Martina Lindorfer

Bio

I am a tenure-track Assistant Professor in the Security and Privacy Research Unit at TU Wien (Technische Universität Wien, formerly known as Vienna University of Technology) in Vienna, Austria. I am also a key researcher at SBA Research, the largest research center in Austria which exclusively addresses information security.

Before that, I was a Postdoc in the Computer Security Group (SecLab) at UC Santa Barbara, working with Christopher Kruegel and Giovanni Vigna. I received my doctorate in 2016 with honors of the Austrian president (Promotio Sub Auspiciis Praesidentis), as well as the ERCIM Cor Baayen Young Researcher Award in 2018. During my PhD, I was advised by Edgar Weippl and worked as a research assistant at the International Secure Systems Lab (iSecLab).

In addition to my PhD, I hold a Master's degree in Software Engineering and Internet Computing from TU Wien and a Bachelor's degree in Computer and Media Security from the University of Applied Sciences in Hagenberg.

You can download a copy of my CV here.

Contact

mlindorfer (at) iseclab (dot) org

martina (dot) lindorfer (at) tuwien (dot) ac (dot) at

        PGP 0x66624E61
    @lindorferin
 Google Scholar Profile
  Technische Universität Wien (TU Wien)
                Institute of Logic and Computation (192/6)
                Research Unit Security and Privacy
                Favoritenstrasse 9-11, Stiege 2, 1. Stock
                A-1040 Wien
    https://secpriv.tuwien.ac.at

News

2020
Aug 27	Jürgen Cito and me are looking for a student employee for a Master thesis at the intersection of software engineering and security.
Jul 29	I have 3 open positions for PhD students (2 related to mobile app analysis for IoT + 1 on machine learning for security). Ping me if you are interested!
Jul 13	Our Doctoral College for Secure and Intelligent Human-Centric Digital Technologies (SecInt) on the intersection of Security and Privacy, Machine Learning, and Formal Methods has been accepted!
Jun 10	Thanks Victoria Kirner for the nice interview (including stylish portraits!) and discussion about rubber boots for C/O Vienna Magazine.
Apr 2	I was featured in Die Zeit for their portrait series about Austrians!
Mar 18	Honored to receive the Early Career Award for Women in Cybersecurity Research at ACM CyberW. Special thanks to Daphne Yao: as last time at CCS 2017, it was a great workshop that hopefully continues!
Jan 30	Had the pleasure to talk to school girls as part of the Tagebuch der Informatikerin (Diary of a Computer Scientist) to clear up common misconceptions and stereotypes about careers in tech.
Jan 11	Recent press roundup: I was a guest on the Kleine Zeitung's Startgepräch Podcast, as well as got the chance to talk to Der Standard and Die Presse about my research and my career path.

2019
Nov 5	Honored to receive this years Hedy Lamarr Award from the City of Vienna. Looking forward to being part of this network of innovative female researchers in computer science!
Nov 4	The Vienna Science, Research and Technology Fund (WWTF) accepted our proposal IoTIO: Analyzing and Understanding the Internet of Insecure Things with funding for 2 PhD positions for 4 years. Official announcement of positions will come in February!
Oct 1	Welcome to my first official PhD student Jakob Bleier, who will be working with me on mobile security and privacy topics!
Aug 10	We have some last minute funding for diversity grants for our summer school for security and privacy on blockchains (BDLT19) sponsored by Princeton's Center for Information Technology Policy.
Jul 1	I am proud to announce that I am now also a key researcher at SBA Research.
Jun 27	Elleen is presenting Panoptispy, our work on media leaks in mobile apps, at PrivacyCon hosted by the Federal Trade Commission (FTC).
Jun 17	We wrapped up the first iteration of our new Introduction to Security lecture with 300 participants with a presentation of the best of the 1,600 solutions to 11 challenges in our WUT CTF.
Jun 12	We are organizing the 1st International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies at TU Wien in September, the registration is now open.
Jan 31	I am looking for PhD students in (mobile) systems security and privacy! More information here.
Jan 8	Thanks Florian Aigner @ TU Wien for the nice profile about me and my research!

2018
Oct 9	I am honored to receive the 2018 ERCIM Cor Baayen Young Researcher Award.
Aug 6	Rampage received a Pwnie nomination for Best Privilege Escalation Bug.
Jun 19	I am excited to officially announce that I will join TU Wien as an Assistant Professor (tenure track) in October.

2017
Nov 11	Drammer received the Best Paper Award at the CSAW'17 Applied Research Competition.
Oct 2	I am excited to be selected as a mentor for Learn IT, Girl, a program that helps women around the globe to learn how to code.
Jul 26	Drammer received a Pwnie Award for Best Privilege Escalation Bug and was also nominated for Most Innovative Research.
May 20	I was interviewed by the Austrian daily newspaper Kurier on why more women should study computer science (print and online).
May 16	I am honored to be awarded my doctorate degree in a Promotio Sub Auspiciis Praesidentis (press release by TU Wien).
Apr 5	ReCon was used in the documentary Harvest to raise awareness about privacy risks of mobile apps.
Mar 21	Drammer received the Best Dutch Cyber Security Research Paper (DCSRP2017) award.

2016
Nov 1	Drammer was recognized by the Android Security Rewards Program (CVE-2016-6728, critical).

Open Positions

fully funded PhD positions as part of the project IoTIO: Analyzing and Understanding the Internet of Insecure Things funded by the WWTF (start date ASAP). See the call for candidates and contact me if you are interested!

fully funded PhD position as part of the SecInt Doctoral College on security and ML (start date Fall 2020).

part-time position as a student employee for a Master thesis on Large-scale Analysis of Attack Vectors in Software Repositories in collaboration with Jürgen Cito.

For other topics for Bachelor or Master theses see our group website and apply with your transcripts (and areas of interest) to thesis (at) secpriv (dot) tuwien (dot) ac (dot) at and we will schedule a meeting.

Reviewer Service

Program Committee Member

IEEE Symposium on Security and Privacy (S&P 2020 & 2021)
The Web Conference (WebConf 2020 & 2021, formerly known as WWW, Security, Privacy, and Trust track)
ACM Conference on Computer and Communications Security (CCS 2020)
USENIX Security Symposium (USENIX Security 2019 & 2020)
Conf. on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2016, 2017, 2018, 2019, 2020)
European Workshop on Systems Security (EuroSec 2018, 2019 & 2020)
Reversing and Offensive-oriented Trends Symposium (ROOTS 2020)
Annual Computer Security Applications Conference (ACSAC 2019), including Artifacts Evaluation Subcommittee
ACM ASIA Conference on Computer and Communications Security (ASIACCS 2019)
USENIX Workshop on Offensive Technologies (WOOT 2015 & 2018)
International Symposium on Engineering Secure Software and Systems (ESSoS 2018)
International Workshop on Innovations in Mobile Privacy and Security (IMPS 2017 & 2018)
Workshop on Formal Methods for Security Engineering (ForSE 2017 & 2018)
International Workshop on Emerging Cyberthreats and Countermeasures (ECTCM 2013, 2014 & 2015)

External Reviewer

Privacy Enhancing Technologies Symposium (PETS 2017, 2018 & 2020)
IEEE European Symposium on Security and Privacy (EuroS&P 2019)
International Conference on emerging Networking EXperiments and Technologies (CoNEXT 2016)

Journal Reviewer (excerpt)

ACM Transactions on Privacy and Security
EURASIP Journal on Information Security
IEEE Transactions on Computers
IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Information Forensics and Security
IEEE Transactions on Mobile Computing
International Journal of Information Security
Journal of Computer Virology and Hacking Techniques
Theoretical Computer Science

Guest Editor

Special Issue on Deployable & Impactful Security Applications for ACM Digital Threats: Research and Practice
Special Issue on Security on Mobile and IoT Devices for IET Information Security

Publications

Olivier van der Toorn, Roland van Rijswijk-Deij, Tobias Fiebig, Martina Lindorfer, Anna Sperotto
TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records
International Workshop on Traffic Measurements for Cybersecurity (WTMC), September 2020

@inproceedings{txting:wtmc20,
   author = {van der Toorn, Olivier and van Rijswijk-Deij, Roland and Fiebig, 
   Tobias and Lindorfer, Martina and Sperotto, Anna},
   title = {{TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records}},
   booktitle = {Proceedings of the International Workshop on Traffic Measurements for Cybersecurity (WTMC)},
   year = {2020}
}

Thijs van Ede, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen, Andreas Peter
FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
Network and Distributed System Security Symposium (NDSS), February 2020

@inproceedings{flowprint:ndss20,
   author = {van Ede, Thijs and Bortolameotti, Riccardo and Continella, Andrea and Ren, Jingjing and Dubois, Daniel J. and Lindorfer, Martina and Choffnes, David and van Steen, Marten and Peter, Andreas},
   title = {{FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic}},
   booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
   year = {2020}
}

Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, Christopher Kruegel
When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features
Network and Distributed System Security Symposium (NDSS), February 2020

@inproceedings{packware:ndss20,
   author = {Hojjat Aghakhani and Fabio Gritti and Francesco Mecca and Martina Lindorfer and Stefano Ortolani and Davide Balzarotti and Giovanni Vigna and Christopher Kruegel},
   title = {{When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features}},
   booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
   year = {2020}
}

Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, Giovanni Vigna
MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
ACM Conference on Computer and Communications Security (CCS), October 2018

@inproceedings{minesweeper:ccs18,
   author = {Radhesh Krishnan Konoth and Emanuele Vineti and Veelasha Moonsamy and Martina Lindorfer and Christopher Kruegel and Herbert Bos and Giovanni Vigna},
   title = {{MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense}},
   booktitle = {Proceedings of the ACM Conference on Computer and Communications Security (CCS)},
   year = {2018}
}

Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, David Choffnes
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications
Privacy Enhancing Technologies Symposium (PETS), July 2018
```
@inproceedings{panoptispy:pets18,
   author = {Elleen Pan and Jingjing Ren and Martina Lindorfer and Christo Wilson and David Choffnes},
   title = {{Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications}},
   booktitle = {Proceedings of the Privacy Enhancing Technologies Symposium (PETS)},
   year = {2018}
}
```
MEDIA: Gizmodo, Fortune, Engadget, Heise, Stern, Futurezone, New York Times (Op-Ed), ABC ScreenTime w/ Diane Sawyer, New York Times (The Privacy Project), amongst many others.

* Presented at FTC PrivacyCon 2019 *
Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi
GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM
Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), June 2018
```
@inproceedings{guardion:dimva18,
   author = {Victor van der Veen and Martina Lindorfer and Yanick Fratantonio and Harikrishnan Padmanabha Pillai and Giovanni Vigna and Christopher Kruegel and Herbert Bos and Kaveh Razavi},
   title = {{GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM}},
   booktitle  = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
   year = {2018}
}
```
MEDIA: Ars Technica, Slashdot, Heise, amongst others.

* Pwnie nomination for Best Privilege Escalation Bug *
* Best Research Award at the International Conference on Computing Systems (CompSys 2018) *

Jingjing Ren, Martina Lindorfer, Daniel Dubois, Ashwin Rao, David Choffnes, Narseo Vallina-Rodriguez
Bug Fixes, Improvements, ... and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions
Network and Distributed System Security Symposium (NDSS), February 2018

@inproceedings{appversions:ndss18, 
   author = {Jingjing Ren and Martina Lindorfer and Daniel Dubois and Ashwin Rao and David Choffnes and Narseo Vallina-Rodriguez},
   title = {{Bug Fixes, Improvements, ... and Privacy Leaks -- A Longitudinal Study of PII Leaks Across Android App Versions}}, 
   booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
   year = {2018}
}

* Presented at FTC PrivacyCon 2018 *

Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
Network and Distributed System Security Symposium (NDSS), February 2017

@inproceedings{agrigento:ndss17,
   author = {Andrea Continella and Yanick Fratantonio and Martina Lindorfer and Alessandro Puccetti and Ali Zand and Christopher Kruegel and Giovanni Vigna},
   title = {{Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis}},
   booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
   year = {2017}
}

Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
ACM Conference on Computer and Communications Security (CCS), October 2016
```
@inproceedings{drammer:ccs16,
   author = {Victor {van der Veen} and Yanick Fratantonio and Martina Lindorfer and Daniel Gruss and Cl{\'e}mentine Maurice and Giovanni Vigna and Herbert Bos and Kaveh Razavi and Cristiano Giuffrida},
   title = {{Drammer: Deterministic Rowhammer Attacks on Mobile Platforms}},
   booktitle = {Proceedings of the ACM Conference on Computer and Communications Security (CCS)},
   year = {2016}
}
```
MEDIA: WIRED, Ars Technica, Slashdot, amongst others.

* Pwnie Award for Best Privilege Escalation Bug and nomination for Most Innovative Research *
* Best Dutch Cyber Security Research Paper *
* Best Paper Award at the CSAW'17 Applied Research Competition *
Jingjing Ren, Ashwin Rao, Martina Lindorfer, Arnaud Legout, David Choffnes
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
International Conference on Mobile Systems, Applications and Services (MobiSys), June 2016
```
@inproceedings{recon:mobisys16,
   author = {Jingjing Ren and Ashwin Rao and Martina Lindorfer and Arnaud Legout and David Choffnes},
   title = {{ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic}},
   booktitle = {Proceedings of the International Conference on Mobile Systems, Applications and Services (MobiSys)},
   year = {2016}
}
```
MEDIA: Boston Globe, NBC News, MSN News, Christian Science Monitor, amongst others.

* Presented at FTC PrivacyCon 2017 *

Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda
CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes
International Conference on Financial Cryptography and Data Security (FC), February 2016

@inproceedings{curiousdroid:fc16,
   author = {Carter, Patrick and Mulliner, Collin and Lindorfer, Martina and Robertson, William and Kirda, Engin},
   title = {{CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes}},
   booktitle = {Proceedings of the International Conference on Financial Cryptography and Data Security (FC)},
   year = {2016}
}

Martina Lindorfer, Matthias Neugschwandtner, Christian Platzer
Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis
Annual International Computers, Software & Applications Conference (COMPSAC), July 2015

@inproceedings{marvin:compsac2015,
   author = {Lindorfer, Martina and Neugschwandtner, Matthias and Platzer, Christian},
   title = {{Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis}},
   booktitle = {Proceedings of the Annual International Computers, Software \& Applications Conference (COMPSAC)},
   year = {2015}
}

MEDIA: Futurezone, ORF Newton, SRF Kassensturz

Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, Christian Platzer
Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors
International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), September 2014

@inproceedings{andrubis:badgers14,
   author = {Martina Lindorfer and Matthias Neugschwandtner and Lukas Weichselbaum and Yanick Fratantonio and Victor {van der Veen} and Christian Platzer},
   title = {{Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors}},
   booktitle = {Proceedings of the the International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)},
   year = {2014}
}

Lukas Weichselbaum, Matthias Neugschwandtner, Martina Lindorfer, Yanick Fratantonio, Victor van der Veen, Christian Platzer
Andrubis: Android Malware Under The Magnifying Glass
Technical Report, TU Wien, TR-ISECLAB-0414-001, July 2014

Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, Sotiris Ioannidis
AndRadar: Fast Discovery of Android Applications in Alternative Markets
Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2014

@inproceedings{andradar:dimva14,
   author = {Lindorfer, Martina and Volanis, Stamatis and Sisto, Alessandro and Neugschwandtner, Matthias and Athanasopoulos, Elias and Maggi, Federico and Platzer, Christian and Zanero, Stefano and Ioannidis, Sotiris},
   title = {{AndRadar: Fast Discovery of Android Applications in Alternative Markets}},
   booktitle = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
   year = {2014}
}

Christian Platzer, Martin Stuetz, Martina Lindorfer
Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images
International Workshop on Security and Forensics in Communication Systems (ASIACCS-SFCS), June 2014

@inproceedings{platzer2014:skinsheriff,
   author = {Platzer, Christian and Stuetz, Martin and Lindorfer, Martina},
   title = {{Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images}},
   booktitle = {Proceedings of the International Workshop on Security and Forensics in Communication Systems (ASIACCS-SFCS)},
   year = {2014}
}

Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin Mulazzani, Edgar Weippl
Enter Sandbox: Android Sandbox Comparison
IEEE Mobile Security Technologies Workshop (MoST), May 2014

@inproceedings{sandboxcomparison:most14,
   author = {Sebastian Neuner and Victor {van der Veen} and Martina Lindorfer and Markus Huber and Georg Merzdovnik and Martin Mulazzani and Edgar Weippl},
   title = {{Enter Sandbox: Android Sandbox Comparison}},
   booktitle = {Proceedings of the IEEE Mobile Security Technologies Workshop (MoST)},
   year = {2014}
}

Martina Lindorfer, Bernhard Miller, Matthias Neugschwandtner, Christian Platzer
Take a Bite - Finding the Worm in the Apple
International Conference on Information, Communications and Signal Processing (ICICS), December 2013

@inproceedings{lindorfer2013:macmal,
   author = {Lindorfer, Martina and Miller, Bernhard and Neugschwandtner, Matthias and Platzer, Christian},
   title = {{Take a Bite - Finding the Worm in the Apple}},
   booktitle = {Proceedings of the International Conference on Information, Communications and Signal Processing (ICICS)},
   year = {2013}
}

Martina Lindorfer, Matthias Neumayr, Juan Caballero, Christian Platzer
POSTER: Cross-Platform Malware: Write Once, Infect Everywhere
ACM Conference on Computer and Communications Security (CCS), November 2013

Matthias Neugschwandtner, Martina Lindorfer, Christian Platzer
A View to a Kill: WebView Exploitation
USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), August 2013

@inproceedings{webview:neugschwandtner2013,
   author = {Neugschwandtner, Matthias and Lindorfer, Martina and Platzer, Christian},
   title = {{A View To A Kill: WebView Exploitation}},
   booktitle = {Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)},
   year = {2013}
}

Martina Lindorfer, Alessandro Di Federico, Federico Maggi, Paolo Milani Comparetti, Stefano Zanero
Lines of Malicious Code: Insights Into the Malicious Software Industry
Annual Computer Security Applications Conference (ACSAC), December 2012

@inproceedings{lindorfer2012:beagle,
   author = {Lindorfer, Martina and Di Federico, Alessandro and Maggi, Federico and Milani Comparetti, Paolo and Zanero, Stefano},
   title = {{Lines of Malicious Code: Insights Into the Malicious Software Industry}},
   booktitle = {Proceedings of the Annual Computer Security Applications Conference (ACSAC)},
   year = {2012}
}

Martina Lindorfer, Clemens Kolbitsch, Paolo Milani Comparetti
Detecting Environment-Sensitive Malware
International Symposium on Recent Advances in Intrusion Detection (RAID), September 2011

@inproceedings{lindorfer2011:disarm,
   author = {Lindorfer, Martina and Kolbitsch, Clemens and Milani Comparetti, Paolo},
   title = {{Detecting Environment-Sensitive Malware}},
   booktitle = {Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)},
   year = {2011}
}

Theses

Malware Through the Looking Glass: Malware Analysis in an Evolving Threat Landscape
Dissertation, TU Wien, November 2015
Detecting Environment-Sensitive Malware
Master's thesis, TU Wien, April 2011