CS-E4310 - Mobile Systems Security, 08.01.2019-26.03.2019
This course space end date is set to 26.03.2019 Search Courses: CS-E4310
Topic outline
-
Overview
To complete the course, you must give a research survey presentation, which counts for 20% of the final grade (tentative). This presentation will be a summary and synthesis about one of the topics covered in the course, based on a recent research paper. The presentation is done in groups of two. During the first week, you will be asked to indicate three preferences for presentation topics from the list of topics. If you like, you can also propose your own topic, in which case you must contact the course staff by 16.1. All students must register topic preferences before the deadline (the topic selection survey is at the bottom of the page).
Important Dates
- 2019-01-22: Deadline for selecting top 3 presentation topic preferences.
- 2019-01-24: Presentation topics assigned.
- 2019-03-06: Presentation slides submitted.
- 2019-03-12 & 03-14 & 03-19 & 03-21 & 03-26 & 03-28: Final presentations.
What is expected in the presentation
Your presentation should last 10 minutes. During your presentations, you will be warned at 8 minutes and you must stop by 10 minutes. It is recommended that the presentation slides should be 6-8 slides. All students must submit final slides (via MyCourses) by March 6 at 07:30 am. No updates to the slides are allowed after that. We will arrange a laptop and a pointer for the presentations. The laptop will contain your slides. The following is an example structure, but your presentation may follow a different structure as long as you succeed in conveying the main ideas from the paper to the audience.
Possible structure:
- a problem statement of the paper.
- a summary of the main ideas.
- evaluation results.
- your own synthesis about the topic. You can structure this part as you see fit. If it helps, you can attempt to answer questions like
- Is the paper correct and complete?
- Did you identify any flaws?
- Do you have some ideas on how to improve the solution(s) presented in the paper?
- How does this paper compare to other related work addressing the same or similar problems?
To present the synthesis, you are encouraged to read other related papers than the one that you were assigned. For example, you can find related papers by looking at the papers referred to by your assigned paper. You can also search resources like Google Scholar (http://scholar.google.com) with relevant search terms. The paper should be considered as a starting point and you are encouraged to search for more up-to-date information.
The presentation can be made with any presentation tool of your choice (PowerPoint, LaTeX, ...).
Deadline: Slides must be submitted (via MyCourses) by March 6 at 07:30 am. If needed, a member of course staff will contact you to suggest changes.Proposing Your Own Topic
You are welcome to propose your own topic. The proposed topic can be any system security topic, preferably covered in the course. If your topic is approved by the course staff, you can proceed with it.Sample Presentation
Here is an example of a good presentation from 2017. The format has changed slightly since then.Presentation Schedule and Evaluation Criteria
Please check the schedule to see when you and your partner have been assigned a slot to present. Please ensure that you are here at least 10 minutes before you are due to present. We strongly encourage you all to attend the presentations to get an overview from your peers on recent research related to the course.
List of topics
Nr.LectureTitleDescriptionAssigned1 1 The Protection of Information in Computer Systems Seminal paper introducing basic concepts in information security. Focus on Section I.A.3 "Design principles" on page 4 2 2 SoK: Lessons Learned from Android Security Research for Appified Software Platforms The paper gives high-level overview of the Android security ecosystem, focusing on application developer perspective. yes 3 2 Security Enhanced (SE) Android: Bringing Flexible MAC to Android The official mandatory access control architecture for Android.
Additional references:
http://seandroid.bitbucket.org/
https://www.nsa.gov/research/selinux/docs.shtml4 2, 7 EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-scale Semi-supervised Learning Proposes a technical solution towards creating SEAndroid policies using ML. 5 3 SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles Systematic analysis of iOS application sandbox access control profiles. yes 6 3 Old, new, borrowed, blue: a perspective on the evolution of mobile platform security architectures A comparative survey of some early mobile platform security architectures. yes 7 3 Security Metrics for the Android Ecosystem This paper defines a security metric to rank mobile device manufacturers and network operators in terms of their provision of software updates and their devices' exposure to critical vulnerabilities. This metric is applied to a large set of real devices. yes 8 3 Towards Taming Privilege-Escalation Attacks on Android The paper addresses the designing and implementing a security framework to defend against application level privilege escalation attacks. 9 3 TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime The paper proposes TaintART, a system for realtime tracking of multiple source of sensitive data in the Android Run Time environment (ART).
The paper builds on previous research such as TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
10 3 These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications The paper presents how two privacy controls are implemented to empower users in running applications but still preserving data privacy. 11 3 ASM: A Programmable Interface for Extending Android Security An extensible architecture for adding new reference monitors for Android. 12 3 Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones Techniques to transparently authenticate mobile users based on their interactions with their devices' touch screens. 13 3 World-Driven Access Control for Continuous Sensing This paper proposes a extensible framework for controlling access to sensor data on multi-application continuous sensing platforms. yes 14 3 Boxify: Full-fledged App Sandboxing for Stock Android This paper presents Boxify, an application-layer mechanism for additional sandboxing of untrusted apps on Android, using app virtualization and process-based privilege separation. The proposed solution requires no modification of the apps or Android OS. yes 15 3 Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android This paper presents Draco, a uniform and fine-grained access control framework for web code running on Android embedded browsers. The proposed solution requires no modifications to the Android OS. yes 16 4 BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments Analysis of class of attacks where trusted code inside a TEEs is tricked in order to bypass REE platform security measures. 17 4 Drammer: Deterministic Rowhammer attacks on mobile platforms This paper describes attacks against ARM Android based on the Rowhammer hardware bug in DRAM memory. 18 4 CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management This paper describes fault injection attacks against TrustZone that exploit the lack of security-awareness in energy management mechanisms. yes 19 4 The Circle Game: Scalable Private Membership Test Using Trusted Hardware The paper leverages Trusted Hardware to improve the scalability of Private Membership Test algorithm while maintaining the security guarantees. 20 4 C-FLAT: Control-Flow Attestation for Embedded Systems Software This paper describes a method for a remote trusted party to attest the run-time behavior of embedded systems. 21 4 SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment The paper describes a method to establish a secure communication channel between Trusted Execution Environment and the untrusted part of the system, focusing on managing the channel key and verifying the TEE code integrity. yes 22 4 SCONE: Secure Linux Containers with Intel SGX The paper presents how to allow SGX enclaves to be executed inside Linux Containers. 23 4 Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World Real-time mobile OS kernel protection using ARM TrustZone features as implemented on Samsung Galaxy devices.
24 4 HIMA: A Hypervisor-Based Integrity Measurement Agent A design for both load-time and run-time integrity measurement and preservation architecture using hypervisor features.
25 5 User Comfort with Android Background Resource Accesses in Different Contexts A large-scale study on user comfort with background resource access on Android applications. yes 26 5 Asking for a Friend: Evaluating Response Biases in Security User Studies Comparing actual user behavior with self-reported data related to software updating. 27 5 Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions The paper implements and tests a Personalized Privacy Assistant on Android, based on user privacy profiles. yes 28 5 Android Permissions Remystified: A Field Study on Contextual Integrity A user study of the Android application permissions. 29 5 AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems The paper describes an approach of user-driven access control where permission is granted based on existing user actions in the context of application.
Additional reference: User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, Kohno et al.
The recorded presentation of this paper at CCS 2016 is available on YouTube (https://www.youtube.com/watch?v=SFdxC7z2hK8).
30 8 Evading Classifiers by Morphing in the Dark A technique to modify malicious PDF files such that they will “evade” a targeted identification system (misclassified as benign files) while remaining malicious. 31 8 Outside the Closed World: On Using Machine Learning for Network Intrusion Detection An analysis on the drawbacks of using machine learning techniques for intrusion detection and the reason why machine learning is generally not used in production system. yes 32 8 DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket A machine learning based technique for detecting malicious Android applications. 33 8 Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application A browser add-on for detecting phishing web-pages in real-time using machine learning. yes 34 8, 9 IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT A technique for identifying and isolating vulnerable devices in Smart Home IoT networks. The device type identification leverages machine learning and the isolation uses SDN. yes 35 9 Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic Attacks and defences against privacy leakage from monitoring the Internet traffic of IoT devices. yes 36 9 DÏoT: A Self-learning System for Detecting Compromised IoT Devices This paper presents a system for detecting compromised IoT devices in consumer IoT networks. Th system uses a self-learning approach to classify IoT devices into device types and build normal communication profiles for each of these that can subsequently be used to detect anomalous deviations in communication patterns. yes 37 8 Adversarial Examples - A Complete Characterisation of the Phenomenon It recaps some of the research on adversarial ML that is necessary to understand to do research in this area. yes 38 8, Extra SoK: Towards the Science of Security and Privacy in Machine Learning One recent systematization of S&P of ML. Includes references to several works. 39 Extra Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
This paper investigates physically realizable and inconspicuous attacks on facial recognition systems, which allow an attacker to evade recognition or impersonate another individual. yes 40 Extra A Systematic Evaluation of Transient Execution Attacks and Defenses
This paper presents new discovered Meltdown and Spectre attacks. The authors evaluate
all attacks, and provide proof-of-concept implementations.41 Extra FORESHADOW: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
Foreshadow is a micro-architectural attack that exploits speculative execution. The
attack allows the attacker to recover cryptographic keys from an SGX enclave.
The paper implements a proof-of-concept to launch attacks that allows an adversary
to forge arbitrary local and remote attestations.42 Extra https://www.youtube.com/watch?v=6O8LTwVfTVs&t=1s
Meltdown exploits side effects of out-of-order execution on modern processors to
read arbitrary kernel-memory locations. Out-of-order executions is an optimization
that allows the CPU to execute instructions using all available resources. A fix
is addressed and presented in this work.yes 43 Extra This paper presents a class of micro-architectural attacks called Spectre attacks.
A Spectre attack tricks the processor into speculatively executing instruction
sequences that should not have been executed under correct program execution,
and this allows an attacker to read arbitrary process memory.-
Presentation Schedule 2019 File PDF
Please check the schedule to see when you and your partner have been assigned a slot to present. We strongly encourage you all to attend the presentations to get an overview from your peers on recent research related to the course.
Students presenting on a certain date should be present during the entire course meeting slot on that date.
This is because:- Timing may slip slightly
- Have a break in the presentation sessions