Course staff: N. Asokan*, Andrew Paverd*,Thomas Nyman* (IRC handle: tajnyman), Samuel Marchal*, Hien Truong

The course staff can be reached by email at  (where indicated by *) or (where indicated by ).

The course has

  • a MyCourses space (CSE-E5480 - Mobile Systems Security) for returning exercise answers and programming assignments, and
  • an Internet Relay Chat (IRC) channel #tkt-mobisec @ IRCnet which can be used for discussing assignments, questions on lectures etc.


As the evaluation in the course will be based entirely on continuous assessment, we need to limit the total number of students allowed to take the course for credit. Interest for the course has exceeded our expectations. For this reason we want to make sure that the participants taking the course for credit have the necessary background and are committed to completing the course. To this end, we ask all students signed up for the course to confirm their participation by sending an e-mail to the course staff explicitly confirming each of the four items below:

  • You have already completed your bachelor's degree (say where)
  • You have taken at least one security course before (say what course and where)
  • You are committed to completing this course (see below for requirements for completing the course)
  • Your preference for completing the course by doing (1) programming assignments; or (2) written survey.
  • The e-mail address you use to login to MyCourses (UH students: you should login to MyCourses once before we can see you in the system and add you to the course page)

Participation must be confirmed in this manner by Tuesday, January 12 at the latest.

Students must register to the course as well here for Aalto University and here for University of Helsinki.

Tentative Schedule

The lectures are conducted on Tuesday mornings (10-12). We will attempt to stream lectures using a video conference channel from Otaniemi campus to Kumpula campus, however we cannot guarantee the availability or quality of this streaming. The lectures are held at:

  • Aalto University: lecture hall T3 in the CS building - Otaniemi, Konemiehentie 2
  • University of Helsinki (via video stream): room C220 in the Exactum building - Kumpula, GustafHällströmin katu 2B (main entrance from Pietari Kalmin katu)

If the video conferencing does not work satisfactorily, then lectures will take place only in T3 (Otaniemi).

Exercise sessions are conducted only at Aalto University. The exercise sessions are held on Thursday afternoons (12:15-14:00) in lecture hall TU6 in the TUAS building (Otaniementie 17). The TUAS building is adjacent to the CS building. Attending exercises sessions is compulsory. You are required to achieve 80% attendance in order to pass the course.



DateLectureExercisesProgramming assignmentsSurvey
Tue 5.1

Thu 7.1
No lectureNo exercise session- 

Tue 12.1

Thu 14.1

L1: Introduction to the course (slides, recording), and
L1: Overview of Platform Security (slides, recording)

Exercise 1, due Tue 19.1

General briefing on Thu 14.1

1st programming assignment, due 25.1

Survey topics published.
Sign up for survey topics
via this form before Thu 14.1

Tue 19.1
Thu 21.1

L2: Platform Security in Android OS (slides, recording)
Android Services (slides [updated 2.2])

Exercise 2 (helloworld.apk), due Tue 26.1
Exercise 1 solutions discussed on Thu 21.1
(example solutions published in MyCourses)

Initial survey topic assignments
Tue 26.1
Thu 28.1

L3: Mobile software platform security (slides, recording)

Preliminary course feedback (in MyCourses)

Exercise 3, due Tue 9.2 (2 weeks)

Exercise 2 solutions discussed on Thu 28.1

2nd programming assignment, due 8.2
1st assignment solutions discussed Thu 28.1

Survey topic assignments finalized
Tue 2.2
Thu 4.2

Guest lecture: SEAndroid policy exploration (slides, recording)
Jan-Erik Ekberg (Trustonic)

Preliminary course feedback results

No exercise session

Tue 9.2
Thu 11.2
L4: Mobile hardware platform security (slides, recording)

Exercise 4, due Tue 23.2 (2 weeks)
Exercise 3 solutions discussed on Thu 11.2

3rd programming assignment, due 22.2
2nd assignment solutions discussed Thu 11.2

Tue 16.2
Thu 18.2
No lecture

No exercise session


Tue 23.2
Thu 25.2

Optional Q&A session for Exercise 4

Optional exercise (SEAndroid), due Tue 1.3
Exercise 4 solutions discussed on Thu 25.2

4th programming assignment, due 14.3 (3 weeks)
3rd assignment solutions discussed Thu 25.2
Tue 1.3
Thu 3.3
Sun 6.3 

L5: Usability of platform security (slides, recording)

Exercise 5, due Tue 15.3 (2 weeks)
Optional exercise (SEAndroid) solutions discussed on Thu 3.3


Draft survey due Sun 6.3

(submit your draft)

Tue 8.3
Thu 10.3
No lecture

No exercise session

Tue 15.3
Thu 17.3

Lecture moved to Thursday 17.3 -> (slides, recording)

L6: Recent research and summary on Thu 17.3

Tue 22.3
Thu 24.3
Extra lecture: IoT Security (slides1, slides2, recording)

Exercise 5 solutions discussed on Thu 24.3

4th assignment solutions discussed Thu 24.3


Sun 10.4




Survey due Sun 10.4

(submit your survey)


Homework and evaluation

  • Written weekly exercises reflect on and extend the topics covered in each lecture (estimated time use: ca. 35 hours total, or roughly 6 hours /week, per exercise set, + attendance).
    • Published on Tuesdays, based on the lecture and have deadline on the next Tuesday (at 23:55); returns in writing (PDF or plaintext) through MyCourses.
    • Exercises are graded 0 (not done or very poor) - 5 (great).
    • Students are required to participate in Thursday sessions during which the solutions to the exercises are discussed. Attendance in 80% of the exercise sessions is mandatory to pass the course.

In addition, each student is required to complete one of the following (estimated time use: ca. 40 hours total):

  • Programming assignments.
    • Sign-up for programming assignments in mail confirming participation, limited spots available (first-come, first-served).
    • 1+3 assignments over weeks 2-10, programming in Android development environment (free to download, no specialized devices required)
    • Will be briefed during the exercise session on Thursday, January 14.
    • First assignment not graded, but completing first assignment is required to continue with the programming assignments. Remaining assignments graded 0-5.
    • Participants failing to complete first assignment will be assigned a written survey topics (see below).
    • Deadline for initial assignment will be Monday January 25 at 23:55, deadline for the remaining assignments will be Monday at 23:55 two weeks after publication.
    • Returns in one file package through MyCourses.
  • Written survey of topic related to systems security.
    • Survey topics published on first week of course.
    • All participants will apply for three topics of interest to them during the exercise session on Thursday, January 14.
    • Where possible, surveys topics will be assigned on Thursday, January 21 and survey topic assignments will be finalized by Thursday, January 28.
    • Graded 0-5,
    • Deadline for draft of survey will be Sunday, March 6 at 23:55, deadline for final version will be Sunday, April 10 at 23:55 (submit your survey).
    • Returns in writing as PDF through MyCourses.

Requirements for completing the course

To complete the course you must:

  • submit solutions to all exercises
  • be present in at least 80% of the exercise sessions
  • either:
    • submit solutions to all four programming assignments.


    • submit a survey paper based on a research paper assigned to you.

  • make sure that all your required submissions are done on time

Please note that late submissions are grounds for 0 points; we recommend that you set your personal deadline a day or two earlier to have some buffer for disasters, particularly if you tend to leave work close to deadlines.

Supplementary book

There is a supplementary course book: Mobile Platform Security by Asokan, Davi, Dmitrienko, Heuser, Kostiainen, Reshetova and Sadeghi (2013). Aalto students will have free access to the book online (PDF). For UH students, Hien has a few copies to lend for short periods (ask Hien).

  • No labels