Patrick Drew McDaniel

Patrick Drew McDaniel is an American computer scientist and Tsun-Ming Shih Professor of Computer Sciences in the School of Computer, Data & Information Sciences at the University of Wisconsin-Madison. He was a William L. Weiss Professor of Information and Communications Technology in the School of Electrical Engineering and Computer Science and the director of the Institute for Networking and Security Research at the Pennsylvania State University. He has made several contributions in the areas of computer security, operating systems, and computer networks. McDaniel is best known for his work in mobile security as well as in electronic voting security, digital piracy prevention, and cellular networks. In recognition of his contributions and service to the scientific community, he was named IEEE Fellow and ACM Fellow. Prior to joining Penn State in 2004, he was a senior research staff member at AT&T Labs. He obtained his Ph.D. in Electrical Engineering and Computer Science from the University of Michigan, under the supervision of Atul Prakash.

Education

 * 2001, Ph.D., Computer Science and Engineering, University of Michigan, Ann Arbor
 * 1991, M.S., Computer Science, Ball State University, Muncie
 * 1989, B.S., Computer Science, Ohio University, Athens

Research contributions
McDaniel's research interests span a wide range of topics from computer security to technical public policy. He is the author and co-author of several patents, books, and technical papers.

Digital Piracy Prevention
While he was a Senior Research Staff Member at AT&T Laboratories, McDaniel contributed to a joint study with the University of Pennsylvania on the source of unauthorized movie copies. The study presented an analysis of the availability and characteristics of popular movies in file sharing networks. They used a dataset of 312 popular movies and found that seventy-seven percent of these samples appear to have been leaked by an industry insider.

Voting Systems Security
McDaniel and his team assessed the security of electronic voting systems used in Ohio. On December 14, 2007, Ohio Secretary of State Jennifer Brunner released the results of a comprehensive review of her state's electronic voting technology. The study, called Project EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing, examined electronic voting systems – both touch-screen and optical scan – from Election Systems & Software, Hart InterCivic, and Premier Election Systems. As part of that study, three teams of security researchers, based at the Pennsylvania State University, the University of Pennsylvania, and WebWise Security, Inc., conducted the security reviews. The reviews began in September 2007 and concluded on December 7, 2007, with the delivery of the final report. The teams had access to voting machines and software source code from the three vendors and performed source code analysis and security penetration testing with the aim of identifying security problems that might affect the integrity of elections that use the equipment.

Smartphone Application Security
McDaniel and his team designed tools for adding security features to existing smartphone operating systems in order to protect users against malicious or poorly designed application software. This effort has spanned projects in: systems design, policy, and program analysis.

The well-known TaintDroid system is designed to track and identify smartphone privacy risks created by downloaded application software. TaintDroid uses dynamic taint analysis to track privacy-sensitive information from their sources (e.g., GPS hardware, microphone, phone identifier storage, etc.application-provider) to the point at which it leaves the phone through a wireless network interface. The follow-up projects Saint and Kirin are designed to provide enhanced application-provider specified security policy and to evaluate the privileges requested by applications when they are installed.

Cellular Telecommunications
Long held in logical and physical isolation from other systems, telecommunications networks and other pieces of critical infrastructure are rapidly being assimilated into the Internet. Today, systems including the electrical grid and traffic systems are accessible to users, regardless of their location, with a few clicks of a mouse. McDaniel demonstrated that with the bandwidth available to most cable modems, an adversary can launch attacks capable of denying voice service to cellular telecommunications networks in major cities. In times of emergency, when such computer networks are essential in saving lives, such attacks can be extremely dangerous. McDaniel proposed defenses to mitigate such vulnerabilities, as well as a variety of other related vulnerabilities that were discovered in cellular networks.