CSE362

Course CSE362
Title Mobile Security
Credits 3
Course Coordinator

R. Sekar

Description

The course covers the latest security technologies for mobile platforms (e.g., Android and iOS). It first introduces the security issues plaguing mobile apps and discusses defensive mechanisms, such as code signing, app permissions, and sandbox. It then peeks into mobile OS, explaining how jailbreaking/rooting works and the internals of iOS/Android security designs. Finally, it surveys modern hardware-level security features, such as secure booting, TrustZone, and biometrics. 

Bulletin Link

Prerequisite CSE 220; CSE major; Advisory Pre-or corequisite: CSE 320
Course Outcomes

To help students acquire practical knowledge on, and hands-on experience with, mobile security technologies, which include malicious apps, vulnerable apps, code reviewing and signing, internals of Android and iOS security, device jailbreaking and rooting, disk encryption, securing and verifiable booting. 

Textbook
Major Topics Covered in Course
  • Week 1. App and Mobile Ecosystem. What security threats facing mobile devices and users; how are they different from traditional computer security issues.
  • Week 2. Malicious and Unwanted Apps. What kinds of malicious apps are out there; how do they work; what are their impacts on user privacy and device security.
  • Week 3. App Vulnerabilities and Attacks. How vulnerable apps are exploited to leak user data, perform harmful operations, and generate illegal gains for attackers.
  • Week 4. Android Security Internals (I). App sandboxes and permissions.
  • Week 5. Android Security Internals (II). SEAndroid, Inter-app communication, unsafe native code.
  • Week 6. iOS Security Internals (I). App review and signing, code verification, entitlements and privileges.
  • Week 7. iOS Security Internals (II). Mach Ports, XPC, disk encryption
  • Week 8. Midterm Exam
  • Week 9. Security Evasions. How can Android and iOS core security features be bypassed, possible mitigations.
  • Week 10. Jailbreaking and Rooting. Common techniques, root cause, prevention, and underground economy.
  • Week 11. Best Security Practices for Mobile Developers. How to write secure and robust apps; what techniques and tools are available.
  • Week 12. Device Security. Device thefts, digital forensics, side-channel attacks, wireless attacks.
  • Week 13. Hardware-backed protection. Secure booting, DRM, TrustZone, biometrics.
  • Week 14. Emerging Mobile Security Issues. Unique and challenging security issues for next-generation of mobile devices:  wearables, IoT, smart cars, etc.
Laboratory
Course Webpage

CSE362