MEWS: Mobile, Embedded, and Wireless Security Group

14-829: Mobile Security - Fall 2013

Assignment #2 - How Easy is it to Protect against Bad Developers?

Assigned: October 2

Due: October 28

Description: The goal of this assignment is to learn about security mechanisms of an Android smartphone. The assignment has three components: 1) learn about current defenses on Android, 2) learn about limitations of current defenses and figure out ways to bypass current defenses, and 3) propose a better security scheme for Android. All of these are significant tasks, so we recommend that you start working on the assignment as soon as possible to avoid a rush before the submission deadline.

Deliverables: Each student will provide two primary deliverables for this assignment:

Survey & Experimental Result - You are expected to submit a summary about state-of-the-art Android security defense schemes and evaluate your attack with them (only analysis is needed for this section). You are expected to test your attack with TaintDroid (or another appropriate tool, subject to TA approval) on your phone. You are expected to improve your attack technology so as to bypass TaintDroid if your test failed. You should write about how TaintDroid is bypassed and provide suggestions about new defenses based on your experience. This writing should provide detailed descriptions and accurate references to publications, articles, blogs, etc.
Demo & Code - You are expected to demonstrate how you have bypassed TaintDroid to the TA, either in person or via Skype, Hangouts, etc. You are expected to submit your source code and a working Android .apk file which can bypass TaintDroid. Please include any configuration information needed for us to run your app.

Submission Instructions: Each student should submit the survey, experimental results, and application code via Blackboard. You should make an appointment with the TA for the demo. All students are expected to submit their own work; discussion about the assignment is allowed and encouraged, but the writing and coding should be done individually.

Warning: Students are expected to follow strict ethical guidelines during this assignment. At no point should any malicious applications be deployed or disseminated publicly.

Assignment #2 Alternative

Description: For students with advanced Android experience who want a bigger challenge, you can work on a project such as proposing and implementing new security schemes. You can work with the instructor to figure out the personalized assignment. The scope must be appropriate for the course, the effort must be at least as significant as the original assignment, and the customized assignment must be discussed with and approved by the instructor well in advance of the assignment deadline.