News
Grades for written Backup Exam (Oct 30) onlineWritten on 01.11.20 by Sven Bugiel The grades for the written backup exam from Oct 30 are in the CMS. Exam inspection: If you like to inspect your exam, please contact Sven Bugiel to arrange a virtual meeting. |
Written backup examWritten on 24.09.20 by Sven Bugiel The written backup exam will take place on Friday, Oct 30, from 14:00–16:00 in HS002 in E1 3. Please register in the LSF and in the CMS. |
Oral Backup Exam Grades onlineWritten on 27.05.20 by Sven Bugiel We put the grades for the oral backup exam into the CMS. If you like to "inspect the exam", please contact me by tomorrow, Thursday, May 28, to schedule a call; otherwise, I will enter the current grades into the LSF on Friday. |
Update on Backup ExamWritten on 30.04.20 by Sven Bugiel Dear all, here an update regarding the backup exam: A written backup exam will be offered in the additional exam period between October 19 - October 30. We additionally offer an optional oral exam on May 25 and May 26. The oral exam is optional for students that have time limitations etc (for… Read more Dear all, here an update regarding the backup exam: A written backup exam will be offered in the additional exam period between October 19 - October 30. We additionally offer an optional oral exam on May 25 and May 26. The oral exam is optional for students that have time limitations etc (for example, if you need your grade before October). If you do not participate in the oral exam, your next possible attempt is the written exam in October (this affects students that want to improve their current grade). Important:
The oral exam will take place via Zoom, following the guidelines published by the university, and will take 30 minutes. For those students that will take the oral exam, we offer to test their Zoom setup prior to the exam with us. Cheers and stay healthy, |
Postponed backup examWritten on 22.03.20 by Sven Bugiel Dear all, the backup exam will be postponed due to the ongoing pandemic. Given the current situation, requiring physical presence and commute would not be a responsible decision. Thus, if any you are *really in need* to do the backup exam (e.g., starting a job soon etc.) and you need the grade *now*,… Read more Dear all, the backup exam will be postponed due to the ongoing pandemic. Given the current situation, requiring physical presence and commute would not be a responsible decision. Thus, if any you are *really in need* to do the backup exam (e.g., starting a job soon etc.) and you need the grade *now*, please contact me to check for possible alternative examination ways. I will keep you posted as soon as I know more about the new examination schedule. Above all, stay healthy! Best, |
Exam grades published; Exam inspection on Monday, Mar 2Written on 26.02.20 by Sven Bugiel The points and grades for the end-term exam are published in the CMS. Exam inspection will take place on Monday, Mar 2, from 15:00-16:00 in room 0.07 at CISPA. |
Exam location: Günter-Hotz-HörsaalWritten on 21.02.20 by Sven Bugiel Just to make sure: as announced on the CMS pages, the exam will take place in the Günter-Hotz-Hörsaal! |
Admission/Qualifying for the examWritten on 17.02.20 by Abdallah Dawoud Please check your mobile security page to know whether you are qualified for the exam or not (check for "Admission status" under Exams section). To qualify, you must obtain a minimum of 160 points. If you have any questions, please contact me via email: abdallah.dawoud@cispa.saarland. |
Latest News Regarding SubmissionsWritten on 24.01.20 (last change on 24.01.20) by Abdallah Dawoud We have some news regarding: - Course Project: the deadline has been extended until midnight 31.01.2020 as compensation for all the days when the server was offline. - Exercise 7: We just released the last exercise for this course and the deadline is also due to midnight 01.02.2020. -… Read more We have some news regarding: - Course Project: the deadline has been extended until midnight 31.01.2020 as compensation for all the days when the server was offline. - Exercise 7: We just released the last exercise for this course and the deadline is also due to midnight 01.02.2020. - Tutorials: In next week's tutorials, we will discuss both exercise sheets #1 and #2. Good luck. |
No tutorial todayWritten on 24.01.20 by Abdallah Dawoud Since we have two sheets that are due to today and one is due to tomorrow, we have nothing to discuss today in the tutorial. Therefore, we have to cancel today's tutorial. |
Room changed for this week's lectureWritten on 23.01.20 by Sven Bugiel Please note that due to a room change for a guest lecture at CISPA, the Mobile Security lecture tomorrow will again take place in room 0.01. |
Tutorial for helping in the course projectWritten on 16.01.20 by Abdallah Dawoud If you have any questions/issues regarding the project, we encourage you to attend tomorrow's tutorial at 14:00. If possible, bring the machine you use for working with the VM assigned to you. |
No tutorial todayWritten on 13.01.20 by Abdallah Dawoud Sorry for the short notice but today's tutorial is canceled. I planned a support session for the course project and I, unfortunately, have to cancel it for personal reasons. If you are enrolled in today's tutorial and you need help in the course project, then arrange a one-to-one meeting with me this… Read more Sorry for the short notice but today's tutorial is canceled. I planned a support session for the course project and I, unfortunately, have to cancel it for personal reasons. If you are enrolled in today's tutorial and you need help in the course project, then arrange a one-to-one meeting with me this week. Please notice that this change does not affect Friday's tutorial which I, exceptionally, will be giving myself this week. |
Room change for lecture this weekWritten on 06.01.20 by Sven Bugiel The lecture this Friday, 10.01.2020, has to take place in room 0.01 in CISPA (groundfloor, right-hand side when entering through the main entrance). |
No tutorials this week & homework gradingWritten on 05.01.20 by Abdallah Dawoud There will be no tutorials this week. We hope you would spend the time working on the project. In case you have a problem or a question, please drop by my office in CISPA R3.11 tomorrow 10:00-12:00. Regarding the assignment sheets, we will correct them and publish the results soon. |
The course project is onlineWritten on 19.12.19 by Abdallah Dawoud By now, every group that registered itself has received an email with the information on how to login to the building server VM. Additionally, we have just released the course project sheet with the necessary assets. The deadline is set for the 24th of Jan. I hope you would enjoy the holiday and have… Read more By now, every group that registered itself has received an email with the information on how to login to the building server VM. Additionally, we have just released the course project sheet with the necessary assets. The deadline is set for the 24th of Jan. I hope you would enjoy the holiday and have fun with the project. |
Lecture continues after holiday breakWritten on 18.12.19 by Sven Bugiel Just to be sure everyone is aware of this: according to the timetable, the lecture continues on Jan 10! There is no lecture this Friday, Dec 20! Have a nice holiday break and a good start into the new year! |
No tutorials for this weekWritten on 15.12.19 (last change on 15.12.19) by Abdallah Dawoud Since we didn't publish an exercise last week, we canceled the tutorials for this week only (Mon. the 16th and Fri. the 20th). However, if you have any questions regarding the course, please drop by my office (CISPA, R3.11) during tutorials' dedicated hours. Thank you. |
Delayed release of course projectWritten on 13.12.19 (last change on 13.12.19) by Abdallah Dawoud Due to unfortunate technical issues related to the VMs creation, the release of the course project will be delayed for a few days. We will change the previously intended deadline to cope with this delay. The IT administrators are working on this task in full force. Sorry for the inconvenience. |
Preparing for the course projectWritten on 05.12.19 (last change on 05.12.19) by Abdallah Dawoud For the course project, we kindly ask you to: 1. Update your public SSH key in the CMS for the Mobile Security course (you can find the field after login under "SSH public key"). Each group will be given access to a VM where they can modify and build Android Open Source Project and your SSH keys… Read more For the course project, we kindly ask you to: 1. Update your public SSH key in the CMS for the Mobile Security course (you can find the field after login under "SSH public key"). Each group will be given access to a VM where they can modify and build Android Open Source Project and your SSH keys are necessary to allow this access. 2. Send your group members to my email: abdallah.dawoud@cispa.saarland. A group consists of, at maximum, two students. Thank you. |
Youtube playlist availableWritten on 03.12.19 by Sven Bugiel As per request to also be able to stream the lecture recordings, I put them into an unlisted Youtube playlist. You can find the URL in the course materials. |
Tutorials start next weekWritten on 22.11.19 by Sven Bugiel Sorry if I confused some of you at the end of the lecture today, tutorials start next week, not today. |
Tutorial slots assigned and tutorial next MondayWritten on 08.11.19 by Sven Bugiel We assigned the tutorial slots, not all were optimal, but as usual, you might someone to switch or check if there is an empty seat in the other tutorial. Next Monday, Abdallah offers the tutorial to those of you that have problems with Exercise 0, meaning with setting up the Android Studio on your… Read more We assigned the tutorial slots, not all were optimal, but as usual, you might someone to switch or check if there is an empty seat in the other tutorial. Next Monday, Abdallah offers the tutorial to those of you that have problems with Exercise 0, meaning with setting up the Android Studio on your computers. If you need some help there, attend the tutorial next Monday. |
Exercise 0 now onlineWritten on 01.11.19 by Sven Bugiel The first exercise sheet (not graded yet) is online. Since we will work with and extend the app from this exercise, you should follow this sheet despite it not being graded. |
About the course
This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).
Central questions of this course are:
- What is the threat model from the different principals' perspectives?
- How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
- How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
- What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
- Which problems and solutions did security research in this area identify in the past half-decade?
- Which techniques have been developed to empower the end-users to protect their privacy?
The lectures are accompanied by exercises to re-enforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.
Where and when
The lectures will take place every Friday at 10:00 – 12:00 in building E9 1 (CISPA), room 0.05 (lecture hall ground floor).
Prerequisites
There are no formal requirements for participation. Students who want to participate in the course should
- have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
- be familiar with programming in Java (and C/C++)
- should be comfortable with working with Linux
Actual programming experience on Android or at OS-level is not a prerequisite, but definitively an advantage.
Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices into context better.
Requirements for obtaining credit points (Scheinvergabe)
For passing the course, you need the following minimum amount of points:
- 50% of the points from the final exam.
For admission to the exam, you need:
- at least 50% of the points from the exercises.
The final grade is based purely on your exam results.
The end-term exam will take place 21.02.2020 from 10-12 in Günter-Hotz-Hörsaal
The backup exam will take place 03.04.2020 from 10-12 in E1.3, HS002
Registration
Register for the course here in the CISPA CMS. Registration opens Oct 07 at 12:00 (noon). Once you are registered here, don't forget to register in the LSF.
Exercise 0
In this course, you will do exercises that have a theoretical part and involve Android application and system programming. Thus, you must have a working development environment. You can set one up by going through Exercise 0 (not graded) (TO BE PUBLISHED SOON), in which you create a set of apps, which we will use in later exercises. If you are already familiar with Android programming, you can skip the IDE setup of this exercise; however, you should still create the explained apps.