Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date Topic Assignments
(do readings before class)
01/10/12 Introduction
( Slides )
Course syllbus (link)
"Understanding Android Security," Enck et al., (IEEE S&P Magazine, Jan. 2009). (link)
01/12/12 Smartphone Security Research
( Slides )
"Defending Users Against Smartphone Apps: Techniques and Future Directions," Enck (ICISS'11) (link)
"Not So Great Expectations: Why Application Markets Haven't Failed Security," McDaniel and Enck (IEEE S&P Magazine'10) (link)
01/17/12 Rule Driven Policy
"Security-by-contract on the .NET platform," Desmet et al. (2008) (link)
"On Lightweight Mobile Phone Application Certification," Enck et al. (CCS'09) (link)
01/19/12 Rule Driven Policy
"Semantically Rich Application-Centric Security in Android," Ongtang et al. (ACSAC'09) (link)
"Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints," Nauman et al. (ASIACCS'10) (link)
01/24/12 Rule Driven Policy
"Porscha: Policy Oriented Secure Content Handling in Android," Ongtang et al. (ACSAC'10) (link)
"XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks," Bugiel et al. (link)
01/26/12 No class (Oakland PC Meeting)
01/31/12 High-level Policy
"Using Labeling to Prevent Cross-Service Attacks Against Smart Phones," Mulliner et al. (DIMVA'06) (link)
"Practical and Lightweight Domain Isolation on Android", Bugiel et al. (SPSM'11)
02/02/12 Research Methods
( Slides )
"Reflections on Trusting Trust", Thompson (link)
02/07/12 No class (NDSS)
02/08/12 OS Report Prelim Writeups Due (11:59pm Midnight)
02/09/12 OS Presentations
02/14/12 OS Presentations
Windows Phone
02/15/12 OS Report Final Writeups Due (11:59pm Midnight)
02/15/12 Guest Talk by Glenn Wurster (RIM Security) (11am-12n, 3211 EBII)
02/16/12 Research Methods
( Slides )
"Reflections on Trusting Trust", Thompson (link)
02/20/12 Project Proposal Writeups Due (11:59pm Midnight)
02/21/12 Project Proposals
Oral Presentations
02/23/12 Project Proposals
Oral Presentations
02/28/12 High-level Policy
"Permission Re-Delegation: Attacks and Defenses," Felt et al. (Security'11) (link)
"QUIRE: Lightweight Provenance for Smart Phone Operating Systems", Dietz et al. (Security'11) (link)
03/01/12 Platform Hardening
"Measuring Integrity on Mobile Phone Systems," Muthukumaran et al. (SACMAT'08) (link)
"Beyond Kernel-level Integrity Measurement: Enabling Remote Attestation for the Android Platform," Nauman et al. (TRUST'10) (link)
03/06/12 Spring Break - No class
03/08/12 Spring Break - No class
03/13/12 Multiple Users
"xShare: Supporting Impromptu Sharing of Mobile Phones," Liu et al. (MobiSys'09) (link)
"DiffUser: Differentiated User Access Control on Smartphones," Ni et al. (WSNS'09) (link)
03/15/12 Faking Sensitive Information
"MockDroid: Trading Privacy for Application Functionality on Smartphones," Beresford et al. (HotMobile'11) (link)
"Taming Information-Stealing Smartphone Applications (on Android)," Patil et al. (TRUST 2011) (link)
03/20/12 Faking (cont.) and Permission Analysis
"These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications," Jung et al. (CCS'11) (link)
"A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android," Barrera et al. (CCS'10) (link)
03/22/12 Permission Analysis
"The Effectiveness of Application Permissions," Felt et al. (WebApps'11) (link)
"Android Permissions Demystified," Felt et al. (CCS'11) (link)
03/25/12 Project Status Writeups Due (11:59pm Midnight)
03/27/12 Dynamic Analysis
"TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," Enck et al. (OSDI'10) (link)
"Vision: Automated Security Validation of Mobile Apps at App Markets," Gilbert et al. (MCS'11) (link)
03/29/12 Static Analysis
"A Study of Android Application Security," Enck et al. (Security'11) (link)
"PiOS: Detecting Privacy Leaks in iOS Applications," Egele et al. (NDSS'11) (link)
04/03/12 Static Analysis
"Analyzing Inter-Application Communication in Android," Chin et al. (MobiSys'11) (link)
"ScanDroid: Automated Security Certification of Android Applications," Fuchs et al. (link)
04/05/12 Spring Holiday - No class
04/10/12 Static Analysis
"Systematic Detection of Capability Leaks in Stock Android Smartphones," Grace et al. (NDSS'12) (link)
"DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces," Zhou et al. (CODASPY'12) (link)
04/12/12 Static Analysis
"Hey, You, Get off my Market: Detecting Malicious Apps in Official and Alternative Android Markets," Zhou et al. (NDSS'12) (link)
"Unsafe Exposure Analysis of Mobile In-App Advertisements," Grace et al. (WiSec'12) (link)
04/17/12 Cloud-based Monitoring and Misc
"Paranoid Android: Versatile Protection For Smartphones," Portokalidis et al. (ACSAC'10) (link)
"Crowdroid: Behavior-Based Malware Detection System for Android," Burguera et al. (SPSM'11) (link)
"AdDroid: Privilege Separation for Applications and Advertisers in Android," Pearce et al. (AsiaCCS'12) (link)
04/19/12 No class (USENIX Security PC Meeting)
04/24/12 Project Presentations
04/26/12 Project Presentations
04/27/12 Final Projects Writeups Due (11:59pm Midnight)