All materials including the assignment sheets are available in Moodle.
In this lab course, we implement a realistic tool that will allow us to reliably detect leakage of private information on Android smartphones. The lab will cover the following topics:
|
Picture: Android Logo
|
Apps running on Android smartphones have access to various private information of their users, e.g., contacts, appointments, and the GPS location. To protect such information, the Android operating system provides a mechanism for restricting access to it: the Android permission system. An app may only access a protected source of private information if it was granted the appropriate permission at the time of the app's installation. However, the user has no control on how private information is propagated by an app after it has been accessed legitimately. In fact, it has been observed that many apps abuse entrusted information by leaking it, e.g., to the Internet.
In a response to this problem we are developing Cassandra at MAIS. Cassandra aims at increasing the transparency of how apps use private information and, thus, supporting users in protecting their privacy. The primary goal of Cassandra is that no private data or other secret information is leaked by running an app.
In the lab we will implement a simplified variant of the Cassandra's technology.
After successfully participating in this course you will know basic concepts of Android like its permission system. You will understand security problems that can arise from executing apps and understand how such problems can be identified by information flow analysis techniques. You will understand the advantages of employing proof-carrying code. You will be capable of developing apps independently and of evaluating the information flows caused by running these apps against privacy requirements. You will be able to develop extensions of an existing security infrastructure and to successfully integrate them.
Knowledge of Computer Science equivalent to the first four semesters in the Computer Science Bachelor program, in particular programming skills in Java and ability to understand formal calculi.
Last modified on 2 December 2016.