[PDF Version]

[Full Version]

Benjamin Eric Andow

Computer Science Ph.D. Candidate at North Carolina State University

Email: beandow@ncsu.edu | Website: benandow.com | Github: benandow

Education

North Carolina State University, Raleigh, NC
Ph.D., Computer Science, 2013-present
Dissertation: Security and Privacy Risks of Sensitive User Data Exposure in Mobile Ecosystems
Advisor: Dr. William Enck

Cleveland State University, Cleveland, OH
B.S., Computer and Information Science, Minor in Mathematics, May 2013
Mentor: Dr. Haodong Wang

Academic and Research Appointments

Graduate Research Assistant, North Carolina State University, 2013 - present
Advisor: Dr. William Enck
My research interests broadly fall within the area of systems security, with a primary focus on (1) the security and privacy analysis of computing platforms, predominantly mobile platforms and IoT, and the applications targeted towards those platforms; and (2) the design and analysis of practical security and protection mechanisms for these platforms. My research generally involves building real systems and tools to address or perform large-scale empirical measurements of security and privacy risks. I am particularly interested in applying natural language processing, text analytics, program analysis, and data analytics techniques to extract and draw insights about security and privacy-relevant information and leverage it to identify security and privacy risks or allow systems to autonomously make informed security and privacy decisions.

Undergraduate Research Assistant, Cleveland State University, Jan. 2013 - May 2013
Mentor: Dr. Haodong Wang
Designed and implemented a reference monitor in the Android middleware to enforce dynamic data-centric security policy enforcement, sensitive data classification, and propagation control.

Teaching Assistant, Cleveland State University, Aug. 2012 - Dec. 2012
Instructor: Dr. Allan Waren
Provided hands-on aid for CIS424/524, a senior-level undergraduate and graduate-level course on programming language paradigms.

Undergraduate Research Assistant, Cleveland State University, Summer 2012
Mentor: Dr. Haodong Wang
Designed and implemented a mobile application and a secure application-layer communication protocol to transfer medical records to mobile devices.

Industrial Experience

Research Intern, IBM T.J. Watson Research Center, Yorktown Heights, NY, Summer 2016
Mentors: Kapil Singh and Heqing Huang
Performed a systematic security analysis of Internet of Things (IoT) infrastructures to identify security challenges and vulnerabilities.

Research Intern, Hewlett-Packard Laboratories, Palo Alto, CA, Summer 2014
Mentor: Souvik Sen
Designed and implemented a Wi-Fi radio power management system on Android based on user consumption behaviors, which entailed Linux kernel modifications and Android middleware modifications.

Publications

Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play, Proceedings of the USENIX Security Symposium (To Appear), August 2019. Santa Clara, CA, USA.

Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden and Alexandre Bartel. ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, Proceedings of the ACM Conference on Data and Application Security (CODASPY), March 2019. Dallas, TX, USA.

Benjamin Andow, Akhil Acharya, Dengfeng Li, William Enck, Kapil Singh, and Tao Xie. UiRef: Analysis of Sensitive User Inputs in Android Applications, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2017. Boston, MA, USA.

Rui Shu, Peipei Wang, Sigmund A. Gorski III, Benjamin Andow, Adwait Nadkarni, Luke Deshotels, Jason Gionta, William Enck, and Xiaohui Gu. A Study of Security Isolation Techniques, ACM Computing Surveys (CSUR), 49(3), December, 2016.

Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha. Practical DIFC Enforcement on Android, Proceedings of the USENIX Security Symposium, August, 2016. Austin, TX, USA.

Benjamin Andow, Adwait Nadkarni, Blake Bassett, William Enck, and Tao Xie. A Study of Grayware on Google Play, Proceedings of the IEEE Mobile Security Technologies Workshop (MoST), May, 2016. San Jose, CA, USA.

Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. Appcontext: Differentiating Malicious and Benign Mobile App Behaviors Using Context, Proceedings of the International Conference on Software Engineering (ICSE), May, 2015. Firenze, Italy.

Patents

Pending (public)

US Patent App US20180359266A1, Enforcing Access Control in Trigger-action Programming using Taint Analysis, Benjamin Andow, Suresh Chari, Heqing Huang, and Kapil Singh, December 13, 2018.

WO Patent App. WO2016122444A1, Regulating a Power Consumption State of a Cellular Radio, Souvik Sen and Benjamin Andow, April 8, 2016.

Presentations

UiRef: Analysis of Sensitive User Inputs in Android Applications, at the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Boston, MA, USA, July 2017.

A Study of Grayware on Google Play, at the IEEE Mobile Security Technologies Workshop (MoST), San Jose, CA, USA, May 2016.

Smart Isolation, at the Science of Security Community Forum, North Carolina State University, Raleigh, NC, USA, October 2014.

Teaching Experience

Guest Lecture on Public Key Cryptography (CSC 574), Spring 2018.

Guest Lecture on TCP/IP Attacks (CSC 574), Spring 2018.

Guest Lecture on Firewalls and IDS (CSC 574), Spring 2018.

Professional Service

Program Chair

IEEE Mobile Security Technologies Workshop (MoST), 2017.

Web Chair

IEEE Symposium on Security and Privacy, 2018, 2019.

Reviewer

Annual Computer Security Applications Conference (ACSAC), 2016;

ACM CCS Workshop on Artificial Intelligence and Security (AISec), 2016;

ACM Conference on Data and Application Security and Privacy (CODASPY), 2016;

ACM Conference on Computer and Communications Security (CCS), 2016;

ISOC Network and Distributed System Security Symposium (NDSS), 2016, 2017, 2018, 2019;

The International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2015;

The USENIX Security Symposium, 2015, 2018;

ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices(SPSM), 2016;

IEEE Transactions on Dependable and Secure Computing (TDSC), 2019.

ACM Transactions on Privacy and Security (TOPS), 2017.

Open Source Contributions

Ported TaintDroid to Android 4.3. https://github.com/TaintDroid/taintdroid-project

Implemented Ng et al.’s dissimilarity measure for KModes. https://github.com/nicodv/kmodes/pull/44

Awards & Achievements

ACM Student Travel Award (ACM WiSec 2017).

IEEE Student Travel Award (IEEE S&P 2016).