0000001768 16W 6SWS PR Selected Topics in Android Security (IN2106, IN0012, IN4189)   Hilfe Logo

LV - Detailansicht

Wichtigste Meldungen anzeigenMeldungsfenster schließen
Allgemeine Angaben
Selected Topics in Android Security (IN2106, IN0012, IN4189) 
practical training
Winter semester 2016/17
Informatics 4 - Chair of Software & Systems Engineering (Prof. Pretschner)
(Contact information)
Allocations: 1 
Angaben zur Abhaltung
The course material will focus on categories of vulnerabilities that have recently been jeopardizing the security of the Android platform e.g. app reverse engineering and repackaging, traffic analysis, authentication bypassing, client-side injection, repackaged malware, et cetera. The material will also have a glimpse of utilizing artificial intelligence techniques e.g. machine learning within this domain.

The topics to be covered in this practical course include (but not limited to):

• Android app components and permissions.
• Android security architecture.
• Bypassing authentication screens.
• Dex file analysis and app reverse engineering.
• Content providers vulnerabilities.
• Using Drozer and Drozer scripting.
• Client-side Injection.
• Android app analysis and testing e.g. using concolic execution.
• Malware analysis and detection (using machine learning).
• Basic understanding of the Android architecture.
• Good Java programming skills.
• Good understanding of security concepts.
• Knowledge of reverse engineering is highly recommended.
• Previous experience in using machine learning toolkits is recommended (but not necessary).
The lab is divided into two phases. The purpose of the former phase is to introduce the students to common vulnerabilities/attacks that can be launched against Android, and to give them hands-on experience implementing those attacks. This not only includes exploiting the vulnerabilities, but also crash courses in using some tools and techniques for reverse engineering, pentesting tools like Drozer, behavior stimulation tools like Monkeyrunner, ConDroid, and et cetera. Armed with such knowledge, the second phase is a research-oriented phase where the students are required to either (1) come up with an attack they want to exploit and demonstrate, or (2) an attack/defense tool they wish to implement.
Für die Anmeldung zur Teilnahme müssen Sie sich in TUMonline als Studierende/r identifizieren.
Note: Registration via TUM matching system.
• Android Security Internals: An In-Depth Guide to Android’s Security Architecture by Nikolay Elenkov.
• Android Hacker’s Handbook by Collin Mulliner, Georg Wicherski, Joshua J. Drake, Pau Oliva Fora, Stephen A. Ridley, and Zach Lanier.
• Android Malware and Analysis by Jose Andre Morales, Ken Dunham, Manu Quintans, Shane Hartman, and Tim Strazzere.
Online information
course documents
e-learning course (moodle)
preliminary Meeting: 24.06.2016, 14:00h, room 01.11.018 (K. Zuse)