External Javascripts are not allowed
Security and Privacy in Smartphones
General
| Semester | Summer 2015 |
| Lecturer | Prof. Dr. Konrad Rieck |
| Assistants | Hugo Gascon |
| Course type | Seminar |
| Module | M.Inf.1228 (previously 1225) |
| ECTS (SWS) | 5 (2) |
| Date | Introduction: 23.04.2015, 17:00-18:00 Presentations: 30.07.2015, 10:00-18:00 |
| Location | Introduction: Informatik 0.101 Presentations: Informatik 1.101 |
| Audio recording | No. Physical attendance required. |
| Audience | Applied Computer Science MSc Applied Computer Science BSc |
Description
The seminar focuses on current research in the area of mobile security. It covers recent work in this field and studies open problems and challenges as well as novel approaches and methods.
Presentations
| Time | Paper |
| 10:00 - 10:30 | Hybrid User-level Sandboxing of Third-party Android Apps |
| Presenter: Kevin Freeman | |
| 10:30 - 11:00 | What the App is That? Deception and Countermeasures in the Android User Interface |
| Presenter: Vijay Soppadandi | |
| 11:00 - 11:30 | Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security |
| Presenter: Polina Yakovleva | |
| 11:30 - 12:00 | Attacks on WebView in the Android System |
| Presenter: Xu Zhu |
Seminar Steps
| Date | Step |
| 23.04.2015, 17:00-18:00 | Introduction and registration |
| 29.04.2015 | Arrange appointment with assistant |
| 06.06.2015 | Discuss draft with assistant |
| 13.07.2015 | Register with examination office (FlexNow) |
| 28.07.2015 | Send slides (PDF) and paper to assistant |
| 30.07.2015, 10:00-18:00 | Final presentation |
Topics
- What the App is That? Deception and Countermeasures in the Android User Interface
Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna S&P 2015 [Paper 1] → Vijay Soppadandi - Drebin: Effective and explainable detection of android malware in your pocket
Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck NDSS 2014 [Paper 2] - Machine Learning-Based Malware Detection for Android Applications: History Matters
K Allix, TFDA Bissyande, J Klein, Y Le Traon [Paper 3] - CopperDroid: Automatic Reconstruction of Android Malware Behaviors
K Tam, SJ Khan, A Fattori, L Cavallaro NDSS 2015 [Paper 4] - Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs
M Zhang, Y Duan, H Yin, Z Zhao CCS 2014 [Paper 5] - XiOS: Extended Application Sandboxing on iOS
Mihai Bucicoiu, Lucas Davi, Razvan Deaconescu, Ahmad-Reza Sadeghi ASIA CCS 2015 [Paper 6] - Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps
S Arzt, S Rasthofer, C Fritz, E Bodden, A Bartel PLDI 2014 [Paper 7] - Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security
Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Lars Baumgartner, Bernd Freisleben CCS 2012 [Paper 8] → Polina Yakovleva - An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack
Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden Technical Report [Paper 9] - Attacks on WebView in the Android System
Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, Heng Yin ACSAC 2011 [Paper 10] → Xu Zhu - Gyrophone: Recognizing Speech from Gyroscope Signals
Y Michalevsky, D Boneh, G Nakibly USENIX 2014 [Paper 11] - Hybrid User-level Sandboxing of Third-party Android Apps
Y Zhou, K Patel, L Wu, Z Wang, X Jiang ASIA CCS 2015 [Paper 12] → Kevin Freeman
Results
| MD5 of matriculation number | Grade |
| d31962e50a7e53ce219b2f378d271f13 | 1.0 |
| 9ce34e2e386072fdee22539a05d3c885 | 1.3 |
| 7e3b45317884bda1afdaa9d57f424a0b | 5.0 |
| f6f4c9da6545102c9336cde0560632dd | 1.3 |
Mailing List
There is a mailing list for the seminar. News and updates regarding the schedule are posted to this list. Furthermore, the list allows students to discuss topics of the seminar. You can register for the mailing list here.
IRC Channel
All students of the course are encouraged to join the IRC channel #goesec on EFnet. The channel is used as a platform for discussing and chatting about computer security in a casual atmosphere.