My name is Ben Davis. I'm an applied computer security and mobile systems researcher. I build software that allows us to better understand and control the systems on which we depend. Email me at: helloREMOVETHESECAPITALLETTERS@thebendavisREMOVETHESECAPITALLETTERS.net
I have led the following research projects:
- RetroSkeleton: an Android app rewriting system that automatically enforces security policies, patches vulnerabilities, and augments functionality in real-world Android apps. This project included the development of a static analysis and sophisticated bytecode transformation framework for Android apps, exploring dynamic behavior of apps via automated emulator-based testing, and detection and thwarting of malware.
- Privacy-Preserving Alibi Systems: design and implementation of cryptographic schemes that enable mobile device users to provide evidence of selected past locations while keeping other private.
- DBTaint: a cross-application end-to-end information flow tracking system for modern web services and databases, protecting real-world web apps from cross-site scripting and other code-injection attacks
See the linked project pages for more detail and slides for conference presentations I've given.
My work in industry includes:
- Development of protocol-level security mechanisms for critical infrastructure systems and microcontroller-based implementations of these mechanisms
- Building frameworks that combine formal methods and fuzzing analysis techniques to prove properties and identify vulnerabilities in digital systems
- Vulnerability assessments of critical infrastructure networks and hardware, cloud computing environments, and various other networks and systems
- Turning ad hoc exploits into generalized scanning tools that detect and mitigate classes of vulnerabilities
- Creating and presenting curriculum and training exercises covering computer security topics and techniques
I am the primary researcher and author of the following security and privacy work:
Protecting Systems from Within:
Application-Level Observation and Control Mechanisms Dissertation Committee: Hao Chen, Matthew Bishop, Karl Levitt
Peer-Reviewed Academic Publications
RetroSkeleton: Retrofitting Android Apps 11th International Conference on Mobile Systems, Applications and Services (MobiSys). Taipei, Taiwan, June 25-28, 2013.
I-ARM-Droid: A Rewriting Framework for In-App Reference Monitors for Android Applications IEEE Mobile Security Technologies (MoST). San Francisco, CA, May 24, 2012.
Privacy-Preserving Alibi Systems 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Seoul, South Korea, May 1-3, 2012.
DBTaint: Cross-Application Information Flow Tracking via Databases USENIX Conference on Web Applications (WebApps). Boston, MA, June 23-24, 2010.