Primary Focus - Emerging Platform Security

My research explores problems in the areas of operating systems security and software security.
My goal is to make emerging platforms such as smart homes and smart phones secure. Specifically, I work on developing analysis techniques that preemptively identify vulnerabilities caused due to access control or usage-related inconsistencies, providing defenses against the same vulnerabilities at the platform/OS-level, or developing data-driven frameworks that can perform practical and holistic evaluation of security systems/analyses as well as the software they target.

For detailed information on my ongoing research, visit my lab page: Secure Platforms Lab (SPL) @ W&M

Funding/Support

  1. SaTC: CORE: Small: Enabling Systematic Evaluation of the Soundness of Android Security Analysis Techniques
    • PI: Adwait Nadkarni
    • Co-PI: Denys Poshyvanyk
    • Sponsor: National Science Foundation (NSF)
    • Total Award: $500,000
    • Duration: September 01, 2018 to August 31, 2021
  2. W&M Summer Research Award: Enabling Systematic Security Evaluation of Smart Home Routines through Android Application Vulnerability Analysis
    • PI: Adwait Nadkarni
    • Sponsor: William & Mary
    • Total Award: $4000
    • Duration: Summer 2018
  3. W&M Summer Research Award: Understanding the Impact of Lateral Privilege Escalation on Smart Home Routines through Systematic Analysis
    • PI: Adwait Nadkarni
    • Sponsor: William & Mary
    • Total Award: $4300
    • Duration: Summer 2019
  1. Ami, A. S., Kafle, K., Moran, K., Nadkarni, A., & Poshyvanyk, D. (2021, May). Demo: Mutation-based Evaluation of Security-focused Static Analysis Tools for Android. Proceedings of the 43rd IEEE/ACM International Conference on Software Engineering (ICSE’21), Formal Tool Demonstration Track.To appear.
  2. Ami, A., Kafle, K., Moran, K., Nadkarni, A., & Poshyvanyk, D. (2021). Systematic Mutation-based Evaluation of the Soundness of Security-focused Android Static Analysis Techniques. ACM Transactions on Privacy and Security (TOPS), 24(15). PDF
  3. Kafle, K., Moran, K., Manandhar, S., Nadkarni, A., & Poshyvanyk, D. (2020). Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue. ACM Transactions on Cyber-Physical Systems (TCPS), 5(1). PDF
  4. Manandhar, S., Moran, K., Kafle, K., Tang, R., Poshyvanyk, D., & Nadkarni, A. (2020, May). Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses. Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland). PDF
  5. Gorski III, S. A., Andow, B., Nadkarni, A., Manandhar, S., Enck, W., Bodden, E., & Bartel, A. (2019, March). ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware. Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY). PDF
  6. Kafle, K., Moran, K., Manandhar, S., Nadkarni, A., & Poshyvanyk, D. (2019, March). A Study of Data Store-based Home Automation. Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY).Best Paper Award PDF
  7. Bonett, R., Kafle, K., Moran, K., Nadkarni, A., & Poshyvanyk, D. (2018, August). Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation. Proceedings of the 27th USENIX Security Symposium. PDF
  8. Nadkarni, A., Andow, B., Enck, W., & Jha, S. (2016, August). Practical DIFC Enforcement on Android. Proceedings of the 25th USENIX Security Symposium. PDF
  9. Heuser, S., Nadkarni, A., Enck, W., & Sadeghi, A.-R. (2014, August). ASM: A Programmable Interface for Extending Android Security. Proceedings of the 23rd USENIX Security Symposium. PDF
  10. Nadkarni, A., & Enck, W. (2013). Preventing accidental data disclosure in modern operating systems. Proceedings of the 2013 ACM Conference on Computer & Communications Security (CCS), 1029–1042. PDF
  1. Enck, W. H., Nadkarni, A. P., Sadeghi, A.-reza, & Heuser, S. (2016). PROGRAMMABLE INTERFACE FOR EXTENDING SECURITY OF APPLICATION-BASED OPERATING SYSTEM, SUCH AS ANDROID.US Patent 20,160,042,191, Patent pending
  1. Helion - Code and Data for our Oakland’20 paper
  2. mSE - Code and Data for our USENIX’18 paper
  3. Weir - Code for our USENIX’16 paper
  4. ASM - Code for our USENIX’14 paper
  5. Aquifer - Code for our CCS’13 paper

Press Coverage

Our recent work on evaluating smart home routines has received wide press coverage (WM Press, Washington Post, Daily Press, SF Gate, Quartz, NBC News, 13NewsNow, The Ambient, Insurance Journal, Claims Journal, Daily Mail)


 

Other Areas

User Data Privacy and Systems Security

  1. Nadkarni, A., Enck, W., Jha, S., & Staddon, J. (2017). Policy by Example: An Approach for Security Policy Specification [ArXiv preprint arXiv:1707.03967].
  2. Nadkarni, A., Verma, A., Tendulkar, V., & Enck, W. (2017). Reliable Ad Hoc Smartphone Application Creation for End Users. In Intrusion Detection and Prevention for Mobile Ecosystems. CRC Press. https://www.crcpress.com/Intrusion-Detection-and-Prevention-for-Mobile-Ecosystems/Kambourakis-Shabtai-Kolias-Damopoulos/p/book/9781138033573Editor: George Kambourakis and Asaf Shabtai and Konstantinos Kolias and Dimitrios Damopoulos
  3. Shu, R., Wang, P., Gorski III, S. A., Andow, B., Nadkarni, A., Deshotels, L., Gionta, J., Enck, W., & Gu, X. (2016). A Study of Security Isolation Techniques. ACM Computing Surveys (CSUR), 49(3).
  4. Andow, B., Nadkarni, A., Bassett, B., Enck, W., & Xie, T. (2016, May). A Study of Grayware on Google Play. Proceedings of the IEEE Mobile Security Technologies Workshop (MoST).
  5. Nadkarni, A., Sheth, A., Weinsberg, U., Taft, N., & Enck, W. (2014). GraphAudit: Privacy Auditing for Massive Graph Mining [Technical Report TR-2014-10]. North Carolina State University, Department of Computer Science.
  6. Nadkarni, A., Tendulkar, V., & Enck, W. (2014). NativeWrap: Ad Hoc Smartphone Application Creation for End Users. Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 1005–1019. PDF
  1. NativeWrap - Code for our WiSec’14 paper