January 8 |
- Introduction and overview of the course
- Security bootcamp
|
January 12 |
- Read before the class:
- Alan Jay Smith. 1990. The Task of the Referee. Computer 23, 4 (April 1990), 65-71.
- Enck, William, Machigar Ongtang, and Patrick Drew McDaniel. “Understanding Android Security.” IEEE security & privacy 7, no. 1 (2009): 50-57.
- Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,” in Proceedings of the 33th IEEE Symposium on Security and Privacy, SP’12, 2012.
- Lecture: (1) adversary model, (2) big picture of mobile security & privacy
- In-class critiquing: Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,” in Proceedings of the 33th IEEE Symposium on Security and Privacy, SP’12, 2012.
|
January 15 |
- W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of Android application security,” in Proceedings of the 2011 USENIX Security Symposium, SEC’11, 2011.
- L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang, “The impact of vendor customizations on Android security,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, 2013.
|
- Wali
- David
|
January 19 |
- A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, “Permission re-delegation: Attacks and defenses,” in Proceedings of the 2011 USENIX Security Symposium, SEC’11, 2011.
- S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, “Towards taming privilege-escalation attacks on Android,” in Proceedings of the 2012 Network and Distributed System Security Symposium, NDSS’12, 2012.
|
- Da
- Ivan
|
January 22 |
- L. K. Yan and H. Yin, “DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis,” in Proceedings of the 2012 USENIX Security Symposium, SEC’12, 2012.
- Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, Tiantian Zhu, Zhong Chen “AutoCog: Measuring the Description-to-permission Fidelity in Android Applications” ACM CCS 2014
|
- Nam
- Jonathan
|
January 26 |
- R. Wang, L. Xing, X. Wang, and S. Chen, “Unauthorized origin crossing on mobile platforms: Threats and mitigation,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, 2013.
- M. Georgiev, S. Jana, and V. Shmatikov, “Breaking and fixing origin-based access control in hybrid web/mobile application frameworks,” in Proceedings of the 2014 Network and Distributed System Security Symposium, NDSS’14, 2014.
|
- Nam
- Jonathan
|
January 29 |
- term paper proposal presentations
- B. Livshits and J. Jungo, “Automatic mediation of privacy-sensitive resource access in smartphone applications,” in Proceedings of the 2013 USENIX Security Symposium, SEC’13, 2013.
|
Wali |
February 2 |
- C. Marforio, N. Karapanos, C. Soriente, K. Kostiainen, and S. Capkun, “Smartphones as practical and secure location verification tokens for payments,” in Proceedings of the 2014 Network and Distributed System Security Symposium, NDSS’14, 2014.
- Chunyi Peng, Chi-Yu Li, Hongyi Wang, Guan-Hua Tu, Songwu Lu, “Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging,” ACM CCS 2014.
|
- David
- Da
|
March 2 |
Pre-final drafts of the term papers are due via e-mail to Kosta |
reviewing pre-final drafts |
March 13 |
Reviews of pre-final drafts of the term papers are due via e-mail to Kosta |
March 16 |
- “On Implementing Deniable Storage Encryption for Mobile Devices” NDSS ‘13
- “What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources” NDSS ‘15
|
- Wali
- No presenter
|
March 19 |
- Joel Reardon, Srdjan Capkun, and David Basin. 2012. Data node encrypted file system: efficient secure deletion for flash memory. In Proceedings of the 21st USENIX conference on Security symposium (Security’12). USENIX Association, Berkeley, CA, USA, 17-17.
- Adam Skillen, David Barrera, and Paul C. van Oorschot. 2013. Deadbolt: locking down android disk encryption. In Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices (SPSM ’13). ACM, New York, NY, USA, 3-14.
|
- David
- Nam
|
March 26 |
- “DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices” NDSS ‘15
- A. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 21th ACM Conference on Computer and Communications Security (CCS), Scottsdale, AZ, Nov. 2014.
|
- Jonathan
- Wali
|
April 2 |
- Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna, “What the App is That? Deception and Countermeasures in the Android User Interface” IEEE Security & Privacy Symposium 2015
- Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Kui Ren, Wei Zhao, “Blind Recognition of Touched Keys on Mobile Devices” ACM CCS 2014
|
- Jonathan
- Jonathan
|
April 9 |
- Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, David Wagner, “Are You Ready to Lock?” ACM CCS 2014
- Y. Song, G. Cho, S. Oh, H. Kim, J. H. Huh, “On the Effectiveness of Pattern Lock Strength Meters – Measuring the Strength of Real World Pattern Locks,” in Proceedings of the 2015 ACM SIG CHI.
|
- Nam
- David
|
April 27 |
Term Paper Presentations |
|
May 4 |
Final versions of the term papers are due via e-mail to Kosta |