William Enck

Lee, Y.-T., Chen, H., Enck, W., Vijayakumar, H., Li, N., Qian, Z., … Jaeger, T. (2024). PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2023.3310402

Muralee, S., Koishybayev, I., Nahapetyan, A., Tystahl, G., Reaves, B., Bianchi, A., … Machiry, A. (2023). ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions. Proceedings of the USENIX Security Symposium, 6983–7000. Retrieved from https://www.usenix.org/conference/usenixsecurity23/presentation/muralee

Dunlap, T., Thorn, S., Enck, W., & Reaves, B. (2023). Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis. 2023 IEEE 8TH EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY, EUROS&P, pp. 489–505. https://doi.org/10.1109/EuroSP57164.2023.00036

Fourne, M., Wermke, D., Enck, W., Fahl, S., & Acar, Y. (2023). It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. 2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, pp. 1527–1544. https://doi.org/10.1109/SP46215.2023.00187

Fourné, M., Wermke, D., Enck, W., Fahl, S., & Acar, Y. (2023). It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P 2023).

Anjum, I., Sokal, J., Rehman, H. R., Weintraub, B., Leba, E., Enck, W., … Reaves, B. (2023). MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy. Proceedings of the 28th ACM Symposium on Access Control Models and Technologies, 121–132. https://doi.org/10.1145/3589608.3593836

Enck, W., Acar, Y., Cukier, M., Kapravelos, A., Kästner, C., & Williams, L. (2023). S3C2 Summit 2023-06: Government Secure Supply Chain Summit. ArXiv Preprint ArXiv:2308.06850.

Tran, M., Acar, Y., Cucker, M., Enck, W., Kapravelos, A., Kastner, C., & Williams, L. (2023). S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit. ArXiv Preprint ArXiv:2307.15642.

Zahan, N., Lin, E., Tamanna, M., Enck, W., & Williams, L. (2023). Software Bills of Materials Are Required. Are We There Yet? IEEE Security & Privacy, 21(2), 82–88. https://doi.org/10.1109/MSEC.2023.3237100

Dunlap, T., Lin, E., Enck, W., & Reaves, B. (2023). VFCFinder: Seamlessly Pairing Security Advisories and Patches. ArXiv Preprint ArXiv:2311.01532.

Datta, P., Polinsky, I., Inam, M. A., Bates, A., & Enck, W. (2022). ${$ALASTOR$}$: Reconstructing the Provenance of Serverless Intrusions. 31st USENIX Security Symposium (USENIX Security 22), 2443–2460.

Gorski III, S. A., Thorn, S., Enck, W., & Chen, H. (2022). ${$FReD$}$: Identifying File ${$Re-Delegation$}$ in Android System Services. 31st USENIX Security Symposium (USENIX Security 22), 1525–1542.

Dunlap, T., Enck, W., & Reaves, B. (2022). A Study of Application Sandbox Policies in Linux. Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies, 19–30.

Mahmud, S. Y., English, K. V., Thorn, S., Enck, W., Oest, A., & Saad, M. (2022). Analysis of Payment Service Provider SDKs in Android. PROCEEDINGS OF THE 38TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, ACSAC 2022, pp. 576–590. https://doi.org/10.1145/3564625.3564641

Miah, M. S., Zhu, M., Granados, A., Sharmin, N., Anjum, I., Ortiz, A., … Singh, M. P. (2022). Optimizing Honey Traffic Using Game Theory and Adversarial Learning. In Cyber Deception: Techniques, Strategies, and Human Aspects (pp. 97–124). Springer.

Enck, W. (2022). Reflections on a Decade of Mobile Security Research. PROCEEDINGS OF THE 15TH ACM CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '22), pp. 2–2. https://doi.org/10.1145/3507657.3528561

Anjum, I., Kostecki, D., Leba, E., Sokal, J., Bharambe, R., Enck, W., … Reaves, B. (2022). Removing the Reliance on Perimeters for Security using Network Views. Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies, 151–162.

Enck, W., & Williams, L. (2022). Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations. IEEE SECURITY & PRIVACY, 20(2), 96–100. https://doi.org/10.1109/MSEC.2022.3142338

Lentzsch, C., Shah, S. J., Andow, B., Degeling, M., Das, A., & Enck, W. (2021). Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem. 28TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2021). https://doi.org/10.14722/ndss.2021.23111

Lee, Y.-T., Enck, W., Chen, H., Vijayakumar, H., Li, N., Qian, Z., … Jaeger, T. (2021). PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems. 30th ${$USENIX$}$ Security Symposium (${$USENIX$}$ Security 21).

Anjum, I., Zhu, M., Polinsky, I., Enck, W., Reiter, M. K., & Singh, M. P. (2021). Role-Based Deception in Enterprise Networks. Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, 65–76.

Polinsky, I., Datta, P., Bates, A., & Enck, W. (2021). SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless Computing. Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, 175–186.

Andow, B., Mahmud, S. Y., Whitaker, J., Enck, W., Reaves, B., Singh, K., & Egelman, S. (2020). Actions speak louder than words: Entity-sensitive privacy policy and data flow analysis with policheck. Proceedings of the 29th USENIX Security Symposium (USENIX Security'20).

Enck, W. (2020). Analysis of Access Control Enforcement in Android. Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, 117–118.

Mahmud, S. Y., Acharya, A., Andow, B., Enck, W., & Reaves, B. (2020). Cardpliance: PCI DSS compliance of android applications. Proceedings of the 29th USENIX Conference on Security Symposium, 1517–1533.

Rahman, M. R., Enck, W., & Williams, L. (2020). Do configuration management tools make systems more secure? an empirical research plan. Proceedings of the 7th Symposium on Hot Topics in the Science of Security, 1–2.

Deshotels, L., Carabas, C., Beichler, J., Deaconescu, R., & Enck, W. (2020). Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS. 2020 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2020), pp. 1056–1070. https://doi.org/10.1109/SP40000.2020.00023

Mitev, R., Pazii, A., Miettinen, M., Enck, W., & Sadeghi, A.-R. (2020). LeakyPick: IoT Audio Spy Detector. 36TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2020), pp. 694–705. https://doi.org/10.1145/3427228.3427277

Anjum, I., Miah, M. S., Zhu, M., Sharmin, N., Kiekintveld, C., Enck, W., & Singh, M. P. (2020). Optimizing Vulnerability-Driven Honey Traffic Using Game Theory. ArXiv Preprint ArXiv:2002.09069.

Polinsky, I., Martin, K., Enck, W., & Reiter, M. K. (2020). nm-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications. Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, 235–246.

Gorski, S. A., III, Andow, B., Nadkarni, A., Manandhar, S., Enck, W., Bodden, E., & Bartel, A. (2019). ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware. PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19), pp. 25–36. https://doi.org/10.1145/3292006.3300023

Gorski, S. A., III, & Enck, W. (2019). ARF: Identifying Re-Delegation Vulnerabilities in Android System Services. PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 151–162. https://doi.org/10.1145/3317549.3319725

OConnor, T. J., Enck, W., & Reaves, B. (2019). Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things. PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 140–150. https://doi.org/10.1145/3317549.3319724

OConnor, T. J., Mohamed, R., Miettinen, M., Enck, W., Reaves, B., & Sadeghi, A.-R. (2019). HOMESNITCH: Behavior Transparency and Control for Smart Home IoT Devices. PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 128–139. https://doi.org/10.1145/3317549.3323409

Mohamed, R., O’Connor, T., Miettinen, M., Enck, W., & Sadeghi, A.-R. (2019). HONEYSCOPE: IoT device protection with deceptive network views. Autonomous Cyber Deception: Reasoning, Adaptive Planning, and Evaluation of HoneyThings, 167–181.

Goutam, S., Enck, W., & Reaves, B. (2019). Hestia: Simple Least Privilege Network Policies for Smart Homes. PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 215–220. https://doi.org/10.1145/3317549.3323413

Andow, B., Mahmud, S. Y., Wang, W., Whitaker, J., Enck, W., Reaves, B., … Xie, T. (2019). PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. USENIX Security Symposium, 585–602.

Enck, W., & Benzel, T. (2019). Selected Papers From the 2018 USENIX Security Symposium. IEEE SECURITY & PRIVACY, Vol. 17, pp. 7–8. https://doi.org/10.1109/MSEC.2019.2915397

Whitaker, J., Prasad, S., Reaves, B., & Enck, W. (2019). Thou Shalt Discuss Security: Quantifying the Impacts of Instructions to RFC Authors. PROCEEDINGS OF THE 5TH ACM WORKSHOP ON SECURITY STANDARDISATION RESEARCH WORKSHOP (SSR '19), pp. 57–68. https://doi.org/10.1145/3338500.3360332

OConnor, T. J., Enck, W., Petullo, W. M., & Verma, A. (2018). PivotWall: SDN-Based Information Flow Control. PROCEEDINGS OF THE SYMPOSIUM ON SDN RESEARCH (SOSR'18). Presented at the ACM. https://doi.org/10.1145/3185467.3185474

Enck, W. H., Nadkarni, A. P., Sadeghi, A.-R., & Heuser, S. (2018, March). Programmable interface for extending security of application-based operating system.

Deshotels, L., Deaconescu, R., Carabas, C., Manda, I., Enck, W., Chiroiu, M., … Sadeghi, A.-R. (2018). iOracle: Automated Evaluation of Access Control Policies in iOS. Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 117–131.

Shu, R., Gu, X., & Enck, W. (2017). A Study of Security Vulnerabilities on Docker Hub. Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 269–280.

Chen, H., Li, N., Enck, W., Aafer, Y., & Zhang, X. (2017). Analysis of SEAndroid Policies: Combining MAC and DAC in Android. Proceedings of the 33rd Annual Computer Security Applications Conference, 553–565.

Heuser, S., Reaves, B., Pendyala, P. K., Carter, H., Dmitrienko, A., Enck, W., … Traynor, P. (2017). Phonion: Practical Protection of Metadata in Telephony Networks. Proceedings on Privacy Enhancing Technologies, 2017(1), 170–187.

Nadkarni, A., Enck, W., Jha, S., & Staddon, J. (2017). Policy by Example: An Approach for Security Policy Specification. ArXiv Preprint ArXiv:1707.03967.

Nadkarni, A., Verma, A., Tendulkar, V., & Enck, W. (2017). Reliable Ad Hoc Smartphone Application Creation for End Users. In Intrusion Detection and Prevention for Mobile Ecosystems (pp. 65–98). CRC Press Taylor & Francis Group, 6000 Broken Sound Parkway NW, Suite 300 ….

Wang, R., Azab, A. M., Enck, W., Li, N., Ning, P., Chen, X., … Cheng, Y. (2017). SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 612–624.

Gruen, M. E., Alfaro-Córdoba, M., Thomson, A. E., Worth, A. C., Staicu, A.-M., & Lascelles, B. D. X. (2017). The Use of Functional Data Analysis to Evaluate Activity in a Spontaneous Model of Degenerative Joint Disease Associated Pain in Cats. PLOS ONE, 12(1), e0169576. https://doi.org/10.1371/journal.pone.0169576

Andow, B., Acharya, A., Li, D., Enck, W., Singh, K., & Xie, T. (2017). UiRef: analysis of sensitive user inputs in Android applications. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 23–34.

Reaves, B., Bowers, J., Gorski III, S. A., Anise, O., Bobhate, R., Cho, R., … others. (2016). * droid: Assessment and Evaluation of Android Application Analysis Tools. ACM Computing Surveys (CSUR), 49(3), 55.

Andow, B., Nadkarni, A., Bassett, B., Enck, W., & Xie, T. (2016). A Study of Grayware on Google Play. 2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2016), pp. 224–233. https://doi.org/10.1109/spw.2016.40

Shu, R., Wang, P., Gorski, S. A., Andow, B., Nadkarni, A., Deshotels, L., … Gu, X. (2016). A Study of Security Isolation Techniques. ACM COMPUTING SURVEYS, 49(3). https://doi.org/10.1145/2988545

OConnor, T., & Enck, W. (2016). Code-Stop: Code-Reuse Prevention By Context-Aware Traffic Proxying. Proceedings of the Conference on Internet Monitoring and Protection (ICIMP), Barcelona, Spain, 22–26.

Nadkarni, A., Andow, B., Enck, W., & Jha, S. (2016). Practical ${$DIFC$}$ Enforcement on Android. 25th USENIX Security Symposium (USENIX Security 16), 1119–1136.

Nadkarni, A., Andow, B., Enck, W., & Jha, S. (2016). Practical DIFC Enforcement on Android. USENIX Security Symposium, 1119–1136.

Nadkarni, A., Andow, B., Enck, W., & Jha, S. (2016). Practical DIFC enforcement on android. Proceedings of the 25th USENIX Security Symposium, 1119–1136.

Gionta, J., Enck, W., & Larsen, P. (2016). Preventing kernel code-reuse attacks through disclosure resistant code diversification. 2016 ieee conference on communications and network security (cns), 189–197. https://doi.org/10.1109/cns.2016.7860485

Deshotels, L., Deaconescu, R., Chiroiu, M., Davi, L., Enck, W., & Sadeghi, A.-R. (2016). SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 704–716.

Deaconescu, R., Deshotels, L., Bucicoiu, M., Enck, W., Davi, L., & Sadeghi, A.-R. (2016). Sandblaster: Reversing the apple sandbox. ArXiv Preprint ArXiv:1608.04303.

Xie, T., & Enck, W. (2016). Text analytics for security: tutorial. Proceedings of the Symposium and Bootcamp on the Science of Security, 124–125.

Reaves, B., Bowers, J., Gorski, S. A., III, Anise, O., Bobhate, R., Cho, R., … Traynor, P. (2016). droid: Assessment and Evaluation of Android Application Analysis Tools. ACM COMPUTING SURVEYS, 49(3). https://doi.org/10.1145/2996358

Yang, W., Xiao, X., Andow, B., Li, S., Xie, T., & Enck, W. (2015). AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context. 2015 IEEE/ACM 37TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, VOL 1, Vol. 1, pp. 303–313. https://doi.org/10.1109/icse.2015.50

Dean, D. J., Wang, P., Gu, X., Enck, W., & Jin, G. (2015). Automatic Server Hang Bug Diagnosis: Feasible Reality or Pipe Dream? 2015 IEEE INTERNATIONAL CONFERENCE ON AUTONOMIC COMPUTING, pp. 127–132. https://doi.org/10.1109/icac.2015.52

Wang, R., Enck, W., Reeves, D., Zhang, X., Ning, P., Xu, D., … Azab, A. (2015). EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning. Proceedings of the USENIX Security Symposium, 351–366. Retrieved from https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/wang-ruowen

Gionta, J., Enck, W., & Ning, P. (2015). Hidem: Protecting the contents of userspace memory in the face of disclosure vulnerabilities. Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, 325–336.

Liu, Q., McLaughlin, A. C., Watson, B., Enck, W., & Davis, A. (2015). Multitasking Increases Stress and Insecure Behavior on Mobile Devices. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 59(1), 1110–1114.

Heuser, S., Nadkarni, A., Enck, W., & Sadeghi, A.-R. (2014). ${$ASM$}$: A Programmable Interface for Extending Android Security. 23rd USENIX Security Symposium (USENIX Security 14), 1005–1019.

Heuser, S., Nadkarni, A., Enck, W., & Sadeghi, A.-R. (2014). ASM: A Programmable Interface for Extending Android Security. USENIX Security Symposium, 1005–1019.

Tendulkar, V., & Enck, W. (2014). An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities. ArXiv Preprint ArXiv:1410.7745.

Gionta, J., Azab, A., Enck, W., Ning, P., & Zhang, X. (2014). Dacsa: A decoupled architecture for cloud security analysis. Proceedings of the 7th Workshop on Cyber Security Experimentation and Test.

Nadkarni, A., Sheth, A., Weinsberg, U., Taft, N., & Enck, W. (2014). GraphAudit: Privacy Auditing for Massive Graph Mining. North Carolina State University. Dept. of Computer Science.

Ahn, G.-J., Enck, W., & Shin, D. (2014). Guest Editors' Introduction: Special Issue on Security and Privacy in Mobile Platforms. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, Vol. 11, pp. 209–210. https://doi.org/10.1109/tdsc.2014.2312738

Yang, W., Xiao, X., Pandita, R., Enck, W., & Xie, T. (2014). Improving mobile application security via bridging user expectations and application behaviors. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 32.

Davis, A., Shashidharan, A., Liu, Q., Enck, W., McLaughlin, A., & Watson, B. (2014). Insecure behaviors on mobile devices under stress. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 31.

Liu, Q., Bae, J., Watson, B., McLaughhlin, A., & Enck, W. (2014). Modeling and sensing risky user behavior on mobile devices. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 33.

Nadkarni, A., Tendulkar, V., & Enck, W. (2014). NativeWrap: ad hoc smartphone application creation for end users. Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks, 13–24.

Ho, T.-H., Dean, D., Gu, X., & Enck, W. (2014). PREC: practical root exploit containment for android devices. Proceedings of the 4th ACM conference on Data and application security and privacy, 187–198.

Gionta, J., Azab, A., Enck, W., Ning, P., & Zhang, X. (2014). SEER: practical memory virus scanning as a service. Proceedings of the 30th Annual Computer Security Applications Conference, 186–195.

Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2014). TaintDroid: An Information Flow Tracking System for Real-Time Privacy Monitoring on Smartphones. COMMUNICATIONS OF THE ACM, 57(3), 99–106. https://doi.org/10.1145/2494522

Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L. P., … Sheth, A. N. (2014). TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. ACM TRANSACTIONS ON COMPUTER SYSTEMS, 32(2). https://doi.org/10.1145/2619091

Enck, W., & Xie, T. (2014). Tutorial: Text Analytics for Security. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 1540–1541.

Rastogi, V., Chen, Y., & Enck, W. (2013). AppsPlayground: automatic security analysis of smartphone applications. Proceedings of the third ACM conference on Data and application security and privacy, 209–220.

Rastogi, V., Chen, Y., & Enck, W. (2013). Automatic Security Analysis of Android Applications. In Android Security and Mobile Cloud Computing. Springer.

Chakradeo, S., Reaves, B., Traynor, P., & Enck, W. (2013). MAST: triage for market-scale mobile malware analysis. Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, 13–24.

Nadkarni, A., & Enck, W. (2013). Preventing accidental data disclosure in modern operating systems. Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 1029–1042.

Pandita, R., Xiao, X., Yang, W., Enck, W., & Xie, T. (2013). WHYPER: towards automating risk assessment of mobile applications. Proceedings of the 22nd USENIX Security Symposium, Washington DC, USA, 14–16.

Tendulkar, V., Snyder, R., Pletcher, J., Butler, K., Shashidharan, A., & Enck, W. (2012). Abusing cloud-based browsers for fun and profit. Proceedings of the 28th Annual Computer Security Applications Conference, 219–228.

Barrera, D., Enck, W., & Oorschot, P. C. (2012). Meteor: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems. IEEE MoST: Mobile Security Technologies Workshop.

Ongtang, M., McLaughlin, S., Enck, W., & McDaniel, P. (2012). Semantically rich application-centric security in Android. SECURITY AND COMMUNICATION NETWORKS, 5(6), 658–673. https://doi.org/10.1002/sec.360

Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011). A Study of Android Application Security. USENIX Security Symposium.

Enck, W. (2011). ARP Spoofing. In Encyclopedia of Cryptography and Security (pp. 48–49). Springer US.

Enck, W. H. (2011). Analysis Techniques for Mobile Operating System Security. The Pennsylvania State University.

Enck, W. (2011). Android’s Security Framework--Understanding the Security of Mobile Phone Platforms. In Encyclopedia of Cryptography and Security (pp. 34–37). Springer US.

Enck, W. (2011). Defending Users against Smartphone Apps: Techniques and Future Directions. In Information Systems Security (pp. 49–70). https://doi.org/10.1007/978-3-642-25560-1_3

Barrera, D., Enck, W., & Oorschot, P. C. (2011). Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems. Technical report, School of Computer Science, Carleton University, http ….

McDaniel, P., & Enck, W. (2010). Not so great expectations: Why application markets haven't failed security. IEEE Security & Privacy, 8(5), 76–78.

Traynor, P., Butler, K., Enck, W., McDaniel, P., & Borders, K. (2010). malnets: large-scale malicious networks via compromised wireless access points. Security and Communication Networks, 3(2-3), 102–113. https://doi.org/10.1002/sec.149

Choi, H., Enck, W., Shin, J., McDaniel, P. D., & La Porta, T. F. (2009). ASR: anonymous and secure reporting of traffic forwarding activity in mobile ad hoc networks. Wireless Networks, 15(4), 525–539. https://doi.org/10.1007/S11276-007-0067-0

Enck, W., Moyer, T., McDaniel, P., Sen, S., Sebos, P., Spoerel, S., … Aiello, W. (2009). Configuration management at massive scale: system design and experience. IEEE Journal on Selected Areas in Communications, 27(3), 323–335.

Traynor, P., Enck, W., McDaniel, P., & Porta, T. L. (2009). Mitigating attacks on open functionality in SMS-capable cellular networks. IEEE/ACM Transactions on Networking (TON), 17(1), 40–53.

Enck, W., Ongtang, M., & McDaniel, P. (2009). On lightweight mobile phone application certification. Proceedings of the 16th ACM conference on Computer and communications security, 235–245.

Enck, W., Ongtang, M., McDaniel, P. D., & others. (2009). Understanding Android Security. IEEE Security & Privacy, 7(1), 50–57.

Enck, W., Butler, K., Richardson, T., McDaniel, P., & Smith, A. (2008). Defending against attacks on main memory persistence. 2008 Annual Computer Security Applications Conference (ACSAC), 65–74.

Traynor, P., Enck, W., Mcdaniel, P., & La Porta, T. (2008). Exploiting open functionality in SMS-capable cellular networks. Journal of Computer Security, 16(6), 713–742.

Enck, W., Ongtang, M., & McDaniel, P. (2008). Mitigating Android software misuse before it happens. Pennsylvania State University, Tech. Rep. NAS-TR-0094-2008.

Enck, W., McDaniel, P., & Jaeger, T. (2008). Pinup: Pinning user files to known applications. 2008 Annual Computer Security Applications Conference (ACSAC), 55–64.

Traynor, P., Butler, K., Enck, W., & McDaniel, P. (2008). Realizing massive-scale conditional access systems through attribute-based cryptosystems. In Proceedings of the ISOC Network & Distributed System Security Symposium (NDSS).

Butler, K., Enck, W., Hursti, H., McLaughlin, S., Traynor, P., & McDaniel, P. (2008). Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST. Proceedings of the USENIX/ACCURATE Electronic Voting Technology (EVT) Workshop.

Enck, W., McDaniel, P., Sen, S., Sebos, P., Spoerel, S., Greenberg, A., … Aiello, W. (2007). Configuration Management at Massive Scale: System Design and Experience. Proceedings of the USENIX Annual Technical Conference, 73–86. Retrieved from https://www.usenix.org/legacy/events/usenix07/tech/enck.html

Johansen, L., Butler, K., Enck, W., Traynor, P., & McDaniel, P. (2007). Grains of SANs: Building Storage Area Networks from Memory Spots. Technical Report NASTR-0060-2007, Network and Security Research Center ….

Rowaihy, H., Enck, W., McDaniel, P., & La Porta, T. (2007). Limiting sybil attacks in structured p2p networks. INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, 2596–2600.

Enck, W., Rueda, S., Schiffman, J., Sreenivasan, Y., St Clair, L., Jaeger, T., & McDaniel, P. (2007). Protecting users from themselves. Proceedings of the 2007 ACM workshop on Computer security architecture, 29–36.

Lootah, W., Enck, W., & McDaniel, P. (2007). TARP: Ticket-based address resolution protocol. Computer Networks, 51(15), 4322–4337. https://doi.org/10.1016/j.comnet.2007.05.007

Enck, W. H. (2006). Analysis of Open Functionality in SMS-capable Cellular Networks. Pennsylvania State University.

Traynor, P., Enck, W., McDaniel, P., & La Porta, T. (2006). Mitigating attacks on open functionality in SMS-capable cellular networks. Proceedings of the 12th annual international conference on Mobile computing and networking, 182–193.

Clair, L. S., Johansen, L., Enck, W., Pirretti, M., Traynor, P., McDaniel, P., & Jaeger, T. (2006). Password Exhaustion: Predicting the End of Password Usefulness. In Information Systems Security (pp. 37–55). https://doi.org/10.1007/11961635_3

Butler, K., Enck, W., Plasterr, J., Traynor, P., & McDaniel, P. (2006). Privacy Preserving Web-Based Email. In Information Systems Security (Vol. 3, pp. 116–131). https://doi.org/10.1007/11961635_8

Lootah, W., Enck, W., & McDaniel, P. (2006). TARP: Ticket-based Address Resolution Protocol. Presented at the 21st Annual Computer Security Applications Conference (ACSAC'05). https://doi.org/10.1109/csac.2005.55

Enck, W., Traynor, P., McDaniel, P., & La Porta, T. (2005). Exploiting open functionality in SMS-capable cellular networks. Proceedings of the 12th ACM conference on Computer and communications security, 393–404.

Rowaihy, H., Enck, W., McDaniel, P., & La Porta, T. (2005). Limiting sybil attacks in structured peer-to-peer networks. IEEE Infocom Mini-Symposium.

Choi, H., Enck, W., Shin, J., McDaniel, P., & La Porta, T. F. (2005). Secure reporting of traffic forwarding activity in mobile ad hoc networks. Presented at the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services. https://doi.org/10.1109/mobiquitous.2005.53

Choi, H., Enck, W., Shin, J., McDaniel, P., & La Porta, T. F. (2005). Secure reporting of traffic forwarding activity in mobile ad hoc networks. The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 12–21.

Muralee, S., Koishybayev, I., Nahapetyan, A., Tystahl, G., Reaves, B., Bianchi, A., … Machiry, A. ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions.

Wang, R., Enck, W., Reeves, D., Zhang, X., Ning, P., Xu, D., … Azab, A. EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning. 24th USENIX Security Symposium (USENIX Security 15). Presented at the USENIX Association.

Williams, L., Acar, Y., Cukier, M., Enck, W., Kapravelos, A., Kästner, C., & Wermke, D. Securing the So ware Supply Chain: Research, Outreach, Education.

Butler, K., Enck, W., Hursti, H., McLaughlin, S., Traynor, P., & McDaniel, P. Systemic Issues in the Hart InterCivic Voting System: Reflections Following Project EVEREST.

Enck, W., Deaconescu, R., Chiroiu, M., & Deshotels, L. iOS Security Framework: Understanding the Security of Mobile Phone Platforms.