CPSC 601.93: Mobile Security and Privacy (Winter 2019)

Announcements | General Information


General information

Instructor: Joel Reardon, ICT 642, e-mail joel.reardon [at] ucalgary [dot] ca
Lectures: T 12:30--15:15 in EEEL 151
from 2019.01.15 to 2019.04.09

paper review website

Course Overview

This course does a full stack investigation on how to work with the Android Open Source Project and associated components to do security and privacy research on mobile devices. The first four lectures will combine theory and practice and focus on different layers in the Android platform.

Lectures occur weekly and will have a duration of 2.5 hours with a break in the middle. The first four lectures will be presented by the instructor, who will first give an hour long research talk on some prior work on Android phones. After the break, the class will become more workshop-like, where the instructor will lead a tutorial session showing in more detail and at the low level actually how to build the systems that were described in the research talk. In a sense, this will be a guided walk through the Android platform stack. Students are encouraged to bring a laptop along to class to fully participate in the workshop component.

The first lecture will cover basics of Android: adding logging, finding components in the code, and flashing new operating systems to the phone. The second lecture will go futher, and introduce fundamental components such as content providers, intent broadcasting, and how managers and services interact. The third lecture will introduce app decompiling and how to navigate through decompiled code and run them in an instrumented environment. The fourth lecture will look at the Linux kernel and instrumenting aspects of it, such as the file system.

After the mid-term break, the course proceeds to the student-driven component. Students will present a paper of their chosing (under some restrictions) as though it were their own research, and then lead a discussion with the class. The presentations should be 30 to 40 minutes in duration with a discussion of approximately 30 minutes. There will be two such presentations each lecture. All students are expected to read the paper before class and will submit a review of it. Students will also anonymously review the presentation. One quarter of the grade is the paper presentation, another quarter is all-semester-long participation in discussion and reviews.

There will also be a course project, done in groups of two, and worth half of the grade. Students will pick a topic related to course's theme, for example, building an instrumentation of the Android platform and using it to collect data. The project will be delivered in two formats: (i) as a conference-style paper describing the research, (ii) as a 20-minute presentation given in the final two lectures. A non-graded project proposal will be due one month into the course to ensure that students are on track, having a focus and topic for their research project, and to give an initial template from which to expand out the final project report.

Course Evalation

Paper List

This list is provisionary. The students can also suggest a paper and not all these papers will be presented.
Unit Title Presenter
introduction Aligning Mobile Privacy with User Preferences Joel Reardon
introduction Contextualizing Privacy Decisions for Better Prediction Joel Reardon
introduction Examining COPPA compliance at scale Joel Reardon
access control Context-Based Access Control Systems for Mobile Devices Si Zhang
automation Automated Analysis of Privacy Requirements for Mobile Apps Maryam Pour
software Deep Specification Mining Soheila Zangeneh
forensics Network and device forensic analysis of Android social-messaging applications Hannah Wright
security An Empirical Study of Cryptographic Misuse in Android Applications Alireza Ahmadi
tracking Bug Fixes Improvements ... and Privacy Leaks Debjyoti Mukherjee
tracking Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Sina Keshvadi
security SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android Yang Lui
sandboxes Android Rooting: An Arms Race between Evasion and Detection Gee Lin
sandboxes Enter Sandbox: Android Sandbox Comparison Md Adib Muhtasim
tracking ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic Lei Wang
tracking Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis Hayden Kroepfl
sandboxes TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones MJafar Mash
security ASM: A Programmable Interface for Extending Android Security Sarah Shah
tracking Should You Use the App for That? Comparing the Privacy Implications of Web- and App-based Online Services Tanuja Sudhakar

Course Admissions

The course is open to graduate students in the computer science department. Graduate students in any department at the University of Calgary are welcome to attend with consent of the instructor, and will be expected to be able to read and understand published research papers on the topic. Undergraduate students at the University of Calgary are also welcome to attend with consent of the instructor and the same expectations as graduate students. These admissions will be space permitting with priority given first to graduate students in the department of Computer Science and second to those with high GPAs.

Last updated: