Mobile Security Sven Bugiel

News

22.03.2019

Exam results are in LSF

Hello,

Exam results are updated to LSF.

You should able to register for the re-exam now. Please register by today.

If you face any problem with registering with re-exam in LSF, please send us an email and come to write the re-exam. We will take care of that later.

20.03.2019

Exam results online

The exam results are online in cms.

Please check your result in cms and register for the re-exam (if you want to write it) as soon as possible by this Friday in LSF.

Exam Inspection

Time and date : 22/03/2019 (Friday) at 10:00 am (CEST)

Place : E 9 1... Read more

The exam results are online in cms.

Please check your result in cms and register for the re-exam (if you want to write it) as soon as possible by this Friday in LSF.

Exam Inspection

Time and date : 22/03/2019 (Friday) at 10:00 am (CEST)

Place : E 9 1 (CISPA building) Room no 0.07 (ground floor)

27.02.2019

Mobile security exam

The exam will start at Friday 10.00 am cest. Please be at the exam hall by 9.45 am (15 min before).

No cheat sheet, mobile phones , electronic gadgets , smart watches are allowed.

Jackets and bags should be stowed away at the corner of the room.

Red, green... Read more

The exam will start at Friday 10.00 am cest. Please be at the exam hall by 9.45 am (15 min before).

No cheat sheet, mobile phones , electronic gadgets , smart watches are allowed.

Jackets and bags should be stowed away at the corner of the room.

Red, green pens and pencils are not allowed 

Good luck.

21.02.2019

Project grading done, Exercise grading finished

Project grading is done and the grades are now visible in CMS. If you have question please contact your respective tutor for a meeting.

For tutorial 3, unfortunately I will be not available till March 1. So if any of you of tutorial 3 has any question please come... Read more

Project grading is done and the grades are now visible in CMS. If you have question please contact your respective tutor for a meeting.

For tutorial 3, unfortunately I will be not available till March 1. So if any of you of tutorial 3 has any question please come to my office till tomorrow 6 pm for any clarification (appointment not needed). If I am not in office I will be somewhere nearby so either wait for sometime or knock again after sometime.

All exercise grading is done and and exam admittance is calculated. You can find that information on your student homepage page in CMS. 

 

29.01.2019

Changed location for backup exam

Please be aware that the location of the backup exam has changed!

The backup exam will take place Friday, 29.03.2019, in E2.5 HS II from 10:00-12:00 (s.t.).‚Äč

24.01.2019

Course project submission - update

The course project will stay open till Sunday 27th of January 2019 midnight (CET). After that all the accesses to the vms will be revoked and no more changes can be done.

For submission, please keep the vm as it is, if creating patch file is troublesome. We will... Read more

The course project will stay open till Sunday 27th of January 2019 midnight (CET). After that all the accesses to the vms will be revoked and no more changes can be done.

For submission, please keep the vm as it is, if creating patch file is troublesome. We will check and correct the implementations in the vms. But make sure the vm compiles without any problem. If the compilation fails we will not try to fix the compilation and no point will be awarded.

If you have already submitted patch file and that does not install then do not worry. We will check your implementation in the corresponding vm.

19.01.2019

Short video for Exercise 8

I added a link to a short video to the Exercise 8 material. The video gives a quick intro to the IRM example (i.e., blocking camera access) as explained in the exercise sheet.

14.01.2019

Project submission

Due to system downtime and project description confusion, we want to extend the project submission deadline by one week.

You can submit your course project till 25th of January 2019.

There might be parallel assignments.

14.01.2019

Sepolicy folder

Please find the sepolicy te files under /home/mobisec/android/system/sepolicy .

We have used a different android version so the confusion occurred. Sorry for the inconvenience.

18.12.2018

Servers are back online

All vms are back online.

17.12.2018

Server maintenance from 6:00 am to 9:00 am on 18.10.2018

Mobisec project servers will be down on 18.10.2018 morning from 6:00 am to 9:00 am. This is cispa wide yearly server maintenance. During this time no vm will be available. Please do not forget to save your changes and log out from the vm. 

Servers will be again... Read more

Mobisec project servers will be down on 18.10.2018 morning from 6:00 am to 9:00 am. This is cispa wide yearly server maintenance. During this time no vm will be available. Please do not forget to save your changes and log out from the vm. 

Servers will be again available on 18.10.2018 after 9:00 am.  

17.12.2018

No tutorial till project submission

There will be no tutorial till submission of project and release of a new tutorial.

For project related setup and management problems, please come to me at E 9 1 room no 3.10

Please use the form to ask question.

10.12.2018

VM access for course project

VMs are allotted to teams. You can find your allotted vm number in your cms personal info page under "Allotted VM" field.

Use the ssh command from your terminal to connect. For windows user can use a terminal emulator.

If your vm number is in the below ranges... Read more

VMs are allotted to teams. You can find your allotted vm number in your cms personal info page under "Allotted VM" field.

Use the ssh command from your terminal to connect. For windows user can use a terminal emulator.

If your vm number is in the below ranges use corresponding ip address.

VM number range            IP address

2201..2220                        134.96.225.122

2221..2240                        134.96.225.123

2241..2260                        134.96.225.124


ssh -X -p <alloted VM> mobisec@134.96.225.123

for example ssh -X -p 2201 mobisec@134.96.225.122 will login to vm 2201.

Please compile using
source build/envsetup.sh ; lunch full-eng ; make -j64 ; jack-admin kill-server ;

After every compilation please run "jack-admin kill-server" to release RAM immediately. Otherwise I will restart the vm to release RAM.

10.12.2018

No tutorial for tutorial group 03, today

Hello,

Due to low attendance and no exercise this week, there will be no tutorial for group 03 today. If you want to see your ex04 solution correction then come to my office (E 9 1, 3.10) anytime tomorrow.

07.12.2018

vm distribution will take some time

Due to some technical difficulty in server, the vm distribution will take some more time. You will be updated when the distribution is done. It should be done within this weekend.

07.12.2018

Upload SSH key in cms

Please upload your ssh PUBLIC key in cms. Do not send email.

07.12.2018

Upload ssh public key to cms

Hello Students,

Please upload your ssh PUBLIC key to cms to get access to VMS. Then only you can take part in the course project.

Do not upload your PRIVATE key.

03.12.2018

No tutorial for tutorial group 03, today

Due to very less attendance, there will be no tutorial today at 14:00.

If anyone wants to see his assignment or wants to discuss some questions please come to my office E9 1 Room no 3.10.

04.11.2018

Tutorial assignment and first tutorial

Dear student,

You are now assigned with a tutorial slot for the course. Please check in cms for the tutorial slot you are assigned with. We had tried to allot tutorial slot according to your choice. But if in case you do not like the assignment, please email... Read more

Dear student,

You are now assigned with a tutorial slot for the course. Please check in cms for the tutorial slot you are assigned with. We had tried to allot tutorial slot according to your choice. But if in case you do not like the assignment, please email asap. 

This week we will help you with the setup and ex.0 in the tutorial. 

Ex.1 is due 9th November. 

Good Luck

21.10.2018

Changes in lecture schedule

Please note changes in the lecture schedule:

Lecture 09.11.: Will take place
Lecture 21.12.: Will not take place

Show all
 

About the course

This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in the area of smartphones is increased and they learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).

Central questions of this course are:

  • What is the threat model from the different principals' perspective?
  • How are the basic design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
  • What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
  • Which problems and solutions have been identified in the past half-decade of security research in this area?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to re-enforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.

Where and when

The lectures will take place every Friday 10:00 – 12:00 in building E9 1 (CISPA), room 0.05 (lecture hall ground floor).

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java (and C/C++)
  • should be comfortable with working with Linux

Actual programming experience on Android or at OS-level is not a prerequisite, but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture); however, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices into context better.

Requirements for obtaining credit points (Scheinvergabe)

For passing the course, the following minimum amount of points is needed:

  • 50% of the points from the exercise sheets; and
  • 50% of the points from the final exam.

The end-term exam will take place Friday, 01.03.2019, in E2.2 Günter-Hotz lecture hall from 10:00-12:00 (s.t.).

The backup exam will take place Friday, 29.03.2019, in E2.5 HS II from 10:00-12:00 (s.t.).

Registration

Register for the course here in the CISPA CMS. Registration opens Oct 08 at 12:00. Once you are registered here, don't forget to register in the LSF.

Please note that the number of students for this course is limited to 60!

Exercise 0

In this course, you will do graded exercises that involve Android application and system programming. Thus, it is crucial that you have a working development environment. You can set one up by going through Exercise 0 (not graded), in which you create a set of apps, which we will use in later exercises. If you are already familiar with Android programming, you can skip the IDE setup of this exercise; however, you should still create the explained apps.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact Sven Bugiel