Martina Lindorfer

Bio & Research Interests

I am an Associate Professor in the Security and Privacy Research Unit at TU Wien (Technische Universität Wien, formerly known as Vienna University of Technology) heading the Secure Systems Lab (SecLab) in Vienna, Austria. I am also a key researcher at SBA Research, the largest research center in Austria which exclusively addresses information security.

Before that, I was a Postdoc in the Computer Security Group (SecLab) at UC Santa Barbara, working with Christopher Kruegel and Giovanni Vigna. I received my doctorate in 2016 with honors of the Austrian president (Promotio Sub Auspiciis Praesidentis), as well as the ERCIM Cor Baayen Young Researcher Award in 2018, the Hedy Lamarr Award from the City of Vienna in 2019, and the ACM Early Career Award for Women in Cybersecurity Research (CyberW) in 2020. During my PhD, I was advised by Edgar Weippl and worked as a research assistant at the International Secure Systems Lab (iSecLab).

In addition to my PhD, I hold a Master's degree in Software Engineering and Internet Computing from TU Wien and a Bachelor's degree in Computer and Media Security from the University of Applied Sciences in Hagenberg.

My research focuses on systems security and privacy, in particular the analysis of mobile apps, and all things malware analysis.

Contact

martina (at) seclab (dot) wien
martina (dot) lindorfer (at) tuwien (dot) ac (dot) at
mlindorfer (at) iseclab (dot) org
Technische Universität Wien (TU Wien)
Institute of Logic and Computation (192/6)
Research Unit Security and Privacy
Favoritenstrasse 9-11, Stiege 2, 1. Stock
1040 Vienna, Austria

News

2023  
Sep 1 Happy to announce that I received tenure and am now an Associate Professor at TU Wien!
2022  
Oct 1 Welcome Magdalena Steinböck! She just defended her Master thesis and will continue working on iOS vs. Android security and privacy as part of a FWF-funded project.
2021  
Oct 1 Welcome Carlotta Tagliaro! She will be working on IoT security and privacy as part of a WWTF-funded project.
Sep 24 The final week of our workshop on Digital Competences for the Austrian Parlament ended with a session on privacy, and a great discussion on the challenges and opportunities of digit(al)ization.
Jul 6 It was my great pleasure to give an introduction on security as part of a workshop on Digital Competences for the Austrian Parlament
Jul 1 Welcome David Schmidt! He just defended his Masters thesis and will continue working on IoT security and privacy as part of a WWTF-funded project.
Jun 1 Welcome Aakanksha Saha! She just joined the SecInt doctoral college to work on machine learning for the detection of malicious and privacy-invasive behavior.
Apr 22 Happy Girls in ICT Day! To mark the occasion we organized a round of virtual Speedmentoring. Thanks to all the participants and role models!
2020  
Oct 16 TU Wien took part in the EU Code Week and organized a Week #4GoodAI, including a Hackathon and virtual Speedmentoring for school classes.
Aug 27 Jürgen Cito and me are looking for a student employee for a Master thesis at the intersection of software engineering and security.
Jul 29 I have 3 open positions for PhD students (2 related to mobile app analysis for IoT + 1 on machine learning for security). Ping me if you are interested!
Jul 13 Our Doctoral College for Secure and Intelligent Human-Centric Digital Technologies (SecInt) on the intersection of Security and Privacy, Machine Learning, and Formal Methods has been accepted!
Jun 10 Thanks Victoria Kirner for the nice interview (including stylish portraits!) and discussion about rubber boots for C/O Vienna Magazine.
Apr 2 I was featured in Die Zeit for their portrait series about Austrians!
Mar 18 Honored to receive the Early Career Award for Women in Cybersecurity Research at ACM CyberW. Special thanks to Daphne Yao: as last time at CCS 2017, it was a great workshop that hopefully continues!
Jan 30 Had the pleasure to talk to school girls as part of the Tagebuch der Informatikerin (Diary of a Computer Scientist) to clear up common misconceptions and stereotypes about careers in tech.
Jan 11 Recent press roundup: I was a guest on the Kleine Zeitung's Startgepräch Podcast, as well as got the chance to talk to Der Standard and Die Presse about my research and my career path.

Open Positions

Currently all PhD positons are filled. For topics for Bachelor or Master theses see our group website and apply with your transcripts (and areas of interest) to thesis (at) secpriv (dot) tuwien (dot) ac (dot) at and we will schedule a meeting.

Academic Service

  • Program Co-Chair for the Annual Computer Security Applications Conference (ACSAC 2023 & 2024)
  • Program Co-Chair for the IEEE Workshop on Offensive Technologies (WOOT 2022)
  • Program Co-Chair for the European Workshop on Systems Security (EuroSec 2021 & 2022)
  • Artifact Evaluation Co-Chair for the Annual Computer Security Applications Conference (ACSAC 2021 & 2022)
  • Artifact Evaluation Subcommittee for the Annual Computer Security Applications Conference (ACSAC 2019)

Program Committee Member

External Reviewer

  • Privacy Enhancing Technologies Symposium (PETS 2017, 2018, 2020)
  • IEEE European Symposium on Security and Privacy (EuroS&P 2019)
  • International Conference on emerging Networking EXperiments and Technologies (CoNEXT 2016)

Journal Reviewer (excerpt)

  • ACM Transactions on Privacy and Security
  • IEEE Transactions on Computers
  • IEEE Transactions on Dependable and Secure Computing
  • IEEE Transactions on Information Forensics and Security
  • IEEE Transactions on Mobile Computing
  • International Journal of Information Security
  • Journal of Computer Virology and Hacking Techniques
  • Theoretical Computer Science

Guest Editor

Publications

  • Ali Davanian, Michalis Faloutsos, Martina Lindorfer
    C2Miner: Tricking IoT Malware into Revealing Live Command & Control Servers
    ACM ASIA Conference on Computer and Communications Security (ASIACCS), July 2024
         
    @inproceedings{c2miner:asiaccs24,
       author = {Ali Davanian and Michalis Faloutsos and Martina Lindorfer},
       booktitle = {Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS)},
       title = {{C2Miner: Tricking IoT Malware into Revealing Live Command \& Control Servers}},
       year = {2024}
    }
     
    * Early version of this work presented at Black Hat USA 2021 *
  • Philipp Beer, Marco Squarcina, Lorenzo Veronese, Martina Lindorfer
    Tabbed Out: Subverting the Android Custom Tab Security Model
    IEEE Symposium on Security and Privacy (S&P), May 2024
     
    @inproceedings{cct:oakland24,
       author = {Philipp Beer and Marco Squarcina and Lorenzo Veronese and Martina Lindorfer},
       booktitle = {Proceedings of the IEEE Symposium on Security and Privacy (S\&P)},
       title = {{Tabbed Out: Subverting the Android Custom Tab Security Model}},
       year = {2024}
    }
  • Magdalena Steinböck, Jakob Bleier, Mikka Rainer, Tobias Urban, Christine Utz, Martina Lindorfer
    Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform Analyses
    International Conference on Mining Software Repositories (MSR), April 2024
     
    @inproceedings{xplatformapps:msr24,
       author = {Magdalena Steinb{\"o}ck and Jakob Bleier and Mikka Rainer and Tobias Urban and Christine Utz and Martina Lindorfer},
       booktitle = {Proceedings of the International Conference on Mining Software Repositories (MSR)},
       title = {{Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform Analyses}},
       year = {2024}
    }
  • Martina Lindorfer
    The Threat of Surveillance and the Need for Privacy Protections
    Introduction to Digital Humanism: A Textbook (Editors: Hannes Werthner, Carlo Ghezzi, Jeff Kramer, Julian Nida-Rümelin, Bashar Nuseibeh, Erich Prem, Allison Stanger), January 2024
     
  • David Schmidt, Carlotta Tagliaro, Kevin Borgolte, Martina Lindorfer
    IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis
    ACM SIGSAC Conference on Computer and Communications Security (CCS), November 2023
           
    @inproceedings{iotflow:ccs23,
       author = {Schmidt, David and Tagliaro, Carlotta and Borgolte, Kevin and Lindorfer, Martina},
       title = {{IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis}},
       booktitle = {Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
       year = {2023}
    }
     
    MEDIA: Futurezone
  • Tobias Fiebig, Seda Gürses, Carlos H Gañán, Erna Kotkam, Fernando Kuipers, Martina Lindorfer, Menghua Prisse, Taritha Sari
    Heads in the Clouds? Measuring Universities' Migration to Public Clouds: Implications for Privacy & Academic Freedom
    Privacy Enhancing Technologies Symposium (PETS), July 2023
         
    @inproceedings{headclouds:pets23,
       author = {Tobias Fiebig and Seda Gürses and Carlos H Gañán and Erna Kotkam and Fernando Kuipers and Martina Lindorfer and Menghua Prisse and Taritha Sari},
       title = {{Heads in the Clouds? Measuring Universities' Migration to Public Clouds: Implications for Privacy \& Academic Freedom}},
       booktitle = {Proceedings of the Privacy Enhancing Technologies Symposium (PETS)},
       year = {2023}
    }
    
     
    MEDIA: Het Financieele Dagblad NL
  • Amogh Pradeep, Álvaro Feal, Julien Gamba, Ashwin Rao, Martina Lindorfer, Narseo Vallina-Rodriguez, David Choffnes
    Not Your Average App: A Large-scale Privacy Analysis of Android Browsers
    Privacy Enhancing Technologies Symposium (PETS), July 2023
         
    @inproceedings{mobrowseres:pets23,
       author = {Amogh Pradeep and Álvaro Feal and Julien Gamba and Ashwin Rao and Martina Lindorfer and Narseo Vallina-Rodriguez and David Choffnes},
       title = {{Not Your Average App: A Large-scale Privacy Analysis of Android Browsers}},
       booktitle = {Proceedings of the Privacy Enhancing Technologies Symposium (PETS)},
       year = {2023}
    }
    
  • Jakob Bleier, Martina Lindorfer
    Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ART
    European Workshop on Systems Security (EuroSec), May 2023
       
    @inproceedings{oatmeal:eurosec:bleier23,
       author = {Jakob Bleier and Martina Lindorfer},
       title = {{Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ART}},
       booktitle = {Proceedings of the European Workshop on Systems Security (EuroSec)},
       year = {2023}
    }
  • Gerhard Jungwirth, Aakanksha Saha, Michael Schröder, Tobias Fiebig, Martina Lindorfer, Jürgen Cito
    Connecting the .dotfiles: Checked-In Secret Exposure with Extra (Lateral Movement) Steps
    International Conference on Mining Software Repositories (MSR), May 2023
         
    @inproceedings{dotfiles:msr23,
       author = {Gerhard Jungwirth and Aakanksha Saha and Michael Schröder and Tobias Fiebig and Martina Lindorfer and Jürgen Cito},
       title = {{Connecting the .dotfiles: Checked-In Secret Exposure with Extra (Lateral Movement) Steps}},
       booktitle = {Proceedings of the International Conference on Mining Software Repositories (MSR)},
       year = {2023}
    }
  • Florian Streibelt, Martina Lindorfer, Seda Gürses, Carlos H Gañán, Tobias Fiebig
    Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets
    Passive and Active Measurement Conference (PAM), March 2023
         
    @inproceedings{bttfwhois:pam23,
       author = {Florian Streibelt and Martina Lindorfer and Seda Gürses and Carlos H Gañán and Tobias Fiebig},
       title = {{Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets}},
       booktitle = {Proceedings of the Passive and Active Measurement Conference (PAM)},
       year = {2023}
    }
    
  • Carlotta Tagliaro, Florian Hahn, Riccardo Sepe, Alessio Aceti, Martina Lindorfer
    Investigating HbbTV Privacy Invasiveness Across European Countries
    Workshop on Learning from Authoritative Security Experiment Results (LASER), February 2023
         
  • Carlotta Tagliaro, Florian Hahn, Riccardo Sepe, Alessio Aceti, Martina Lindorfer
    I Still Know What You Watched Last Sunday: Security and Privacy of the HbbTV Protocol in the European Smart TV Landscape
    Network and Distributed System Security Symposium (NDSS), February 2023
           
    @inproceedings{hbbtv:ndss23,
       author = {Carlotta Tagliaro and Florian Hahn and Riccardo Sepe and Alessio Aceti and Martina Lindorfer},
       title = {{I Still Know What You Watched Last Sunday: Security and Privacy of the HbbTV Protocol in the European Smart TV Landscape}},
       booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
       year = {2023}
    }
    
     
    MEDIA: Ö1 Digital.Leben, TU Wien Press Release
  • Kaspar Hageman, Álvaro Feal, Julien Gamba, Aniketh Girish, Jakob Bleier, Martina Lindorfer, Juan Tapiador, Narseo Vallina-Rodriguez
    Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem
    IEEE Transactions on Software Engineering (TSE), January 2023
     
    @article{signals:tse23,
       author = {Kaspar Hageman and Álvaro Feal and Julien Gamba and Aniketh Girish and Jakob Bleier and Martina Lindorfer and Juan Tapiador and Narseo Vallina-Rodriguez},
       booktitle = {IEEE Transactions on Software Engineering},
       month = {January},
       title = {{Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem}},
       volume={49},
       number={4},
       year = {2023}
    }
  • Tobias Fiebig, Seda Gürses, Martina Lindorfer
    Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom
    Privacy Studies Journal (PSJ), December 2022
     
    @article{headclouds:psj22,
       author = {Tobias Fiebig and Seda Gürses and Martina Lindorfer},
       journal = {Privacy Studies Journal},
       month = {December},
       title = {{Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom}},
       volume = {1},
       number = {1},
       year = {2022}
    }
  • Amogh Pradeep, Muhammad Talha Paracha, Protick Bhowmick, Ali Davanian, Abbas Razaghpanah, Taejoong Chung, Martina Lindorfer, Narseo Vallina-Rodriguez, Dave Levin, David Choffnes
    A Comparative Analysis of Certificate Pinning in Android & iOS
    ACM Internet Measurement Conference (IMC), October 2022
         
    @inproceedings{pinning:imc22,
       author = {Amogh Pradeep and Muhammad Talha Paracha and Protick Bhowmick and Ali Davanian and Abbas Razaghpanah and Taejoong Chung and Martina Lindorfer and Narseo Vallina-Rodriguez and Dave Levin and David Choffnes},
       booktitle = {Proceedings of the ACM Internet Measurement Conference (IMC)},
       title = {{A Comparative Analysis of Certificate Pinning in Android \& iOS}},
       year = {2022}
    }
  • Matthias Fassl, Simon Anell, Sabine Houy, Martina Lindorfer, Katharina Krombholz
    Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality
    USENIX Symposium on Usable Privacy and Security (SOUPS), August 2022
         
    @inproceedings{stalkerware:soups22,
       author = {Matthias Fassl and Simon Anell and Sabine Houy and Martina Lindorfer and Katharina Krombholz},
       booktitle = {Proceedings of the USENIX Symposium on Usable Privacy and Security (SOUPS)},
       title = {{Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality}},
       year = {2022}
    }
    
  • Florian Holzbauer, Johanna Ullrich, Martina Lindorfer, Tobias Fiebig
    Not that Simple: Email Delivery in the 21st Century
    USENIX Annual Technical Conference (ATC), July 2022
             
    @inproceedings{email:atc22,
       author = {Florian Holzbauer and Johanna Ullrich and Martina Lindorfer and Tobias Fiebig},
       booktitle = {Proceedings of the USENIX Annual Technical Conference (ATC)},
       title = {{Not that Simple: Email Delivery in the 21st Century}},
       year = {2022}
    }
    
  • Arwa Al Alsadi, Kaichi Sameshima, Jakob Bleier, Katsunari Yoshioka, Martina Lindorfer, Michel van Eeten, Carlos H Gañán
    No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static & Dynamic Analysis
    ACM ASIA Conference on Computer and Communications Security (ASIACCS), June 2022
         
    @inproceedings{iotmw:asiaccs22,
       author = {Arwa Al Alsadi and Kaichi Sameshima and Jakob Bleier and  Katsunari Yoshioka and Martina Lindorfer and Michel van Eeten and Carlos H Gañán},
       booktitle = {Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS)},
       title = {{No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static \& Dynamic Analysis}},
       year = {2022}
    }
  • Philipp Beer, Lorenzo Veronese, Marco Squarcina, Martina Lindorfer
    The Bridge between Web Applications and Mobile Platforms is Still Broken
    IEEE Workshop on Designing Security for the Web (SecWeb), May 2022
       
    @misc{cct:secweb22,
       author = {Philipp Beer and Lorenzo Veronese and Marco Squarcina and Martina Lindorfer},
       booktitle = {IEEE Workshop on Designing Security for the Web (SecWeb)},
       title = {{The Bridge between Web Applications and Mobile Platforms is Still Broken}},
       year = {2022}
    }
  • Davide Quarta, Michele Ianni, Aravind Machiry, Yanick Fratantonio, Eric Gustafson, Davide Balzarotti, Martina Lindorfer, Giovanni Vigna, Christopher Kruegel
    Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone
    Workshop on Research on offensive and defensive techniques in the Context of Man At The End Attacks (CheckMATE), November 2021
         
    @inproceedings{tarnhelm:quarta2021,
       author = {Quarta, Davide and Ianni, Michele and Machiry, Aravind and Fratantonio, Yanick and Gustafson, Eric and Balzarotti, Davide and Lindorfer, Martina and Vigna, Giovanni and Kruegel, Christopher},
       title = {{Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone}},
       booktitle = {Proceedings of the Workshop on Research on offensive and defensive techniques in the Context of Man At The End Attacks (CheckMATE)},
       year = {2021}
    }
  • Olivier van der Toorn, Roland van Rijswijk-Deij, Tobias Fiebig, Martina Lindorfer, Anna Sperotto
    TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records
    International Workshop on Traffic Measurements for Cybersecurity (WTMC), September 2020
             
    @inproceedings{txting:wtmc20,
       author = {van der Toorn, Olivier and van Rijswijk-Deij, Roland and Fiebig, 
       Tobias and Lindorfer, Martina and Sperotto, Anna},
       title = {{TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records}},
       booktitle = {Proceedings of the International Workshop on Traffic Measurements for Cybersecurity (WTMC)},
       year = {2020}
    }
    
  • Thijs van Ede, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen, Andreas Peter
    FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
    Network and Distributed System Security Symposium (NDSS), February 2020
             
    @inproceedings{flowprint:ndss20,
       author = {van Ede, Thijs and Bortolameotti, Riccardo and Continella, Andrea and Ren, Jingjing and Dubois, Daniel J. and Lindorfer, Martina and Choffnes, David and van Steen, Marten and Peter, Andreas},
       title = {{FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic}},
       booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
       year = {2020}
    }
    
  • Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, Christopher Kruegel
    When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features
    Network and Distributed System Security Symposium (NDSS), February 2020
             
    @inproceedings{packware:ndss20,
       author = {Hojjat Aghakhani and Fabio Gritti and Francesco Mecca and Martina Lindorfer and Stefano Ortolani and Davide Balzarotti and Giovanni Vigna and Christopher Kruegel},
       title = {{When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features}},
       booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
       year = {2020}
    }
  • Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, Giovanni Vigna
    MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
    ACM Conference on Computer and Communications Security (CCS), October 2018
             
    @inproceedings{minesweeper:ccs18,
       author = {Radhesh Krishnan Konoth and Emanuele Vineti and Veelasha Moonsamy and Martina Lindorfer and Christopher Kruegel and Herbert Bos and Giovanni Vigna},
       title = {{MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense}},
       booktitle = {Proceedings of the ACM Conference on Computer and Communications Security (CCS)},
       year = {2018}
    }
    
  • Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, David Choffnes
    Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications
    Privacy Enhancing Technologies Symposium (PETS), July 2018
           
    @inproceedings{panoptispy:pets18,
       author = {Elleen Pan and Jingjing Ren and Martina Lindorfer and Christo Wilson and David Choffnes},
       title = {{Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications}},
       booktitle = {Proceedings of the Privacy Enhancing Technologies Symposium (PETS)},
       year = {2018}
    }
    
     
    MEDIA: Gizmodo, Fortune, Engadget, Heise, Stern, Futurezone, New York Times (Op-Ed), ABC ScreenTime w/ Diane Sawyer, New York Times (The Privacy Project), amongst many others.
     
    * Presented at FTC PrivacyCon 2019 *
  • Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi
    GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM
    Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), June 2018
             
    @inproceedings{guardion:dimva18,
       author = {Victor van der Veen and Martina Lindorfer and Yanick Fratantonio and Harikrishnan Padmanabha Pillai and Giovanni Vigna and Christopher Kruegel and Herbert Bos and Kaveh Razavi},
       title = {{GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM}},
       booktitle  = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
       year = {2018}
    }
     
    MEDIA: Ars Technica, Slashdot, Heise, amongst others.
     
    * Pwnie nomination for Best Privilege Escalation Bug *
    * Best Research Award at the International Conference on Computing Systems (CompSys 2018) *
  • Jingjing Ren, Martina Lindorfer, Daniel Dubois, Ashwin Rao, David Choffnes, Narseo Vallina-Rodriguez
    Bug Fixes, Improvements, ... and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions
    Network and Distributed System Security Symposium (NDSS), February 2018
               
    @inproceedings{appversions:ndss18, 
       author = {Jingjing Ren and Martina Lindorfer and Daniel Dubois and Ashwin Rao and David Choffnes and Narseo Vallina-Rodriguez},
       title = {{Bug Fixes, Improvements, ... and Privacy Leaks -- A Longitudinal Study of PII Leaks Across Android App Versions}}, 
       booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
       year = {2018}
    }
     
    * Presented at FTC PrivacyCon 2018 *
  • Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna
    Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
    Network and Distributed System Security Symposium (NDSS), February 2017
             
    @inproceedings{agrigento:ndss17,
       author = {Andrea Continella and Yanick Fratantonio and Martina Lindorfer and Alessandro Puccetti and Ali Zand and Christopher Kruegel and Giovanni Vigna},
       title = {{Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis}},
       booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
       year = {2017}
    }
  • Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida
    Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
    ACM Conference on Computer and Communications Security (CCS), October 2016
                   
    @inproceedings{drammer:ccs16,
       author = {Victor {van der Veen} and Yanick Fratantonio and Martina Lindorfer and Daniel Gruss and Cl{\'e}mentine Maurice and Giovanni Vigna and Herbert Bos and Kaveh Razavi and Cristiano Giuffrida},
       title = {{Drammer: Deterministic Rowhammer Attacks on Mobile Platforms}},
       booktitle = {Proceedings of the ACM Conference on Computer and Communications Security (CCS)},
       year = {2016}
    }
    
     
    MEDIA: WIRED, Ars Technica, Slashdot, amongst others.
     
    * Pwnie Award for Best Privilege Escalation Bug and nomination for Most Innovative Research *
    * Best Dutch Cyber Security Research Paper *
    * Best Paper Award at the CSAW'17 Applied Research Competition *
  • Jingjing Ren, Ashwin Rao, Martina Lindorfer, Arnaud Legout, David Choffnes
    ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
    International Conference on Mobile Systems, Applications and Services (MobiSys), June 2016
             
    @inproceedings{recon:mobisys16,
       author = {Jingjing Ren and Ashwin Rao and Martina Lindorfer and Arnaud Legout and David Choffnes},
       title = {{ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic}},
       booktitle = {Proceedings of the International Conference on Mobile Systems, Applications and Services (MobiSys)},
       year = {2016}
    }
    
     
    MEDIA: Boston Globe, NBC News, MSN News, Christian Science Monitor, amongst others.
     
    * Presented at FTC PrivacyCon 2017 *
  • Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda
    CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes
    International Conference on Financial Cryptography and Data Security (FC), February 2016
           
    @inproceedings{curiousdroid:fc16,
       author = {Carter, Patrick and Mulliner, Collin and Lindorfer, Martina and Robertson, William and Kirda, Engin},
       title = {{CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes}},
       booktitle = {Proceedings of the International Conference on Financial Cryptography and Data Security (FC)},
       year = {2016}
    }
    
  • Martina Lindorfer, Matthias Neugschwandtner, Christian Platzer
    Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis
    Annual International Computers, Software & Applications Conference (COMPSAC), July 2015
           
    @inproceedings{marvin:compsac2015,
       author = {Lindorfer, Martina and Neugschwandtner, Matthias and Platzer, Christian},
       title = {{Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis}},
       booktitle = {Proceedings of the Annual International Computers, Software \& Applications Conference (COMPSAC)},
       year = {2015}
    }
     
    MEDIA: Futurezone, ORF Newton, SRF Kassensturz
  • Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, Christian Platzer
    Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors
    International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), September 2014
           
    @inproceedings{andrubis:badgers14,
       author = {Martina Lindorfer and Matthias Neugschwandtner and Lukas Weichselbaum and Yanick Fratantonio and Victor {van der Veen} and Christian Platzer},
       title = {{Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors}},
       booktitle = {Proceedings of the the International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)},
       year = {2014}
    }
    
  • Lukas Weichselbaum, Matthias Neugschwandtner, Martina Lindorfer, Yanick Fratantonio, Victor van der Veen, Christian Platzer
    Andrubis: Android Malware Under The Magnifying Glass
    Technical Report, TU Wien, TR-ISECLAB-0414-001, July 2014
       
  • Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, Sotiris Ioannidis
    AndRadar: Fast Discovery of Android Applications in Alternative Markets
    Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2014
         
    @inproceedings{andradar:dimva14,
       author = {Lindorfer, Martina and Volanis, Stamatis and Sisto, Alessandro and Neugschwandtner, Matthias and Athanasopoulos, Elias and Maggi, Federico and Platzer, Christian and Zanero, Stefano and Ioannidis, Sotiris},
       title = {{AndRadar: Fast Discovery of Android Applications in Alternative Markets}},
       booktitle = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
       year = {2014}
    }
    
  • Christian Platzer, Martin Stuetz, Martina Lindorfer
    Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images
    International Workshop on Security and Forensics in Communication Systems (ASIACCS-SFCS), June 2014
     
    @inproceedings{platzer2014:skinsheriff,
       author = {Platzer, Christian and Stuetz, Martin and Lindorfer, Martina},
       title = {{Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images}},
       booktitle = {Proceedings of the International Workshop on Security and Forensics in Communication Systems (ASIACCS-SFCS)},
       year = {2014}
    }
    
  • Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin Mulazzani, Edgar Weippl
    Enter Sandbox: Android Sandbox Comparison
    IEEE Mobile Security Technologies Workshop (MoST), May 2014
       
    @inproceedings{sandboxcomparison:most14,
       author = {Sebastian Neuner and Victor {van der Veen} and Martina Lindorfer and Markus Huber and Georg Merzdovnik and Martin Mulazzani and Edgar Weippl},
       title = {{Enter Sandbox: Android Sandbox Comparison}},
       booktitle = {Proceedings of the IEEE Mobile Security Technologies Workshop (MoST)},
       year = {2014}
    }
  • Martina Lindorfer, Bernhard Miller, Matthias Neugschwandtner, Christian Platzer
    Take a Bite - Finding the Worm in the Apple
    International Conference on Information, Communications and Signal Processing (ICICS), December 2013
       
    @inproceedings{lindorfer2013:macmal,
       author = {Lindorfer, Martina and Miller, Bernhard and Neugschwandtner, Matthias and Platzer, Christian},
       title = {{Take a Bite - Finding the Worm in the Apple}},
       booktitle = {Proceedings of the International Conference on Information, Communications and Signal Processing (ICICS)},
       year = {2013}
    }
    
  • Martina Lindorfer, Matthias Neumayr, Juan Caballero, Christian Platzer
    POSTER: Cross-Platform Malware: Write Once, Infect Everywhere
    ACM Conference on Computer and Communications Security (CCS), November 2013
       
  • Matthias Neugschwandtner, Martina Lindorfer, Christian Platzer
    A View to a Kill: WebView Exploitation
    USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), August 2013
       
    @inproceedings{webview:neugschwandtner2013,
       author = {Neugschwandtner, Matthias and Lindorfer, Martina and Platzer, Christian},
       title = {{A View To A Kill: WebView Exploitation}},
       booktitle = {Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)},
       year = {2013}
    }
  • Martina Lindorfer, Alessandro Di Federico, Federico Maggi, Paolo Milani Comparetti, Stefano Zanero
    Lines of Malicious Code: Insights Into the Malicious Software Industry
    Annual Computer Security Applications Conference (ACSAC), December 2012
       
    @inproceedings{lindorfer2012:beagle,
       author = {Lindorfer, Martina and Di Federico, Alessandro and Maggi, Federico and Milani Comparetti, Paolo and Zanero, Stefano},
       title = {{Lines of Malicious Code: Insights Into the Malicious Software Industry}},
       booktitle = {Proceedings of the Annual Computer Security Applications Conference (ACSAC)},
       year = {2012}
    }
    
  • Martina Lindorfer, Clemens Kolbitsch, Paolo Milani Comparetti
    Detecting Environment-Sensitive Malware
    International Symposium on Recent Advances in Intrusion Detection (RAID), September 2011
         
    @inproceedings{lindorfer2011:disarm,
       author = {Lindorfer, Martina and Kolbitsch, Clemens and Milani Comparetti, Paolo},
       title = {{Detecting Environment-Sensitive Malware}},
       booktitle = {Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)},
       year = {2011}
    }
    

Theses

  • Malware Through the Looking Glass: Malware Analysis in an Evolving Threat Landscape
    Dissertation, TU Wien, November 2015
     
  • Detecting Environment-Sensitive Malware
    Master's thesis, TU Wien, April 2011