Related papers: Secure Execution of Java Applets using a Remote Pl…
Today, much of our sensitive information is stored inside mobile applications (apps), such as the browsing histories and chatting logs. To safeguard these privacy files, modern mobile systems, notably Android and iOS, use sandboxes to…
Abuse of zero-permission sensors on-board mobile and wearable devices to infer users' personal context and information is a well-known privacy threat that has received significant attention. Efforts towards protection mechanisms that…
Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras,…
Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…
Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods having been proposed and analyzed. In related areas such as secure channel protocols, remote authentication, or desktop…
Android is an open source mobile operating system that is developed mainly by Google. It is used on a significant portion of mobile devices worldwide. In this paper, I will be looking at an attack commonly known as tapjacking. I will be…
Recently Java programming environment has become so popular. Java programming language is a language that is designed to be portable enough to be executed in wide range of computers ranging from cell phones to supercomputers. Computer…
Desktop browser extensions have long allowed users to improve their experience online and tackle widespread harms on websites. So far, no equivalent solution exists for mobile apps, despite the fact that individuals now spend significantly…
Google's Android is a comprehensive software framework for mobile communication devices (i.e., smartphones, PDAs). The Android framework includes an operating system, middleware and a set of key applications. The incorporation of integrated…
Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By…
Due to Android's open source feature and low barriers to entry for developers, millions of developers and third-party organizations have been attracted into the Android ecosystem. However, over 90 percent of mobile malware are found…
Connecting large language models (LLMs) to defensive enforcement requires more than asking a model whether an attack is happening. A defender must decide which model outputs may change the system state, which outputs must be rejected, and…
Software supply chain attacks have become a significant threat as software development increasingly relies on contributions from multiple, often unverified sources. The code from unverified sources does not pose a threat until it is…
The WeChat mini-game ecosystem faces rampant intellectual property theft to other platforms via secondary development, yet existing JavaScript obfuscation tools are ill-equipped for large-scale applications, suffering from prohibitive…
Android malware is a persistent threat to billions of users around the world. As a countermeasure, Android malware detection systems are occasionally implemented. However, these systems are often vulnerable to \emph{evasion attacks}, in…
As an emerging technique for confidential computing, trusted execution environment (TEE) receives a lot of attention. To better develop, deploy, and run secure applications on a TEE platform such as Intel's SGX, both academic and industrial…
App repackaging refers to the practice of customizing an existing mobile app and redistributing it in the wild. In this way, the attacker aims to force some mobile users to install the repackaged(likely malicious) app instead of the…
Today's mobile platforms provide only coarse-grained permissions to users with regard to how third- party applications use sensitive private data. Unfortunately, it is easy to disguise malware within the boundaries of legitimately-granted…
Mobile code based computing requires development of protection schemes that allow digital signature and encryption of data collected by the agents in untrusted hosts. These algorithms could not rely on carrying encryption keys if these keys…
Intra-session network coding is known to be vulnerable to pollution attacks. In this work, first, we introduce a novel homomorphic MAC scheme called SpaceMac, which allows an intermediate node to verify if its received packets belong to a…