Main Page

News

27.03.2021	Grades and points for the backup exam online in CMS and LSF The correction of the backup exam is finished and the grades are entered in the CMS as well as LSF. We offer an exam inspection via one-to-one Zoom calls on Tuesday, March 30, between 14:20 – 16:40. Please register via this Calendly link to your 20min time slot for... Read more The correction of the backup exam is finished and the grades are entered in the CMS as well as LSF. We offer an exam inspection via one-to-one Zoom calls on Tuesday, March 30, between 14:20 – 16:40. Please register via this Calendly link to your 20min time slot for the inspection. The deadline for registration is 13:00 on Monday, March 8. We will distribute the Zoom link at 13:30 to all students that booked a slot.
15.03.2021	Registration Backup Exam Hi there, please don't forget to register for the backup exam in the LSF if you intend to take this exam on Mar 26. Further, it seems the exam was listed so far in LSF under summer semester 2020 but it is now correctly assigned to winter term... Read more Hi there, please don't forget to register for the backup exam in the LSF if you intend to take this exam on Mar 26. Further, it seems the exam was listed so far in LSF under summer semester 2020 but it is now correctly assigned to winter term 2020/21. Best, Sven
08.03.2021	Backup exam Q&A (new date) I scheduled a Teams session for next Tuesday, March 16, 14:00-15:00 to explain some things I noticed were frequently answered wrongly in the end-term exam or were misunderstood. That session also provides a chance for Q&A for the backup exam.
03.03.2021	Grades and points for endterm exam are online in CMS and LSF The correction of the end-term exam is finished and the grades are entered in the CMS as well as LSF. We offer an exam inspection via one-to-one Zoom calls on Monday, March 8, between 14:00 – 17:00. Please register via this Calendly link to your 20min time slot for... Read more The correction of the end-term exam is finished and the grades are entered in the CMS as well as LSF. We offer an exam inspection via one-to-one Zoom calls on Monday, March 8, between 14:00 – 17:00. Please register via this Calendly link to your 20min time slot for the inspection. The deadline for registration is 13:00 on Monday, March 8. We will distribute the Zoom link at 13:30 to all students that booked a slot.
24.02.2021	Course Evaluation Dear all, while we are still correcting the endterm exam, I wanted to inform you that the results of the course evaluation are now shared in the course materials (under "Organizational").
18.02.2021	Reminder: Exam tomorrow at 10:00–12:00 The exam tomorrow will take place at the originally planned time: 10:00 – 12:00 Same as for the test exam, the exam sheet and Word template for answers will be published on Moodle a few minutes before the beginning of the exam. To download the sheet and template,... Read more The exam tomorrow will take place at the originally planned time: 10:00 – 12:00 Same as for the test exam, the exam sheet and Word template for answers will be published on Moodle a few minutes before the beginning of the exam. To download the sheet and template, you need to first confirm your attendance in the "Attendance check" (which will also be published a few minutes before the beginning of the exam). To submit your solution, save your Word file with your answers as PDF and upload it to Moodle as your submission to the Online Endterm Exam. For announcements from our side, we use the "Exam announcement" channel in Teams. For questions by you during the exam (e.g., if an exam question is unclear to you), please use the meeting in the "Exams questions" channel in Teams.
02.02.2021	Online Test Exam Dear all, following the recommendation by the university we will try to set the exams for this course up as "online digital exams" (see here). Since this is likely a new procedure for most of you (and us), we will have a test online exam this Friday at 09:45 – 10:15... Read more Dear all, following the recommendation by the university we will try to set the exams for this course up as "online digital exams" (see here). Since this is likely a new procedure for most of you (and us), we will have a test online exam this Friday at 09:45 – 10:15 just before the regular call with Teams. If you like to participate in this test exam and provide feedback on this process, please contact me and send me your Moodle user ID (this should be your regular UdS account name, e.g., for LSF/HISPOS) and I will enroll you in the Moodle course for Mobile Security. Please also check that you can actually log in to Moodle and can access the course after being enrolled. Regarding the procedure as advised by the university: the exam sheet will be published at the exam starting time via Moodle and you have the regular 120 minutes to work on it (30 minutes for the test exam) we will provide a Word file with the same structure as the exam sheet and you must write your answers into this Word file (e.g., using LibreOffice, Microsoft Office, etc.) save your exam solution as a PDF and upload the PDF within the allotted time to Moodle (there is a short grace period after the 120 minutes to upload your sheet) the exam will in this case be open book, i.e., there is no restriction on the auxiliary materials that you use (e.g., lecture slides, etc) for questions during the exam, we will offer the Moodle chat and an extra "Exams" channel in Teams attempted deception (e.g., copying answers from another participant) that we detect in the answers will have the same consequences as attempts to cheating during a closed-book exam Thus, to participate in the online exams you need: To be admitted to attend the exam (i.e., have the necessary points from the exercises) To be registered for the exam in the LSF/HISPOS Access to the UdS moodle and have been enrolled in the Mobile Security course on Moodle An editor for Word files that can save as PDF Stable enough Internet connection to retrieve the exam sheet & Word template and upload your solution to Moodle
22.01.2021	Registration in LSF The registration for the exams in LSF should now be possible.
11.01.2021	Todays' lecture video delayed until tomorrow Unfortunately, the release of today's lecture video has to be postponed to tomorrow due to unforeseen circumstances.
09.12.2020	Changes to exercise schedule Unfortunately, this year we are unable to host the course project since the necessary computational resources had to be bound to some urgent research projects. For those of you interested in extending AOSP's security architecture (and being able to build AOSP on... Read more Unfortunately, this year we are unable to host the course project since the necessary computational resources had to be bound to some urgent research projects. For those of you interested in extending AOSP's security architecture (and being able to build AOSP on their own machines), we will release the instructions, however, this is not a graded exercise and merely for self-study if interested. To compensate, we made a change to exercise 5 by increasing it to 40 points (from originally 20 points) and we adjusted the threshold for getting admission to the exam to 160 points.
30.11.2020	Exercise 4: Release delayed until tomorrow Unfortunately, the release of Ex04 has to be delayed to tomorrow. We will adjust the tasks to compensate for the shorter time.
23.11.2020	Announcement Regarding Exercise 3 We would like to let you know that we have published exercise 3. However, since we had to make slight changes to one specific task, we had to upload an updated version of the exercise. In case you already downloaded the old exercise sheet and apps, we kindly ask you... Read more We would like to let you know that we have published exercise 3. However, since we had to make slight changes to one specific task, we had to upload an updated version of the exercise. In case you already downloaded the old exercise sheet and apps, we kindly ask you to download them again from the CMS to get the latest changes. Thank you.
03.11.2020	Tutorial assignment We assigned to all students a tutorial group. This is only for us to distribute your exercise submissions to different tutors for correction. As announced, there is only one virtual tutorial session via Teams for all students, every Monday 14-16, starting next... Read more We assigned to all students a tutorial group. This is only for us to distribute your exercise submissions to different tutors for correction. As announced, there is only one virtual tutorial session via Teams for all students, every Monday 14-16, starting next Monday, Nov 09.
02.11.2020	First content online The material for the first lecture is online under materials in the CMS as well as the link/code to Microsoft Teams for this course and the lecture videos.

Show all

About the course

This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).

Central questions of this course are:

What is the threat model from the different principals' perspectives?
How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
Which problems and solutions did security research in this area identify in the past half-decade?
Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to re-enforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.

Where and when

The lectures will take place as a "flipped classroom:" pre-recorded videos of the lectures will be posted every Monday via the CMS and every following Friday at 10:00 – 12:00 a Microsoft Teams session takes place to answer questions about the lecture content or discuss the lecture content. Extra tutorial Microsoft Teams sessions deal specifically with the exercise contents and provide an additional occasion to ask the tutors about the lecture content.

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
be familiar with programming in Java (and C/C++)
should be comfortable with working with Linux

Actual programming experience on Android or at OS-level is not a prerequisite, but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices into context better.

Requirements for obtaining credit points (Scheinvergabe)

For passing the course, you need the following minimum amount of points:

50% of the points from the final exam.

For admission to the exam, you need:

at least 50% of the points from the exercises.

The final grade is based purely on your exam results.

The end-term exam will take place Friday, 19.02.2021, 10:00–12:00 in ~~Günter-Hotz-Hörsaal (GHH)~~ online written exam via Moodle

The backup exam will take place Friday, 26.03.2021, 10:00–12:00 in ~~Günter-Hotz-Hörsaal (GHH)~~ online written exam via Moodle

Registration

Register for the course here in the CISPA CMS. Registration opens TBA. Once you are registered here, don't forget to register in the LSF.

Please note that the number of students for this course is limited to 40!