Profile Picture

Jordan Samhi


Doctoral Researcher in Software Engineering and Software Security


About




I am a Doctoral Researcher in Software Security and Software Engineering at the University of Luxembourg. I am part of the Interdisciplinary Centre for Security, Reliability and Trust (SnT) and member of TruX research group. My research is about automating software security with static code analysis. More particularly, I have a strong interest to improve the comprehensiveness of software analysis towards ensuring the security and reliability of software systems. Currently, I am focusing on Android systems..

Research

  • Android code unification to perform comprehensive static analysis of Android apps: In Android apps, dex bytecode cohabits with native code which can be used through the Java Native Interface. Due to the challenge presented to analyze native code, it is most of the time overlooked by existing approaches. This limitation is a severe threat to validity since malicious behavior can be implemented in native code. Therefore, I have the ambition to propose a model unifying both the bytecode and the native code in Android apps. I proposed a first step toward this direction at the call-graph level and with more granularity at the statement level relying on heuristic-based defined statements.
  • Logic bomb detection in Android apps: Nowadays, one of the main goal of malware writers is to evade analyses. One prominent technique used to stay under the radar of dynamic analyzers is to use logic bombs. This mechanism triggers the malicious only under specific circumstances. As a challenging and unresolved problem, I tackle this problem with static approaches. After replicating existing approaches, I contributed to the research effort by proposing an hybrid approach combining static analysis and anomaly detection.
  • Improving Android apps Inter-Component Communication: Android apps are built upon several components that communicate together through Inter-Component Communication (ICC) mechanism. Modeling ICC is a key in Android apps static analysis to ensure data flow tracking through components, as reported by IccTA. However, a substantial number of ICC methods were overlook by the state of the art, leaving room to a lack of precision in app modeling. Indeed, I noticed that ICC can be triggered through what I called Atypical ICC methods (AICCM). To cope with this limitation, I built RAICC, an approach that is AICCM-aware. Hence, existing static approach can rely on RAICC to perform more complete analyses.

Publications

[TOSEM'22]


Demystifying Hidden Sensitive Operations in Android apps

Xiaoyu Sun, Xiao Chen, Li Li, Haipeng Cai, John Grundy, Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein
ACM Transactions on Software Engineering and Methodology

[MISC'22]


Analyse Statique et Automatisée de Code

Jordan Samhi
Multi-System & Internet Security CookBook

[MSR'22]


TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs

Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein
19th International Conference on Mining Software Repositories, Pittsburgh, USA

[ICSE'22]


JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis

Jordan Samhi, Jun Gao, Nadia Daoudi, Pierre Graux, Henri Hoyez, Xiaoyu Sun, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein
44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, USA

[ICSE'22]


Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps

Jordan Samhi, Li Li, Tegawendé F. Bissyandé, Jacques Klein
44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, USA

[TDSC'21]


On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps

Jordan Samhi, Alexandre Bartel
IEEE Transactions on Dependable and Secure Computing

[MLHat'21]


DexRay: A Simple, yet Effective Deep Learning Approach to Android Malware Detection based on Image Representation of Bytecode

Nadia Daoudi, Jordan Samhi, Abdoul Kader Kaboré, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein
International Workshop on Deployable Machine Learning for Security Defense, Singapore

[MISC'21]


Les dangers de Pastebin

Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein
Multi-System & Internet Security CookBook

[ICSE'21]


RAICC: Revealing Atypical Inter-Component Communication in Android Apps

Jordan Samhi, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein
43rd IEEE/ACM International Conference on Software Engineering, Madrid, Spain

[EMSE'21]


A First Look at Android applications in Google Play Related to COVID-19

Jordan Samhi, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein
Empirical Software Engineering, Springer

[MISC'20]


Désamorcer des bombes logiques

Jordan Samhi, Alexandre Bartel
Multi-System & Internet Security CookBook

Experience

University of Washington, PLSE Group, USA, Seattle, WA

Visiting Ph.D. Student, February 2022 - June 2022
Supervisors: Jacques Klein, Tegawendé F. Bissyandé, Michael Ernst, René Just

Doctoral visit as part of a collaboration with Professors Ernst and Just. Detection of conditional implicit calls in Android apps through the Android framework.

TruX Research Group, SnT - Interdisciplinary Centre for Security, Reliability and Trust, Luxembourg

Doctoral Researcher, November 2019 - Present
Supervisors: Jacques Klein, Tegawendé F. Bissyandé

Research in the security aspects of software engineering with a particular focus on malware and vulnerability detection. Analysis of Android applications by reverse engineering and developing static analysis programs.

SnT - Interdisciplinary Centre for Security, Reliability and Trust, Luxembourg

Research Intern, April 2019 - September 2019
Supervisors: Alexandre Bartel

Literature review (static analysis, malware detection, Android security), Reverse engineering of Android malicious applications. Study of anti-reverse-engineering mecanisms like logic bombs. Open-source development and improvement of an existing solution based on pure static analysis (flow-, path- and context-sensitive). Approach based on symbolic execution, predicates recovery and control dependency. Lab experimentations of the solution on a large-scale using HPC. Paper submission.

Supervisions

Pedro Ruiz Jiménez

Student Job

University of Luxembourg · July 2022 – August 2022

Master's degree in Information and Computer Science
Empirical study to characterize file usage in Android apps.

Claude Ohlhoff

Master's Thesis

University of Luxembourg · April 2022 – September 2022

Master's degree in Information and Computer Science
Detecting Javascript Vulnerabilities using Static Analysis.

Fernandez Oliva Cesar Francisco

Internship

University of Luxembourg · February 2022 – September 2022

Master's degree in Entrepreneurship and Innovation
Business development of a spin-off project.

Ye Qiu

Master's Thesis

University of Luxembourg · February 2022 – June 2022

Master's degree in Information and Computer Science
Digging the Android Framework to find ways to Trigger Logic Bombs.

François Jullion

Internship

École Nationale Supérieure d’Ingénieurs de Bretagne-Sud · June 2021 – August 2021

Engineering degree in Software Security
Automatically extracting logic bomb's guarded code using static analysis to build minimal Android app for further dynamic analysis.

Nahom Belay

Student Job

National Institute of Applied Sciences of Toulouse · June 2021 – August 2021

Master's degree in Software Security
Manual characterization of Android malware families using reverse-engineering tools.

Ye Qiu

Student Job

University of Luxembourg · May 2021 – July 2021

Master's degree in Information and Computer Science
Manual characterization of Android malware families using reverse-engineering tools.

Mansaf Bourkaib

Master's Thesis

University of Lorraine · March 2021 – September 2021

Master's degree in Information and Computer Security, Networks and Virtual Architectures
Extracting Android apps information and building efficient query interface for selecting apps matching specific characteristics.

Vanitha Varadharajan

Master's Thesis

University of Luxembourg · February 2021 – August 2021

Master's degree in Information and Computer Science
Mining source code samples from Pastebin public data.

Sean Achtatou

Bachelor Project

University of Luxembourg · February 2020 – July 2020

Bachelor in Information and Computer Science
Machine-learning based characterization of Android Malware.

Education




Doctoral degree

Trux Research Group at the University of Luxembourg

Software Engineering and Software Security

November 2019 - Present

Master's degree

University of Lorraine

Computer and Information Systems Security

Summa cum laude , Top of my class in grades, 1/35September 2018 - September 2019

First year of Master's degree

University of Lorraine

Computer Science, Information Systems Security

Summa cum laude , Top of my class in grades, 1/79September 2017 - June 2018

Bachelor of Sciences

University of Lorraine

Computer Science

With Highest Honour , Top of my class in grades, 1/88September 2016 - June 2017

Service




Board Membership


PC Membership


Paper Reviews

Teaching




Teaching

Introduction to Static Program Analysis · February 2022 - June 2022

University of Luxembourg · Master in Information and Computer Sciences (MICS2-40)

Static analysis and Malware detection · June 2021 - July 2021

University of Luxembourg · Doctoral programme in Computer Science and Computer Engineering

Introduction to Static Program Analysis · February 2021 - June 2021

University of Luxembourg · Master in Information and Computer Sciences (MICS2-40)

Introduction to Static Program Analysis · February 2020 - June 2020

University of Luxembourg · Master in Information and Computer Sciences (MICS2-40)

Projects




Sparta

SPARTA is supported by Europe’s H2020 program, with the objective to develop and implement top-tier research and to design and test an efficient mechanism at european level for research governance and coordination. Strongly guided by concrete challenges forming an ambitious Cybersecurity research & innovation roadmap, SPARTA will setup unique collaboration means, leading the way in building transformative capabilities and forming a world-leading “Competence Network” across the EU.

Onniva

ONNIVA is supported by Luxembourg's National Research Fund, with the objective to develop new approaches to detect Java vulnerabilities. This project focuses on deserialization vulnerabilities which occurs when a Java application accepts serialized files from untrusted sources. Approaches developed within the frame of this project focus on static analysis techniques.

Awards & Grants





The FNR JUMP21 programme Luxembourg (PoC21/16693582/SecuBox-PoC)
Start-up business creation project - 250 000€ - SecuBox project

February 2022 - July 2023


AFR Individual PhD grants Luxembourg (14596679)
Dissecting Android Applications using Static Analysis - 44 months funding for Ph.D. - DIANA

March 2020 - November 2023