Martina Lindorfer

Assistant Prof. Dipl.-Ing. Dr.in techn. / BSc

Roles

Assistant Professor
Security and Privacy, E192-06
Women in Informatics
Coordinator
Faculty Council
Principal Member

Contact

Courses

2022W

Bachelor Thesis / 192.061 / PR
Project in Computer Science 1 / 192.075 / PR
Project in Computer Science 2 / 192.076 / PR
Seminar for Master Students in Software Engineering & Internet Computing / 180.777 / SE
Seminar for PhD Students / 192.060 / SE
Systems and Applications Security / 192.112 / VU

2023S

Bachelor Thesis / 192.061 / PR
Project in Computer Science 1 / 192.075 / PR
Project in Computer Science 2 / 192.076 / PR
Scientific Research and Writing / 193.052 / SE
Selected Topics in Information Security / 188.985 / VU
Seminar for Master Students in Software Engineering & Internet Computing / 180.777 / SE
Seminar for PhD Students / 192.060 / SE

Projects

Fixing the Broken Bridge Between Mobile Apps and the Web
2023 – 2027 / Vienna Science and Technology Fund (WWTF)
IoTIO: Analyzing and Understanding the Internet of Insecure Things
2020 – 2024 / Vienna Science and Technology Fund (WWTF) / Publications: 148435, 148446, 148455, 53211, 62313, 82045
A European Network of Excellence in Managing Threats and Vulnerabilities in the Future Internet: Europe for the World
2010 – 2014 / European Commission / Publications: 57685, 57686, 57698, 61341, 61342, 61343, 61344
i-Code: Real-time Malicious Code Identification
2010 – 2012 / European Commission / Publication: 57685
TRUDIE - Trust Relationships in Underground IT Economies
2009 – 2012 / Austrian Research Promotion Agency (FFG) / Publications: 57027, 57685, 57686

Publications

Note: Due to the rollout of TU Wien’s new publication database, the list below may be slightly outdated. Once the migration is complete, everything will be up to date again.

2022

Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom / Fiebig, T., Gürses, S., & Lindorfer, M. (2022). Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom. Privacy Studies Journal, 51–68. https://doi.org/10.7146/psj.vi.132713
A Comparative Analysis of Certificate Pinning in Android & iOS / Pradeep, A., Paracha, M. T., Bhowmick, P., Davanian, A., Razaghpanah, A., Chung, T., Lindorfer, M., Vallina-Rodriguez, N., Levin, D., & Choffnes, D. (2022). A Comparative Analysis of Certificate Pinning in Android & iOS. In Proceedings of the 22nd ACM Internet Measurement Conference (pp. 605–618). ACM. https://doi.org/10.34726/3505 / Project: IoTIO
Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality / Fassl, M., Anell, S., Houy, S., Lindorfer, M., & Krombholz, K. (2022). Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality. In Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) (pp. 135–154). USENIX Association. https://doi.org/10.34726/3902 / Project: IoTIO
Not that Simple: Email Delivery in the 21st Century / Holzbauer, F., Ullrich, J., Lindorfer, M., & Fiebig, T. (2022). Not that Simple: Email Delivery in the 21st Century. In Proceedings of the 2022 USENIX Annual Technical Conference (pp. 295–308). USENIX Association. https://doi.org/10.34726/4024 / Project: IoTIO
No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis / Al Alsadi, A. A., Sameshima, K., Bleier, J., Yoshioka, K., Lindorfer, M., van Eeten, M., & Hernández Gañán, C. (2022). No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis. In Yuji Suga, Kouichi Sakurai, Xuhua Ding, & Kazue Sako (Eds.), ASIA CCS ’22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (pp. 309–321). Association for Computing Machinery. https://doi.org/10.1145/3488932.3517408 / Project: IoTIO
ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android's OAT Compiler / Bleier, J., & Lindorfer, M. (2022, May 23). ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android’s OAT Compiler [Poster Presentation]. 43rd IEEE Symposium on Security and Privacy, San Francisco, United States of America (the). / Project: IoTIO

2021

Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone / Quarta, D., Ianni, M., Machiry, A., Fratantonio, Y., Gustafson, E., Balzarotti, D., Lindorfer, M., Vigna, G., & Kruegel, C. (2021). Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone. In Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks. ACM, Austria. ACM. https://doi.org/10.1145/3465413.3488571 / Project: IoTIO

2020

TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records / der Toorn, O. van, van Rijswijk-Deij, R., Fiebig, T., Lindorfer, M., & Sperotto, A. (2020). TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE. https://doi.org/10.1109/eurospw51379.2020.00080
FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic / van Ede, T., Bortolameotti, R., Continella, A., Ren, J., Dubois, D., Lindorfer, M., Choffnes, D., van Steen, M., & Peter, A. (2020). FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58308
When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features / Aghakhani, H., Gritti, F., Mecca, F., Lindorfer, M., Ortolani, S., Balzarotti, D., Vigna, G., & Krügel, C. (2020). When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58307

2018

GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM / van der Veen, V., Lindorfer, M., Fratantonio, Y., Padmanabha Pillai, H., Vigna, G., Kruegel, C., Bos, H., & Razavi, K. (2018). GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 92–113). Springer. https://doi.org/10.1007/978-3-319-93411-2_5
MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense / Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H., & Vigna, G. (2018). MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3243734.3243858
Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions / Ren, J., Lindorfer, M., Dubois, D. J., Rao, A., Choffnes, D., & Vallina-Rodriguez, N. (2018). Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions. In Proceedings 2018 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2018.23143
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications / Pan, E., Ren, J., Lindorfer, M., Wilson, C., & Choffnes, D. (2018). Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. In Proceedings on Privacy Enhancing Technologies (pp. 33–50). DeGruyter. https://doi.org/10.1515/popets-2018-0030

2017

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis / Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., & Vigna, G. (2017). Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23465

2016

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms / van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., & Giuffrida, C. (2016). Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/2976749.2978406
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic / Ren, J., Rao, A., Lindorfer, M., Legout, A., & Choffnes, D. (2016). ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM. https://doi.org/10.1145/2906388.2906392
CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes / Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., & Kirda, E. (2016). CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In Financial Cryptography and Data Security (pp. 231–249). Springer. https://doi.org/10.1007/978-3-662-54970-4_13

2015

Malware through the looking glass : malware analysis in an evolving threat landscape / Lindorfer, M. (2015). Malware through the looking glass : malware analysis in an evolving threat landscape [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2015.35065
MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis / Lindorfer, M., Neugschwandtner, M., & Platzer, C. (2015). MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis. In 2015 IEEE 39th Annual Computer Software and Applications Conference. IEEE. https://doi.org/10.1109/compsac.2015.103 / Project: SysSec

2014

Enter Sandbox: Android Sandbox Comparison / Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Georg, M., Mulazzani, M., & Weippl, E. (2014). Enter Sandbox: Android Sandbox Comparison. In Proceedings of the IEEE Mobile Security Technologies Workshop (MoST). IEEE. http://hdl.handle.net/20.500.12708/55124
Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images / Platzer, C., Stuetz, M., & Lindorfer, M. (2014). Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images. In Proceedings of the 2nd international workshop on Security and forensics in communication systems - SFCS ’14. IEEE. https://doi.org/10.1145/2598918.2598920 / Project: SysSec
ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors / Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. van der, & Platzer, C. (2014). ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE. https://doi.org/10.1109/badgers.2014.7 / Project: SysSec
AndRadar: Fast Discovery of Android Applications in Alternative Markets / Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., & Ioannidis, S. (2014). AndRadar: Fast Discovery of Android Applications in Alternative Markets. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 51–71). Springer. https://doi.org/10.1007/978-3-319-08509-8_4 / Project: SysSec

2013

Take a Bite - Finding the Worm in the Apple / Lindorfer, M., Miller, B., Neugschwandtner, M., & Platzer, C. (2013). Take a Bite - Finding the Worm in the Apple. In International Conference on Information, Communications and Signal Processing (ICICS). IEEE. http://hdl.handle.net/20.500.12708/54856
POSTER: Cross-Platform Malware: Write Once, Infect Everywhere / Lindorfer, M., Neumayr, M., Caballero, J., & Platzer, C. (2013). POSTER: Cross-Platform Malware: Write Once, Infect Everywhere. In ACM Conference on Computer and Communications Security (CCS). ACM Conference on Computer and Communications Security (CCS), Washington, USA, Non-EU. http://hdl.handle.net/20.500.12708/54855
A View to a Kill: WebView Exploitation / Neugschwandtner, M., Lindorfer, M., & Platzer, C. (2013). A View to a Kill: WebView Exploitation. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX. http://hdl.handle.net/20.500.12708/54854

2012

Lines of Malicious Code: Insights Into the Malicious Software Industry / Lindorfer, M., Di Federico, A., Maggi, F., Milani Comparetti, P., & Zanero, S. (2012). Lines of Malicious Code: Insights Into the Malicious Software Industry. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 349–358). ACM. http://hdl.handle.net/20.500.12708/54349

2011

Detecting Environment-Sensitive Malware / Lindorfer, M., Kolbitsch, C., & Milani Comparetti, P. (2011). Detecting Environment-Sensitive Malware. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (2011). Springer. http://hdl.handle.net/20.500.12708/54010 / Projects: icode, SysSec, TRUDIE

Supervisions