- 08.02.2016: Exercise 5 solutions will now be discussed on Thursday, 24 March.
This is the course space for the Aalto University Dept. of Computer Science and University of Helsinki Dept. of Computer Science course on Mobile Systems Security. The course code is CSE-E5480 for Aalto University and 582704 for University of Helsinki. The course is worth 5 credits, which are earned by participating in weekly lectures, completing weekly exercises and either writing a survey or completing programming assignments. There is no exam.
Course staff: N. Asokan*, Andrew Paverd*,Thomas Nyman* (IRC handle: tajnyman), Samuel Marchal*, Hien Truong†
The course staff can be reached by email at email@example.com (where indicated by *) or firstname.lastname@example.org (where indicated by †).
The course has
- a MyCourses space (CSE-E5480 - Mobile Systems Security) for returning exercise answers and programming assignments, and
- an Internet Relay Chat (IRC) channel #tkt-mobisec @ IRCnet which can be used for discussing assignments, questions on lectures etc.
Registration for the course will open on Monday, December 7.
As the evaluation in the course will be based entirely on continuous assessment, we need to limit the total number of students allowed to take the course for credit. Interest for the course has exceeded our expectations. For this reason we want to make sure that the participants taking the course for credit have the necessary background and are committed to completing the course. To this end, we ask all students signed up for the course to confirm their participation by sending an e-mail to the course staff explicitly confirming each of the four items below:
- You have already completed your bachelor's degree (say where)
- You have taken at least one security course before (say what course and where)
- You are committed to completing this course (see below for requirements for completing the course)
- Your preference for completing the course by doing (1) programming assignments; or (2) written survey.
- The e-mail address you use to login to MyCourses (UH students: you should login to MyCourses once before we can see you in the system and add you to the course page)
Participation must be confirmed in this manner by Tuesday, January 12 at the latest.
Students must register to the course as well here for Aalto University and here for University of Helsinki.
The lectures are conducted on Tuesday mornings (10-12). We will attempt to stream lectures using a video conference channel from Otaniemi campus to Kumpula campus, however we cannot guarantee the availability or quality of this streaming. The lectures are held at:
- Aalto University: lecture hall T3 in the CS building - Otaniemi, Konemiehentie 2
- University of Helsinki (via video stream): room C220 in the Exactum building - Kumpula, GustafHällströmin katu 2B (main entrance from Pietari Kalmin katu)
If the video conferencing does not work satisfactorily, then lectures will take place only in T3 (Otaniemi).
Exercise sessions are conducted only at Aalto University. The exercise sessions are held on Thursday afternoons (12:15-14:00) in lecture hall TU6 in the TUAS building (Otaniementie 17). The TUAS building is adjacent to the CS building. Attending exercises sessions is compulsory. You are required to achieve 80% attendance in order to pass the course.
|No lecture||No exercise session||-|| |
L1: Introduction to the course (slides, recording), and
L1: Overview of Platform Security (slides, recording)
Exercise 1, due Tue 19.1
General briefing on Thu 14.1
1st programming assignment, due 25.1
Survey topics published.
Sign up for survey topics
via this form before Thu 14.1
L2: Platform Security in Android OS (slides, recording)
Android Services (slides [updated 2.2])
Exercise 2 (helloworld.apk), due Tue 26.1
Exercise 1 solutions discussed on Thu 21.1
(example solutions published in MyCourses)
|Initial survey topic assignments|
L3: Mobile software platform security (slides, recording)
Preliminary course feedback (in MyCourses)
Exercise 3, due Tue 9.2 (2 weeks)
Exercise 2 solutions discussed on Thu 28.1
2nd programming assignment, due 8.2
1st assignment solutions discussed Thu 28.1
|Survey topic assignments finalized|
Guest lecture: SEAndroid policy exploration (slides, recording)
Jan-Erik Ekberg (Trustonic)
Preliminary course feedback results
No exercise session
|L4: Mobile hardware platform security (slides, recording)|
Exercise 4, due Tue 23.2 (2 weeks)
Exercise 3 solutions discussed on Thu 11.2
3rd programming assignment, due 22.2
2nd assignment solutions discussed Thu 11.2
No exercise session
Optional Q&A session for Exercise 4
Optional exercise (SEAndroid), due Tue 1.3
Exercise 4 solutions discussed on Thu 25.2
|4th programming assignment, due 14.3 (3 weeks)|
3rd assignment solutions discussed Thu 25.2
L5: Usability of platform security (slides, recording)
Exercise 5, due Tue 15.3 (2 weeks)
Optional exercise (SEAndroid) solutions discussed on Thu 3.3
Draft survey due Sun 6.3
(submit your draft)
No exercise session
Lecture moved to Thursday 17.3 -> (slides, recording)
L6: Recent research and summary on Thu 17.3
| || |
|Extra lecture: IoT Security (slides1, slides2, recording)|
Exercise 5 solutions discussed on Thu 24.3
4th assignment solutions discussed Thu 24.3
Survey due Sun 10.4
(submit your survey)
Homework and evaluation
- Written weekly exercises reflect on and extend the topics covered in each lecture (estimated time use: ca. 35 hours total, or roughly 6 hours /week, per exercise set, + attendance).
- Published on Tuesdays, based on the lecture and have deadline on the next Tuesday (at 23:55); returns in writing (PDF or plaintext) through MyCourses.
- Exercises are graded 0 (not done or very poor) - 5 (great).
- Students are required to participate in Thursday sessions during which the solutions to the exercises are discussed. Attendance in 80% of the exercise sessions is mandatory to pass the course.
In addition, each student is required to complete one of the following (estimated time use: ca. 40 hours total):
- Programming assignments.
- Sign-up for programming assignments in mail confirming participation, limited spots available (first-come, first-served).
- 1+3 assignments over weeks 2-10, programming in Android development environment (free to download, no specialized devices required)
- Will be briefed during the exercise session on Thursday, January 14.
- First assignment not graded, but completing first assignment is required to continue with the programming assignments. Remaining assignments graded 0-5.
- Participants failing to complete first assignment will be assigned a written survey topics (see below).
- Deadline for initial assignment will be Monday January 25 at 23:55, deadline for the remaining assignments will be Monday at 23:55 two weeks after publication.
- Returns in one file package through MyCourses.
- Written survey of topic related to systems security.
- Survey topics published on first week of course.
- All participants will apply for three topics of interest to them during the exercise session on Thursday, January 14.
- Where possible, surveys topics will be assigned on Thursday, January 21 and survey topic assignments will be finalized by Thursday, January 28.
- Graded 0-5,
- Deadline for draft of survey will be Sunday, March 6 at 23:55, deadline for final version will be Sunday, April 10 at 23:55 (submit your survey).
- Returns in writing as PDF through MyCourses.
Requirements for completing the course
To complete the course you must:
- submit solutions to all exercises
- be present in at least 80% of the exercise sessions
- submit solutions to all four programming assignments.
- submit a survey paper based on a research paper assigned to you.
- make sure that all your required submissions are done on time
Please note that late submissions are grounds for 0 points; we recommend that you set your personal deadline a day or two earlier to have some buffer for disasters, particularly if you tend to leave work close to deadlines.
There is a supplementary course book: Mobile Platform Security by Asokan, Davi, Dmitrienko, Heuser, Kostiainen, Reshetova and Sadeghi (2013). Aalto students will have free access to the book online (PDF). For UH students, Hien has a few copies to lend for short periods (ask Hien).