News
Backup exam results in CMSWritten on 29.03.22 by Sven Bugiel The results are in the CMS. Considering the low nr. of participants, please contact me by Thursday EOB if you like to inspect your backup exam. |
Registration for Backup ExamWritten on 11.03.22 by Sven Bugiel The endterm exam grades are now in LSF. Thus, you should be able to register for the backup exam in case you plan to attend it. |
Endterm results in CMSWritten on 10.03.22 by Sven Bugiel The results of the endterm exam have been published in the CMS. Please use the exam inspection tomorrow in case you have questions about the correction of your exam. The final results will be entered into the LSF once the exam inspection is done. |
Endterm exam inspectionWritten on 09.03.22 by Sven Bugiel Dear all, the exam results will be ready latest by tomorrow (separate news will announce them). However, please reserve the following time for the endterm exam inspection: it will take place at CISPA, Room 0.07 on Friday, Mar 11, between 11-12 o'clock.
Cheers,
|
Exam Q&A next weekWritten on 11.02.22 by Sven Bugiel Dear all, unfortunately, due to sickness, I need to move the exam Q&A to next week Friday at 10:15 AM, Since this is outside of the lecture period and in the exam period, this date might not fit for all. Although the Zoom call next week will be recorded, please send me beforehand any questions you… Read more Dear all, unfortunately, due to sickness, I need to move the exam Q&A to next week Friday at 10:15 AM, Since this is outside of the lecture period and in the exam period, this date might not fit for all. Although the Zoom call next week will be recorded, please send me beforehand any questions you have regarding the exam procedure or the lecture content and I will send around question plus my answer. Please also use the Mattermost About the procedure, the most important things once more:
Best regards, |
Tomorrow's (Feb 04) lecture only as recordingWritten on 03.02.22 by Sven Bugiel Please note that tomorrow's (Feb 04) lecture will only be released as a recording on Youtube. There is NO live lecture at 10 AM. Instead, the recording will be released in the afternoon. |
Exercise 10 is released with an extended deadlineWritten on 25.01.22 by Abdallah Dawoud We just released exercise 10 and set the submission's deadline to 4th of Feb at 10:00 CET. Good luck! |
Exercise 9 delayedWritten on 17.01.22 by Sven Bugiel Unfortunately, due to an unforeseen incident, we need to delay the release of ex09 to this week. Because of the delay, we will halve the exercise tasks while keeping it at 40pts. |
Exercise 7Written on 13.12.21 by Sven Bugiel Exercise 7 is now available. Because of the delay in the release, we extended the submission to Jan 14 and added 20 possible Bonus points. |
Project VM distributionWritten on 09.12.21 by Dhiman Chakraborty Hey, The project VMs are distributed. You can find your home page command to log in to your corresponding VM with the port number. Please add your private key file in the <priv key> section of the command. In any case please do not hesitate to contact me (dhiman.chakraborty@cispa.de). Happy… Read more Hey, The project VMs are distributed. You can find your home page command to log in to your corresponding VM with the port number. Please add your private key file in the <priv key> section of the command. In any case please do not hesitate to contact me (dhiman.chakraborty@cispa.de). Happy Codeing, Dhiman |
Project partnersWritten on 07.12.21 by Sven Bugiel If you could not find a partner for the project yet (e.g., via Mattermost), please send an email to bugiel@cispa.de and we will try to set you up with another student in need of a partner. |
Tomorrow's lecture only as recordingWritten on 02.12.21 by Sven Bugiel Tomorrow's introduction into Android system programming will be released as a recording via Youtube but does not take place live, since there are various waiting periods in which the system build is running and which make a live lecture rather long-drawn-out. Questions regarding system building and… Read more Tomorrow's introduction into Android system programming will be released as a recording via Youtube but does not take place live, since there are various waiting periods in which the system build is running and which make a live lecture rather long-drawn-out. Questions regarding system building and the project can be asked in the tutorials, Mattermost, or after the next lectures. The course project will be done in teams of two students. Your TODOs:
|
Lecture going online-only starting this weekWritten on 23.11.21 by Sven Bugiel Dear all, In light of new COVID-related regulations regarding access to CISPA and the general call for reducing physical contacts, our next lectures will be online-only as a Youtube stream. We hope to return to physical/hybrid lectures as the COVID situation improves. You can do your part… Read more Dear all, In light of new COVID-related regulations regarding access to CISPA and the general call for reducing physical contacts, our next lectures will be online-only as a Youtube stream. We hope to return to physical/hybrid lectures as the COVID situation improves. You can do your part by
and encouraging others to do so, too. We will inform you separately when we return to the hybrid format. Stay safe, stay healthy, and see you virtually on Friday. |
Lecture this week only via streamWritten on 17.11.21 by Sven Bugiel Unfortunately, the lecture hall is not available this week due to a CISPA-internal event. Thus, this week's lecture will take place only via a Youtube stream. |
Tutorial today online-onlyWritten on 02.11.21 by Sven Bugiel Dear all, please note that today's tutorial has to be online-only via Zoom. Zoom link is under Materials in the CMS. |
About the course
This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).
Central questions of this course are:
- What is the threat model from the different principals' perspectives?
- How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
- How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
- What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
- Which problems and solutions did security research in this area identify in the past half-decade?
- Which techniques have been developed to empower the end-users to protect their privacy?
The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.
Where and when
The lectures will take place in the CISPA lecture hall and via Youtube Stream on every Friday from 10:00 – 12:00 starting from October 22, 2021.
Prerequisites
There are no formal requirements for participation. Students who want to participate in the course should
- have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
- be familiar with programming in Java (and C/C++)
- should be comfortable with working with Linux
Actual programming experience on Android or at the OS level is not a prerequisite, but definitively an advantage.
Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices better into context.
Requirements for obtaining credit points (Scheinvergabe)
For passing the course, you need the following minimum amount of points:
- 50% of the points from the final exam.
For admission to the exam, you need:
- at least 50% of the points from the exercises.
The final grade is based purely on your exam results.
The end-term exam will take place Tuesday, 08.03.2022, 10:00–12:00 in Günter-Hotz-Hörsaal (GHH)
The backup exam will take place Tuesday, 29.03.2022, 14:00–16:00 in HS002 in E1 3
Registration
Register for the course here in the CISPA CMS. Registration is open since September 01, 2021. Once you are registered here, don't forget to register in the LSF for the exam.