Patrick McDaniel's research interests span a wide range of topics from computer security to technical public policy. He is the author and co-author of several patents, books, and technical papers.
Digital Piracy Prevention
While he was a Senior Research Staff Member at AT&T Laboratories, McDaniel contributed to a joint study with the University of Pennsylvania on the source of unauthorized movie copies. The study presented an analysis of the availability and characteristics of popular movies in file sharing networks. They used a dataset of 312 popular movies and found that seventy-seven percent of these samples appear to have been leaked by an industry insider.
McDaniel and his team assessed the security of electronic voting systems used in Ohio. On December 14, 2007, Ohio Secretary of State Jennifer Brunner released the results of a comprehensive review of her state's electronic voting technology. The study, called Project EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing, examined electronic voting systems – both touch-screen and optical scan – from Election Systems & Software, Hart InterCivic, and Premier Election Systems. As part of that study, three teams of security researchers, based at the Pennsylvania State University, the University of Pennsylvania, and WebWise Security, Inc., conducted the security reviews. The reviews began in September 2007 and concluded on December 7, 2007, with the delivery of the final report. The teams had access to voting machines and software source code from the three vendors and performed source code analysis and security penetration testing with the aim of identifying security problems that might affect the integrity of elections that use the equipment.
McDaniel and his team designed tools for adding security features to existing smartphone operating systems in order to protect users against malicious or poorly designed application software. This effort has spanned projects in: systems design, policy, and program analysis. The well-known TaintDroid system is designed to track and identify smartphone privacy risks created by downloaded application software. TaintDroid uses dynamic taint analysis to track privacy-sensitive information from their sources to the point at which it leaves the phone through a wireless network interface. The follow-up projects Saint and Kirin are designed to provide enhanced application-provider specified security policy and to evaluate the privileges requested by applications when they are installed.
Cellular Telecommunications
Long held in logical and physical isolation from other systems, telecommunications networks and other pieces of critical infrastructure are rapidly being assimilated into the Internet. Today, systems including the electrical grid and traffic systems are accessible to users, regardless of their location, with a few clicks of a mouse. McDaniel demonstrated that with the bandwidth available to most cable modems, an adversary can launch attacks capable of denying voice service to cellular telecommunications networks in major cities. In times of emergency, when such computer networks are essential in saving lives, such attacks can be extremely dangerous. McDaniel proposed defenses to mitigate such vulnerabilities, as well as a variety of other related vulnerabilities that were discovered in cellular networks.