Topic outline

  • Introduction

    This is the course space for the Aalto University Department of Computer Science course on Mobile Systems Security (CS-E4310). The course is worth 5 credits, which are earned completing weekly exercises, participating in exercise sessions, and conducting a survey on an assigned topic and presenting the results. There is no exam.

    Course staff: N. Asokan, Lachlan Gunn, Thomas Nyman, Hans Liljestrand, Jorden Whitefield.

    The course staff can be reached by email individually at firstname.lastname@aalto.fi or collectively at mss-staff@list.aalto.fi.

    Pre-requisites

    The course is designed for people who have already taken a basic security and/or crypto course. For example, you should have a basic understanding of concepts from cryptography like digital signatures, symmetric and asymmetric key encryption algorithms, cryptographic hash functions. You should also have some familiarity with notions like user and data authentication. For example, Aalto courses CS-C3130 or CS-E4300 will provide more than enough background.

    Registration

    As the evaluation in the course will be based entirely on continuous assessment, we need to limit the total number of students allowed to take the course for credit. In previous years, interest for the course has exceeded available capacity. For this reason we want to make sure that the participants taking the course for credit have the necessary background and are committed to completing the course. To this end, we ask all students signed up for the course to confirm their participation by sending an e-mail to the course staff (mss-staff@list.aalto.fiexplicitly confirming each of the items below:

    • You have already completed your bachelor's degree (say where)
    • You have taken at least one security course before (say what course and where)
    • You are committed to completing this course (see below for requirements for completing the course)

    Participation must be confirmed in this manner by Thursday, January 10 at the latest.

    Students must also register for the course through Oodi.

    Course Overview

    Learning Outcomes

    This course aims to teach the principles behind system security in general and software and hardware platform security architectures in mobile devices in particular. Students will learn selected example platform security architectures in detail and be able to identify similarities and differences between different architectures. Students will be able to recognize usability challenges in designing security mechanisms for mobile device. Students will gain an overview of current research issues in the area.

    Course Content

    • Basics of access control
    • Android platform security architecture
    • General model of platform security and design space for different instantiations
    • Hardware security enablers
    • Case studies of usable security challenges
    • Current research issues in mobile system security
    • Optional material: IoT security, Machine learning and security, SE Linux for Android

    Tentative Schedule

    Lectures: Tuesdays, 10am-12pm, Lecture Hall T3, CS building

    Video Recording: We will attempt to record the lectures and publish the videos on the wiki within a few days (however, we make no guarantees about recording quality).

    Exercise Sessions: Thursdays, 10am-12pm, Lecture Hall T3, CS building. Attending exercises sessions is compulsory. You are required to achieve 80% attendance in order to pass the course.



    Homework and evaluation

    • Weekly exercises (individual)
      • Exercises reflect on and extend the topics covered in each lecture (estimated time equivalent to 3 ECTS credits).
      • Published on Tuesdays, based on the lecture and have deadline on the next Wednesday, one week later (at 7:30am); returns in writing (PDF or plain text) through MyCourses.
      • Exercises are graded 0 (not done or very poor) - 30 (excellent).
      • Students are required to participate in Thursday exercise sessions during which the solutions to the exercises are discussed. Attendance in 80% of the exercise sessions is mandatory to pass the course.

    • Research presentation (groups of 2)
      • Detailed instructions given on the Presentations page
      • Presentation is a mandatory requirement to pass the course.

    Requirements for completing the course

    To complete the course you must:

    • submit solutions to all exercises
    • attend at least 80% of the exercise sessions
    • submit slides and present a research presentation
    • make sure that all your required submissions are done on time

    Please note that late submissions are grounds for 0 points; we recommend that you set your personal deadline a day or two earlier to have some buffer for disasters, particularly if you tend to leave work close to deadlines.

    MSS Challenges

    Students in this course are welcome to try some of the course-related challenges on offer. Each challenge is a mini programming project related to some aspect of the course. Students completing one or more challenges successfully may be invited to sign up for a special assignments we currently have available in our group. The challenges will have no bearing on the course grade. However, students interested in pursuing research in systems security (e.g., doing your thesis in our group) are strongly encouraged to try one or more challenges.

    Course Feedback

    Mid-course feedback form will be found here when published.


    Supplementary book

    There is a supplementary course book: Mobile Platform Security by Asokan, Davi, Dmitrienko, Heuser, Kostiainen, Reshetova and Sadeghi (2013). Aalto students have free access to the book online (PDF).