News

Backup exam results in CMS

Written on 29.03.22 by Sven Bugiel

The results are in the CMS. Considering the low nr. of participants, please contact me by Thursday EOB if you like to inspect your backup exam.

Registration for Backup Exam

Written on 11.03.22 by Sven Bugiel

The endterm exam grades are now in LSF. Thus, you should be able to register for the backup exam in case you plan to attend it.

Endterm results in CMS

Written on 10.03.22 by Sven Bugiel

The results of the endterm exam have been published in the CMS. Please use the exam inspection tomorrow in case you have questions about the correction of your exam.

The final results will be entered into the LSF once the exam inspection is done.

Endterm exam inspection

Written on 09.03.22 by Sven Bugiel

Dear all,

the exam results will be ready latest by tomorrow (separate news will announce them). However, please reserve the following time for the endterm exam inspection: it will take place at CISPA, Room 0.07 on Friday, Mar 11, between 11-12 o'clock.

 

Cheers,
Sven

 

Exam Q&A next week

Written on 11.02.22 by Sven Bugiel

Dear all,

unfortunately, due to sickness, I need to move the exam Q&A to next week Friday at 10:15 AM, Since this is outside of the lecture period and in the exam period, this date might not fit for all. Although the Zoom call next week will be recorded, please send me beforehand any questions you… Read more

Dear all,

unfortunately, due to sickness, I need to move the exam Q&A to next week Friday at 10:15 AM, Since this is outside of the lecture period and in the exam period, this date might not fit for all. Although the Zoom call next week will be recorded, please send me beforehand any questions you have regarding the exam procedure or the lecture content and I will send around question plus my answer. Please also use the Mattermost

About the procedure, the most important things once more:

  • the exams take 120min and you can can get max 100 Pts, where 50 Pts are needed to pass
  • the exams are closed book, i.e., NO cheat sheets, printed lecture slides, books, etc; only a dictionary is allowed
  • relevant content for the exams are the exercises and the lecture slides

  • NOT relevant are the "research du jour" slides from the lecture slides and the referenced papers/books

  • I uploaded last year's exam and backup exam to the CMS, so you can get an idea in which way we are asking questions

 

Best regards,
Sven

Tomorrow's (Feb 04) lecture only as recording

Written on 03.02.22 by Sven Bugiel

Please note that tomorrow's (Feb 04) lecture will only be released as a recording on Youtube. There is NO live lecture at 10 AM. Instead, the recording will be released in the afternoon.

Exercise 10 is released with an extended deadline

Written on 25.01.22 by Abdallah Dawoud

We just released exercise 10 and set the submission's deadline to 4th of Feb at 10:00 CET. Good luck!

Exercise 9 delayed

Written on 17.01.22 by Sven Bugiel

Unfortunately, due to an unforeseen incident, we need to delay the release of ex09 to this week. Because of the delay, we will halve the exercise tasks while keeping it at 40pts.

Exercise 7

Written on 13.12.21 by Sven Bugiel

Exercise 7 is now available. Because of the delay in the release, we extended the submission to Jan 14 and added 20 possible Bonus points.

Project VM distribution

Written on 09.12.21 by Dhiman Chakraborty

Hey,

The project VMs are distributed. You can find your home page command to log in to your corresponding VM with the port number. Please add your private key file in the <priv key> section of the command. 

In any case please do not hesitate to contact me (dhiman.chakraborty@cispa.de). 

Happy… Read more

Hey,

The project VMs are distributed. You can find your home page command to log in to your corresponding VM with the port number. Please add your private key file in the <priv key> section of the command. 

In any case please do not hesitate to contact me (dhiman.chakraborty@cispa.de). 

Happy Codeing,

Dhiman

Project partners

Written on 07.12.21 by Sven Bugiel

If you could not find a partner for the project yet (e.g., via Mattermost), please send an email to bugiel@cispa.de and we will try to set you up with another student in need of a partner.

Tomorrow's lecture only as recording

Written on 02.12.21 by Sven Bugiel

Tomorrow's introduction into Android system programming will be released as a recording via Youtube but does not take place live, since there are various waiting periods in which the system build is running and which make a live lecture rather long-drawn-out. Questions regarding system building and… Read more

Tomorrow's introduction into Android system programming will be released as a recording via Youtube but does not take place live, since there are various waiting periods in which the system build is running and which make a live lecture rather long-drawn-out. Questions regarding system building and the project can be asked in the tutorials, Mattermost, or after the next lectures.

The course project will be done in teams of two students.

Your TODOs:

  1. Find a team partner until next week Wednesday latest and enter your team partner's matriculation nr. into a new field in the CMS.
  2. Each team will get one Build VM assigned. You will use SSH to access your VM. Each team has to provide an SSH PUBLIC key via a new field in the CMS. Again: we need the PUBLIC SSH key from you.

Lecture going online-only starting this week

Written on 23.11.21 by Sven Bugiel

Dear all,

In light of new COVID-related regulations regarding access to CISPA and the general call for reducing physical contacts, our next lectures will be online-only as a Youtube stream.

We hope to return to physical/hybrid lectures as the COVID situation improves. You can do your part… Read more

Dear all,

In light of new COVID-related regulations regarding access to CISPA and the general call for reducing physical contacts, our next lectures will be online-only as a Youtube stream.

We hope to return to physical/hybrid lectures as the COVID situation improves. You can do your part by

  • getting the vaccine and/or booster shots (with your doctor or at one of the Saarland mobile vaccination sites)
  • reducing physical contacts
  • wearing masks
  • maintaining personal hygiene

and encouraging others to do so, too.

We will inform you separately when we return to the hybrid format.

Stay safe, stay healthy, and see you virtually on Friday.

Lecture this week only via stream

Written on 17.11.21 by Sven Bugiel

Unfortunately, the lecture hall is not available this week due to a CISPA-internal event. Thus, this week's lecture will take place only via a Youtube stream.

Tutorial today online-only

Written on 02.11.21 by Sven Bugiel

Dear all, please note that today's tutorial has to be online-only via Zoom. Zoom link is under Materials in the CMS.

Show all

About the course

This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).

Central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
  • What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.

Where and when

The lectures will take place in the CISPA lecture hall and via Youtube Stream on every Friday from 10:00 – 12:00 starting from October 22, 2021.

Note: Physical presence will not be required and lecture recordings will be provided (via Youtube).

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java (and C/C++)
  • should be comfortable with working with Linux

Actual programming experience on Android or at the OS level is not a prerequisite, but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices better into context.

Requirements for obtaining credit points (Scheinvergabe)

For passing the course, you need the following minimum amount of points:

  • 50% of the points from the final exam.

For admission to the exam, you need:

  • at least 50% of the points from the exercises.

The final grade is based purely on your exam results.

The end-term exam will take place Tuesday, 08.03.2022, 10:00–12:00 in Günter-Hotz-Hörsaal (GHH)

The backup exam will take place Tuesday, 29.03.2022, 14:00–16:00 in HS002 in E1 3

Registration

Register for the course here in the CISPA CMS. Registration is open since September 01, 2021. Once you are registered here, don't forget to register in the LSF for the exam.

Please note that the number of students for this course is limited to 40!
Privacy Policy | Legal Notice
If you encounter technical problems, please contact Sven Bugiel