Assignment:

The student (or group of students) is asked to analyze and study a paper among the ones published in one of the top four cybersecurity conferences and specified below.

Network and Distributed System Security Symposium (NDSS) 2021
• A. E. M. Dawoud, S. Bugiel, "Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework".
• A.Possemato, D. Nisi, Y. Fratantonio, "Preventing and Detecting State Inference Attacks on Android".
• Y. Shen, P.-A. Vervier, G. Stringhini, "Understanding Worldwide Private Information Collection on Android".
• Z. Lei, Y. Nan, Y. Fratantonio, A. Bianchi, "On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices".
• S. Zimmeck, R. Goldstein, D. Baraka, "PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps".
• J. Kim, J. Park, S. Son, "The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud".

IEEE Symposium on Security and Privacy (IEEE S&P) 2021
• R. Li, W. Diao, Z. Li, J. Du, S. Guo, "Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings".
• P. Kotzias, J. Caballero, L. Bilge, "How Did That Get In My Phone? Unwanted App Distribution on Android Devices".
• E. Blázquez, S. Pastrana, A. Feal, J. Gamba, P. Kotzias, N. Vallina-Rodriguez, J. Tapiador, "Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem".
• A. Possemato, S. Aonzo, D. Balzarotti and Y. Fratantonio, "Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization".

USENIX Security Symposium (Usenix) 2021
• Z. Zhang, H. Zhang, Zhiyun Qian and Billy Lau, "An Investigation of the Android Kernel Patch Ecosystem".
• Jie Huang and Michael Backes and Sven Bugiel, "A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android".

ACM Conference on Computer and Communications Security (CCS) 2021
• Wenna Song, Jiang Ming, Lin Jiang, Yi Xiang, Xuanchen Pan, Jianming Fu, and Guojun Peng, "Towards Transparent and Stealthy Android OS Sandboxing via Customizable Container-Based Virtualization".
• Michalis Diamantaris, Serafeim Moustakas, Lichao Sun, Sotiris Ioannidis, and Jason Polakis, "This Sneaky Piggy Went to the Android Ad Market: Misusing Mobile Sensors for Stealthy Data Exfiltration".
• Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, and Kehuan Zhang, "Android on PC: On the Security of End-user Android Emulators".
• Zeinab El-Rewini and Yousra Aafer, "Dissecting Residual APIs in Custom Android ROMs".
• Xiaobo Xiang, Ren Zhang, Hanxiang Wen, Xiaorui Gong, and Baoxu Liu, "Ghost in the Binder: Binder Transaction Redirection Attacks in Android System Services".
• Suibin Sun, Le Yu, Xiaokuan Zhang, Minhui Xue, Ren Zhou, Haojin Zhu, Shuang Hao, and Xiaodong Lin, "Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic"

  Evaluation:

Student/s has/ve to write a final report concerning the analyzed paper. Such report should specify (to download the template click here):
• An overview of the research problem.
• An overview of the contributions provided by previous work to solve the research problem.
• Contributions of the latest paper addressing the research problem.
• Possible limitations of the latest paper addressing the research problem.
• Possible future works on the research problem.
Student/s has/ve to submit their report by the 23:59 of the date of the exam they have subscribed to. After sending the report, student/s will have an oral presentation to illustrate the content of their report and to answer questions concerning both the report and the topics presented during the course. The final grade assigned is a combination of the report and of the oral presentation.