Reliable Software Security for Mobile Devices

Form:
Lab Course - 6 CP (4 SWS)
Organizer:
Prof. Dr. Heiko Mantel
Assistants:
Yuri Gil Dantas
Tobias Hamann
Dates:
Fridays, 13:30-15:10 in S1|03/112
                                                                    (exception: no lab session on October 18)
Language:
English
Registration:
in TUCAN, course id 20-00-0799-pr
Max. participants:
20
Preparation Meeting:
Thursday, 17.10.2019, 16:00 in room S2|02 A213

Materials

All materials, including the assignment sheets, will be available in Moodle.

Content

Apps running on Android smartphones have access to various kinds of private information of their users, e.g., contacts, appointments, and location. To protect such information, the Android operating system provides a mechanism for restricting access to it: the Android permission system. An app may only access a protected source of private information if it was granted the appropriate permission. However, the user has no control on how private information is propagated by an app after it has been accessed legitimately. In fact, it has been observed that many apps abuse information entrusted to them by leaking it, e.g., to the Internet.

In response to this problem, we are developing Cassandra at MAIS. Cassandra aims at increasing the transparency of how apps use private information and, thus, supporting users in protecting their privacy. The primary goal of Cassandra is that no private data or other secret information is leaked by running an app. In this lab course, we will implement a simplified variant of Cassandra's technology.

The lab will cover the following topics:
  • introduction to Android and to the development of Android apps,
  • possible privacy threats due to the execution of apps,
  • detection of possible information leaks using information-flow analysis techniques,
  • static security analysis,
  • proof-carrying code,
  • extension of an existing framework for analyzing the security of apps,
  • policy languages for security.

Learning Objectives

After successfully participating in this course you will know basic concepts of Android like its permission system. You will understand security problems that can arise from executing apps and understand how such problems can be identified by information-flow analysis techniques. You will be capable of developing apps independently and of evaluating the information flows caused by running these apps against privacy requirements. You will be able to develop extensions of an existing security infrastructure and to successfully integrate them.

Prerequisites

Knowledge of Computer Science equivalent to the first four semesters in the Computer Science Bachelor program, in particular programming skills in Java and ability to understand formal calculi.

Last modified on 21 October 2019.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang