Research Output
Articles
Publication Date: 2025
The Isc International Journal Of Information Security (20082045)17(1)pp. 59-73
As cyber threats grow increasingly sophisticated, the importance of security training as an effective means of prevention will become even more critical. Cyber Range (CR) is a platform for creating cyber training programs using virtualization and simulation technologies to create a realistic training environment. The main challenge for utilizing a CR is the specialized human resources required to design and maintain training sessions. To tackle this challenge, several high-level languages, known as Scenario Description Languages (SDLs), have been developed to enable the specification of training environments as models. These models can then be automatically transformed into deployment artifacts. Our studies showed that the existing SDLs could not address requirements when designing complex scenarios where multiple trainees should collaborate to reach a desired goal through various acceptable solutions. We present the Collaborative Security Training SDL (CST-SDL) for creating multi-trainee and multi-solution scenarios. CST-SDL uses an acyclic directional graph for specifying the scenario’s solution routes and allows defining trainees with unique tasks, goals, and solution routes during the training session. To evaluate the CST-SDL’s capabilities, we have implemented and integrated it into the KYPO cyber range. © 2025 ISC. All rights reserved.
Publication Date: 2024
Automated Software Engineering (09288910)31(2)
The Inter-Component Communication (ICC) model in Android enables the sharing of data and services among app components. However, it has been associated with several problems, including complexity, support for unconstrained communication, and difficulties for developers to understand. These issues have led to numerous security vulnerabilities in Android ICC. While existing research has focused on specific subsets of these vulnerabilities, it lacks comprehensive and scalable modeling of app specifications and interactions, which limits the precision of analysis. To tackle these problems, we introduce VAnDroid3, a Model-Driven Reverse Engineering (MDRE) framework. VAnDroid3 utilizes purposeful model-based representations to enhance the comprehension of apps and their interactions. We have made significant extensions to our previous work, which include the identification of six prominent ICC vulnerabilities and the consideration of both Intent and Data sharing mechanisms that facilitate ICCs. By employing MDRE techniques to create more efficient and accurate domain-specific models from apps, VAnDroid3 enables the analysis of ICC vulnerabilities on intra- and inter-app communication levels. We have implemented VAnDroid3 as an Eclipse-based tool and conducted extensive experiments to evaluate its correctness, scalability, and run-time performance. Additionally, we compared VAnDroid3 with state-of-the-art tools. The results substantiate VAnDroid3 as a promising framework for revealing Android inter-app ICC security issues. © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2024.
Publication Date: 2024
IEEE Transactions on Computational Social Systems (2329924X)11(6)pp. 7698-7710
The growing popularity of social networks has amplified their capacity to form public opinions. The opinion formation process is affected by social factors and social phenomena such as spiral of silence and echo chambers. In this article, we present a directed homophilic preferential attachment (DHPA) model to capture the dynamics of social network generation and rewiring (network dynamics) and to take the variation of attitudes and characteristics of users when expressing their opinions and their desire to establish relationships with others into account (opinion dynamics). The proposed model not only integrates network dynamics and opinion dynamics but also accounts for homophily and the formation of social phenomena that create consensus or polarity. This results in more realistic outcomes compared to similar models. In addition, the model can contrast factors that drive consensus with those that drive polarization. DHPA provides necessary facilities for examining the impact of different factors on the opinion formation process. It enables us to analyze the circumstances to reach consensus and polarity. It is shown that the network generated by the proposed DHPA model appropriately conforms to real social networks. We have examined the impact of some important social factors by conducting a number of sensitivity analysis scenarios on the model, which led to interesting results. © 2014 IEEE.
Publication Date: 2023
ISeCure (20083076)15(1)pp. 59-71
Sensitive methods are those that are commonly used by Android malware to perform malicious behavior. These methods may be either evasion or malicious payload methods. Although there are several approaches to handle these methods for performing effective dynamic malware analysis, generally most of them are based on a manually created list. However, the performance shown by the selected approaches is based on the completeness of the manually created list that is not almost a complete and up-to-date one. Missing some sensitive methods causes to degrade the overall performance and affects the effectiveness of analyzing Android malware. In this paper, we propose a machine learning approach to predict new sensitive methods that might be used in Android malware. We use a manually collected training dataset to train two classifiers: the first one is used to detect the sensitivity nature of the Android methods, and the second one is used to categorize the detected sensitive methods into predefined categories. We applied the proposed approach to a large number of methods extracted from Android API 27. The proposed approach is able to predict hundreds of sensitive methods with the accuracy of 94.4% for the first classifier and 92.8% for the second classifier. To evaluate the proposed approach, we built a new list of the detected sensitive methods and used it in a number of tools to perform dynamic malware analysis. The proposed model found various sensitive methods that were not considered before by any other tools. Hence, the effectiveness of these tools in performing dynamic analysis is increased.(c) 2020 ISC. All rights reserved.
Publication Date: 2023
SOFTWARE-PRACTICE & EXPERIENCE (00380644)53(4)pp. 895-936
Android users install various apps, such as banking apps, on their smart devices dealing with user-sensitive information. The Android framework, via Inter-Component Communication (ICC) mechanism, ensures that app components (inside the same app or on different apps) can communicate. The literature works have shown that this mechanism can cause security issues, such as app security policy violations, especially in the case of Inter-App Communication (IAC). Despite the plethora of research on detecting security issues in IAC, detection techniques face fundamental ICC challenges for improving the precision of static analysis. Challenges include providing comprehensive and scalable modeling of app specification, capturing all potential ICC paths, and enabling more effective IAC analysis. To overcome such challenges, in this paper, we propose a framework called VAnDroid2, as an extension of our previous work, to address the security issues in multiple components at both intra- and inter-app analysis levels. VAnDroid2, based on Model-Driven Reverse Engineering, has extended our previous work as per following: (1) providing a comprehensive Intermediate Representation (IR) of the app which supports extracting all the ICC information from the app, (2) extracting high-level representations of the apps and their interactions by omitting the details that are not relevant to inter-app security analysis, and (3) enabling more effective IAC security analysis. This framework is implemented as an Eclipse-based tool. The results of evaluating VAnDroid2 w.r.t. correctness, scalability, and run-time performance, and comparing with state-of-the-art analysis tools well indicate that VAnDroid2 is a promising framework in the field of Android inter-app security analysis.
