Mobile Application Security

Maqsood Ahmad

Android, Malware Analysis, Dynamic Code Updates

The main focus of this research is providing solutions for Android app analysis in the presence of dynamic code updates. Dynamic code update techniques are widely used by malware developers to evade analysis tools and infect user devices. Our main goal is ensuring app analysis tools to correctly infer an app's behavior that use dynamic code updates and detect the possible malicious activity which is otherwise concealed to static analysis tools.




Secure Multi-Party Computation

Silvio Biagioni

Secure Multi-Party Computation (MPC) is a branch of cryptology that aims at designing and developing methods for parties to correctly compute a function of their inputs and, at the same time, keeping such inputs private. My research concerns the theoretical and practical design of MPC protocols.




Cyber Security Monitoring for Networked Control Systems

Alessio Coletta

cyber security, monitoring, industrial control systems, internet of things, SMT

Networked Control Systems (NCS), largely employed in critical infrastructures, are subject to vulnerabilities and cyber threats. This research activity is aimed at developing a predictive real-time cyber security monitoring framework that detects anomalies observing the behaviour of the NCS. Unlike standard ICT, control systems usually exhibit well documented and predictable behaviours. Our framework leverages this peculiarity and uses a formal language to specify known criticalities of the monitored system and an SMT-based engine to detect anomalous events. The framework is able to discriminate whether the NCS reaches a critical state, and also to predict whether it is approaching one using a formal notion of proximity from criticalities.




Automatic Techniques for the Synthesis and Assisted Deployment of Security Policies in Workflow-based Applications

Daniel Ricardo Dos Santos

Workflow, Authorization, Access Control, Satisfiability

Workflows specify a collection of tasks that must be executed under the responsibility or supervision of human users. Workflow management systems and workflow-driven applications need to enforce security policies in the form of access control, specifying which users can execute which tasks, and authorization constraints, such as Separation/Binding of Duty, further restricting the execution of tasks at run-time. Enforcing these policies is crucial to avoid frauds and malicious use, but it may lead to situations where a workflow instance cannot be completed without the violation of the policy. The Workflow Satisfiability Problem (WSP) asks whether there exists an assignment of users to tasks in a workflow such that every task is executed and the policy is not violated. The run-time version of this problem amounts to answering user requests to execute tasks positively if the policy is respected and the workflow instance is guaranteed to terminate. The WSP is inherently hard, but solutions to this problem have a practical application in reconciling business compliance (stating that workflow instances should follow the specified policies) and business continuity (stating that workflow instances should be deadlock-free). Related problems, such as finding execution scenarios that not only satisfy a workflow but also satisfy other properties (e.g., that a workflow instance is still satisfiable even in the absence of users), can be solved at deployment-time to help users design policies and reuse available workflow models. The main contributions of this work are three: 1. We present a technique to synthesize monitors capable of solving the run-time version of the WSP, i.e., capable of answering user requests to execute tasks in such a way that the policy is not violated and the workflow instance is guaranteed to terminate. The technique is extended to modular workflow specifications, using components and gluing assertions. This allows us to compose synthesized monitors, reuse workflow models, and synthesize monitors for large models. 2. We introduce and present techniques to solve a new class of problems called Scenario Finding Problems, i.e., finding execution scenarios that satisfy properties of interest to users. Solutions to these problems can assist customers during the deployment of reusable workflow models with custom authorization policies. 3. We implement the proposed techniques in two tools. Cerberus integrates monitor synthesis, scenario finding, and run-time enforcement into workflow management systems. Aegis recovers workflow models from web applications using process mining, synthesizes monitors, and invokes them at run-time by using a reverse proxy. An extensive experimental evaluation shows the practical applicability of the proposed approaches on realistic and synthetic (for scalability) problem instances.





Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps

Mojtaba Eskandari

Personal Data, Data Transfer, Privacy, Mobile Apps, Cloud

The prevalence of mobile devices and their capability to access high speed Internet have transformed them into a portable pocket cloud interface. The sensitivity of a user’s personal data demands adequate level of protection in the cloud. In this regard, the European Union Data Protection regulations (e.g., article 25.1) restricts the transfer of European users’ personal data to certain locations. The matter of concern, however, is the enforcement of such regulations. Since cloud service provision is independent of physical location and data can travel to various servers, it is a challenging task to determine the location of data and enforce jurisdiction policies. In this research, first we demonstrate how mobile apps mishandle personal data collection and transfer by analyzing a wide range of popular Android apps in Europe. Then we investigate approaches to monitor and enforce the location restrictions of collected personal data. Since there are multiple entities such as mobile devices, mobile apps, data controllers and cloud providers in the process of collecting and transferring data, we study each one separately. We introduce design and prototyping of a suitable approach to perform or at least facilitate the enforcement procedure with respect to the duty of each entity.





Risk based authentication for Critical Infrastuctures

Sandeep Gupta

Behavioral Biometrics, Cyber Security, Authentication

Design of methods that support cyber?security operations by improving the predictive analysis of cyber?attacks, the resilience of systems and their ability to predict, detect and respond to evolving cyber?attacks.




Risk Based Access Control Systems

Privacy Aware Access Control Systems

Nadia Metoui

Risk, Trust, Access Control, Privacy Enhancing Technologies

The increasing availability of large and diverse datasets (big data) calls for increased flexibility in access control to improve the exploitation of the data and prevent privacy violations that can be caused by this exploitation. Risk-aware access control systems offer a natural approach to the problem. The aim of my industrial PhD thesis is to develop a novel Privacy-Aware A.C. framework combining trust with risk to support access control in dynamic contexts and allow striking a balance between the privacy violation risks associated with an access request and the utility/availability data. If the risk is too large compared to the trust level, adapted strategies are applied to a decrease of the risk (e.g. through anonymization) or to increase the trust level (e.g. additional obligations).





FuturesMEX: Secure Distributed Futures Market Exchange

Chan Nam Ngo

Futures exchanges, such as the Chicago Mercantile Exchange, centralize the trading and settlement of futures (agreements to buy or sell a particular commodity at a future date) ticking hundreds of trillions US$ per year. We present the key security properties of a Distributed Futures Market Exchange which are necessary to guarantee the economic viability of the market (confidentiality of positions and absence of price discrimination) and show how to implement the key market functionalities in a fully distributed setting (quotes, queries and matching orders to the limit order book, quotes' risk control, and end of day mark to market). Our distributed protocol simulates the centralized functionality in the general case of asynchronous communication under the usual assumptions of anonymity of the physical transmission layer and availability of a distributed ledger. If such assumptions cannot hold (e.g. random delays of quotes at the physical layer may be unacceptable to traders and entry nodes cannot be trusted with deterministic delivery) we show that an asynchronous model is insecure as it allows to reconstruct individual quotes and therefore allow large traders to price discriminate small traders. Still, a synchronous version of the market can be designed that is secure.




Benchmarking Static Analysis Security Testing tools

Ivan Pashchenko

Benchmark, Static Analysis, Software Vulnerabilities

Manual vulnerability discovery is a very difficult and resource intensive task. Despite the fact that this task cannot be bypassed, it also requires significant expenses. Therefore, software development companies have to use different tools for a vulnerability finding stage effort reduction. Nowadays there is no scientifically approved approach for selecting the best tool for a specific software project. I work on the methodology that helps software developers to perform an unbiased selection of a static application security testing tool and an automatized benchmark for performing such kind of selections.




Security and Privacy of Mobile Applications: Authentication and Authorization

Giada Sciarretta

IT Security and Privacy, Digital Identity, Authentication and Authorization Protocols, Single Sign-On, Security of Mobile Devices

While there exist many secure identity management solutions for web applications, their adaptation in the mobile context is a new and open challenge. For instance, the lack of a proper reference model for Single Sign-On (SSO) for mobile native applications hinders the provision of digital identities by organizations other than Facebook, Google or other major vendors. To overcome this difficulty, we provide a reference model which can be used by different organizations (e.g., governmental organizations) to implement mobile SSO. In general, our goal is to propose novel authentication and authorization solutions for mobile applications that satisfy the expected security requirements and protect user privacy, while complying with national (e.g., SPID for Italy) and European (e.g., eIDAS) laws and directives. To avoid design flaws we will follow the security-by-design paradigm, and to evaluate the security properties of our proposals we will use formal method techniques.




Automated regulatory compliance checking of ABAC policies

Hari Siswantoro

Compliance by design, Data protection regulation, Formal verification, Attribute based access control

Nowadays, most of business practices involve personal data processing of customers and employees. And personal data processing is strictly regulated by legislation to protect the rights of the personal data owner. Enforcing regulation into enterprise information system is a non-trivial task, and a misinterpretation can lead to sanctions. This research presents an automatic legal compliance verification method of attribute based access control (ABAC) against the EU Data Protection Directive (DPD) 95/46/EC. The rights, obligations and conditions for lawful personal data processing from the directive are extracted and mapped to a formal legal model. We use this model to check whether an enterprise access control policy complies or violates the regulation.




Black-Box Security Testing of Browser-Based Security Protocols

Avinash Sudhodanan

Browser-Based Security Protocols, Multi-Party Web Applications, Black-Box Security Testing, Cross-Site Request Forgery, CSRF, Logical Vulnerabilities, Web Application Security, Authentication Cross-Site Request Forgery, Auth-CSRF

In this research we propose novel black-box security testing techniques for detecting security vulnerabilities in the implementations of browser-based security protocols underling web applications.