Title: 

Multiple perspectives of the Android virtualization technique: can we use it as a defence mechanism?

Name:

Eleonora Losiouk, PhD

Abstract: 

Android virtualization enables an app to create a virtual environment, in which other apps can run. Originally designed to overcome the limitations of mobile apps dimensions, nowadays this technique is becoming more and more attractive for developing novel Android malwares, but it can be used also for legitimate purposes.

In this talk, I will present two use cases of security and privacy issues affecting the Android ecosystem, that have been prevented through the Android virtualization technique. The first involves mHealth apps and the sensitive information they can leak, if a malicious app installed on the same phone is able to detect their presence. HideMyApp creates a protected virtual environment where the user can execute sensitive apps, thus preventing possibly malicious ones from detecting them. The second use case regards Android repackaging attacks, that imply the introduction of malicious code in a legitimate app before distributing it. MARVEL is the first anti-repackaging solution based on the Android virtualization technique and aimed at preventing both traditional repackaging attacks and the most recent ones, based on a malicious exploitation of the Android virtual environment.

Short bio:

Eleonora Losiouk is an Assistant Professor at the University of Padua (Italy), working in the SPRITZ Group led by Prof. Mauro Conti. In 2018, she obtained her Ph.D. in Bioengineering and Bioinformatics from the University of Pavia (Italy). She has been a Visiting Fellow at EPFL in 2017. In 2020, she received the Seal of Excellence for her Marie Skłodowska-Curie individual project proposal and was awarded a Fulbright Fellowship for visiting ICSI, Berkeley (USA). Her main research interests regard the security and privacy evaluation of the Android Operating System.

Time and date:

14:00, April 20th, 2022

Location: TM 614-4514-3860