A central aspect of the Android platform is Inter-Component Communication (ICC), which enables the reuse of functionality across apps and components via message passing. While a powerful feature, ICC still constitutes a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) through static analysis, Deep Reinforcement Learning-based dynamic analysis and software instrumentation. Our approach, called RONIN, achieves better results than state-of-the-art and baseline tools, in the number of exploited vulnerabilities.

Despite decades of research, the automatic detection of vulnerabilities in mobile apps remains an open challenge. Among the possible solutions, SAST tools uncover source or compiled code security flaws without needing the app to be executed and tested in a controlled environment. However, SAST tools share several limitations, such as the detection of narrowed vulnerability classes, lack of updates, and limited resiliency to obfuscation techniques. This paper presents SEBASTiAn, a black-box automatic static analysis tool for security vetting Android and iOS apps. It relies on a modular approach to cope with new vulnerabilities.

From a little research experiment to an essential component of military arsenals, malicious software has constantly been growing and evolving for more than three decades. On the other hand, from a negligible market share, the Android operating system is nowadays the most widely used mobile operating system, becoming a desirable target for large-scale malware distribution. While scientific literature has followed this trend, one aspect has been understudied: the role of native code in malicious Android apps. Android apps are written in high-level languages, but thanks to the Java Native Interface (JNI), Android also supports calling native (C/C++) library functions. While allowing native code in Android apps has a strong positive impact from a performance perspective, it dramatically complicates its analysis because bytecode and native code need different abstractions and analysis algorithms, and they thus pose different challenges and limitations. Consequently, these difficulties are often (ab)used to hide malicious payloads. In this work, we propose a novel methodology to reverse engineering Android apps focusing on suspicious patterns related to native components, i.e., surreptitious code that requires further inspection. We implemented a static analysis tool based on such methodology, which can bridge the “Java” and the native worlds and perform an in-depth analysis of tag code blocks responsible for suspicious behavior. These tags benefit the human facing the reverse engineering task: they clearly indicate which part of the code to focus on to find malicious code. Then, we performed a longitudinal analysis of Android malware over the past ten years and compared the recent malicious samples with actual top apps on the Google Play Store. Our work depicts typical behaviors of modern malware, its evolution, and how it abuses the native layer to complicate the analysis, especially with dynamic code loading and novel anti-analysis techniques. Finally, we show a use case for our suspicious tags: we trained and tested a machine learning algorithm for a binary classification task. Even if suspicious does not imply malicious, our classifier obtained a remarkable F1-score of 0.97, showing that our methodology can be helpful to both humans and machines.

This paper uses data processing techniques to reduce the required transmission bandwidth in ship-to-shore communications. The proposed framework (ONline Efficient Sources Transmission Optimizer - ONESTO) leverages state-of-the-art technologies and novel algorithms to automatically optimize transmissions under structural (e.g., available bandwidth, fixed packet overhead) and user-defined (e.g., maximum latency) constraints. In addition, ONESTO authenticates and encrypts the communication between the ship and the shore via mainstream free and open-source software components. Initially, we present the abstract mathematical formulation of the problem, with its assumptions, goal function, constraints, and significant quantities. Then, we introduce the architecture of a system capable of continuously estimating the compressibility, processing and transmission time of streaming data. Such estimations allow ONESTO to calculate and apply optimal parameters for achieving the best compression ratio. Lastly, using a prototypical implementation, we evaluate the system performance with a Class B ship simulator on two realistic use cases. Our experiments show an excellent compression ratio with maritime protocols (more than 40:1) and a limited latency impact, demonstrating the approach’s viability.