Research Interests

Android Virtualization

Publications

• 2025 Journal
  VirtualPatch: Distributing Android Security Patches Through Android Virtualization
  S. Pizzi, S. Doria, N. Miazzo, E. Losiouk
  Computers & Security
  [PDF] [GitHub]
• 2025 Talk
  Matrioska: A User-Centric Defense Against Virtualization-Based Repackaging Malware on Android
  S. Zerbini, S. Doria, P. Wijesekera, S. Egelman, E. Losiouk
  DEFCON 2025 (Mobile Hacking Community)
  [Slides] [GitHub]
• 2024 Conference
  Matrioska: A User-Centric Defense Against Virtualization-Based Repackaging Malware on Android
  S. Zerbini, S. Doria, P. Wijesekera, S. Egelman, E. Losiouk
  In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2024)
  [PDF] [GitHub]
• 2023 Journal
  VEDRANDO: A Novel Way to Reveal Stealthy Attack Steps on Android through Memory Forensics
  J. Bellizzi, E. Losiouk, M. Conti, C. Colombo, M. Vella
  Journal of Cybersecurity and Practice
  [PDF]
• 2021 Conference
  Repack Me If You Can: An Anti-Repackaging Solution based on Android Virtualization
  A. Ruggia, E. Losiouk, L. Verderame, M. Conti, A. Merlo
  In Proceedings of Annual Computer Security Applications Conference (ACSAC 2021)
  [PDF] [GitHub]
• 2021 Conference
  Under the Hood of MARVEL
  A. Ruggia, E. Losiouk, L. Verderame, M. Conti, A. Merlo
  In Proceedings of the Learning from Authoritative Security Experiment Results (LASER 2021)
  [Slides] [GitHub]
• 2019 Conference
  HideMyApp: Hiding the Presence of Sensitive Apps on Android
  A. Pham, I. Dacosta, E. Losiouk, J. Stephan, K. Huguenin, J.P. Hubaux
  In Proceedings of the 28th USENIX Security Symposium 2019 (USENIX Security 2019)
  [PDF] [GitHub]

Theses

• "Towards Secure Virtual Apps: Bringing Application-Level Isolation to Android Virtualization"
  2025Luca Boscolo Meneguolo
  [Thesis]
• "Towards Secure Virtual Apps: Bringing Android Permission Model to Application Virtualization"
  2024Alberto Lazari
  [Thesis]
• "VirtualPatch: Fixing Android Security Vulnerabilities with App-Level Virtualization"
  2022Simeone Pizzi
  [Thesis]
• "Virtualization-Based Malwares: Can We Defend Against Them?"
  2022Simone Zerbini
  [Thesis]
• "A Virtualization-Based Solution for Protecting Android Bluetooth Low-Energy Communications"
  2022Andrea Varischio
  [Thesis]

Android Vulnerabilities

Publications

• 2021 Journal
  Vulnerabilities in Android WebView Objects: Still Not the End!
  M. El-Zawawy, E. Losiouk, M. Conti
  Computers & Security
  [PDF]
• 2021 Conference
  Contact Tracing Made Un-relay-able
  M. Casagrande, M. Conti, E. Losiouk
  In Proceedings of 11th ACM Conference on Data and Application Security and Privacy (CODASPY 2021)
  [PDF] [GitHub]
• 2020 Journal
  Do not Let Next-Intent Vulnerability Be Your Next Nightmare: Type System Based Approach to Detect It in Android Apps
  M. El-Zawawy, E. Losiouk, M. Conti
  International Journal of Information Security
  [PDF]

Theses

• "Security Comparison Between Xiaomi System Applications and Xiaomi Applications on the Google Play Store"
  2022Michele Agnello
  [Thesis]

Automated Vulnerabilities and Attacks Detection

Publications

• 2025 Conference
  Hercules Droidot and the murder on the JNI Express
  L. Di Bartolomeo, P. Mao, Y. Tung, J. Ayala, S. Doria, P. Celada, M. Busch, J. Garcia, E. Losiouk, M. Payer
  In Proceedings of the 34th Usenix Security Symposium (Usenix Security 2025)
  [PDF] [GitHub]
• 2025 Conference
  Poster: SPECK: From Google Textual Guidelines to Automatic Detection of Android Apps Vulnerabilities
  R. Rossini, S. Pizzi, S. Doria, M. Conti, E. Losiouk
  In Proceedings of International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2025)
  [PDF] [GitHub]
• 2023 Workshop
  Fuzzing for Smart Contract Interworking Security Evaluation: An Empirical Evaluation of the State of the Art
  S. Zerbini, S. Kharya, D. Boscovic, E. Losiouk
  In Proceedings of the Workshop Encouraging Building Better Blockchain Security (WEB3SEC), co-located with ACSAC 2023
  [PDF]
• 2023 Conference
  GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks
  A. Agiollo, E. Bardhi, M. Conti, R. Lazzeretti, E. Losiouk, A. Omicini
  In Proceedings of the 8th IEEE European Symposium on Security and Privacy (Euro S&P 2023)
  [PDF] [GitHub]

Theses

• "Automatic Vulnerability Testing in Android Applications"
  2024Matteo Todescato
  [Thesis]
• "Control Flow Graph-based Path Reconstruction in Android Applications"
  2023Samuele Doria
  [Thesis]
• "Automated Analysis and Exploitation of Vulnerable Android Applications"
  2022Alberto Molon
  [Thesis]

LLMs for Vulnerability Detection, Repair and Reverse Engineering

Publications

• 2025 Conference
  Decompiling the Synergy: An Empirical Study of Human–LLM Teaming in Software Reverse Engineering
  Z. Basque, S. Doria, A. Soneji, W. Gibbs, A. Doupe, Y. Shoshitaishvili, E. Losiouk, R. Wang, S. Aonzo
  In Proceedings of the Network and Distributed System Security (NDSS) Symposium (NDSS 2026)
• 2025 Conference
  A Dataset for Evaluating LLMs Vulnerability Repair Performance in Android Applications
  E. Braconaro, E. Losiouk
  In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (CODASPY 2025)
  [PDF] [GitHub]

Theses

• "Leveraging Graph of Thoughts and Large Language Models for Advanced Vulnerability Detection"
  2024Nicholas Miazzo
  [Thesis]
• "LLMs Evaluation for Android Vulnerability Repair"
  2023Elisa Braconaro
  [Thesis]

Android & IoT Reverse Engineering

Publications

• 2025 Talk
  E-Trojans: Ransomware, Tracking, DoS, and Data Leaks on Battery-powered Embedded Systems
  M. Casagrande, R. Cestaro, E. Losiouk, M. Conti, D. Antonioli
  Black Hat USA 2025
  [Slides]
• 2023 Conference
  E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem
  M. Casagrande, R. Cestaro, E. Losiouk, M. Conti, D. Antonioli
  In Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'23)
  [PDF] [GitHub]
• 2022 Conference
  BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem
  M. Casagrande, E. Losiouk, M. Conti, M. Payer, D. Antonioli
  In Proceedings of the Transactions on Cryptographic Hardware and Embedded Systems 2022 (TCHES 2022)
  [PDF]

Theses

• "Reversing, Analyzing, and Attacking Xiaomi's Electric Scooter Ecosystem"
  2022Riccardo Cestaro
  [Thesis]

Information-Centric Networking

Publications

• 2023 Journal
  Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey
  E. Bardhi, M. Conti, R. Lazzeretti, E. Losiouk
  IEEE Communications Surveys and Tutorials
  [PDF]
• 2022 Conference
  Sim2Testbed Transfer: NDN Performance Evaluation
  E. Bardhi, M. Conti, R. Lazzeretti, E. Losiouk, A. Taffal
  In Proceedings of the 5th International Workshop on Emerging Network Security 2022 (ENS 2022) co-located with ARES 2022
  [PDF]
• 2021 Conference
  ICN PATTA: ICN Privacy Attack Through Traffic Analysis
  E. Bardhi, M. Conti, E. Losiouk, R. Lazzeretti
  In Proceedings of the 46th IEEE Conference on Local Computer Networks (LCN) (IEEE LCN 2021)
  [PDF]
• 2020 Journal
  The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions
  M. Conti, A. Gangwal, M. Hassan, C. Lal, E. Losiouk
  IEEE Communications Surveys and Tutorials
  [PDF]
• 2020 Journal
  ChoKIFA+: An Early Detection and Mitigation Approach against Interest Flooding Attacks in NDN
  A. Benarfa, M. Hassan, E. Losiouk, A. Compagno, M. Bachir Yagoubi, M. Conti
  International Journal of Information Security
  [PDF]
• 2020 Conference
  Spatial Bloom Filter in Named Data Networking: a Memory Efficient Solution
  F. Berto, L. Calderoni, M. Conti, E. Losiouk
  In Proceedings of the 35th ACM/SIGAPP Symposium on Applied Computing (SAC 2020)
  [PDF]
• 2020 Conference
  A Proactive Cache Privacy Attack on NDN
  A. Compagno, M. Conti, E. Losiouk, G. Tsudik, S. Valle
  In Proceedings of 2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020)
  [PDF]
• 2019 Conference
  ChoKIFA: A New Detection and Mitigation Approach against Interest Flooding Attacks in NDN
  A. Benarfa, M. Hassan, A. Compagno, E. Losiouk, M. Bachir Yagoubi, M. Conti
  In Proceedings of the International Conference on Wired/Wireless Internet Communications (IFIP WWIC 2019)
  [PDF]

Wireless Network Vulnerabilities

Publications

• 2023 Conference
  Beware of Pickpockets: A Practical Attack against Blocking Cards
  M. Alecci, L. Attanasio, A. Brighente, M. Conti, E. Losiouk, H. Ochiai, F. Turrin
  In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2023)
  [PDF] [GitHub]
• 2023 Book
  The Security of Wireless Communication Protocols Used in Mobile Health Systems
  E. Losiouk
  In: Women in Telecommunications. Women in Engineering and Science. Springer, Cham
  [DOI]
• 2022 Conference
  What You See is Not What You Get: a Man-in-the-Middle Attack Applied to Video Channels
  M. Conti, E. Losiouk, A. Visintin
  In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing (SAC 2022)
  [PDF]
• 2019 Conference
  ScaRR: Scalable Runtime Remote Attestation for Complex Systems
  F. Toffalini, E. Losiouk, A. Biondo, J. Zhou, M. Conti
  In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)
  [PDF]

Theses

Misc

Publications

• 2022 Workshop
  Face Recognition Systems: Are you sure they only consider your face?
  P. Srihari Darbha, M. Conti, E. Losiouk, R. Ranjan Maiti
  In Proceedings of the IEEE Workshop on the Internet of Safe Things (SafeThings 2022) co-located with IEEE S&P 2022
  [PDF]
• 2022 Journal
  Alpha Phi-shing Fraternity: Phishing Assessment in a Higher Education Institution
  M. Casagrande, M. Conti, E. Losiouk, M. Fedel
  Journal of Cybersecurity Education, Research and Practice
  [PDF]