Child pages
  • Survey Topics - Spring 2017
Skip to end of metadata
Go to start of metadata
  • 2017-01-10: Survey topics published.
  • 2017-01-19: Deadline for selecting top 3 survey topic preferences (
  • 2017-01-26: Survey topics assigned.
  • 2017-02-28: Deadline for mid-point survey draft.
  • 2017-03-21 & 03-23 & 03-28 & 03-30: Final presentations.
  • 2017-04-04: Final survey paper due.

What is expected in the survey paper

Your survey paper should be 4-6 pages, containing:

  • a summary of the main ideas in the paper you are surveying (2 pages)
  • your own synthesis about the topic (2-4 pages): You can structure this part as you see fit. If it helps, you can write your synthesis by attempting to answer questions like
    • Is the paper correct and complete? 
    • Did you identify any flaws?
    • Do you have some ideas on how to improve the solution(s) presented in the paper?
    • How does this paper compare to other related work addressing the same or similar problems?

To write the synthesis, you are encouraged to read other related papers than the one that you were assigned. For example, you can find related papers by looking at the papers referred to by your assigned paper. You can also search resources like Google Scholar ( with relevant search terms.

The goal of the mid-point draft is to monitor your progress and give you advice on your work, ensuring that you are progressing in the right direction. In the mid-point draft, you need to have at least:

  • Summary of the main ideas in the paper you are surveying (should be as complete as possible)
  • The structure of the rest of your survey paper (a title of each section, ...); as much of the synthesis as you can.

The more complete your draft is, the better the quality of feedback we can give you.

The survey paper can be written with any document preparation system or word processor of your choice (LaTeX, Word, ...); it must be submitted as a PDF file.

Two example survey papers from last year's course are available for reference (#1, #2). Please note that last year papers were required to be 2-4 pages: this year, they are required to be 4-6 pages.

Final Presentation

You will give an 8-minute presentation about the content of your survey paper. During your presentations, you will be warned at 6 minutes and you should stop by 8 minutes. It is recommended that the presentation slides should be no more than 5 slides. You should submit your final slides (via email to ) by Monday 20.03 at 9 am. You are allowed to make minor changes to your slides before your presentation day. However, you should inform course staff beforehand regarding changes. We will arrange a laptop and a pointer for presentations. The laptop will contain your slides submitted before the day of your presentation.

The presentation slides should contain:  

  • The problem description (1 slide)

  • Solution proposed in the assigned paper(s) (Recommended max. 2 slides)

  • Presentation of your synthesis on the topic (Recommended max. 1-2 slides)

Deadline: Slides must be submitted (via email to by Monday 20.03 at 9 am. If needed, a member of course staff will contact you to suggest changes. 

Proposing Your Own Topic

You are welcome to propose your own topic. The proposed topic can be any system security topic, preferably covered in the course. You should write a description as we gave in our topic list, and send it to  ASAP and discuss it with them (well before 2017-01-17). If your topic is approved by the course staff, you can proceed with it.

List of topics

Assigned to
Additional Info
11The Protection of Information in Computer Systems, Saltzer & SchroderSeminal paper introducing basic concepts in information security. Focus on Section I.A.3 "Design principles" on page 4

Antti Myyrä

Maïa Alexandre

Adrián Wragg Ruiz


Security Enhanced (SE) Android: Bringing Flexible MAC to Android, Smalley Craig

The official mandatory access control architecture for Android.

Additional references:


Security in the Firefox OS and Tizen Mobile Platforms, Gadyatskaya et al


Platform security mechanisms in alternative mobile OSs.

Additional reference: A First Look at Firefox OS Security, DeFreez et al.

Teemu Kekkonen

Aisha Saeed

43Old, new, borrowed, blue: a perspective on the evolution of mobile platform security architectures, Kostiainen et al.A comparative survey of some early mobile platform security architectures.Maimuna Syed 
53Security Metrics for the Android Ecosystem, Thomas et al.This paper defines a security metric to rank mobile device manufacturers and network operators in terms of their provision of software updates and their devices' exposure to critical vulnerabilities. This metric is applied to a large set of real devices.Syed Jalil 
64Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World, Azab et al.

Real-time mobile OS kernel protection using ARM TrustZone features as implemented on Samsung Galaxy devices.

74HIMA: A Hypervisor-Based Integrity Measurement Agent, Azab et al.

A design for both load-time and run-time integrity measurement and preservation architecture using hypervisor features.

Anwar Hassen 
85Expectation and Purpose: Understanding Users’ Menta l Models of Mobile App Privacy through Crowdsourcing, Lin et al.A new model for privacy based on user experiences analyzed by using crowdsourcingSamu Ahvenainen 
95AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems

The paper describes an approach of user-driven access control where permission is granted based on existing user actions in the context of application.

Additional reference: User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, Kohno et al.

The recorded presentation of this paper at CCS 2016 is available on YouTube.

Teemu Mikkonen 
105When It’s Better to Ask Forgiveness than Get Permission: Attribution Mechanisms for Smartphone Resources, Thompson et al. The paper introduces new design for attribution mechanisms to enhance user experiences.Bhavya Omkarappa 
115Mobility helps security in ad hoc networks, Čapkun et alA generic technique for establishing security association between nodes in ad-hoc networks.Otto Mangs 
125 CRePE: context-related policy enforcement for Android, Conti et al.A system to define context-related policies on smartphones at fine-grained level.  

Intuitive security policy configuration in mobile devices using context profiling, Gupta et al.

Using context-profiling to aid access control decisions in mobile devices, Gupta et al.

A context profiling framework configuring access control policies on mobile devices.


A demo of access control configuring based on context.

Mari Nikkarinen 
145Usability Analysis of Secure Pairing Methods, Uzun et al.A comparative usability evaluation of selected methods to derive some insights into the usability and security.  
155Is this app safe?: a large scale study on application permissions and risk signals, Pern Hui Chia et al.The paper presents analysis results on large-scale dataset of community rating used for granting app permissions.Ivan Shabunin 
165Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings, Lin et al.

Using static analysis and clustering techniques to identify a small number of privacy profiles to address the problem of mobile app permission granting.

176Quire : Lightweight Provenance for Smart Phone Operating Systems, Dietz et al.The paper introduces Quire with two security mechanisms to address the issue in Android system which allows one app trigger another app.  
186Permission Re-Delegation: Attacks and Defenses, Felt at al.The paper discusses the risk of permission re-delegation in smartphone OS and propose new OS mechanism for dedending again such vulnerabilities.Prasant Sukumar 
196Towards Taming Privilege-Escalation Attacks on Android, Bugiel et al. The paper addresses the designing and implementing a security framework to defend against application level privilege escalation attacks.  

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime

The paper proposes TainART, a system for realtime tracking of multiple source of sensitive data in the Android Run Time environment (ART).

The paper builds on previous research such as TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Enck et al.

216These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications, Hornyack et al.The paper presents how two privacy controls are implemented to empower users in running applications but still preserving data privacy.  
226Semantically rich application-centric security in Android, Ongtang et al.The paper presents a modified infrastructure named "Saint" for install-time permission assignment and their run-time use. Focus on Saint policy section.  
236The company you keep: mobile malware infection rates and inexpensive risk indicators, Truong et al.Mobile malware infection rates are estimated from large number of Android devices. The paper also introduced an indirect method based on a set of running apps to search for infected devices.

Rasmus Eskola

Rola Alhalaseh

Olli-Mikko Ojamies

246Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices, Becher et al.

This paper provides comprehensive overview of different aspects of the topic of smartphone security. In particular, it surveys mechanisms that are intended to increase the overall security of smartphones.

Aku Silvennoinen

Adedayo Adisa

256Systematic Detection of Capability Leaks in Stock Android Smartphones, Grace et al.

This paper examines impact of firmware customization on the security and privacy aspects. Research results state that stock images provided by smartphone manufactures do not enforce the permission-based security model.

266ASM: A Programmable Interface for Extending Android Security, Heuser et al.An extensible architecture for adding new reference monitors for Android.  
276Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones, Xu et al.

Techniques to transparently authenticate mobile users based on their interactions with their devices' touch screens.

Tuomas Tiira 
286Using contextual co-presence to strengthen Zero-Interaction Authentication: Design, integration and usability, Truong et al.A design and implementation of using audio, radio sensor data to improve security without sacrifying usability of zero interaction authentication.  

World-Driven Access Control for Continuous Sensing, Roesner et al.

This paper proposes a extensible framework for controlling access to sensor data on multi-application continuous sensing platforms.  
306Boxify: Full-fledged App Sandboxing for Stock Android, Backes et al.

This paper presents Boxify, an application-layer mechanism for additional sandboxing of untrusted apps on Android, using app virtualization and process-based privilege separation. The proposed solution requires no modification of the apps or Android OS.

Muhammad Tufail

Sami Jaktholm

316Draco: A System for Uniform and Fine-grained Access Control for Web Code on AndroidThis paper presents Draco, a uniform and fine-grained access control framework for web code running on Android embedded browsers (viz., WebView). The proposed solution requires no modifications to the Android OS.  
32ExtraA Simple Generic Attack on Text Captchas, Gao et al.This paper presents a simple, low-cost but powerful attack that effectively breaks a wide range of text Captchas with distinct design features using a machine learning technique.Jouni Puputti 
33ExtraThis paper proposes Bloom cookies that encode a user’s profile in a compact and privacy-preserving way, while still allowing online services to use it for personalization purposes.Borger Vigmostad 
34ExtraFast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks, Melicher et al.This paper proposes using artificial neural networks to model text passwords’ resistance to guessing attacks and explore how different architectures and training methods impact neural networks’ guessing effectiveness.Nikola Mandic 
35ExtraAccessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition, Sharif et al.This paper investigates physically realizable and inconspicuous attacks on facial recognition systems, which allow an attacker to evade recognition or impersonate another individual.  
  • No labels