Lab: Reliable Software Security for Mobile Devices

Form:
Lab Course - 6 CP (4 SWS)
Organizer:
Prof. Dr. Heiko Mantel
Dates:
Thursdays, 16:15-17:55, in S101/A3, starting from April 21, 2016
Language:
English
Registration:
in TUCAN, course id 20-00-0799-pr
Max. participants:
20
Preparation Meeting:
April 15, 2016, at 13:00 in S202/E202
(joint meeting for all labs and seminars at MAIS)
Workload:
7 assignments, no single monolithic project

Materials

All materials including the assignment sheets are available in Moodle.

Content

In this lab course, we implement a realistic tool that will allow us to reliably detect leakage of private information on Android smartphones. The lab will cover the following topics:
  • introduction to Android and to the programming of Android apps,
  • possible privacy threats due to the execution of apps,
  • detection of possible information leaks using information flow analysis techniques,
  • static and dynamic security analysis,
  • proof-carrying code,
  • independent development of apps and security analysis of these apps in small teams,
  • independent extension of an existing framework for analyzing the security of apps in small teams.
Reliable Software Security for Mobile Devices
Picture: Android Logo

Apps running on Android smartphones have access to various private information of their users, e.g., contacts, appointments, and the GPS location. To protect such information, the Android operating system provides a mechanism for restricting access to it: the Android permission system. An app may only access a protected source of private information if it was granted the appropriate permission at the time of the app's installation. However, the user has no control on how private information is propagated by an app after it has been accessed legitimately. In fact, it has been observed that many apps abuse entrusted information by leaking it, e.g., to the Internet.

In a response to this problem we are developing Cassandra at MAIS. Cassandra aims at increasing the transparency of how apps use private information and, thus, supporting users in protecting their privacy. The primary goal of Cassandra is that no private data or other secret information is leaked by running an app.


In the lab we will implement a simplified variant of the Cassandra's technology.

Learning Objectives

After successfully participating in this course you will know basic concepts of Android like its permission system. You will understand security problems that can arise from executing apps and understand how such problems can be identified by information flow analysis techniques. You will understand the advantages of employing proof-carrying code. You will be capable of developing apps independently and of evaluating the information flows caused by running these apps against privacy requirements. You will be able to develop extensions of an existing security infrastructure and to successfully integrate them.

Prerequisites

Knowledge of Computer Science equivalent to the first four semesters in the Computer Science Bachelor program, in particular programming skills in Java and ability to understand formal calculi.

Last modified on 2 December 2016.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang