INI Student Overcomes Obstacles in Thesis Research

April 16, 2012

Remember the old saying 'If at first you don't succeed, try try and try again?' This idea of continuously working hard to overcome challenges is one that Daniel Votipka, an INI student in the Information Security Technology and Management (MSISTM) program, has followed. He leaned on the advice of this famous adage when pursuing his thesis research on Android forensics work.

His interest in forensics and the growing field of mobile research is what first got Votipka hooked. "Forensic investigators are starting to see more mobile devices in their investigations, and they hold some interesting information," he said. "So my work could actually be useful for things such as extracting criminal evidence."

Votipka also worked with fellow Carnegie Mellon student Timothy Vidas, a Ph.D. candidate, and faculty advisor Dr. Nicolas Christin last summer to put together a research paper entitled "All Your Droid Are Belong to Us: A Survey of Current Android Attacks." The paper was presented at the 2011 Usenix Workshop on Offensive Technologies (WOOT) on August 8, 2011 in San Francisco.

 This experience combined with his thesis research provided Votipka with quite the learning experience. Used to completing most of his work in an engineering environment, Votipka learned to think about problems in new ways by taking a more scientific approach. One of these problems happened to be the biggest challenge that he had to face: finding out his hypothesis was wrong.

 Votipka's first hypothesis was that his way of doing Android forensics could be general to all Android devices. However, he soon discovered that most of the components were generalizable but the hardware interface was not. This discouraging discovery brought extra work and a dispiriting mood that Votipka had to rise above.

"To show that this result wasn't just a byproduct of the particular device I was trying I had to show that it wasn't possible on my full test set," he explained. "Which was specially selected to represent the diversity of the market."

Determined to work through the frustration, Votipka reached two major conclusions. His research showed that his recovery method on Android is generalizable to the hardware level, and custom hardware drivers cause problems for generalizing to all devices.

In addition to these major discoveries, perhaps the most valuable thing Votipka's thesis research did for him was help him to make a decision about his future. Through this process he discovered that he is very interested in applying code analysis and machine learning techniques to the problem of forensic analysis.

"After this experience, I can say I have plans for the future," said Votipka. "I really like the style of work and getting to work with like-minded researchers."