print

Mobile Systems and Smartphone Security

T
Technical Teaching
MobiSec
ANTONIOLI Daniele
CASAGRANDE Marco
Abstract

This course will discuss all relevant aspects related to mobile systems security. Mobile devices have revolutionized users' lives, and more than two billion mobile devices have been sold to date. Unfortunately, these devices, their operating systems, and the applications running on them are affected by security and privacy concerns. This course will be hands-on and will cover topics such as the mobile ecosystem, the design and architecture of mobile operating systems, rooting and jailbreaking, application analysis, malware reverse engineering, malware detection, vulnerability assessment, automatic static and dynamic analysis, and exploitation and mitigation techniques. While this course will mostly focus on Google's Android OS (its open nature makes it possible to have more interesting exercises and projects), it will also cover technical details about Apple's iOS as well.

Teaching and Learning Methods: Lectures, labs and homework assignments.

Course Policies: Class and lab. attendance is not checked but is generally required to succeed.

Bibliography
  • Material from me
  • Resources online (that I'll make available).

Requirements

 It is recommended to have basic knowledge of C / Java programming and to be familiar with Linux-based environments.

Description
  • Introduction to mobile devices and mobile security
  • App development and Android framework API
  • Android architecture and security design
  • Attacking mobile devices: the attack surface
  • Mobile malware
  • App analysis and reverse engineering
  • Static and dynamic analysis
  • Malware analysis and detection
  • Vulnerability detection and patching
  • Research in mobile security

Learning outcomes: 

  • Successful students will acquire a solid foundation, for both the theoretical and technical aspects, to independently understand and critically think about topics related to mobile security systems.
  • Students will be able to independently perform malware analysis, reverse engineering of closed-source apps, vulnerability assessments, and develop simple program analysis tools.
  • The students will also have a chance to tamper with the internal Android OS so that they can develop and run custom versions of the OS on their devices.

Nb hours: 42,00

Evaluation:

  • Final written exam (60% of the final grade)
  • Homework challenges (40% of the final grade)