[PDF Version]

[Full Version]

Benjamin Eric Andow

Software Engineer at Google

Email: andow@google.com | Website: benandow.com | Github: benandow

Research

My research broadly falls within the areas of information security and privacy, with a primary focus on analyzing and improving the security and privacy of computing platforms, such as mobile and IoT, and its software. My research generally involves building real systems and tools to address or perform large-scale empirical measurements of security and privacy risks. My most recent work has involved automating the analysis of the fidelity between privacy policies and application behaviors.

Education

North Carolina State University, Raleigh, NC
Ph.D., Computer Science, July 2019
Dissertation: Privacy Risks of Sensitive User Data Exposure in Mobile Ecosystems
Advisor: Dr. William Enck

Cleveland State University, Cleveland, OH
B.S., Computer and Information Science, Minor in Mathematics, May 2013
Mentor: Dr. Haodong Wang

Academic and Industrial Experience

Software Engineer, Google, Sunnyvale, CA, May 2020 - Present

Supplemental Research Staff Member, IBM T.J. Watson Research Center, Yorktown Heights, NY, July 2019 - May 2020
Information Security Group

Graduate Research Assistant, North Carolina State University, 2013 - 2019
Advisor: Dr. William Enck

Research Intern, IBM T.J. Watson Research Center, Yorktown Heights, NY, Summer 2016
Mentors: Dr. Kapil Singh and Dr. Heqing Huang

Research Intern, Hewlett-Packard Laboratories, Palo Alto, CA, Summer 2014
Mentor: Dr. Souvik Sen

Undergraduate Research Assistant, Cleveland State University, Jan. 2013 - May 2013
Mentor: Dr. Haodong Wang

Teaching Assistant, Cleveland State University, Aug. 2012 - Dec. 2012
Instructor: Dr. Allan Waren

Undergraduate Research Assistant, Cleveland State University, Summer 2012
Mentor: Dr. Haodong Wang

Publications

Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das, and William Enck. Hey Alexa, Is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem, Proceedings of the Network and Distributed System Security Symposium (NDSS), February 2021. Virtual due to COVID-19.

Samin Yaseer Mahmud, Akhil Acharya, Benjamin Andow, William Enck, and Bradley Reaves. Cardpliance: PCI DSS Compliance of Android Applications, Proceedings of the USENIX Security Symposium (SECURITY), August 2020. Boston, MA, USA.

Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck, Proceedings of the USENIX Security Symposium (SECURITY), August 2020. Boston, MA, USA.

Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play, Proceedings of the USENIX Security Symposium (SECURITY), August 2019. Santa Clara, CA, USA.

Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden and Alexandre Bartel. ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, Proceedings of the ACM Conference on Data and Application Security (CODASPY), March 2019. Dallas, TX, USA.

Benjamin Andow, Akhil Acharya, Dengfeng Li, William Enck, Kapil Singh, and Tao Xie. UiRef: Analysis of Sensitive User Inputs in Android Applications, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2017. Boston, MA, USA.

Rui Shu, Peipei Wang, Sigmund A. Gorski III, Benjamin Andow, Adwait Nadkarni, Luke Deshotels, Jason Gionta, William Enck, and Xiaohui Gu. A Study of Security Isolation Techniques, ACM Computing Surveys (CSUR), 49(3), December, 2016.

Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha. Practical DIFC Enforcement on Android, Proceedings of the USENIX Security Symposium (SECURITY), August, 2016. Austin, TX, USA.

Benjamin Andow, Adwait Nadkarni, Blake Bassett, William Enck, and Tao Xie. A Study of Grayware on Google Play, Proceedings of the IEEE Mobile Security Technologies Workshop (MoST), May, 2016. San Jose, CA, USA.

Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. Appcontext: Differentiating Malicious and Benign Mobile App Behaviors Using Context, Proceedings of the International Conference on Software Engineering (ICSE), May, 2015. Firenze, Italy.

Patents

Pending (public)

US Patent App US20180359266A1, Enforcing Access Control in Trigger-action Programming using Taint Analysis, Benjamin Andow, Suresh Chari, Heqing Huang, and Kapil Singh, December 13, 2018.

WO Patent App. WO2016122444A1, Regulating a Power Consumption State of a Cellular Radio, Souvik Sen and Benjamin Andow, April 8, 2016.

Presentations

Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck, at the USENIX Security Symposium (SECURITY), Online due to COVID, August 2020.

PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play, at the USENIX Security Symposium (SECURITY), Santa Clara, CA, USA, August 2019.

UiRef: Analysis of Sensitive User Inputs in Android Applications, at the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Boston, MA, USA, July 2017.

A Study of Grayware on Google Play, at the IEEE Mobile Security Technologies Workshop (MoST), San Jose, CA, USA, May 2016.

Smart Isolation, at the Science of Security Community Forum, North Carolina State University, Raleigh, NC, USA, October 2014.

Teaching Experience

Guest Lecture on Public Key Cryptography (CSC 574), Spring 2018.

Guest Lecture on TCP/IP Attacks (CSC 574), Spring 2018.

Guest Lecture on Firewalls and IDS (CSC 574), Spring 2018.

Professional Service

Program Chair

IEEE Mobile Security Technologies Workshop (MoST), 2017.

Technical Program Committees

The Network and Distributed System Security Symposium (NDSS), 2021.

The USENIX Security Symposium (SECURITY), 2020, 2021.

Web Chair

IEEE Symposium on Security and Privacy, 2018, 2019.

Reviewer

Annual Computer Security Applications Conference (ACSAC), 2016;

ACM CCS Workshop on Artificial Intelligence and Security (AISec), 2016;

ACM Conference on Data and Application Security and Privacy (CODASPY), 2016;

ACM Conference on Computer and Communications Security (CCS), 2016;

ISOC Network and Distributed System Security Symposium (NDSS), 2016, 2017, 2018, 2019;

The International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2015;

The USENIX Security Symposium (SECURITY), 2015, 2018;

ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices(SPSM), 2016;

IEEE Transactions on Dependable and Secure Computing (TDSC), 2019;

ACM Transactions on Privacy and Security (TOPS), 2017;

IEEE Transactions on Software Engineering (TOSEM), 2019.

Open Source Contributions

PolicyLint/PoliCheck. https://github.com/benandow/PrivacyPolicyAnalysis

User Input REsolution Framework (UiREF). https://github.com/benandow/uiref

Ported TaintDroid to Android 4.3. https://github.com/TaintDroid/taintdroid-project

Implemented Ng et al.’s dissimilarity measure for KModes. https://github.com/nicodv/kmodes/pull/44

Awards & Achievements

ACM Student Travel Award (ACM WiSec 2017).

IEEE Student Travel Award (IEEE S&P 2016).