Faculty
2019: Busy Beaver Award "Selected Topics in Mobile Security", Universität des Saarlandes
I am security researcher with focus on (mobile) operating system security and trusted computing. In the past, I was particularly looking into mandatory access control systems for the Android OS and integrating hardware security building blocks into mobile operating systems.
Since May 2016 I am employed as the research group leader of the Trusted Systems Group at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany.
USENIX-Security
USENIX Security '21USENIX Security '21
USENIX-Security
30th USENIX Security Symposium30th USENIX Security Symposium (USENIX Security 21)
NDSS
Bringing Balance to the Force: Dynamic Analysis of the Android Application FrameworkNetwork and Distributed Systems Security (NDSS) Symposium 2021
ACSAC
Annual Computer Security Applications Conference (ACSAC 2020)
SP
Proceedings of the 41st IEEE Symposium on Security and Privacy
CCS
2019 ACM SIGSAC Conference on Computer and Communications SecurityACM SIGSAC Conference on Computer and Communications Security
SP
Proceedings of the IEEE Symposium on Security & Privacy, May 2019
USENIX-Security
Usenix Security Symposium
Perspectives of Cybersecurity
In this lecture series, we give insights into the founders' activities in the vicinity of cybersecurity. We put a focus on marketable and innovative ideas and trends.
Please note that the goal of this course is to provide first-hand insights into how to create successful startups in cybersecurity. While it is aimed at the students of the Entrepreneurial Cybersecurity Masters Program for grading and achieving the CP, we invite everyone interested to attend the talks also when not participating to get CP!
This lecture takes place every Thursday, 14:15 to 16:00 on Zoom. Instructions to access the lecture will be provided soon.
Note: To allow invited guests from the US to join POSER, we will use two exceptional slots at 18:15 - 20:00 (marked in yellow)
Every event is composed of a new topic presented by an invited founder or VC who presents their story.
| Date | Time | Presenter | URL / Topic |
|---|---|---|---|
| Oct 21 | 14:15 – 14:45 | Sven Bugiel and Giancarlo Pellegrino |
|
| Oct 28 | 14:15 – 15:00 |
Marc Schickhaus (CISPA) |
|
| Nov 04 | 14:15 – 16:00 | TBA | |
| Nov 11 | 14:15 – 16:00 |
TBA |
|
| Nov 18 | 14:15 – 16:00 |
TBA |
|
| Nov 25 | 14:15 – 16:00 | Lukas Bieringer (QuantPi) | |
| Dec 02 | 14:15 – 16:00 |
TBA |
|
| Dec 09 | 14:15 – 16:00 |
Fabian Yamaguchi (ShiftLeft) |
|
| Dec 16 | 18:15 – 20:00 |
Pedram Amini (InQuest) |
|
| No presentations between Dec 23 and Jan 06 | |||
| Jan 13 | 14:15 – 16:00 | Christian Arndt (HTGF) | |
| Jan 20 | 18:15 – 20:00 |
Zakir Durumeric (Stanford University and Censys) |
|
| Jan 27 | 14:15 – 16:00 |
Stefan Nürnberger (Elexir) |
|
| Feb 03 | 14:15 – 16:00 |
TBA (Bitahoy) |
|
Roughly every week will be a presentation by a founder of a security/privacy-related startup (or a company that sees an urgent need for a security/privacy product in its domain). This talk is followed by a Q&A (or interview) with the presenter. This should give you insights into the experiences of creating a startup.
The following only applies for participants that want to get CP.
Students task (mandatory): In preparation for the Q&A session, every student has to prepare by checking the startup and supplemental material (URLs are in the schedule) and submit via the CMS 2-3 questions they would ask in the Q&A. Questions could be related to the niche in the market that the company occupies, the target group they aim at, pitfalls and challenges etc.
At the end of the semester (tentative date: TBA) we will have a joint 1-day event where every student/team pitches its own idea for a product in a short presentation with subsequent feedback/discussion. The idea of this event is to make students go once through the process of developing an idea, doing the necessary background research, and then pitching it in front of an audience.
To this end, the CISPA faculty will provide a short list of recent research results with potential for tech transfer into a product, and students/teams should derive their product idea and pitch from this list. This avoids the need to reveal any real business idea that students already have in mind and at the same time this day also provides an opportunity to exchange ideas and thoughts with the CISPA faculty.
To prepare for this event, in the introduction, you'll get to know
The final grade is based on your pitch at the joint event. We base this grade on:
General presentation (e.g., rhetoric)
To pass the course, you need:
You have to register for the course in LSF until Nov 11 in order to receive a grade.
Mobile Security
This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).
Central questions of this course are:
The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.
The lectures will take place every Friday from 10:00 – 12:00 starting from October 22, 2021.
Note: Physical presence will not be required and lecture recordings will be provided (via Youtube). Whether the lecture takes place physically or as a "flipped classroom" is yet to be determined.
There are no formal requirements for participation. Students who want to participate in the course should
Actual programming experience on Android or at the OS level is not a prerequisite, but definitively an advantage.
Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices better into context.
For passing the course, you need the following minimum amount of points:
For admission to the exam, you need:
The final grade is based purely on your exam results.
The end-term exam will take place TBD
The backup exam will take place TBD
Register for the course here in the CISPA CMS. Registration is open since September 01, 2021. Once you are registered here, don't forget to register in the LSF for the exam.
Seminar: Selected Topics in Mobile Security
In this seminar, we will discuss current results and new problems in the mobile security domain based on relevant scientific papers. The focus of the selected papers lies on Android, given its high popularity among researchers. The topics include usability aspects of Android's permission system and security-relevant APIs, security extensions at different levels of Android's software stack, app analysis, and newly identified attack vectors.
Advanced Lecture: Mobile Security
This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem.