I am a Research Associate working in Software Security and Software Engineering at the University of Luxembourg. I am part of the Interdisciplinary Centre for Security, Reliability and Trust (SnT) and member of TruX research group. My research is about automating software security with static code analysis. More particularly, I have a strong interest to improve the comprehensiveness of software analysis towards ensuring the security and reliability of software systems. Currently, I am focusing on Android systems.
Research
Android code unification to perform comprehensive static analysis of Android apps:
In Android apps, dex bytecode cohabits with native code which can be used through the Java Native Interface. Due to the challenge presented to analyze native code, it is most of the time overlooked by existing approaches. This limitation is a severe threat to validity since malicious behavior can be implemented in native code. Therefore, I have the ambition to propose a model unifying both the bytecode and the native code in Android apps. I proposed a first step toward this direction at the call-graph level and with more granularity at the statement level relying on heuristic-based defined statements.
Logic bomb detection in Android apps:
Nowadays, one of the main goal of malware writers is to evade analyses. One prominent technique used to stay under the radar of dynamic analyzers is to use logic bombs. This mechanism triggers the malicious only under specific circumstances. As a challenging and unresolved problem, I tackle this problem with static approaches. After replicating existing approaches, I contributed to the research effort by proposing an hybrid approach combining static analysis and anomaly detection.
Improving Android apps Inter-Component Communication:
Android apps are built upon several components that communicate together through Inter-Component Communication (ICC) mechanism. Modeling ICC is a key in Android apps static analysis to ensure data flow tracking through components, as reported by IccTA. However, a substantial number of ICC methods were overlook by the state of the art, leaving room to a lack of precision in app modeling. Indeed, I noticed that ICC can be triggered through what I called Atypical ICC methods (AICCM). To cope with this limitation, I built RAICC, an approach that is AICCM-aware. Hence, existing static approach can rely on RAICC to perform more complete analyses.
Publications
[SANER'23]
Negative Results of Fusing Code and Documentation for Learning to Accurately Identify Sensitive Source and Sink Methods
Jordan Samhi, Maria Kober, Abdoul Kader Kabore, Steven Arzt, Tegawendé F. Bissyandé, Jacques Klein
30th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering, Macao SAR, China
[TOSEM'22]
Demystifying Hidden Sensitive Operations in Android apps
Xiaoyu Sun, Xiao Chen, Li Li, Haipeng Cai, John Grundy, Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein
ACM Transactions on Software Engineering and Methodology
[MISC'22]
Analyse Statique et Automatisée de Code
Jordan Samhi
Multi-System & Internet Security CookBook
[MSR'22]
TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs
Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein
19th International Conference on Mining Software Repositories, Pittsburgh, USA
[ICSE'22]
JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
Jordan Samhi, Jun Gao, Nadia Daoudi, Pierre Graux, Henri Hoyez, Xiaoyu Sun, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein
44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, USA
[ICSE'22]
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Jordan Samhi, Li Li, Tegawendé F. Bissyandé, Jacques Klein
44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, USA
[TDSC'21]
On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps
Jordan Samhi, Alexandre Bartel
IEEE Transactions on Dependable and Secure Computing
[MLHat'21]
DexRay: A Simple, yet Effective Deep Learning Approach to Android Malware Detection based on Image Representation of Bytecode
Nadia Daoudi, Jordan Samhi, Abdoul Kader Kaboré, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein
International Workshop on Deployable Machine Learning for Security Defense, Singapore
[MISC'21]
Les dangers de Pastebin
Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein
Multi-System & Internet Security CookBook
[ICSE'21]
RAICC: Revealing Atypical Inter-Component Communication in Android Apps
Jordan Samhi, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein
43rd IEEE/ACM International Conference on Software Engineering, Madrid, Spain
[EMSE'21]
A First Look at Android applications in Google Play Related to COVID-19
Jordan Samhi, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein
Empirical Software Engineering, Springer
[MISC'20]
Désamorcer des bombes logiques
Jordan Samhi, Alexandre Bartel
Multi-System & Internet Security CookBook
Experience
TruX Research Group, SnT - Interdisciplinary Centre for Security, Reliability and Trust, Luxembourg
Research Associate, February 2023 - now
Research in software engineering for software security. Program analysis and static analysis.
University of Washington, PLSE Group, USA, Seattle, WA
Visiting Ph.D. Student, February 2022 - June 2022
Supervisors: Jacques Klein, Tegawendé F. Bissyandé, Michael Ernst, René Just
Doctoral visit as part of a collaboration with Professors Ernst and Just. Detection of conditional implicit calls in Android apps through the Android framework.
TruX Research Group, SnT - Interdisciplinary Centre for Security, Reliability and Trust, Luxembourg
Doctoral Researcher, November 2019 - January 2023
Supervisors: Jacques Klein, Tegawendé F. Bissyandé
Research in software engineering for software security. Program analysis and static analysis.
SnT - Interdisciplinary Centre for Security, Reliability and Trust, Luxembourg
Research Intern, April 2019 - September 2019
Supervisors: Alexandre Bartel
Literature review (static analysis, malware detection, Android security), Reverse engineering of Android malicious applications. Study of anti-reverse-engineering mecanisms like logic bombs. Open-source development and improvement of an existing solution based on pure static analysis (flow-, path- and context-sensitive). Approach based on symbolic execution, predicates recovery and control dependency. Lab experimentations of the solution on a large-scale using HPC. Paper submission.
Supervisions
Lucas Visintin
Master's ThesisUniversity of Luxembourg · February 2023 – August 2023
Master's degree in Information and Computer Science
On the impact of Vulnerabilities in the Odoo Platform.
Pedro Ruiz Jiménez
Master's ThesisUniversity of Luxembourg · February 2023 – August 2023
Master's degree in Information and Computer Science
Detecting Hidden Files and Code in Android apps.
Frederick Van Der Windt
Master's ThesisKTH Royal Institute of Technology in Stockholm · January 2023 - June 2023
Master's degree in Computer Science
Detecting JavaScript vulnerabilities using Static Analysis.
Marco Alecci
Ph.D. StudentUniversity of Luxembourg · October 2022 - present
Ph.D. in Computer Science
Static Analysis of Android apps.
Pedro Ruiz Jiménez
Student JobUniversity of Luxembourg · July 2022 – August 2022
Master's degree in Information and Computer Science
Empirical study to characterize file usage in Android apps.
Cédric Herzog
Research AssociateUniversity of Luxembourg · February 2022 - August 2023
Ph.D. in Computer Science
Research specialist for the development of a static analysis start-up.
Claude Ohlhoff
Master's ThesisUniversity of Luxembourg · April 2022 – September 2022
Master's degree in Information and Computer Science
Detecting Javascript Vulnerabilities using Static Analysis.
Fernandez Oliva Cesar Francisco
InternshipUniversity of Luxembourg · February 2022 – September 2022
Master's degree in Entrepreneurship and Innovation
Business development of a spin-off project.
Ye Qiu
Master's ThesisUniversity of Luxembourg · February 2022 – June 2022
Master's degree in Information and Computer Science
Digging the Android Framework to find ways to Trigger Logic Bombs.
François Jullion
InternshipÉcole Nationale Supérieure d’Ingénieurs de Bretagne-Sud · June 2021 – August 2021
Engineering degree in Software Security
Automatically extracting logic bomb's guarded code using static analysis to build minimal Android app for further dynamic analysis.
Nahom Belay
Student JobNational Institute of Applied Sciences of Toulouse · June 2021 – August 2021
Master's degree in Software Security
Manual characterization of Android malware families using reverse-engineering tools.
Ye Qiu
Student JobUniversity of Luxembourg · May 2021 – July 2021
Master's degree in Information and Computer Science
Manual characterization of Android malware families using reverse-engineering tools.
Mansaf Bourkaib
Master's ThesisUniversity of Lorraine · March 2021 – September 2021
Master's degree in Information and Computer Security, Networks and Virtual Architectures
Extracting Android apps information and building efficient query interface for selecting apps matching specific characteristics.
Vanitha Varadharajan
Master's ThesisUniversity of Luxembourg · February 2021 – August 2021
Master's degree in Information and Computer Science
Mining source code samples from Pastebin public data.
Sean Achtatou
Bachelor ProjectUniversity of Luxembourg · February 2020 – July 2020
Bachelor in Information and Computer Science
Machine-learning based characterization of Android Malware.