Class time: Tuesday and Thursday: 10:30-11:45 am
Class location: Psychological Sciences Bldg 3102
Course Webpage: Blackboard and Piazza (https://piazza.com/purdue/fall2019/cs59000mss)
Instructor: Antonio Bianchi
Office: LWSN 1167
Email: antoniob@purdue.edu
This course will discuss security and privacy aspects relevant to mobile systems (smartphones, tablets, …).
More than one billion mobile devices are sold every year, and, for billions of people these devices have become the primary way to access online services and perform sensitive operations (e.g., monetary transactions using mobile banking apps). Unfortunately, the security of these devices, their operating systems, and their apps is far from perfect.
This course will cover topics such as the mobile application ecosystem, the design and architecture of mobile operating systems, rooting/jailbreaking, mobile applications and malware reverse engineering, vulnerability assessment, automatic static and dynamic analysis, and exploitation and mitigation techniques.
Given its open nature, this course will mostly focus on Google’s Android, but it will also provide some details about Apple’s IOS.
Requirements:
This is an advanced, hands-on, class. Students enrolling in this course are strongly recommended to already have a good knowledge of:
-
Java programming
-
System programming and C (pointers, memory management, system calls)
Knowledge in the following areas is also highly suggested:
-
a Linux-based operating system and programming environment
-
TCP/IP networking
In addition, students may be required to write code using scripting languages, such as Python or Javascript.
Course resources:
This class does not have a primary textbook. Resources will be provided by the instructor on Blackboard and the Piazza online forum. Resources will be in the form of slides, code samples, web links, and scientific publications. Students are required to enroll in the Piazza online forum.
Grading Policies:
Exams will be comprehensive, covering everything up to the exam date, emphasizing integrating material from recent assignments. The exam may include open questions, multiple-choice questions, numerical problems, and understanding/writing snippets of code. The exams will be closed book. Students that cannot attend the exam due to conflicts (e.g., illness, religious holidays) may make alternate arrangements (in advance, if at all possible).
Homework grading will mainly focus on automated test and emphasize correctly completing all or a part of the assignment. Submitting incorrect homework (e.g., submitting the wrong file, files in the wrong format, not compiling code, …) will result in zero points. Students should double check the file(s) they submitted.
Cheating will not be tolerated and will result in a grade of zero for that assignment. Further actions against cheating students will be considered. Students are encouraged to consult the instructor to ensure whether (and to which extent) collaboration and discussion among students are allowed for a particular assignment. Students are not allowed to share, copy, or show, the code they developed for an assignment. Students are not allowed to copy homework solutions from online resources (even partially). All homework assignments should be done individually, unless otherwise noted.
Grading:
The course grade will be assigned based on the student’s performance on the following testing criteria.
Homework assignments, including written and programming assignments, will contribute to the 60% of the course grade.
Midterm examination will contribute to the 18% of the course grade.
Final examination will contribute to the 22% of the course grade.
Grades with +/- will be assigned.
After 2 weeks from the day in which an assignment’s grades have been posted, re-grading requests will not be considered.
Late Work:
Each student will be entitled to 3 late days. One late day may be used to delay the homework submission for a single day (24 hours). A student can use all the 3 late days for a single homework assignment submission. Note that, late submissions for which students have no late days available will not be accepted, regardless of the reason why the student submitted late. Students should exercise the use of late days wisely as the homework assignments are likely to be progressively harder. There will not be any fractional late day.
Late days cannot be used for midterm and final exams. It may not be possible to use late days for some of the homework assignments, as specified by the instructor in the assignment’s description.
Communication Policies:
As a general rule, questions about homework assignments and class material should be posted publicly on Piazza, so that everyone can benefit from their answers. However, be careful not to post publicly assignment solutions (even partially).
All emails sent to the instructor should be sent from the student’s official Purdue email address. All emails should clearly state the student’s full name and Purdue ID (something like: john123).