For an updated list, see my Google Scholar profile.

[31]

Using Loops For Malware Classification Resilient to Feature-unaware Perturbations Aravind Machiry, Nilo Redini, Eric Gustafson, Yanick Fratantonio, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, December, 2018, [BibTeX]

[30]	ClickShield: Are You Hiding Something? Towards Eradicating Clickjacking on Android Andrea Possemato, Andrea Lanzi, Pak Chung, Wenke Lee, Yanick Fratantonio. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October, 2018, [PDF] [BibTeX]

[29]	Phishing Attacks on Modern Android Simone Aonzo, Alessio Merlo, Giulio Tavella, Yanick Fratantonio. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October, 2018, [PDF] [BibTeX] [Project Website]

[28]

GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Paris, France, June, 2018, Pwnie Award Nomination for Best Privilege Escalation Bug 2018 [PDF] [BibTeX] [Project Website] [GitHub] [Press: SlashDot, Ars Technica, Threat Post, Others]

[27]	Understanding Linux Malware Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May, 2018, [PDF] [BibTeX]

[26]

Broken Fingers: On the Usage of the Fingerprint API in Android Antonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Pak Chung, Wenke Lee. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA, February, 2018, [PDF] [BibTeX]

[25]

Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information Antonio Bianchi, Eric Gustafson, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, December, 2017, [PDF] [BibTeX]

[24]

BootStomp: On the Security of Bootloaders in Mobile Devices Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. In Proceedings of the USENIX Security Symposium (SEC), Vancouver, BC, Canada, August, 2017, [PDF] [BibTeX] [GitHub] [Press: SlashDot, The Hacker News, Bleeping Computer, Others]

[23]	Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop Yanick Fratantonio, Chenxiong Qian, Pak Chung, Wenke Lee. In Black Hat USA, Las Vegas, NV, July, 2017, [PDF] [BibTeX] [Website & Demos] [Slides] [Talk]

[22]

Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop Yanick Fratantonio, Chenxiong Qian, Pak Chung, Wenke Lee. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Jose, CA, May, 2017, Distinguished Practical Paper Award at IEEE Security & Privacy 2017 [PDF] [BibTeX] [Website & Demos] [Slides] [Talk] [Press: NewsWeek, TechCrunch, The Register, Others]

[21]

On the Privacy and Security of the Ultrasound Ecosystem Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Giovanni Vigna, Christopher Kruegel. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS), Minneapolis, MN, July, 2017, [PDF] [BibTeX] [Project Website] [Press: SlashDot, Fortune, WIRED, Others]

[20]

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA, February, 2017, [PDF] [BibTeX] [GitHub]

[19]

Talking Behind Your Back: Attacks and Countermeasures of Ultrasonic Cross-device Tracking Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Giovanni Vigna, Christopher Kruegel. In Black Hat Europe, London, UK, November, 2016, [BibTeX] [Project Website] [Slides] [Press: SlashDot, Fortune, WIRED, Others]

[18]

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, October, 2016, Pwnie Award for Best Privilege Escalation Bug 2017 and CSAW Applied Research Best Paper Award [PDF] [BibTeX] [Project Website] [Press: SlashDot, WIRED, Ars Technica, Others]

[17]	TriggerScope: Towards Detecting Logic Bombs in Android Apps Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Jose, CA, May, 2016, [PDF] [BibTeX] [Slides] [Talk]

[16]	RETracer: Triaging Crashes by Reverse Execution from Partial Memory Dumps Weidong Cui, Marcus Peinado, Sang Kil Cha, Yanick Fratantonio, Vasileios Kemerlis. In Proceedings of the International Conference on Software Engineering (ICSE), Austin, TX, May, 2016, [PDF] [BibTeX]

[15]

Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy Vitor Afonso, Antonio Bianchi, Yanick Fratantonio, Adam Doupe, Mario Polino, Paulo de Geus, Christopher Kruegel, Giovanni Vigna. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA, February, 2016, [PDF] [BibTeX]

[14]

Grab'n Run: Secure and Practical Dynamic Code Loading for Android Applications Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, Federico Maggi. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, December, 2015, [PDF] [BibTeX] [GitHub]

[13]

BareDroid: Large-Scale Analysis of Android Apps on Real Devices Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, December, 2015, [PDF] [BibTeX] [GitHub]

[12]

NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running Stock Android Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna. In Proceedings of the ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), Denver, CO, October, 2015, [PDF] [BibTeX]

[11]

CLAPP: Characterizing Loops in Android Applications Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna. In Proceedings of the ACM Symposium on the Foundations of Software Engineering (FSE), Bergamo, Italy, September, 2015, Best Paper Award at the UCSB Graduate Student Workshop on Computing 2016 [PDF] [BibTeX]

[10]

CLAPP: Characterizing Loops in Android Applications (Invited Talk) Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna. In Proceedings of International Workshop on Software Development Lifecycle for Mobile (DeMobile), Bergamo, Italy, August, 2015, [PDF] [BibTeX]

[9]

On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users Yanick Fratantonio, Antonio Bianchi, William Robertson, Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Milan, Italy, July, 2015, [PDF] [BibTeX]

[8]

What the App is That? Deception and Countermeasures in the Android User Interface Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Jose, CA, May, 2015, [PDF] [BibTeX] [GitHub]

[7]

EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Yan Chen. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA, February, 2015, [PDF] [BibTeX] [Project Website]

[6]

Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, Christian Platzer. In Proceedings of the International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), Wroclaw, Poland, September, 2014, [PDF] [BibTeX] [Project Website]

[5]

Ten Years of iCTF: The Good, The Bad, and The Ugly Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupe, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, Yan Shoshitaishvili. In Proceedings of the USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE), San Diego, CA, August, 2014, [PDF] [BibTeX] [Project Website]

[4]	Andrubis: Android Malware Under The Magnifying Glass Lukas Weichselbaum, Matthias Neugschwandtner, Martina Lindorfer, Yanick Fratantonio, Victor van der Veen, Christian Platzer. In Technical Report TR-ISECLAB-0414-001, , May, 2014, [PDF] [BibTeX] [Project Website]

[3]

Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA, February, 2014, [PDF] [BibTeX]

[2]	An Empirical Study of Cryptographic Misuse in Android Applications Manuel Egele, David Brumley, Yanick Fratantonio, Christopher Kruegel. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November, 2013, [PDF] [BibTeX]

[1]	Shellzer: A Tool for the Dynamic Analysis of Malicious Shellcode Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna. In Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September, 2011, [PDF] [BibTeX]

© 2018 Yanick Fratantonio