News

Backup exam points in CMS

Written on 30.03.18 by Sven Bugiel

The points for the backup exam are available in the CMS.

The backup exam inspection will take place Tuesday, April 10, from 11:00-12:00 in room 0.07 at CISPA.

re-exam registration problem in LSF

Written on 13.03.18 by Dhiman Chakraborty

Who ever tried to register for the re-exam and unable to do so due to some technical problem, please send an email to             studium@cs.uni-saarland.de.

Do not forget to state your name, matriculation number and the course(Mobile Security) you were trying to register.

Also state the problem… Read more

Who ever tried to register for the re-exam and unable to do so due to some technical problem, please send an email to             studium@cs.uni-saarland.de.

Do not forget to state your name, matriculation number and the course(Mobile Security) you were trying to register.

Also state the problem you have faced with LSF in the email.

Who ever able to register successfully in the LSF can ignore this notice.

Re-exam registration in LSF

Written on 05.03.18 by Dhiman Chakraborty

Do not forget to register for the re-exam in LSF-HISPOS if you wish to write the re-exam.

Exam inspection changes are available in cms

Written on 02.03.18 by Dhiman Chakraborty

All corrected points are updated in the cms and grades are recalculated after exam inspection.

Exam points and grade published

Written on 23.02.18 by Sven Bugiel

The exam points and the resulting overall grade are now available in the CMS.

The exam inspection will take place Thursday, Mar 01, from 10:00-11:00 in room 0.07 at CISPA.

Exercise calculation and exam admittance

Written on 07.02.18 by Dhiman Chakraborty

All the exercises are corrected and exam admittance is calculated. Please check the "personal status" page for all exercise points and exam admittance. Report us back if you find anything irregular.

Final grading will be (40% total of exercises + 60% of max(exam, re-exam)). So if you are not… Read more

All the exercises are corrected and exam admittance is calculated. Please check the "personal status" page for all exercise points and exam admittance. Report us back if you find anything irregular.

Final grading will be (40% total of exercises + 60% of max(exam, re-exam)). So if you are not confident enough or retry next year then you have 1 week to deregister from the course in hispos.

Feel free to ask any question.

Good luck for exam.

No tutorial on Feb 2, 2018

Written on 01.02.18 by Dhiman Chakraborty

Due to low attendance, the tutorial for Friday Feb 2 is cancelled. If you want to talk to me regarding assignment, course project grading(yet to come), exam preparation or time-pass over a cup of tea please drop by to my office or email me for an appointment(preferred).

Thanks & Regards,

Dhiman 

[Exercise 9]Task 2 Solution already given in the "stub"

Written on 17.01.18 by Dhiman Chakraborty

Hello,

Unfortunately task 2 Solution is already given accidentally in the "stub".

We have replaced the zip file. However, since we already handed the solution out, the point for task 2 will be gifted full to everyone.

With the correct zip in CMS now, You can do the exercise, but we won't… Read more

Hello,

Unfortunately task 2 Solution is already given accidentally in the "stub".

We have replaced the zip file. However, since we already handed the solution out, the point for task 2 will be gifted full to everyone.

With the correct zip in CMS now, You can do the exercise, but we won't correct it, since the points are already awarded.

No tutorial before Christmas Holidays

Written on 20.12.17 by Dhiman Chakraborty

There will be no tutorial before Christmas Holidays.
Regular tutorial sessions will reconvene from second week of January, 2018.
Happy Holidays.

VM problem solved

Written on 12.12.17 by Dhiman Chakraborty

All technical problems are solved and VMs are ready for project. Please start using them. All the old codes are still there. Nothing changed so you can start from where you left.

If something is not working please report immediately through cms forum or email.

Unexpected technical problem with the VMs

Written on 12.12.17 by Dhiman Chakraborty

There are some unexpected technical problem with the vms. We are working on it.

Please do not use the VMs until further notification.

If the problem takes longer time to solve we will extend the project deadline if needed.

VM access for course project

Written on 06.12.17 (last change on 06.12.17) by Dhiman Chakraborty

VMs are allotted to teams. You can find your allotted vm number in your cms personl info page under "Allotted VM" field.

Use the ssh command from your terminal to connect. For windows user can use a terminal emulator.

If your vm number is in the below ranges use corresponding ip address.

VM… Read more

VMs are allotted to teams. You can find your allotted vm number in your cms personl info page under "Allotted VM" field.

Use the ssh command from your terminal to connect. For windows user can use a terminal emulator.

If your vm number is in the below ranges use corresponding ip address.

VM number range            IP address

2201..2219                        134.96.225.121

2221..2239                        134.96.225.122

2241..2259                        134.96.225.123

2261..2279                        134.96.225.124

ssh -X -p <alloted VM> mobisec@134.96.225.123

for example ssh -X -p 2201 mobisec@134.96.225.121 will login to vm 2201.

Good luck.

CMS update for course project

Written on 05.12.17 by Dhiman Chakraborty

It is mandatory for every student to update the cms with their Team member name and SSH key.

Every student has to update this field to get a VM allotted.

Please do it by tomorrow 10.00 am (before lecture).

Team up for course project

Written on 30.11.17 by Dhiman Chakraborty

Dear students,

For the course project please try to make a team of two persons as soon as possible. Find a friend to team up otherwise I will make team by choosing randomly.

Also do not forget to fill the cms with your team member name and ssh public key (NOT PRIVATE KEY). 

Submit apk files with your solutions from ex3 onwards

Written on 16.11.17 by Dhiman Chakraborty

From exercise 3 onwards, please submit the .apk files of the applications you are creating along with the src directory.

Corrected submission date for Exercise 2

Written on 08.11.17 by Sven Bugiel

The submission date in the exercise 2 sheet has been corrected. The correct date is Nov 15, 2017.

No tutotrial on next week(30/10/2017 - 03/11/2017)

Written on 26.10.17 by Dhiman Chakraborty

There will be no tutorial for the week 30/10/2017 - 03/11/2017.

Tutorials will resume after the submission of first assignment.
 

Location changed for kick-off lecture Oct 18

Written on 29.09.17 by Sven Bugiel

Due to a parallel distinguished lecture at CISPA, the location of the kick-off lecture on Oct 18 has been changed to CISPA E9.1 room 0.01.

Exam dates fixed

Written on 26.09.17 by Sven Bugiel

The dates for the end-term and backup exam have been fixed.

Tutorials published

Written on 25.09.17 by Sven Bugiel

The available tutorial slots have been published. Please choose your preferences before Oct 24, 23:59.

Lecture schedule updated

Written on 19.09.17 by Sven Bugiel

Lecture schedule was adjusted to adhere to the actual lecture period.

Course activated in CISPA CMS

Written on 08.08.17 (last change on 08.08.17) by Sven Bugiel

The course is now available on the CISPA CMS and registration opens Aug 14 at 12:00 (noon).

Show all

About the course

This advanced lecture deals with different, fundamental aspects of mobile operating system and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in the area of smartphones is increased and they learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, sytem vendors, third parties (like companies).

Central questions of this course are:

  • What is the threat model from the different principals' perspective?
  • How are basic design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated in those designs?
  • What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
  • Which problems and solutions have been identified in the past half decade of security research in this area?
  • Which techniques have been develop to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to re-enforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should provide hands-on experience in extending Android's security architecture with a simple custom access control enforcement mechanism.

Where and when

The lectures will take place every Wednesday 10:00 – 12:00 in building E9 1 (CISPA), room 0.05 (lecture hall ground floor).

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java (and C/C++)
  • should be comfortable with working with Linux

Actual programming experience on Android or at OS-level is not a prerequisite, but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture), however, the necessary background on system design, access control, and network security will be provided in this lecture in order to better put Android's design choices into context.

Requirements for obtaining credit points (Scheinvergabe)

For passing the course, the following minimal amount of points is needed:

  • 50% of the points from the exercise sheets; and
  • 50% of the points from the final exam.

The endterm exam will take place Wed, 21.02.2018, in E2.2 Günter-Hotz lecture hall from 10:00-12:00 (s.t.).

The backup exam will take place Mon, 19.03.2018, in E2.2 Günter-Hotz lecture hall from 10:00-12:00 (s.t.).

Registration

Register for the course here in the CISPA CMS. Registration opens Aug 14 at 12:00. Once you are registered here, don't forget to register in the LSF.

Please note that the number of students for this course is limited to 60!

Exercise 0

In this course, you will do graded exercises that involve Android application and system programming. Thus, it is important that you have a working development environment. You can set one up by going through Exercise 0 (not graded), in which you create a set of apps, which we will use in later exercises. If you are already familiar with Android programming, you can skip the IDE setup of this exercise, however, you should still create the explained apps.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.