When: Oct 7, 2025, 13:00 – 15:00
Where: VU Campus, NU building, room NU-4A67
Directions to NU building: https://vusec.net/directions
This mini workshop series features a strong line-up of leading systems security researchers from around the world. The event is freely accessible to everyone on a first come, first serve basis.
Speakers
Workshop program (Oct 7 at VU, NU-4A67)
| 13:00 | Coffee and tea |
| 13:10 | Opening by Maggie Zhang (AMSec) |
| 13:15 | Speaker: Lianying Zhao Title: Living with Packers to Enable Dynamic Analysis of Android Apps Abstract: Android apps have become a valuable target for app modifiers and imitators due to its popularity and being trusted with highly sensitive data. Packers, on the other hand, protect apps from tampering with various anti-analysis techniques embedded in the app. Meanwhile, packers also conceal certain behavior potentially against the interest of the users, aside from being abused by malware for stealth. Security practitioners typically try to capture undesired behavior at runtime with hooking (e.g., Frida) or debugging techniques, which are heavily affected by packers. Unpackers have been the community’s continuous effort to address this, but due to the emerging commercial packers (especially the Chinese ones), our study shows that none of the unpackers remain effective, and they are unfit for this purpose as unpacked apps can no longer run. In this talk, I will first present a large-scale prevalence analysis of Android packers we performed with a real-world dataset of more than 12K apps (the first of its kind), as well as a survey of packing/unpacking techniques. This was to find out what percentage of Android apps are actually packed and to what extent dynamic analysis is hindered. I then will introduce Purifire, an evasion engine to bypass packers’ anti-analysis techniques and enable dynamic analysis on packed apps without unpacking them. Purifire is based on eBPF, a low-level kernel feature, which provides observability and invisibility to user space apps to enforce defined evasion rules while staying low-profile. To allude to future research directions, I will also briefly enumerate several unique observations regarding the Android ecosystem. Bio: Lianying Zhao is currently an Associate Professor at Carleton University. Prior to his academic career, he worked for IBM on mainframes for 6 years. Zhao's primary research areas are systems/platform security and architectural/hardware security support which used to be known as "trusted computing", as well as authentication and data protection in general. |
| 14:15 | Speaker: Agathe Blaise Title: Supply-chain security in Kubernetes Abstract: In recent years, there has been an explosion of attacks directed at microservice-based platforms – a trend that follows closely the massive shift of the digital industries towards these environments. The management and operation of container-based microservices heavily rely on automation, leveraging on container orchestration engines such as Kubernetes. This talk will explore how supply-chain attacks can propagate from a single compromised container or endpoint to an entire Kubernetes cluster. We will begin by showcasing how vulnerabilities can be concealed within container images through malicious compliance of Software Bills of Materials (SBOM). Next, we will illustrate how attackers can exploit this foothold to infiltrate and compromise the broader Kubernetes cluster. We will then present advanced techniques for analyzing and strengthening the security posture of Kubernetes deployments. Key areas include securing the full supply chain, from container configurations to Kubernetes setups, detecting vulnerabilities and misconfigurations, monitoring the system for real-time threats and attacks, and implementing mitigation strategies to safeguard microservice ecosystems. Bio: Agathe Blaise is currently a research engineer at Thales (Gennevilliers, France). She received her engineering degree in computer science from ISEN (Lille, France) in 2017, and the Ph.D. degree in Computer Science from LIP6, Sorbonne University (Paris, France) in 2020. Her research interests focus on cloud computing security, data analysis for network security, and quantum networks. |
| 15:00 | Closing remarks |