Mobile security reading group
This is a reading group which meets at 10:00 every Wednesday during term in SW00 and discusses papers relevant to security and mobile devices.
Participants should sign up to the mailing list. The paper(s) to be read will be announced by the preceeding Friday so that people know what is being read sufficiently in advance that they can read it.
This is the list of papers in our to read queue in the order we intend to read them
- On Tracking Information Flows through JNI in Android Applications by Chenxiong Qian ; Xiapu Luo ; Yuru Shao ; Chan, A.T.S.
- A Bayesian Approach to Privacy Enforcement in Smartphones by Omer Tripp, and Julia Rubin
- General Area or Approximate Location?: How People Understand Location Permissions by Huiqing Fu and Janne Lindqvist
- Location Privacy Protection for Smartphone Users by Kassem Fawaz and Kang G. Shin
- PowerSpy: Location Tracking using Mobile Device Power Analysis by Yan Michalevsky, Gabi Nakibly, Aaron Schulman, Dan Boneh
- Gyrophone: Recognizing Speech from Gyroscope Signals by Yan Michalevsky and Dan Boneh
- Personalized Security Indicators to Detect Application Phishing Attacks in Mobile Platforms by Claudio Marforio, Ramya Jayaram Masti, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
A * indicates that the paper was selected as a 'best paper of the term'.
- 2014-10-15 Android Permissions: User Attention, Comprehension and Behaviour by Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin and David Wagner
- 2014-10-22 AirBag: Boosting Smartphone Resistance to Malware Infection by Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang and Xuxian Jiang
- From the Aether to the Ethernet — Attacking the Internet using Broadcast Digtal Television by Yossef Oren and Angelos D. Keromytis
- Laurent's draft paper
- Daniel's draft paper
- 2014-11-19 NativeWrap: Ad Hoc Smartphone Application Creation for End Users by Adwait Nadkarni, Vasant Tendulkar and William Enck
- 2014-11-26 Code Injection Attacks on HTML5-based Mobile Apps by Xing Jin, Tongbo Luo, Derek G. Tsui, and Wenliang Du
- 2014-12-03 Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks by Martin Georgiev, Suman Jana and Vitaly Shmatikov
- 2015-01-21 ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviours by Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio,Victor van der Veen, Christian Platzer
- * 2015-01-30 A Large-Scale Analysis of the Security of Embedded Firmwares by Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti
- * 2015-02-04 On the Feasibility of Large-Scale Infections of iOS Devices by Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon Chung, Billy Lau and Wenke Lee
- 2015-02-11 PatchDroid: Scalable Third-Party Security Patches for Android Devices by Collin Mulliner, Jon Oberheide, William Robertson and Engin Kirda
- 2015-02-18 Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks by Qi Alfred Chen, Zhiyun Qian and Z. Morley Mao
- 2015-02-25 Can't you hear me knocking: Identification of user actions on Android apps via traffic analysis by Mauro Conti, Luigi V. Mancini, Riccardo Spolaor and Nino V. Verde
- 2015-03-04 Exploiting Delay Patterns for User IPs Identification in Cellular Networks by Vasile Claudiu Perta, Marco Valerio Barbera and Alessandro Mei
- 2015-03-11 Fingerprinting Smart Devices Through Embedded Acoustic Components by Anupam Das, Nikita Borisov and Matthew Caesar
- 2015-04-22 Google Android Security 2014
- 2015-04-29 Surreptitiously Weakening Cryptographic Systems, by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart.
- * 2015-05-06 A Messy State of the Union: Taming the Composite State Machines of TLS by Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue
- * 2015-05-13 OAuth Demystified for Mobile Application Developers by Eric Y. Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher and Patrick Tague
- 2015-05-20 AutoCog: Measuring the Description-to-permission Fidelity in Android Applications by Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, Tiantian Zhu and Zhong Chen
- 2015-05-27 Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs by Mu Zhang, Yue Duan, Heng Yin, and Zhiruo Zhao
- 2015-06-03 DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket by Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck
- 2015-06-10 Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps by Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby