About

I am a PhD candidate in the Department of Computer Science at North Carolina State University (NCSU). I am advised by Dr. William Enck and I am a member of the Wolfpack Security and Privacy Research (WSPR) Lab. Before joining NCSU, I received my Bachelor of Science in Computer Engineering from the University of Maryland, College Park (UMD), James A. Clark School of Engineering.

My research focuses on the application of program analysis techniques to the analysis of the internal security and privacy mechanisms in Android devices. Access to sensitive data and functionality in Android is restricted by various authorization checks placed throughout the Android system by its developers. These checks generally take the form of Android permission checks and are usually placed correctly. However, while the primary form of authorization check in Android has been and continues to be the permission check, as Android has developed and expanded its functionality, it has added many more complex and less well defined forms of authorization checks. Moreover, because of the lack of any formal specification for what should be considered correct and secure, the placement of these checks is a manual effort by the Android system developers. As such, mistakes can and have been made in the placement of these checks, resulting in the weakness in the security of the Android system, some of which have led to significant vulnerabilities in the past. Overall, my research seeks to aid system developers and security researchers by both: 1) developing a comprehensive understanding of the different types of authorization checks in the Android system and their uses and 2) using that understanding to automate the identification of vulnerabilities caused by misplaced or incorrect authorization checks.

My plan is to graduate in December, 2019. If you have any questions about my research or would like to collaborate, feel free to contact me.