Mobile Security

Sven Bugiel
Registration for this course is open until Sunday, 19.01.2025 23:59.

News

First lectures online

Written on 13.10.24 by Sven Bugiel

Dear all,

The lecture material for the first lectures is online. Please note that the first week is very dense in content, but it will relax more in the next weeks. This first week contains the Kick-off lecture, a lecture and crash course on Android Basics (in case you haven't worked yet with… Read more

Dear all,

The lecture material for the first lectures is online. Please note that the first week is very dense in content, but it will relax more in the next weeks. This first week contains the Kick-off lecture, a lecture and crash course on Android Basics (in case you haven't worked yet with Android apps), and the first lecture on Android's security architecture.

The PDFs for the lectures are under "Information -> Materials," and the links to the recorded lectures on YouTube are under "Information -> Lecture schedule."

See you in person or via Zoom for the first flipped classroom on Friday.

Cheers,
Sven
Important notice for the registration of LUH students: The CMS enforces a matriculation number with 7 digits. Since this isn't configurable, we suggest registering with a slightly modified matriculation number (e.g., 10001234 -> 1001234). Registration for the exam is done with the systems of the LUH where the correct matriculation number can be used.

About the course

This advanced lecture deals with different fundamental aspects of mobile operating systems and application security, focusing strongly on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, and third parties (like companies).

The central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments and trusted computing concepts, integrated into those designs?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform.

See also the lecture schedule.

Where and when

Please note that this lecture is taught simultaneously at Saarland University and Leibniz University Hannover. To accommodate participants from both institutions, the lecture schedule and format were adjusted to the respective semester dates of each institution. Please see the details below.

The lectures will take place in the form of a flipped classroom. Lecture videos will be posted online before the class (ca. one week), and the lecture slots will be used to answer and discuss questions about the lecture content. This discussion takes place as a hybrid event with physical attendance at UdS every Friday from 10:00 – 12:00 and a Zoom meeting for online/remote attendance. Please consult the lecture schedule for video links and Zoom links.

The lectures will take place between 18.10.2024 and 31.01.2025 (i.e., the overlap in lecture periods between Saarland University and Leibniz University Hannover).

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java

Actual programming experience on Android or at the OS level is not a prerequisite but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge of system design, access control, and network security will be provided in this lecture to put Android's design choices better into context.

Requirements for obtaining credit points (Scheinvergabe)

To pass the course, you need the following minimum amount of points:

  • 50% of the points from the final exam.

The final grade is based purely on your exam results.

The end-term exam will take place:

  • LUH: TBA
  • UDS: TBA

The backup exam (ONLY UDS) will take place TBA

Registration

For all students

Register for the course here in the CISPA CMS. Registration will open on October 01, 2024.

For students of Saarland University

Don't forget to register in the LSF for the exam.

For students of Leibniz University Hannover

Don't forget to register in the QIS for the course and exam.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact Sven Bugiel