Reliable Software Security for Mobile Devices

Lab Course - 6 CP (4 SWS)
Prof. Dr. Heiko Mantel
Yuri Gil Dantas
Tobias Hamann
Fridays, 13:30-15:10 in S1|03/112
                                                                    (exception: no lab session on October 18)
in TUCAN, course id 20-00-0799-pr
Max. participants:
Preparation Meeting:
Thursday, 17.10.2019, 16:00 in room S2|02 A213


All materials, including the assignment sheets, will be available in Moodle.


Apps running on Android smartphones have access to various kinds of private information of their users, e.g., contacts, appointments, and location. To protect such information, the Android operating system provides a mechanism for restricting access to it: the Android permission system. An app may only access a protected source of private information if it was granted the appropriate permission. However, the user has no control on how private information is propagated by an app after it has been accessed legitimately. In fact, it has been observed that many apps abuse information entrusted to them by leaking it, e.g., to the Internet.

In response to this problem, we are developing Cassandra at MAIS. Cassandra aims at increasing the transparency of how apps use private information and, thus, supporting users in protecting their privacy. The primary goal of Cassandra is that no private data or other secret information is leaked by running an app. In this lab course, we will implement a simplified variant of Cassandra's technology.

The lab will cover the following topics:
  • introduction to Android and to the development of Android apps,
  • possible privacy threats due to the execution of apps,
  • detection of possible information leaks using information-flow analysis techniques,
  • static security analysis,
  • proof-carrying code,
  • extension of an existing framework for analyzing the security of apps,
  • policy languages for security.

Learning Objectives

After successfully participating in this course you will know basic concepts of Android like its permission system. You will understand security problems that can arise from executing apps and understand how such problems can be identified by information-flow analysis techniques. You will be capable of developing apps independently and of evaluating the information flows caused by running these apps against privacy requirements. You will be able to develop extensions of an existing security infrastructure and to successfully integrate them.


Knowledge of Computer Science equivalent to the first four semesters in the Computer Science Bachelor program, in particular programming skills in Java and ability to understand formal calculi.

Last modified on 21 October 2019.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang