Mobile security reading group

This is a reading group which meets at 10:00 every Wednesday during term in SW00 and discusses papers relevant to security and mobile devices.

Participants should sign up to the mailing list. The paper(s) to be read will be announced by the preceeding Friday so that people know what is being read sufficiently in advance that they can read it.

Paper Queue

This is the list of papers in our to read queue in the order we intend to read them

Read papers

A * indicates that the paper was selected as a 'best paper of the term'.

• 2014-10-15 Android Permissions: User Attention, Comprehension and Behaviour by Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin and David Wagner
• 2014-10-22 AirBag: Boosting Smartphone Resistance to Malware Infection by Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang and Xuxian Jiang
• From the Aether to the Ethernet — Attacking the Internet using Broadcast Digtal Television by Yossef Oren and Angelos D. Keromytis
• Laurent's draft paper
• Daniel's draft paper
• 2014-11-19 NativeWrap: Ad Hoc Smartphone Application Creation for End Users by Adwait Nadkarni, Vasant Tendulkar and William Enck
• 2014-11-26 Code Injection Attacks on HTML5-based Mobile Apps by Xing Jin, Tongbo Luo, Derek G. Tsui, and Wenliang Du
• 2014-12-03 Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks by Martin Georgiev, Suman Jana and Vitaly Shmatikov
• 2015-01-21 ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviours by Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio,Victor van der Veen, Christian Platzer
• * 2015-01-30 A Large-Scale Analysis of the Security of Embedded Firmwares by Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti
• * 2015-02-04 On the Feasibility of Large-Scale Infections of iOS Devices by Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon Chung, Billy Lau and Wenke Lee
• 2015-02-11 PatchDroid: Scalable Third-Party Security Patches for Android Devices by Collin Mulliner, Jon Oberheide, William Robertson and Engin Kirda
• 2015-02-18 Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks by Qi Alfred Chen, Zhiyun Qian and Z. Morley Mao
• 2015-02-25 Can't you hear me knocking: Identification of user actions on Android apps via traffic analysis by Mauro Conti, Luigi V. Mancini, Riccardo Spolaor and Nino V. Verde
• 2015-03-04 Exploiting Delay Patterns for User IPs Identification in Cellular Networks by Vasile Claudiu Perta, Marco Valerio Barbera and Alessandro Mei
• 2015-03-11 Fingerprinting Smart Devices Through Embedded Acoustic Components by Anupam Das, Nikita Borisov and Matthew Caesar
• 2015-04-22 Google Android Security 2014
• 2015-04-29 Surreptitiously Weakening Cryptographic Systems, by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart.
• * 2015-05-06 A Messy State of the Union: Taming the Composite State Machines of TLS by Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue
• * 2015-05-13 OAuth Demystified for Mobile Application Developers by Eric Y. Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher and Patrick Tague
• 2015-05-20 AutoCog: Measuring the Description-to-permission Fidelity in Android Applications by Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, Tiantian Zhu and Zhong Chen
• 2015-05-27 Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs by Mu Zhang, Yue Duan, Heng Yin, and Zhiruo Zhao
• 2015-06-03 DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket by Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck
• 2015-06-10 Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps by Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby
• 2015-10-07 Security metrics for the Android Ecosystem by Daniel R. Thomas, Alastair R. Beresford and Andrew Rice
• 2015-10-14 One class to rule them all: 0-Day deserialisation vulnerabilities in Android by Or Peles and Roee Hay
• 2015-10-21 Xray: Enhancing the Web’s Transparency with Differential Correlation by Mathias Lécuyer, Guillaume Ducoffe, Francis Lan, Andrei Papancea, Theofilos Petsios, Riley Spahn, Augustin Chaintreau, and Roxana Geambasu
• 2015-10-28 Sound-proof: Usable Two-Factor Authentication Based on Ambient Sound by Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Čapkun
• 2015-11-04 GUITAR: Piecing Together Android App GUIs from Memory Images by Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang, Dongyan Xu
• * 2015-11-11 Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice by David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann
• 2015-11-18 Effective Real-time Android Application Auditing by Mingyuan Xia, Lu Gong, Yuanhao Lyu, Zhengwei Qi, Xue Liu
• 2015-11-25 On Breaking SAML: Be Whoever You Want to Be by Juraj Somorovsky, Andreas Mayer, Jorg Schwenk, Marco Kampmann, and Meiko Jensen
• 2015-12-02 A Bayesian Approach to Privacy Enforcement in Smartphones by Omer Tripp and Julia Rubin
• 2016-01-20 Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing and GPS Location by Lex Fridman, Steven Weber, Rachel Greenstadt and Moshe Kam
• 2016-01-27 iSeeYou: Disabling the MacBook Webcam Indicator LED by Matthew Brocker and Stephen Checkoway
• 2016-02-03 Protecting Data on Smartphones and Tablets from Memory Attacks by Patrick Colp, Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal de Lara, Himanshu Raj, Stefan Saroiu, and Alec Wolman
• 2016-02-10 A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients by Vasile C. Perta, Marco V. Barbera, Gareth Tyson, Hamed Haddadi, and Alessandro Mei
• 2016-02-17 Personalized Security Indicators to Detect Application Phishing Attacks in Mobile Platforms by Claudio Marforio, Ramya Jayaram Masti, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
• 2016-02-24 Location Privacy Protection for Smartphone Users by Kassem Fawaz and Kang G. Shin
• * 2016-03-02 Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares by Jonas Zaddach, Luca Bruno, Aurelien Francillon and Davide Balzarotti
• 2016-03-09 Towards Automated Dynamic Analysis for Linux-based Embedded Firmware, by Daming D. Chen, Manuel Egele, Maverick Woo and David Brumley
• 2016-03-16 A New Covert Channel over Cellular Voice Channel in Smartphones by Bushra Aloraini, Daryl Johnson, Bill Stackpole, Sumita Mishra
• 2016-04-27 SOK: Secure Messaging by N. Unger and S. Dechand and J. Bonneau and S. Fahl and H. Perl and I. Goldberg and M. Smith
• 2016-05-04 What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources by Soteris Demetriou , Xiaoyong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang, Carl A Gunter
• 2016-05-11 CacheBleed: A Timing Attack on OpenSSL Constant Time RSA by Yuval Yarom, Daniel Genkin, and Nadia Heninger
• * 2016-05-18 Amplification Hell: Revisiting Network Protocols for DDoS Abuse by Christian Rossow
• 2016-05-25 Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References by Yousra Aafer, Nan Zhang, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, and Michael Grace
• 2016-06-01 Deniable Key Exchanges for Secure Messaging by Nik Unger and Ian Goldberg