This course will discuss all relevant aspects related to mobile systems security. Mobile devices have been revolutionized users' lives, and more than two billions mobile devices have been sold to date. Unfortunately, these devices, their operating systems, and the applications running on them are affected by security and privacy concerns. This course will be hands-on and will cover topics such as the mobile ecosystem, the design and architecture of mobile operating systems, rooting and jailbreaking, application analysis, malware reverse engineering, malware detection, vulnerability assessment, automatic static and dynamic analysis, and exploitation and mitigation techniques. While this course will mostly focus on Google's Android OS (its open nature makes it possible to have more interesting exercises and projects), it will also cover technical details about Apple's iOS as well.
Teaching and Learning Methods : Lectures , labs, and homework assignments.
Course Policies : Class and lab attendance is not checked but generally required to succeed.
Material from me and resources online (that I'll make available).
It is recommended to have basic knowledge of C / Java programming and to be familiar with Linux-based environments.
- Introduction to mobile devices and mobile security
- App development and Android framework API
- Android architecture and security design
- Attacking mobile devices: the attack surface
- Mobile malware
- App analysis and reverse engineering
- Static and dynamic analysis
- Malware analysis and detection
- Vulnerability detection and patching
- Research in mobile security
Successful students will acquire a solid foundation, for both the theoretical and technical aspects, to independently understand and critically think about topics related to mobile security systems. Students will be able to independently perform malware analysis, reverse engineering of closed-source apps, vulnerability assessments, and develop simple program analysis tools. The students will also have a chance to tamper with the internal of Android OS, so that they can develop and run custom versions of the OS on their devices.
Nb hours : 42
Grading Policy : written final exam + homeworks