Theses developed within CSecLab, listed in reverse chronological order.


Antonio Ruggia, Luigi Sciolla. Demystifying Anti-Repackaging on Android. 2020

Supervisors: Luca Verderame, Alessio Merlo

Publications

  1. A. Merlo, A. Ruggia, L. Sciolla, L. Verderame , “You Shall not Repackage! A Journey into the World of Anti-Repackaging on Android” in arXiv preprint arXiv:2009.04718.

  2. A. Merlo, A. Ruggia, L. Sciolla, L. Verderame , “ARMAND Anti-Repackaging through Multi-patternAnti-tampering based on Native Detection” arXiv preprint arXiv:2012.09292..


Francesco Pagano, Giovanni Bottino. HideDroid: App-level Runtime Data Anonymization on Mobile. 2020

Supervisors: Davide Caputo, Alessio Merlo


Federico Lucini. Appregator: a Large-Scale Platform for Mobile Security Analysis. 2020

Supervisors: Luca Verderame, Alessio Merlo

Publications

  1. L. Verderame, D. Caputo, A. Romdhana, A. Merlo, “APPregator A Large-Scale Platform for Mobile Security Analysis”, in IFIP International Conference on Testing Software and Systems (ICTSS 2020).

Mattia Parrinello. Analysis of user profiling libraries on Android. 2019

Supervisors: Davide Caputo, Alessio Merlo


Nicolas Dejon. A framework for the automatic security analysis of IoT device applications. 2019

Supervisors: Luca Verderame, Alessio Merlo

Publications

  1. N. Dejon, D. Caputo, L. Verderame, A. Armando, A. Merlo, “Automated Security Analysis of IoT Software Updates”, in IFIP International Conference on Information Security Theory and Practice (2019, December).

Fabio Parodi. Appiotte: a framework for integrating mobile and IoT Android-based app security analysis. 2019

Supervisors: Luca Verderame, Alessio Merlo

Publications

  1. L. Verderame, D. Caputo, M. Migliardi, A. Merlo, “AppIoTTE An Architecture for the Security Assessment of Mobile-IoT Ecosystems”, in Workshops of the International Conference on Advanced Information Networking and Applications (2020, April).

Sara Martino, Luca Perazzo. CAPDroid: Combining Analysis Processes for Android. 2018

Supervisors: Luca Verderame, Alessio Merlo


Davide Caputo. FCDroid: a tool for identifying frame confusion in mobile apps. 2018

Supervisors: Luca Verderame, Alessio Merlo

Publications

  1. D. Caputo, L. Verderame, S. Aonzo, A. Merlo, “Droids in disarray detecting frame confusion in hybrid android apps”, in IFIP Annual Conference on Data and Applications Security and Privacy (DBSec 19).

Loris Piana. Provision of web security training services through per-user sandboxing. 2017

Supervisors: Alessio Merlo


Gianluca Barbera. Building behavioural models for the security analysis of iOS applications. 2017

Supervisors: Alessio Merlo, Luca Verderame


Luca Lorrai. TEA - Enabling THCE on Android devices. 2016

Supervisors: Alessio Merlo, Luca Verderame

Publications

  1. A. Merlo, L. Lorrai, L. Verderame, “Efficient trusted host-based card emulation on TEE-enabled Android devices”, in Proc. of HPCS 2016.

Hamidreza Aria. Android Malware Detection Using Network Behavior Analysis And Machine Learning Classifiers. 2017

Supervisors: Gabriele Costa


Hossein Ghodrati. A Framework for Designing Attack Strategies in Cyber Range Scenarios. 2017

Supervisors: Gabriele Costa


Giulio Puri. Dynamic verification of access permissions in an extension of the Android Security Framework. 2014

Supervisors: Alessandro Armando, Gabriele Costa, Alessio Merlo

Publications

  1. A. Armando, R. Carbone, G. Costa, A. Merlo, “Android Permissions Unleashed”, in Proc. of CSF 2015.

Marco Malvasio. Development of a framework for Symbolic Partial Model Checking. 2014

Supervisors: Alessandro Armando, Gabriele Costa, Alessio Merlo

Publications

  1. A. Armando, G. Costa, A. Merlo, L. Verderame, “Formal modeling and automatic enforcement of Bring Your Own Device policies”, in Int. J. of Information Security, 14(2) 123-140 (2015).

Paolo Macco. Certifying Android devicesin BYOD environments. 2015

Supervisors: Giovanni Lagorio, Alessio Merlo

Publications

  1. A. Merlo, “BYODCert - Toward a Cross-Organizational BYOD Paradigm”, in Proc. of GPC 2017.

Luca Lorrai. TEA: Enabling THCE on Android devices. 2016

Supervisors: Alessio Merlo

Publications

  1. A. Merlo, L. Lorrai, L. Verderame, “Efficient trusted host-based card emulation on TEE-enabled Android devices”, in Proc. of HPCS 2016.

Gabriel Claudiu Georgiu. RiskInDroid: Risk Analysis for Android applications. 2016

Supervisors: Alessio Merlo

Publications

  1. A. Merlo, G. C. Georgiu, “RiskInDroid - Machine Learning-Based Risk Analysis on Android”, in Proc. of IFIP SEC 2017.

Paolo Fontanelli. Energy-Aware Security: Tools and Analytic models to estimate energetic consumption in the Android operating systems. 2014

Supervisors: Alessio Merlo, Mauro Migliardi

Publications

  1. A. Merlo, M. Migliardi, P. Fontanelli, “On energy-based profiling of malware in Android”, Proc. of HPCS 2014.

  2. A. Merlo, M. Migliardi, P. Fontanelli, “Measuring and estimating power consumption in Android to support energy-based intrusion detection”, J. of Computer Security, 23(5), pp. 611-637 (2015).


Diego Raso, Elena Spadacini. Energy Optimisation Strategies through Intrusion Prevention Systems. 2014

Supervisors: Alessio Merlo, Mauro Migliardi

Publications

  1. A. Merlo, M. Migliardi, D. Raso, E. Spadacini, “Optimizing Network Energy Consumption through Intrusion Prevention Systems”, in Proc. of CISIS 2014.

  2. A. Merlo, M. Migliardi, E. Spadacini, “Balancing Delays and Energy Consumption in IPS-Enabled Networks”, in Proc. of AINA 2016.

  3. A. Merlo, E. Spadacini, M. Migliardi, “IPS-based reduction of network energy consumption”, in Logic J. of the IGPL (2016).


Gabriele De Maglie, Fabio Tollini. A Centralized Approach for the Management of Mobile Code Security Policies. 2013

Supervisors: Alessandro Armando, Gabriele Costa, Alessio Merlo


Daniele Fiori, Fabio Brizzolara. Inlined Reference Monitor for Android Platforms. 2013

Supervisors: Alessandro Armando, Gabriele Costa, Alessio Merlo


Luca Roverelli, Gabriele Zereik, Nicolò Zereik. EveC: an object-oriented programming language for efficient computation. 2013

Supervisors: Alessio Merlo, Mauro Migliardi


Monica Curti, Simone Schiappacasse. Energy-Aware Security: tools and analytic models for energy consumption in the Android OS. 2013

Supervisors: Alessio Merlo, Mauro Migliardi

Publications

  1. M. Curti, A. Merlo, M. Migliardi, S. Schiappacasse, “Towards energy-aware intrusion detection systems on mobile devices”, in Proc. of HPCS 2013.

Luca Verderame. Security Analysis of the Android Operating System. 2012

Supervisors: Alessandro Armando, Alessio Merlo

Publications

  1. A. Armando, A. Merlo, M. Migliardi, L. Verderame, “Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures)”, in Proc. od SEC 2012.

  2. A. Armando, A. Merlo, M. Migliardi, L. Verderame, “Breaking and Fixing the Android Launching Flow”, in Computers and Security, 39 104-115 (2013).