Skip to end of metadata
Go to start of metadata

Overview

Below is the papers you can use for the survey assignment for this course. During the first exercise session (Thursday, January 7), you will be asked to indicate a list of three papers that you are interested in surveying. You will be assigned one paper by the following week.

What is expected in the survey

Your survey should contain

  • a summary of the main ideas in the paper you are surveying (1-2 pages)
  • your own synthesis about the topic (1-2 pages): You can structure this part as you see fit. If it helps, you can write your synthesis by attempting to answer questions like
    • Is the paper correct and complete? 
    • Did you identify any flaws?
    • Do you have some ideas on how to improve the solution(s) presented in the paper?
    • How does this paper compare to other related work addressing the same or similar problems?

To write the synthesis part, you are encouraged to read other related papers than the one that you were assigned. For example, you can find related papers by looking at the papers referred to by your assigned paper. You can also search resources like Google Scholar (http://scholar.google.com) with relevant search terms.

Survey Topic Assignment

StudentAssigned Survey Topic
Samu Toimela10
Erkki Laite11
Inés Ortega2
Van Tan Nguyen11
Antero Oikkonen5
Hans Liljestrand8
Zhengwu Lu15
Lakshika Perera10
Julius Eerola24
Nicholas Kukka1
Gaurav Bhorkar1
Manish Thapa2
Tero Lindfors9
Taavi Teemaa27
Stefano Tedeschi8
Ashutosh Sharma16
Mika Juuti23
Muhammad Mohsin2
Nazia Hussain11
Juha Kivekäs6
Jonas Lemberg15
Eino Virtanen15
Rohan Krishnakumar27

 

List of papers

Nr.
Lecture
Title
Description
Assigned to
Additional Info
11The Protection of Information in Computer Systems, Saltzer & SchroderSeminal paper introducing basic concepts in information security. Focus on the "design principles" section  
22

Security Enhanced (SE) Android: Bringing Flexible MAC to Android, Smalley Craig

The official mandatory access control architecture for Android.

Additional references:

http://seandroid.bitbucket.org/
https://www.nsa.gov/research/selinux/docs.shtml

  
33

Security in the Firefox OS and Tizen Mobile Platforms, Gadyatskaya et al

 

Platform security mechanisms in alternative mobile OSs.

Additional reference: A First Look at Firefox OS Security, DeFreez et al.

  
43Old, new, borrowed, blue: a perspective on the evolution of mobile platform security architectures, Kostiainen et al.A comparative survey of some early mobile platform security architectures.  
53Security Metrics for the Android Ecosystem, Thomas et al.This paper defines a security metric to rank mobile device manufacturers and network operators in terms of their provision of software updates and their devices' exposure to critical vulnerabilities. This metric is applied to a large set of real devices.  
64Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World, Azab et al.

Real-time mobile OS kernel protection using ARM TrustZone features as implemented on Samsung Galaxy devices.

  
74HIMA: A Hypervisor-Based Integrity Measurement Agent, Azab et al.

A design for both load-time and run-time integrity measurement and preservation architecture using hypervisor features.

  
85Expectation and Purpose: Understanding Users’ Menta l Models of Mobile App Privacy through Crowdsourcing, Lin et al.A new model for privacy based on user experiences analyzed by using crowdsourcing  
95User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, Kohno et al. The paper introduces an approach of user-driven access control where permission is granted based on existing user actions in the context of application.  
105When It’s Better to Ask Forgiveness than Get Permission: Attribution Mechanisms for Smartphone Resources, Thompson et al.The paper introduces new design for attribution mechanisms to enhance user experiences.  
115Mobility helps security in ad hoc networks, Čapkun et alA generic technique for establishing security association between nodes in ad-hoc networks.  
125 CRePE: context-related policy enforcement for android, Conti et al.A system to define context-related policies on smartphones at fine-grained level.  
135

Intuitive security policy configuration in mobile devices using context profiling, Gupta et al.

Using context-profiling to aid access control decisions in mobile devices, Gupta et al.

A context profiling framework configuring access control policies on mobile devices.

 

A demo of access control configuring based on context.

  
145Usability Analysis of Secure Pairing Methods, Uzun et al.A comparative usability evaluation of selected methods to derive some insights into the usability and security.  
155Is this app safe?: a large scale study on application permissions and risk signals, Pern Hui Chia et al.The paper presents analysis results on large-scale dataset of community rating used for granting app permissions.  
165Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings, Lin et al.

Using static analysis and clustering techniques to identify a small number of privacy profiles to address the problem of mobile app permission granting.

  
176Quire : Lightweight Provenance for Smart Phone Operating Systems, Dietz et al.The paper introduces Quire with two security mechanisms to address the issue in Android system which allows one app trigger another app.  
186Permission Re-Delegation: Attacks and Defenses, Felt at al.The paper discusses the risk of permission re-delegation in smartphone OS and propose new OS mechanism for dedending again such vulnerabilities.  
196Towards Taming Privilege-Escalation Attacks on Android, Bugiel et al.The paper addresses the designing and implementing a security framework to defend against application level privilege escalation attacks.  
206TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Enck et al.The paper proposed TainDroid for realtime tracking multiple source of sensitive data via Android’s virtualized execution environment.  
216These Aren't the Droids You're Looking For: Retroffiting Android to Protect Data from Imperious Applications, Hornyack et al.The paper presents how two privacy controls are implemented to empower users in running applications but still preserving data privacy.  
226Semantically rich application-centric security in Android, Ongtang et al.The paper presents a modified infrastructure named "Saint" for install-time permission assignment and their run-time use. Focus on Saint policy section.  
236The company you keep: mobile malware infection rates and inexpensive risk indicators, Truong et al.Mobile malware infection rates are estimated from large number of Android devices. The paper also introduced an indirect method based on a set of running apps to search for infected devices.  
246Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices, Becher et al.

This paper provides comprehensive overview of different aspects of the topic of smartphone security. In particular, it surveys mechanisms that are intended to increase the overall security of smartphones.

  
256Systematic Detection of Capability Leaks in Stock Android Smartphones, Grace et al.

This paper examines impact of firmware customization on the security and privacy aspects. Research results state that stock images provided by smartphone manufactures do not enforce the permission-based security model.

  
266ASM: A Programmable Interface for Extending Android Security, Heuser et al.An extensible architecture for adding new reference monitors for Android.  
276Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones, Xu et al.

Techniques to transparently authenticate mobile users based on their interactions with their devices' touch screens.

  
286Using contextual co-presence to strengthen Zero-Interaction Authentication: Design, integration and usability, Truong et al.A design and implementation of using audio, radio sensor data to improve security without sacrifying usability of zero interaction authentication.  
296

World-Driven Access Control for Continuous Sensing, Roesner et al.

This paper proposes a extensible framework for controlling access to sensor data on multi-application continuous sensing platforms.  
306Boxify: Full-fledged App Sandboxing for Stock Android, Backes et al.
 
This paper presents Boxify, an application-layer mechanism for additional sandboxing of untrusted apps on Android, using app virtualization and process-based privilege separation. The proposed solution requires no modification of the apps or Android OS.  
  • No labels