Internal Preview! The data shown below is not valid for students! Please refer to the official Module Descriptions at the Examination Office.
Cybersecurity BSc (English)
Mobile Security MOS

General

study semester
5-6
standard study semester
6
cycle
occasional
duration
1 semester
SWS
4
ECTS
6
teaching language
English

People

responsible
Dr. Sven Bugiel
lectures
Dr. Sven Bugiel

Assessment & Grades

entrance requirements

Foundations of Cybersecurity 1 and 2, Programmierung 2 (recommended)

assessment / exams

Schriftliche Abschlussklausur

grade

Das Modul ist insgesamt bestanden, wenn die Prüfungsleistung bestanden wurde.

Workload

course type /weekly hours
  2 h lectures
+ 2 h tutorial
= 4 h (weekly)
total workload
   60 h of classes
+ 120 h private study
= 180 h (= 6 ECTS)

Aims / Competences to be developed

This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area is increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).

Central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
  • What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to re-enforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.

Content

  • Security concepts and introduction to Android’s security architecture
  • Access control and permissions
  • Role of Binder IPC in the security architecture
  • Mandatory access control
  • Compartmentalization
  • Advanced attacks and problems
  • SSL and WebViews
  • Application-layer security extensions
  • Smart Home IoT
  • Hardware-based mobile platform security
  • Course project: Security extension to the Android Open Source Project

Literature & Reading

The teaching material will be in English and it will consist of slides as well as book chapters.

Additional Information

Curriculum

This module is part of the following study programmes:

Cybersicherheit BSc: Vertiefungsvorlesungen der Cybersicherheit
study semester: 5-6 / standard study semester: 6
Cybersecurity MSc: Vertiefungsvorlesungen Cybersecurity
study semester: 1-3 / standard study semester: 4
Cybersecurity BSc (English): Kernthemen der Cybersicherheit
study semester: 5-6 / standard study semester: 6