The Pennsylvania State University
Ph.D. in Computer Science and Engineering
Thesis:
Specification-based Attacks and Defenses in Sequential Control Systems
Advisor:
Dr. Patrick McDaniel
The Pennsylvania State University
M.S. in Computer Science with distinction - Spring 2011
Thesis:
The Load Leveling Approach to Removing Appliance Features from Home Electricity Usage Profiles
Advisor: Dr. Patrick McDaniel
The Pennsylvania State University
B.S. in Computer Science with distinction - Fall 2007
Minor in Mathematics
Research Assistant The Pennsylvania State University
State College, PA: January 2009 - Present
Conducted penetration testing of smart electric meters and specification-based attacks and defenses for networked control systems with numerous results published at CCS, NDSS, ACSAC, and IEEE SmartGridComm
Intern Google
New York, NY: May 2008 - August 2008
Designed implemented and tested a highly scalable parallel
minimum spanning tree algorithm and documented all work
Research Assistant The Pennsylvania State University
State College, PA: March 2007 - April 2008
Designed, prototyped and evaluated novel storage security architectures
and published the results at CCS 2008
Intern IBM - High Performance On Demand Solutions
San Jose, CA: January 2006 - June 2006
Designed and implemented web-services for capacity planning
and data center automation
Journal Publications
Stephen McLaughlin, Brett Holbert, Ahmed Fawaz, Robin
Berthier, and Saman Zonouz
A Multi-Sensor Intrusion and
Energy Theft Detection Framework for Advanced Metering
Infrastructures. IEEE Selected Areas in
Communications. To appear.
Machigar Ongtang, Stephen McLaughlin, William Enck, and
Patrick McDaniel.
Semantically Rich Application-Centric
Security in Android. Security and Communication
Networks
Kevin Butler, Stephen McLaughlin, Thomas Moyer, and Patrick
McDaniel.
New Security Architectures Based on Emerging Disk
Functionality. IEEE Security and Privacy, 8(5),
pg. 34-31, Sept./Oct. 2010.
Conference Publications
Stephen McLaughlin, Devin Pohly, Patrick McDaniel, and Saman
Zonouz.
A Trusted Safety Verifier for Process Controller
Code. Proc. ISOC Network and Distributed Systems
Security Symposium (NDSS). San Diego, California,
USA. February, 2014.
Stephen McLaughlin.
CPS:Stateful Policy Enforcement for
Control System Device Usage. Proc. 29th Annual Computer
Security Applications Conference (ACSAC) CPS Track. New
Orleans, Louisiana, USA. December, 2013.
Devin J. Pohly, Stephen McLaughlin, Patrick McDaniel, and
Kevin Butler.
Hi-Fi: Collecting High-Fidelity Whole-System
Provenance. 28th Annual Computer Security Applications
Conference (ACSAC). Orlando, Florida, USA. December
2012.
Stephen McLaughlin, Brett Holbert, Saman Zonouz, and Robin
Berthier.
AMIDS: A Multi-Sensor Energy Theft Detection
Framework for Advanced Metering Infrastructures. Third
IEEE International Conference on Smart Grid Communications
(SmartGridComm). Tainan City, Taiwan. November
2012.
Stephen McLaughlin and Patrick McDaniel.
SABOT:
Specification-based Payload Generation for Programmable Logic
Controllers. 19th ACM Conference on Computer and
Communications Security (CCS). Raleigh, NC, USA. October
2012.
Weining Yang, Ninghui Li, Yuan Qi, Wahbeh Qardaji, Stephen
McLaughlin and Patrick McDaniel.
Minimizing Private Data
Disclosures in the Smart Grid. 19th ACM Conference on
Computer and Communications Security (CCS). Raleigh, NC,
USA. October 2012.
Stephen McLaughlin, Patrick McDaniel, and William
Aiello.
Protecting Consumer Privacy from Electric Load
Monitoring. 18th ACM Conference on Computer and
Communications Security (CCS). Chicago, IL, USA. October
2011.
Stephen McLaughlin, Dmitry Podkuiko, Sergei Miadzvezhanka,
Adam Delozier, and Patrick McDaniel.
Multi-vendor
Penetration Testing in the Advanced Metering
Infrastructure. 26th Annual Computer Security
Applications Conference (ACSAC), Austin, TX, USA. December
2010.
Kevin Butler, Stephen McLaughlin, and Patrick
McDaniel,
Kells: A Protection Framework for Portable
Data. 26th Annual Computer Security Applications
Conference (ACSAC), Austin, TX, USA. December
2010.
(Best Paper)
Machigar Ongtang, Stephen McLaughlin, William Enck, and
Patrick McDaniel,
Semantically Rich Application-Centric
Security in Android. Proceedings of the 25th Annual Computer
Security Applications Conference (ACSAC), Honolulu, HI, USA.
December 2009.
Albert Tannous, Jonathan Trostle, Mohamed Hassan, Stephen
McLaughin, and Trent Jaeger,
New Side Channel Attacks
Targeting Passwords.
Proceedings of the 24th Annual Computer Security
Applications Conference (ACSAC), Anaheim, CA,
USA. December 2008.
Kevin Butler, Stephen McLaughlin, and Patrick McDaniel,
Rootkit
Resistant Disks. 15th ACM Conference
on Computer and Communications Security (CCS), Alexandria,
VA, USA. November 2008.
Workshop Publications
Stephen McLaughlin,
On Dynamic Malware Payloads Aimed at
Programmable Logic Controllers. 6th USENIX Workshop on
Hot Topics in Security, San Francisco, CA. August,
2011.
Stephen McLaughlin, Dmitry Podkuiko, Adam Delozier, Sergei
Miadzvezhanka, and Patrick McDaniel,
Embedded Firmware
Diversity for Smart Electric Meters. Proceedings of the
5th USENIX Workshop on Hot Topics in Security (HotSec),
Washington, DC. August, 2010.
Patrick McDaniel, Kevin Butler, Stephen McLaughlin, Radu Sion,
Erez Zadok, and Marianne Winslett,
Towards a Secure and Efficient System for End-to-End Provenance.
2nd USENIX Workshop on the Theory and Practice of
Provenance (TAPP), San Jose, CA. February,
2010.
Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel,
Energy Theft in the Advanced Metering Infrastructure.
4th International Workshop on Critical Information
Infrastructure Security (CRITIS), Bonn, Germany.
September, 2009.
Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin,
Patrick Traynor, and Patrick McDaniel,
Systemic Issues in the Hart InterCivic and Premier Voting Systems:
Reflections Following Project EVEREST.
2008 USENIX/ACCURATE Electronic Voting Technology Workshop
(EVT), San Jose, CA, USA. July 2008.
Kevin Butler, Stephen McLaughlin, Patrick
McDaniel,
Non-Volatile Memory and Disks: Avenues for Policy
Architectures.,
1st Computer Security Architecture
Workshop (CSAW), Alexandria, VA, USA. November
2007.
Miscellaneous
Patrick McDaniel and Stephen McLaughlin.
Structured
Security Testing in the Smartgrid. 5th International
Symposium on Communications, Control, and Signal
Processing. Rome, Italy. May 2012.
Energy Theft in the Advanced Metering Infrastructure.
19th
USENIX Security Symposium, Washington, DC, USA. August
2010. Poster Presentation.
Embedded Firmware Diversity for Smart Electric Meters.
19th
USENIX Security Symposium, Washington, DC, USA. August
2010. Poster Presentation.
Kevin Butler, Stephen McLaughlin, and Patrick
McDaniel,
Disk-Enabled Authenticated
Encryption. 26th IEEE Symposium on Massive Storage
Systems and Technologies (MSST), Lake Tahoe, Nevada. May,
2010. (Short paper)
Patrick McDaniel and Stephen McLaughlin,
Security and Privacy
Challenges in the Smart Grid.
IEEE Security & Privacy Magazine, 7(3):75--77,
May/June, 2009.
Stephen McLaughlin,
18th USENIX Security Symposium
Conference Summaries. USENIX ;login Magazine, December
2009.
Utility Grid Automation Risk Management.
Clean Technology,
Houston, TX, USA. May, 2009. Poster Presentation.
Patrick McDaniel, Kevin Butler, William Enck, Harri Hursti,
Stephen McLaughlin, Patrick Traynor, Matt Blaze, Adam Aviv,
Pavol Cerny, Sandy Clark, Eric Cronin, Gaurav Shah, Micah Sherr,
Giovanni Vigna, Richard Kemmerer, David Balzarotti, Greg Banks,
Marco Cova, Viktoria Felmetsger, William Robertson, Fredrik Valeur,
Joseph Lorenzo Hall, and Laura Quilter,
EVEREST: Evaluation and
Validation of Election-Related Equipment, Standards and Testing.
December 2007
Specification-based Attacks and Defenses in Sequential
Control Systems. Computer Science Department, Stony
Brook University. Stony Brook, NY, USA. April 1,
2014.
Specification-based Attacks and Defenses in Sequential
Control Systems. Computer Science Department, Johns
Hopkins University. Baltimore, MD, USA. March 27,
2014.
Specification-based Attacks and Defenses in Sequential
Control Systems. Narus Inc. Sunnyvale, CA,
USA. March 13, 2014.
A Trusted Safety Verifier for Process Controller
Code. The ISOC Network and Distributed Systems Security
Symposium (NDSS). San Diego, CA, USA. February 24,
2014.
Stateful Policy Enforcement for Control System Device
Usage. 29th Annual Computer Security Applications
Conference (ACSAC). New Orleans, LA, USA. December 11,
2013.
Securing the Future Smart Grid: Where do We Go Next
(Panel). 29th Annual Computer Security Applications
Conference (ACSAC). New Orleans, LA, USA. December,
2013.
Smart Electric Meters: Architectures, Vulnerabilities, and
Mitigations. The 2013 Trusted Infrastructure
Workshop. Pennsylvania State University. June 5,
2013.
SABOT: Specification-based Payload Generation for
Programmable Logic Controllers. 19th ACM Conference on
Computer and Communications Security (CCS). Raleigh, NC,
USA. October 2012.
Why We Need Standards for Breaking the Smart
Grid. The 2012 Western Energy Policy Research
Conference. Boise, ID, USA. August 30, 2012.
Protecting Consumer Privacy from Electric Load
Monitoring. 18th ACM Conference on Computer and
Communications Security (CCS). Chicago, IL, USA. October
2011.
Multi-vendor Penentration Testing in the Advanced Metering
Infrastructure: Challenges for Regulation. Carnegie
Mellon Electricity Industry Center. Pittsburgh, PA. August
31, 2011.
On Dynamic Malware Payloads Aimed at Programmable Logic
Controllers. The 6th USENIX Workshop on Hot Topics in
Security (HotSec), San Francisco, CA. August 9,
2011.
Why We Need Standards for Breaking the Smart
Grid. The 2011 Technology Management and Policy
Graduate Consortium. Penn State University, University
Park, PA. June 27, 2011.
Identifying (and Addressing) Security and Privacy Issues in
Smart Electric Meters. Los Alamos National
Laboratory, Los Alamos, NM. February 15, 2011.
Multi-vendor Penentration Testing in the Advanced Metering
Infrastructure. The 26th Annual Computer Security
Applications Conference. Austin, TX. December 8,
2010.
Multi-vendor Penetration Testing in the Advanced Metering
Infrastructure: Future Challenges. DIMACS Workshop on
Algorithmic Decision Theory for the Smart
Grid. Piscataway, NJ. October 26, 2010.
Embedded Firmware Diversity for Smart Electric
Meters. Proceedings of the 5th USENIX Workshop on Hot
Topics in Security (HotSec). Washington, DC. August,
2010.
Energy Theft in the Advanced Metering
Infrastructure. 4th International Workshop on Critical
Information Infrastructure Security (CRITIS). Bonn,
Germany. September 2009.
- CSE 598e: Critical Infrastructure Security - Prepared entire curriculum and gave lectures.
- CSE 543: Graduate Level Computer Security - Gave lectures on operating systems security and authentication protocols.
- CSE 443: Undergraduate Level Computer Security - Gave lectures on operating systems security and authentication protocols.
- Recipient Outstanding Research Assistant Award in CSE, 2013
- Recipient ACM CCS Student Travel Grant, 2012
- Recipient Diefenderfer Graduate Fellowship in the College
of Engineering from August 2012 - May 2014
- Recipient ACM CCS Student Travel Grant, 2011
- Recipient Student Scholarship to the TCIPG Summer School on Cyber Security for Smart Energy Systems, 2011
- Recipient ACSAC Student Conferenceship, 2010
- Recipient Travel Grant to the DIMACS Workshop on Algorithmic Decision Theory for the Smart Grid, 2010
- Recipient HotSec Student Travel Grant, 2010
- Recipient USENIX Security Symposium Travel Grant,
2008 and 2009
- Recipient Harry G. Miller Fellowship in the College
of Engineering for the spring 2007 semester
- Recipient R. P. Drenning Memorial Scholarship in the
College of Engineering for the 2007-08 academic year
- Recipient John F. Kray Sr. Memorial Scholarship in the
College of Engineering for the 2006-07 academic year
- Dean's List Fall 2004 - Fall 2007
- Member The Association for Computing Machinery
- Member Institute of Electrical and Electronics Engineers
- Member USENIX The Advanced Computing Systems Association
- Member Tau Beta Pi, the Engineering Honor Society
Committees:
- First International Conference on Cryptograph and Information Security (BalkanCryptSec 2014)
- Annual Computer Security Applications Conference (ACSAC 2013,2014), PC Member
- Information Security Conference (ISC 2014), PC Member
- ACM CCS Workshop on Smart Energy Grid Security (2013), PC Member
- The Second International Conference on Smart Systems, Devices and Technologies (SMART 2013), PC Member
- LCN Workshop on Network Security (WNS 2012, 2013), PC Member
Reviewer: International Conference on Availability,
Reliability and Security (ARES 2008); International Conference
on Distributed Computing Systems (ICDCS 2008); USENIX Security
2008; IEEE TSE; Data and Applications Security (DBSec 2008);
16th Annual Network and Distributed System Security Symposium
(NDSS 2009); ACM Symposium on Access Control Models and
Technologies (SACMAT 2009); USENIX Security 2009; 3rd
International Conference on Information Security and Assurance
(ISA 2009); Information Security Conference (ISC 2009); ACM
Conference on Computer and Communications Security (CCS 2009);
ACM Cloud Computing Security Workshop (CCSW 2009); Fifth
International Conference on Information Systems Security
(ICISS 2009); 17th ACM Conference on Computer and
Communications Security (CCS 2010); 5th USENIX Workshop on Hot
Topics in Security (HotSec 2010); 26th Annual Computer
Security Applications Conference (ACSAC 2010); Proceedings of
the IEEE; The 17th Annual International Conference on Mobile
Computing and Networking (MOBICOM 2011); IEEE Transactions on
Knowledge and Data Engineering (TKDE); The 18th Annual Network
and Distributed System Security Symposium (NDSS); The 34th
IEEE Symposium on Security and Prviacy (Oakland 2013); IEEE
Pervasive Magazine.