Mobile Security Sven Bugiel

News

27.05.2020

Oral Backup Exam Grades online

We put the grades for the oral backup exam into the CMS.

If you like to "inspect the exam", please contact me by tomorrow, Thursday, May 28, to schedule a call; otherwise, I will enter the current grades into the LSF on Friday.

30.04.2020

Update on Backup Exam

Dear all,

here an update regarding the backup exam:

written backup exam will be offered in the additional exam period between October 19 - October 30.

We additionally offer an optional oral exam on May 25 and May 26. The oral exam is optional for students... Read more

Dear all,

here an update regarding the backup exam:

written backup exam will be offered in the additional exam period between October 19 - October 30.

We additionally offer an optional oral exam on May 25 and May 26. The oral exam is optional for students that have time limitations etc (for example, if you need your grade before October). If you do not participate in the oral exam, your next possible attempt is the written exam in October (this affects students that want to improve their current grade).

Important: 

  • If you want to take the oral exam, please register in the LSF for it.
  • If you were registered in the LSF for the original date of the backup exam, please check if you are still registered (and unregister in case you don't want to take the oral exam!).
  • Registration/Unregistration is possible until May 18.
  • If you want to take the oral exam, besides LSF registration, also indicate your available timeslots in Doodle (Deadline: May 18). The link to the doodle is posted in a new section in the course materials in the CMS.

The oral exam will take place via Zoom, following the guidelines published by the university, and will take 30 minutes. For those students that will take the oral exam, we offer to test their Zoom setup prior to the exam with us.

Cheers and stay healthy,
Sven

22.03.2020

Postponed backup exam

Dear all, the backup exam will be postponed due to the ongoing pandemic. Given the current situation, requiring physical presence and commute would not be a responsible decision. Thus, if any you are *really in need* to do the backup exam (e.g., starting a job soon... Read more

Dear all, the backup exam will be postponed due to the ongoing pandemic. Given the current situation, requiring physical presence and commute would not be a responsible decision. Thus, if any you are *really in need* to do the backup exam (e.g., starting a job soon etc.) and you need the grade *now*, please contact me to check for possible alternative examination ways.

I will keep you posted as soon as I know more about the new examination schedule.

Above all, stay healthy!

Best,
Sven

26.02.2020

Exam grades published; Exam inspection on Monday, Mar 2

The points and grades for the end-term exam are published in the CMS.

Exam inspection will take place on Monday, Mar 2, from 15:00-16:00 in room 0.07 at CISPA.

21.02.2020

Exam location: Günter-Hotz-Hörsaal

Just to make sure: as announced on the CMS pages, the exam will take place in the Günter-Hotz-Hörsaal!

17.02.2020

Admission/Qualifying for the exam

Please check your mobile security page to know whether you are qualified for the exam or not (check for "Admission status" under Exams section). To qualify, you must obtain a minimum of 160 points. If you have any questions, please contact me via email:... Read more

Please check your mobile security page to know whether you are qualified for the exam or not (check for "Admission status" under Exams section). To qualify, you must obtain a minimum of 160 points. If you have any questions, please contact me via email: abdallah.dawoud@cispa.saarland.

24.01.2020

Latest News Regarding Submissions

We have some news regarding:

- Course Project: the deadline has been extended until midnight 31.01.2020 as compensation for all the days when the server was offline.

- Exercise 7: We just released the last exercise for this course and the deadline is also due... Read more

We have some news regarding:

- Course Project: the deadline has been extended until midnight 31.01.2020 as compensation for all the days when the server was offline.

- Exercise 7: We just released the last exercise for this course and the deadline is also due to midnight 01.02.2020.

- Tutorials: In next week's tutorials, we will discuss both exercise sheets #1 and #2.

Good luck.

24.01.2020

No tutorial today

Since we have two sheets that are due to today and one is due to tomorrow, we have nothing to discuss today in the tutorial. Therefore, we have to cancel today's tutorial.

23.01.2020

Room changed for this week's lecture

Please note that due to a room change for a guest lecture at CISPA, the Mobile Security lecture tomorrow will again take place in room 0.01.

16.01.2020

Tutorial for helping in the course project

If you have any questions/issues regarding the project, we encourage you to attend tomorrow's tutorial at 14:00. If possible, bring the machine you use for working with the VM assigned to you.

13.01.2020

No tutorial today

Sorry for the short notice but today's tutorial is canceled. I planned a support session for the course project and I, unfortunately, have to cancel it for personal reasons. If you are enrolled in today's tutorial and you need help in the course project, then... Read more

Sorry for the short notice but today's tutorial is canceled. I planned a support session for the course project and I, unfortunately, have to cancel it for personal reasons. If you are enrolled in today's tutorial and you need help in the course project, then arrange a one-to-one meeting with me this week. Please notice that this change does not affect Friday's tutorial which I, exceptionally, will be giving myself this week.

06.01.2020

Room change for lecture this week

The lecture this Friday, 10.01.2020, has to take place in room 0.01 in CISPA (groundfloor, right-hand side when entering through the main entrance).

05.01.2020

No tutorials this week & homework grading

There will be no tutorials this week. We hope you would spend the time working on the project. In case you have a problem or a question, please drop by my office in CISPA R3.11 tomorrow 10:00-12:00.

Regarding the assignment sheets, we will correct them and... Read more

There will be no tutorials this week. We hope you would spend the time working on the project. In case you have a problem or a question, please drop by my office in CISPA R3.11 tomorrow 10:00-12:00.

Regarding the assignment sheets, we will correct them and publish the results soon.

19.12.2019

The course project is online

By now, every group that registered itself has received an email with the information on how to login to the building server VM. Additionally, we have just released the course project sheet with the necessary assets. The deadline is set for the 24th of Jan. I hope... Read more

By now, every group that registered itself has received an email with the information on how to login to the building server VM. Additionally, we have just released the course project sheet with the necessary assets. The deadline is set for the 24th of Jan. I hope you would enjoy the holiday and have fun with the project.

18.12.2019

Lecture continues after holiday break

Just to be sure everyone is aware of this: according to the timetable, the lecture continues on Jan 10! There is no lecture this Friday, Dec 20!

Have a nice holiday break and a good start into the new year!

15.12.2019

No tutorials for this week

Since we didn't publish an exercise last week, we canceled the tutorials for this week only (Mon. the 16th and Fri. the 20th). However, if you have any questions regarding the course, please drop by my office (CISPA, R3.11) during tutorials' dedicated hours. Thank... Read more

Since we didn't publish an exercise last week, we canceled the tutorials for this week only (Mon. the 16th and Fri. the 20th). However, if you have any questions regarding the course, please drop by my office (CISPA, R3.11) during tutorials' dedicated hours. Thank you.

13.12.2019

Delayed release of course project

Due to unfortunate technical issues related to the VMs creation, the release of the course project will be delayed for a few days. We will change the previously intended deadline to cope with this delay. The IT administrators are working on this task in full force.... Read more

Due to unfortunate technical issues related to the VMs creation, the release of the course project will be delayed for a few days. We will change the previously intended deadline to cope with this delay. The IT administrators are working on this task in full force. Sorry for the inconvenience.

05.12.2019

Preparing for the course project

For the course project, we kindly ask you to:

1. Update your public SSH key in the CMS for the Mobile Security course (you can find the field after login under "SSH public key"). Each group will be given access to a VM where they can modify and build Android Open... Read more

For the course project, we kindly ask you to:

1. Update your public SSH key in the CMS for the Mobile Security course (you can find the field after login under "SSH public key"). Each group will be given access to a VM where they can modify and build Android Open Source Project and your SSH keys are necessary to allow this access.

2. Send your group members to my email: abdallah.dawoud@cispa.saarland. A group consists of, at maximum, two students.

Thank you.

03.12.2019

Youtube playlist available

As per request to also be able to stream the lecture recordings, I put them into an unlisted Youtube playlist. You can find the URL in the course materials.

22.11.2019

Tutorials start next week

Sorry if I confused some of you at the end of the lecture today, tutorials start next week, not today.

08.11.2019

Tutorial slots assigned and tutorial next Monday

We assigned the tutorial slots, not all were optimal, but as usual, you might someone to switch or check if there is an empty seat in the other tutorial.

Next Monday, Abdallah offers the tutorial to those of you that have problems with Exercise 0, meaning with... Read more

We assigned the tutorial slots, not all were optimal, but as usual, you might someone to switch or check if there is an empty seat in the other tutorial.

Next Monday, Abdallah offers the tutorial to those of you that have problems with Exercise 0, meaning with setting up the Android Studio on your computers. If you need some help there, attend the tutorial next Monday.

01.11.2019

Exercise 0 now online

The first exercise sheet (not graded yet) is online. Since we will work with and extend the app from this exercise, you should follow this sheet despite it not being graded.

Show all
 

About the course

This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).

Central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
  • What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to re-enforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.

Where and when

The lectures will take place every Friday at 10:00 – 12:00 in building E9 1 (CISPA), room 0.05 (lecture hall ground floor).

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java (and C/C++)
  • should be comfortable with working with Linux

Actual programming experience on Android or at OS-level is not a prerequisite, but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices into context better.

Requirements for obtaining credit points (Scheinvergabe)

For passing the course, you need the following minimum amount of points:

  • 50% of the points from the final exam.

For admission to the exam, you need:

  • at least 50% of the points from the exercises.

The final grade is based purely on your exam results.

The end-term exam will take place 21.02.2020 from 10-12 in Günter-Hotz-Hörsaal

The backup exam will take place 03.04.2020 from 10-12 in E1.3, HS002

Registration

Register for the course here in the CISPA CMS. Registration opens Oct 07 at 12:00 (noon). Once you are registered here, don't forget to register in the LSF.

Please note that the number of students for this course is limited to 40!

Exercise 0

In this course, you will do exercises that have a theoretical part and involve Android application and system programming. Thus, you must have a working development environment. You can set one up by going through Exercise 0 (not graded) (TO BE PUBLISHED SOON), in which you create a set of apps, which we will use in later exercises. If you are already familiar with Android programming, you can skip the IDE setup of this exercise; however, you should still create the explained apps.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact Sven Bugiel