Manuel Egele

Olawale Amos Akanji, Manuel Egele, Gianluca Stringhini

Android's permission system is designed to balance usability with informed consent, yet two legacy mechanisms still undermine that balance in Android 16: (i) permission groups that silently auto-grant new permissions within a group after a user's initial approval, and (ii) normal-level custom permissions that are auto-granted at install and enable cross-app access with no user visibility. We conduct a longitudinal analysis of 19.3 million APKs spanning 5.97 million unique apps (distinct package identifiers) from the AndroZoo repository, combined with on-device validation on Android 16. Among 2,244,575 multi-version apps, 381,026 (17%) silently gain permissions within already-granted groups. Using VirusTotal detections with primary threshold t=20, apps flagged as malware expand within groups at a higher rate than benign apps (odds ratio = 1.35, p < 0.001); the association holds across every tested threshold and concentrates in permission-heavy apps (OR = 2.06 in the top quartile). We also identify 307 cross-developer normal-custom-permission pairs that expose contacts, SMS, location, authentication credentials, user identity, and medical records to unrelated apps without any user prompt. A lightweight prototype built on public Android APIs recorded 23 silent expansion events across 13 apps during a 96-day single-device pilot, showing that update-time transparency is reachable without OS modification. Our results show that consent erosion persists despite a decade of platform hardening and affects apps ranging from obscure utilities to widely deployed and pre-installed software.

Ioannis Agadakos, Manuel Egele, William Robertson

Designing and implementing secure software is inarguably more important than ever. However, despite years of research into privilege separating programs, it remains difficult to actually do so and such efforts can take years of labor-intensive engineering to reach fruition. At the same time, new intra-process isolation primitives make strong data isolation and privilege separation more attractive from a performance perspective. Yet, substituting intra-process security boundaries for time-tested process boundaries opens the door to subtle but devastating privilege leaks. In this work, we present Polytope, a language extension to C++ that aims to make efficient privilege separation accessible to a wider audience of developers. Polytope defines a policy language encoded as C++11 attributes that separate code and data into distinct program partitions. A modified Clang front-end embeds source-level policy as metadata nodes in the LLVM IR. An LLVM pass interprets embedded policy and instruments an IR with code to enforce the source-level policy using Intel MPK. A run-time support library manages partitions, protection keys, dynamic memory operations, and indirect call target privileges. An evaluation demonstrates that Polytope provides equivalent protection to prior systems with a low annotation burden and comparable performance overhead. Polytope also renders privilege leaks that contradict intended policy impossible to express.

Leila Delshadtehrani, Sadullah Canakci, Manuel Egele et al.

With the continuous increase in the number of software-based attacks, there has been a growing effort towards isolating sensitive data and trusted software components from untrusted third-party components. A hardware-assisted intra-process isolation mechanism enables software developers to partition a process into isolated components and in turn secure sensitive data from untrusted components. However, most of the existing hardware-assisted intra-process isolation mechanisms in modern processors, such as ARM and IBM Power, rely on costly kernel operations for switching between trusted and untrusted domains. Recently, Intel introduced a new hardware feature for intra-process memory isolation, called Memory Protection Keys (MPK), which enables a user-space process to switch the domains in an efficient way. While the efficiency of Intel MPK enables developers to leverage it for common use cases such as Code-Pointer Integrity, the limited number of unique domains (16) prohibits its use in cases such as OpenSSL where a large number of domains are required. Moreover, Intel MPK suffers from the protection key use-after-free vulnerability. To address these shortcomings, in this paper, we propose an efficient intra-process isolation technique for the RISC-V open ISA, called SealPK, which supports up to 1024 unique domains. SealPK prevents the protection key use-after-free problem by leveraging a lazy de-allocation approach. To further strengthen SealPK, we devise three novel sealing features to protect the allocated domains, their associated pages, and their permissions from modifications or tampering by an attacker. To demonstrate the feasibility of our design, we implement SealPK on a RISC-V Rocket processor, provide the OS support for it, and prototype our design on an FPGA. We demonstrate the efficiency of SealPK by leveraging it to implement an isolated shadow stack on our FPGA prototype.

Rasoul Jahanshahi, Adam Doupé, Manuel Egele

SQL injection (SQLi) attacks pose a significant threat to the security of web applications. Existing approaches do not support object-oriented programming that renders these approaches unable to protect the real-world web apps such as Wordpress, Joomla, or Drupal against SQLi attacks. We propose a novel hybrid static-dynamic analysis for PHP web applications that limits each PHP function for accessing the database. Our tool, SQLBlock, reduces the attack surface of the vulnerable PHP functions in a web application to a set of query descriptors that demonstrate the benign functionality of the PHP function. We implement SQLBlock as a plugin for MySQL and PHP. Our approach does not require any modification to the web app. W evaluate SQLBlock on 11 SQLi vulnerabilities in Wordpress, Joomla, Drupal, Magento, and their plugins. We demonstrate that SQLBlock successfully prevents all 11 SQLi exploits with negligible performance overhead (i.e., a maximum of 3% on a heavily-loaded web server)

William Blair, Andrea Mambretti, Sajjad Arshad et al.

Contemporary fuzz testing techniques focus on identifying memory corruption vulnerabilities that allow adversaries to achieve either remote code execution or information disclosure. Meanwhile, Algorithmic Complexity (AC)vulnerabilities, which are a common attack vector for denial-of-service attacks, remain an understudied threat. In this paper, we present HotFuzz, a framework for automatically discovering AC vulnerabilities in Java libraries. HotFuzz uses micro-fuzzing, a genetic algorithm that evolves arbitrary Java objects in order to trigger the worst-case performance for a method under test. We define Small Recursive Instantiation (SRI) as a technique to derive seed inputs represented as Java objects to micro-fuzzing. After micro-fuzzing, HotFuzz synthesizes test cases that triggered AC vulnerabilities into Java programs and monitors their execution in order to reproduce vulnerabilities outside the fuzzing framework. HotFuzz outputs those programs that exhibit high CPU utilization as witnesses for AC vulnerabilities in a Java library. We evaluate HotFuzz over the Java Runtime Environment (JRE), the 100 most popular Java libraries on Maven, and challenges contained in the DARPA Space and Time Analysis for Cybersecurity (STAC) program. We evaluate SRI's effectiveness by comparing the performance of micro-fuzzing with SRI, measured by the number of AC vulnerabilities detected, to simply using empty values as seed inputs. In this evaluation, we verified known AC vulnerabilities, discovered previously unknown AC vulnerabilities that we responsibly reported to vendors, and received confirmation from both IBM and Oracle. Our results demonstrate that micro-fuzzing finds AC vulnerabilities in real-world software, and that micro-fuzzing with SRI-derived seed inputs outperforms using empty values.

Valentin J. M. Manes, HyungSeok Han, Choongwoo Han et al.

Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.

Manuel Egele, Gianluca Stringhini, Christopher Kruegel et al.

Compromising social network accounts has become a profitable course of action for cybercriminals. By hijacking control of a popular media or business account, attackers can distribute their malicious messages or disseminate fake information to a large user base. The impacts of these incidents range from a tarnished reputation to multi-billion dollar monetary losses on financial markets. In our previous work, we demonstrated how we can detect large-scale compromises (i.e., so-called campaigns) of regular online social network users. In this work, we show how we can use similar techniques to identify compromises of individual high-profile accounts. High-profile accounts frequently have one characteristic that makes this detection reliable -- they show consistent behavior over time. We show that our system, were it deployed, would have been able to detect and prevent three real-world attacks against popular companies and news agencies. Furthermore, our system, in contrast to popular media, would not have fallen for a staged compromise instigated by a US restaurant chain for publicity reasons.