based Address Resolution Protocol

Presented at the 21st Annual Computer Security Applications Conference (ACSAC'05).

By: W. Lootah*, W. Enck* & P. McDaniel*

Event: 21st Annual Computer Security Applications Conference (ACSAC'05)

Sources: Crossref, NC State University Libraries
Added: January 7, 2024

2005 conference paper

Exploiting open functionality in SMS-capable cellular networks

Proceedings of the 12th ACM conference on Computer and communications security, 393–404.

By: W. Enck, P. Traynor, P. McDaniel & T. La Porta

Event: ACM

Source: ORCID
Added: January 2, 2024

2005 conference paper

Limiting sybil attacks in structured peer-to-peer networks

IEEE Infocom Mini-Symposium.

By: H. Rowaihy, W. Enck, P. McDaniel & T. La Porta

Source: ORCID
Added: January 2, 2024

2005 article proceedings

Secure reporting of traffic forwarding activity in mobile ad hoc networks

Presented at the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

By: H. Choi*, W. Enck*, J. Shin*, P. McDaniel* & T. La Porta*

Event: The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services

TL;DR: A protocol that uses nodes on the data path to securely produce packet forwarding reports and the integrity and authenticity of reports are preserved through the use of secure link layer acknowledgments and monitoring reports is proposed. (via Semantic Scholar)
Source: Crossref
Added: January 5, 2024

2005 conference paper

Secure reporting of traffic forwarding activity in mobile ad hoc networks

The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 12–21.

By: H. Choi, W. Enck, J. Shin, P. McDaniel & T. La Porta

Event: IEEE

Source: ORCID
Added: January 2, 2024

journal article

ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

Muralee, S., Koishybayev, I., Nahapetyan, A., Tystahl, G., Reaves, B., Bianchi, A., … Machiry, A.

By: S. Muralee, I. Koishybayev, A. Nahapetyan, G. Tystahl, B. Reaves, A. Bianchi, W. Enck, A. Kapravelos, A. Machiry

Source: ORCID
Added: January 2, 2024

conference paper

EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning

Wang, R., Enck, W., Reeves, D., Zhang, X., Ning, P., Xu, D., … Azab, A. 24th USENIX Security Symposium (USENIX Security 15). Presented at the USENIX Association.

By: R. Wang, W. Enck, D. Reeves, X. Zhang, P. Ning, D. Xu, W. Zhou, A. Azab

Event: USENIX Association

Source: ORCID
Added: January 2, 2024

journal article

Securing the So ware Supply Chain: Research, Outreach, Education

Williams, L., Acar, Y., Cukier, M., Enck, W., Kapravelos, A., Kästner, C., & Wermke, D.

By: L. Williams, Y. Acar, M. Cukier, W. Enck, A. Kapravelos, C. Kästner, D. Wermke

Source: ORCID
Added: January 2, 2024

journal article

Systemic Issues in the Hart InterCivic Voting System: Reflections Following Project EVEREST

Butler, K., Enck, W., Hursti, H., McLaughlin, S., Traynor, P., & McDaniel, P.

By: K. Butler, W. Enck, H. Hursti, S. McLaughlin, P. Traynor & P. McDaniel

Source: ORCID
Added: January 2, 2024

journal article

iOS Security Framework: Understanding the Security of Mobile Phone Platforms

Enck, W., Deaconescu, R., Chiroiu, M., & Deshotels, L.

By: W. Enck, R. Deaconescu, M. Chiroiu & L. Deshotels

Source: ORCID
Added: January 2, 2024

Employment

Updated: October 5th, 2022 10:15

2021 - present

North Carolina State University Raleigh, North Carolina, US
Professor Computer Science

2016 - 2021

North Carolina State University Raleigh, North Carolina, US
Associate Professor Computer Science

2011 - 2016

North Carolina State University Raleigh, North Carolina, US
Assistant Professor Computer Science

Education

Updated: October 5th, 2022 10:16

2006 - 2011

The Pennsylvania State University - University Park Campus University Park, PA, US
PhD, Computer Science and Engineering Computer Science and Engineering

2004 - 2006

The Pennsylvania State University The Methodology Center University Park, PA, US
MS, Computer Science and Engineering Computer Science and Engineering

2000 - 2004

The Pennsylvania State University - University Park Campus University Park, PA, US
BS, Computer Engineering Computer Science and Engineering

Funding History

Funding history based on the linked ORCID record. Updated: October 5th, 2022 10:18

grant February 1, 2022 - January 31, 2023
Collaborative Research: Conference: 2022 Secure and Trustworthy Cyberspace PI Meeting
Directorate for Computer & Information Science & Engineering
grant January 1, 2022 - December 31, 2024
Collaborative Research: SaTC: CORE: Medium: Enabling Practically Secure Cellular Infrastructure
Directorate for Computer & Information Science & Engineering
grant October 1, 2020 - September 30, 2023
SaTC: CORE: Small: Detecting Vulnerabilities and Remediations in Software Dependencies
Directorate for Computer & Information Science & Engineering
grant November 1, 2019 - November 30, 2022
Defining Security Policy in Distributed Environments using Network Views
United States Department of the Navy
grant July 1, 2016 - May 31, 2018
NSF Travel Grant Support for ACM WiSec 2016
Directorate for Computer & Information Science & Engineering
grant May 9, 2016 - May 8, 2019
Correct Enforcement of Access Control Policy in Modern Operating Systems
United States Department of the Army
grant July 1, 2015 - June 30, 2019
TWC: Medium: Collaborative: Improving Mobile-Application Security via Text Analytics
Directorate for Computer & Information Science & Engineering
grant September 1, 2013 - August 31, 2019
TWC: Frontier: Collaborative: Rethinking Security in the Era of Cloud Computing
Directorate for Computer & Information Science & Engineering
grant February 1, 2013 - January 31, 2019
CAREER: Secure OS Views for Modern Computing Platforms
Directorate for Computer & Information Science & Engineering
grant October 1, 2012 - September 30, 2016
TWC: Small: Collaborative: Characterizing the Security Limitations of Accessing the Mobile Web
Directorate for Computer & Information Science & Engineering

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.