14-829: Mobile Security - Fall 2013
Assignment #2 - How Easy is it to Protect against Bad Developers?
- Assigned: October 2
- Due: October 28
- Description: The goal of this assignment is to learn about security mechanisms of an Android smartphone. The
assignment has three components: 1) learn about current defenses on Android, 2) learn about limitations of current
defenses and figure out ways to bypass current defenses, and 3) propose a better security scheme for Android. All of
these are significant tasks, so we recommend that you start working on the assignment as soon as possible to avoid
a rush before the submission deadline.
- Deliverables: Each student will provide two primary deliverables for this assignment:
- Survey & Experimental Result - You are expected to submit a summary about state-of-the-art Android security
defense schemes and evaluate your attack with them (only analysis is needed for this section). You are expected to test
your attack with TaintDroid (or another appropriate tool, subject to TA approval) on
your phone. You are expected to improve your attack technology so as to bypass TaintDroid if your test failed. You should
write about how TaintDroid is bypassed and provide suggestions about new defenses based on your experience. This writing
should provide detailed descriptions and accurate references
to publications, articles, blogs, etc.
- Demo & Code - You are expected to demonstrate how you have bypassed TaintDroid to the TA, either in person
or via Skype, Hangouts, etc. You are expected to submit your source code and a working Android .apk file which can bypass
TaintDroid. Please include any configuration information needed for us to run your app.
- Submission Instructions: Each student should submit the survey, experimental results, and application code
via Blackboard. You should make an appointment with the TA for the demo. All students are expected to submit their own
work; discussion about the assignment is allowed and encouraged, but the writing and coding should be done individually.
- Warning: Students are expected to follow strict ethical guidelines during this assignment.
At no point should any malicious applications be deployed or disseminated publicly.
Assignment #2 Alternative
- Description: For students with advanced Android experience who want a bigger challenge, you can work
on a project such as proposing and implementing new security schemes. You can work with the instructor to figure out the
personalized assignment. The scope must be appropriate for the course, the effort must be at least as significant as
the original assignment, and the customized assignment must be discussed with and approved by the instructor well
in advance of the assignment deadline.