About Me

My name is Ben Davis. I'm an applied computer security and mobile systems researcher. I build software that allows us to better understand and control the systems on which we depend. Email me at: helloREMOVETHESECAPITALLETTERS@thebendavisREMOVETHESECAPITALLETTERS.net


I have led the following research projects:

  • RetroSkeleton: an Android app rewriting system that automatically enforces security policies, patches vulnerabilities, and augments functionality in real-world Android apps. This project included the development of a static analysis and sophisticated bytecode transformation framework for Android apps, exploring dynamic behavior of apps via automated emulator-based testing, and detection and thwarting of malware.
  • Privacy-Preserving Alibi Systems: design and implementation of cryptographic schemes that enable mobile device users to provide evidence of selected past locations while keeping other private.
  • DBTaint: a cross-application end-to-end information flow tracking system for modern web services and databases, protecting real-world web apps from cross-site scripting and other code-injection attacks

See the linked project pages for more detail and slides for conference presentations I've given.


My work in industry includes:

  • Development of protocol-level security mechanisms for critical infrastructure systems and microcontroller-based implementations of these mechanisms
  • Building frameworks that combine formal methods and fuzzing analysis techniques to prove properties and identify vulnerabilities in digital systems
  • Vulnerability assessments of critical infrastructure networks and hardware, cloud computing environments, and various other networks and systems
  • Turning ad hoc exploits into generalized scanning tools that detect and mitigate classes of vulnerabilities
  • Creating and presenting curriculum and training exercises covering computer security topics and techniques


I earned my Ph.D. in Computer Science at the University of California, Davis where I was advised by Professor Hao Chen in the Computer Security Lab.

I am the primary researcher and author of the following security and privacy work:

Ph.D. Dissertation

Protecting Systems from Within:
Application-Level Observation and Control Mechanisms
Benjamin Davis, Department of Computer Science, University of California, Davis. Dissertation Committee: Hao Chen, Matthew Bishop, Karl Levitt

Peer-Reviewed Academic Publications

RetroSkeleton: Retrofitting Android Apps Benjamin Davis and Hao Chen. 11th International Conference on Mobile Systems, Applications and Services (MobiSys). Taipei, Taiwan, June 25-28, 2013.

I-ARM-Droid: A Rewriting Framework for In-App Reference Monitors for Android Applications Benjamin Davis, Ben Sanders, Armen Khodaverdian, and Hao Chen. IEEE Mobile Security Technologies (MoST). San Francisco, CA, May 24, 2012.

Privacy-Preserving Alibi Systems Benjamin Davis, Hao Chen, and Matthew Franklin. 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Seoul, South Korea, May 1-3, 2012.

DBTaint: Cross-Application Information Flow Tracking via Databases Benjamin Davis and Hao Chen. USENIX Conference on Web Applications (WebApps). Boston, MA, June 23-24, 2010.