|Lecture type||Advanced lecture|
|Instructor||Dr.-Ing. Sven Bugiel|
Madhu Priya Murugan
|Time/Place||Tuesday 16 – 18, Building E1 3, HS 001|
|Kick-off||Tuesday, 8th November, 16:00 – 16:30, Building E1 3, HS 001|
This advanced lecture deals with different, fundamental aspects of mobile operating system and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in the area of smartphones is increased and they learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, sytem vendors, third parties (like companies).
Central questions of this course are:
The lectures are accompanied by exercises to re-enforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should provide hands-on experience in extending Android's security architecture with a simple custom access control enforcement mechanism.
There are no formal requirements for participation. Students who want to participate in the course should
Actual programming experience on Android or at OS-level is not a prerequisite, but definitively an advantage.
Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture), however, the necessary background on system design, access control, and network security will be provided in this lecture in order to better put Android's design choices into context.
The endterm exam will take place Thu, 23.02.2017, in E2.2 Günter-Hotz lecture hall from 14:00-16:00 (s.t.).
The backup exam will take place Mon, 10.04.2017, in E2.2 Günter-Hotz lecture hall from 14:00-16:00 (s.t.).
The registration is closed.
|Thu 14-16||E1.1, SR206||Madhu Priya Murugan|
|Thu 16-18||E1.3, SR014||Jie Huang|
|Fri 10-12||E1.3, SR014||Dhiman Chakraborty|
|Fri 14-16||E1.3, SR015||Sven Bugiel|
The references for the lecture slides can be found here. (Last update: Nov 08, 2016)
|01-11-2016||No lecture! (All Saint's day)|
Lecture 1: Motivation and Basic Concepts
|15-11-2016||Lecture 2: Security Concepts and Security Architecture||
Solution for Exercise 2
APKs for Exercise 2
|29-11-2016||Lecture 3: Security Architecture II||
Solution for Exercise 3
|06-12-2016||Lecture 4: Security Architecture III||
Solution for Exercise 4
|13-12-2016||Lecture 5: Security Support APIs||
Exercise 5 (Course Project)
|20-12-2016||No lecture! (Christmas holidays)|
|10-01-2017||Lecture 6: Advanced Attacks and Problems||—|
|17-01-2017||Lecture 7: Network Security||
Solution of Exercise 6
|24-01-2017||Lecture 8: App Analysis||
Solution of Exercise 7
|31-01-2017||Lecture 9: Application-layer Security Extensions||
Solution of Exercise 8
|07-02-2017||Lecture 10: Intro to Trusted Computing and Trusted Computing Concepts||
Solution for Exercise 9
Lecture 11: Hardware Security Primitives and Mobile Trusted Computing
Q&A for exam