Cellular Phone Operating Systems Security
Overview
|
This seminar course considers the design of current cell phone operating systems and methods for securing them. Students taking this course will learn the architecture, APIs, and security models of Android, OpenMoko, Apple iPhone, and others. Past security mechanisms will be evaluated within cell phones and their applications. A major project in the area aimed a publication will be conducted.
A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule. Descriptions of the various assigned written reports and presentations is available on the Reports page.
Grading
The course will be graded on exams, assignments, a final course project, and class participation in the following proportions:
| 50% | Written Reports (including Course Project) |
| 30% | Presentations |
| 20% | Class Participation |
Written Reports (including Course Project)
The students are responsible for performing an in-depth investigation of a specific cellular phone operating system. There will be three purely investigative reports, a project proposal, and a final project. Details of each report is available on the Reports page. Groups may be formed as specified.
Presentations
A significant portion of the course will be devoted towards understanding existing cellular phone operating systems and provided security mechanisms. Described on the Reports page, students will be responsible for performing an investigation on a specific OS, documenting its operation, and presenting it to the class. The success of the course is strongly dependent on the students presenting and describing the systems and conversing about potential failures.
Class Participation
A portion of the course lectures will be driven by the contents of assigned papers. Students are going to be required to participate in discussions of the paper content during each lecture. Hence, the students ability to exhibit comprehension of papers is essential to a passing grade.
Lateness Policy
Assignments and project milestones are assessed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
Academic Integrity Policy
Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will automatically receive a 'F' grade for the course. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the 'F' grade and refer the student to the appropriate University bodies for possible further action.
Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.
Ethics Statement
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.
When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor McDaniel.
Course Updates
[01/22/2009] The course wiki (used for reports 1, 2, and 3) is now online. Students have been sent account information via email.
[01/15/2009] The report groups have been posted