Overview
Below is the papers you can use for the survey assignment for this course. During the first exercise session (Thursday, January 7), you will be asked to indicate a list of three papers that you are interested in surveying. You will be assigned one paper by the following week.
What is expected in the survey
Your survey should contain
- a summary of the main ideas in the paper you are surveying (1-2 pages)
- your own synthesis about the topic (1-2 pages): You can structure this part as you see fit. If it helps, you can write your synthesis by attempting to answer questions like
- Is the paper correct and complete?
- Did you identify any flaws?
- Do you have some ideas on how to improve the solution(s) presented in the paper?
- How does this paper compare to other related work addressing the same or similar problems?
To write the synthesis part, you are encouraged to read other related papers than the one that you were assigned. For example, you can find related papers by looking at the papers referred to by your assigned paper. You can also search resources like Google Scholar (http://scholar.google.com) with relevant search terms.
Survey Topic Assignment
| Student | Assigned Survey Topic |
|---|---|
| Samu Toimela | 10 |
| Erkki Laite | 11 |
| Inés Ortega | 2 |
| Van Tan Nguyen | 11 |
| Antero Oikkonen | 5 |
| Hans Liljestrand | 8 |
| Zhengwu Lu | 15 |
| Lakshika Perera | 10 |
| Julius Eerola | 24 |
| Nicholas Kukka | 1 |
| Gaurav Bhorkar | 1 |
| Manish Thapa | 2 |
| Tero Lindfors | 9 |
| Taavi Teemaa | 27 |
| Stefano Tedeschi | 8 |
| Ashutosh Sharma | 16 |
| Mika Juuti | 23 |
| Muhammad Mohsin | 2 |
| Nazia Hussain | 11 |
| Juha Kivekäs | 6 |
| Jonas Lemberg | 15 |
| Eino Virtanen | 15 |
| Rohan Krishnakumar | 27 |
List of papers
Nr. | Lecture | Title | Description | Assigned to | Additional Info |
|---|---|---|---|---|---|
| 1 | 1 | The Protection of Information in Computer Systems, Saltzer & Schroder | Seminal paper introducing basic concepts in information security. Focus on the "design principles" section | ||
| 2 | 2 | Security Enhanced (SE) Android: Bringing Flexible MAC to Android, Smalley Craig | The official mandatory access control architecture for Android. Additional references: http://seandroid.bitbucket.org/ | ||
| 3 | 3 | Security in the Firefox OS and Tizen Mobile Platforms, Gadyatskaya et al
| Platform security mechanisms in alternative mobile OSs. Additional reference: A First Look at Firefox OS Security, DeFreez et al. | ||
| 4 | 3 | Old, new, borrowed, blue: a perspective on the evolution of mobile platform security architectures, Kostiainen et al. | A comparative survey of some early mobile platform security architectures. | ||
| 5 | 3 | Security Metrics for the Android Ecosystem, Thomas et al. | This paper defines a security metric to rank mobile device manufacturers and network operators in terms of their provision of software updates and their devices' exposure to critical vulnerabilities. This metric is applied to a large set of real devices. | ||
| 6 | 4 | Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World, Azab et al. | Real-time mobile OS kernel protection using ARM TrustZone features as implemented on Samsung Galaxy devices. | ||
| 7 | 4 | HIMA: A Hypervisor-Based Integrity Measurement Agent, Azab et al. | A design for both load-time and run-time integrity measurement and preservation architecture using hypervisor features. | ||
| 8 | 5 | Expectation and Purpose: Understanding Users’ Menta l Models of Mobile App Privacy through Crowdsourcing, Lin et al. | A new model for privacy based on user experiences analyzed by using crowdsourcing | ||
| 9 | 5 | User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, Kohno et al. | The paper introduces an approach of user-driven access control where permission is granted based on existing user actions in the context of application. | ||
| 10 | 5 | When It’s Better to Ask Forgiveness than Get Permission: Attribution Mechanisms for Smartphone Resources, Thompson et al. | The paper introduces new design for attribution mechanisms to enhance user experiences. | ||
| 11 | 5 | Mobility helps security in ad hoc networks, Čapkun et al | A generic technique for establishing security association between nodes in ad-hoc networks. | ||
| 12 | 5 | CRePE: context-related policy enforcement for android, Conti et al. | A system to define context-related policies on smartphones at fine-grained level. | ||
| 13 | 5 | Intuitive security policy configuration in mobile devices using context profiling, Gupta et al. Using context-profiling to aid access control decisions in mobile devices, Gupta et al. | A context profiling framework configuring access control policies on mobile devices.
A demo of access control configuring based on context. | ||
| 14 | 5 | Usability Analysis of Secure Pairing Methods, Uzun et al. | A comparative usability evaluation of selected methods to derive some insights into the usability and security. | ||
| 15 | 5 | Is this app safe?: a large scale study on application permissions and risk signals, Pern Hui Chia et al. | The paper presents analysis results on large-scale dataset of community rating used for granting app permissions. | ||
| 16 | 5 | Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings, Lin et al. | Using static analysis and clustering techniques to identify a small number of privacy profiles to address the problem of mobile app permission granting. | ||
| 17 | 6 | Quire : Lightweight Provenance for Smart Phone Operating Systems, Dietz et al. | The paper introduces Quire with two security mechanisms to address the issue in Android system which allows one app trigger another app. | ||
| 18 | 6 | Permission Re-Delegation: Attacks and Defenses, Felt at al. | The paper discusses the risk of permission re-delegation in smartphone OS and propose new OS mechanism for dedending again such vulnerabilities. | ||
| 19 | 6 | Towards Taming Privilege-Escalation Attacks on Android, Bugiel et al. | The paper addresses the designing and implementing a security framework to defend against application level privilege escalation attacks. | ||
| 20 | 6 | TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Enck et al. | The paper proposed TainDroid for realtime tracking multiple source of sensitive data via Android’s virtualized execution environment. | ||
| 21 | 6 | These Aren't the Droids You're Looking For: Retroffiting Android to Protect Data from Imperious Applications, Hornyack et al. | The paper presents how two privacy controls are implemented to empower users in running applications but still preserving data privacy. | ||
| 22 | 6 | Semantically rich application-centric security in Android, Ongtang et al. | The paper presents a modified infrastructure named "Saint" for install-time permission assignment and their run-time use. Focus on Saint policy section. | ||
| 23 | 6 | The company you keep: mobile malware infection rates and inexpensive risk indicators, Truong et al. | Mobile malware infection rates are estimated from large number of Android devices. The paper also introduced an indirect method based on a set of running apps to search for infected devices. | ||
| 24 | 6 | Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices, Becher et al. | This paper provides comprehensive overview of different aspects of the topic of smartphone security. In particular, it surveys mechanisms that are intended to increase the overall security of smartphones. | ||
| 25 | 6 | Systematic Detection of Capability Leaks in Stock Android Smartphones, Grace et al. | This paper examines impact of firmware customization on the security and privacy aspects. Research results state that stock images provided by smartphone manufactures do not enforce the permission-based security model. | ||
| 26 | 6 | ASM: A Programmable Interface for Extending Android Security, Heuser et al. | An extensible architecture for adding new reference monitors for Android. | ||
| 27 | 6 | Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones, Xu et al. | Techniques to transparently authenticate mobile users based on their interactions with their devices' touch screens. | ||
| 28 | 6 | Using contextual co-presence to strengthen Zero-Interaction Authentication: Design, integration and usability, Truong et al. | A design and implementation of using audio, radio sensor data to improve security without sacrifying usability of zero interaction authentication. | ||
| 29 | 6 | World-Driven Access Control for Continuous Sensing, Roesner et al. | This paper proposes a extensible framework for controlling access to sensor data on multi-application continuous sensing platforms. | ||
| 30 | 6 | Boxify: Full-fledged App Sandboxing for Stock Android, Backes et al. | This paper presents Boxify, an application-layer mechanism for additional sandboxing of untrusted apps on Android, using app virtualization and process-based privilege separation. The proposed solution requires no modification of the apps or Android OS. |