Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom

Especially since the onset of the COVID-19 pandemic, the use of cloud-based tools and solutions - lead by the ‘Zoomification’ of education, has picked up attention in the EdTech and privacy communities. In this paper, we take a look at the progressing use of cloud-based educational tools, often controlled by only a handful of major corporations. We analyse how this ‘cloudification’ impacts academics’ and students’ privacy and how it influences the handling of privacy by universities and higher education institutions. Furthermore, we take a critical perspective on how this cloudification may not only threaten users’ privacy, but ultimately may also compromise core values like academic freedom: the dependency relationships between universities and corporations could impact curricula, while also threatening what research can be conducted. Finally, we take a perspective on universities’ cloudification in different western regions to identify policy mechanisms and recommendations that can enable universities to preserve their academic independence, without compromising on digitalization and functionality

Not Your Average App: A Large-scale Privacy Analysis of Android Browsers

Peer reviewe

Enter Sandbox: Android Sandbox Comparison

Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended their vicious activities towards Google's mobile operating system. With an estimated number of 700 new Android applications released every day, keeping control over malware is an increasingly challenging task. In recent years, a vast number of static and dynamic code analysis platforms for analyzing Android applications and making decision regarding their maliciousness have been introduced in academia and in the commercial world. These platforms differ heavily in terms of feature support and application properties being analyzed. In this paper, we give an overview of the state-of-the-art dynamic code analysis platforms for Android and evaluate their effectiveness with samples from known malware corpora as well as known Android bugs like Master Key. Our results indicate a low level of diversity in analysis platforms resulting from code reuse that leaves the evaluated systems vulnerable to evasion. Furthermore the Master Key bugs could be exploited by malware to hide malicious behavior from the sandboxes.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies (MoST) 2014 (http://arxiv.org/abs/1410.6674

Detecting environment-sensitive malware

Zsfassung in dt. SpracheMalware stellt eines der größten Sicherheitsrisiken im Internet dar. Durch die enorme Anzahl an neuer Malware, die täglich erscheint, benötigen Forscher und Hersteller von Anti-Viren Software Unterstützung durch dynamische Analyse-Sandboxen wie zum Beispiel Anubis. Diese Sandboxen ermöglichen die automatisierte Analyse von Malware in einer kontrollierten Umgebung. Sogenannte "umgebungs-sensitive" Malware versucht eine solche Sandbox vom System eines echten Benutzers zu unterscheiden und somit die Analyse und Erkennung zu umgehen. In Abwesenheit einer "unerkennbaren", vollkommen transparenten Analyse-Sandbox ist die Abwehr solcher Umgehungsmethoden hauptsächlich reaktiv: Hersteller und Betreiber von dynamischen Sandboxen modifizieren ihre Systeme um Umgehungsmethoden zu verhindern sobald diese bekannt werden. Dies führt wiederum zu einem endlosen Wettrüsten zwischen den Entwicklern von Malware-Entwicklern von Analyse-Sandboxen.In dieser Arbeit präsentieren wir DISARM, ein System, das Malware automatisch in mehreren Analyse-Sandboxen auf Umgehungsmethoden überprüft. Wir präsentieren neue Methoden zur Normalisierung von Malware-Verhalten in verschiedenen Sandboxen und zur Erkennung von semantisch unterschiedlichem Verhalten. Des Weiteren entwickeln wir eine Monitoring-Technologie zur Analyse von Malware mit geringem Overhead in jeder beliebigen Windows XP Umgebung. Nichtsdestotrotz sind unsere Methoden mit jeder Monitoring-Technologie zur dynamischen Analyse von Malware kompatibel. Zusätzlich funktionieren unsere Methoden unabhängig von der Art und Weise mit der Malware versucht die Analyse zu umgehen.Wir unterziehen DISARM einer umfangreichen Evaluierung, anhand welcher wir die Genauigkeit in der Erkennung von Umgehungsmethoden in realer Malware demonstrieren. Wir erkennen damit neuartige Methoden, mit denen Malware die Analyse in dynamischen Analyse-Sandboxen umgeht.Malware poses one of the Internet's major security threats today. Due to the vast amount of new malware samples emerging every day, researchers and Anti-Virus vendors rely on dynamic malware analysis sandboxes such as Anubis to automatically analyze malicious code in a controlled environment. In order to evade detection by these sandboxes, environment-sensitive malware aims to differentiate the analysis sandbox from a real user's environment. In the absence of an "undetectable", fully transparent analysis sandbox, defense against sandbox evasion is mostly reactive: Sandbox developers and operators tweak their systems to thwart individual evasion techniques as they become aware of them, leading to a never-ending arms race.In this thesis we present DISARM, a system that automates the screening of malware for evasive behavior using different analysis sandboxes. We present novel techniques that normalize malware behavior across these analysis sandboxes and detect malware samples that exhibit semantically different behavior. We further present a light-weight monitoring technology that is portable to any Windows XP environment. Nevertheless, our techniques are compatible with any monitoring technology that can be used for dynamic malware analysis and are completely agnostic to the way that malware achieves evasion. In a large-scale evaluation on real-world malware samples we demonstrate that DISARM can accurately detect evasive malware, leading to the discovery of previously unknown evasion techniques.6

Malware through the looking glass : malware analysis in an evolving threat landscape

Zusammenfassung in deutscher SpracheMalware has become a multi-million dollar industry and is the basis of many forms of cybercrime. Motivated by financial gains, malware authors are constantly evolving their code to evade security defenses and exploit new monetization techniques. Developing effective and efficient analysis methods is an arms race against malware authors. One current challenge is that malware authors overwhelm analysis systems with an increasing number of malware samples, which are mostly repacked versions of already known malware. We develop novel techniques to compare multiple versions of self-updating malware. By associating the high-level behavior of malware with the functional components that implement it, we can observe the evolution of malware families and highlight interesting components for further analysis. With the emergence of mobile platforms, malware has spread to these devices as well. Mobile devices provide malware with new ways for monetization and pose unique challenges for building defenses by limiting the capabilities of on-device defenses. We build a large-scale public analysis sandbox for Android apps, called Andrubis, as a cloud-based service. We leverage the large and diverse dataset of over one million Android apps Andrubis collected to gain insights into the behavior and evolution of Android malware. Furthermore, we use machine learning to build a robust classifier that can automatically distinguish benign from malicious apps with high accuracy. Finally, as mobile platforms led to the emergence of application markets as the main app distribution channel, we present an Android market radar for the fast discovery of malware in alternative application markets.14

Leben mit Corona. Schule und Bildung

Schule und Bildung sind Bereiche, die von der COVID-19 Pandemie besonders betroffen sind. Welche Risiken und Chancen das Lernen im Ausnahmezustand hat und ob aus der Gesundheits- nun eine Bildungskrise wird, darum geht es in der fünften Session unseres Symposiums Leben mit Corona. Programm: Christiane Spiel | Herausforderungen für das Bildungssystem und die Bildungsforschung 07:40​ Mario Steiner | Wird aus der Gesundheits- eine Bildungskrise 46:30​ Martina Lindorfer | Lernen im Ausnahmezustand - Risiken und Chancen 1:09:53​ Marko Lüftenegger | Lernen unter COVID-19 - Herausforderungen für die Selbstregulation 1:27:35