Tag Archives: static analysis

The misuse of bytecode verification

Bytecode verification has been an interesting debate since the very beginning of Java Card. Back then, in 1997, Java was very much about Java applets, and the bytecode verifier was the essential piece of software that allowed untrusted code to run in a browser efficiently (i.e., without doing expensive runtime checks, and without having to […]

My Last Day at Trusted Logic

Today is my last day at Trusted Logic, after a bit more than 11 years. It has been a great adventure, and I really enjoyed the small company feeling, where one has to deal with one thousand different activities, giving many opportunities to learn on different fields. As I try to think about successes and […]

Android Malware, Permissions, and Side Channels

New Android malware keeps popping up, and the latest one to be publicly discussed is very typical of what we are seeing these days. And frankly, I haven’t found them very impressive. In short, the attack consists in recording phone calls, identifying calls to credit card support lines, then analyzing the recording to identify the […]

2011: The year of mobile malware? Nope.

One of the discussion topics at this week’s Mobile Security Barcamp in Sophia Antipolis was mobile malware, with some people claiming that 2011 will be the year of mobile malware. I agree with them that, as mobile takes more and more power, and as platforms like iOS and Android become more and more common, they […]