Send email Copy Email Address

Email

Address

Stuhlsatzenhaus 5
66123 Saarbrücken (Germany)

Awards

2019: Busy Beaver Award "Selected Topics in Mobile Security", Saarland University

Short Bio

I am security researcher with focus on (mobile) operating system security and trusted computing. In the past, I was particularly looking into mandatory access control systems for the Android OS and integrating hardware security building blocks into mobile operating systems.

Since May 2016 I am employed as the research group leader of the Trusted Systems Group at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany.

CV: Last four stations

Since July, 2017
Tenure-Track Faculty at the CISPA Helmholtz Center for Information Security, Saarbrücken, Germany, and head of the Trusted Systems Group
2016 – 2017
Research Group Leader of the Trusted Systems Group at the CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
2013 – 2016
Research Assistant and Ph.D. Student in the Information Security & Cryptography Group, Saarland University, Germany Since Feb, 2016: Dr.-Ing. (Ph.D. in Security in Information Technology) Ph.D. thesis title: "Establishing Mandatory Access Control on Android OS"
2010 – 2013
Research Assistant and Ph.D. Student at the Center for Advanced Security Research Darmstadt, Germany

Publications by Sven Bugiel

Year 2021

Conference / Medium

USENIX-Security
30th USENIX Security Symposium30th USENIX Security Symposium (USENIX Security 21)

Conference / Medium

NDSS
Bringing Balance to the Force: Dynamic Analysis of the Android Application FrameworkNetwork and Distributed Systems Security (NDSS) Symposium 2021

Year 2020

Conference / Medium

ACSAC
Annual Computer Security Applications Conference (ACSAC 2020)

Year 2019

Conference / Medium

CCS
2019 ACM SIGSAC Conference on Computer and Communications SecurityACM SIGSAC Conference on Computer and Communications Security

Conference / Medium

USENIX-Security
Usenix Security Symposium

Teaching by Sven Bugiel

Winter 2021/22

Perspectives of Cybersecurity

In this lecture series, we give insights into the founders' activities in the vicinity of cybersecurity. We put a focus on marketable and innovative ideas and trends.

Please note that the goal of this course is to provide first-hand insights into how to create successful startups in cybersecurity. While it is aimed at the students of the Entrepreneurial Cybersecurity Masters Program for grading and achieving the CP, we invite everyone interested to attend the talks also when not participating to get CP!

Schedule

This lecture takes place every Thursday, 14:15 to 16:00 on Zoom. Instructions to access the lecture will be provided soon.

Note: To allow invited guests from the US to join POSER, we will use two exceptional slots at 18:15 - 20:00 (marked in yellow) 

Every event is composed of a new topic presented by an invited founder or VC who presents their story.

Date Time Presenter URL / Topic
Oct 21 14:15 – 14:45 Sven Bugiel and Giancarlo Pellegrino
  • Introduction and kick-off
Oct 28 14:15 – 15:00

Marc Schickhaus (CISPA)

  • The CISPA Incubator
  • How to give a pitch
Nov 04 14:15 – 16:00 TBA  
Nov 11 14:15 – 16:00

TBA

 

Nov 18 14:15 – 16:00

TBA

 

Nov 25 14:15 – 16:00 Lukas Bieringer (QuantPi)
Dec 02 14:15 – 16:00

TBA

 

Dec 09 14:15 – 16:00

Fabian Yamaguchi (ShiftLeft)

Dec 16 18:15 – 20:00

Pedram Amini (InQuest)

No presentations between Dec 23 and Jan 06
Jan 13 14:15 – 16:00 Christian Arndt (HTGF)
Jan 20 18:15 – 20:00

Zakir Durumeric (Stanford University and Censys)

Jan 27 14:15 – 16:00

Stefan Nürnberger (Elexir)

Feb 03 14:15 – 16:00

TBA (Bitahoy)

Modus Operandi

Weekly presentations and Q&A

Roughly every week will be a presentation by a founder of a security/privacy-related startup (or a company that sees an urgent need for a security/privacy product in its domain). This talk is followed by a Q&A (or interview) with the presenter. This should give you insights into the experiences of creating a startup.

The following only applies for participants that want to get CP.

Students task (mandatory): In preparation for the Q&A session, every student has to prepare by checking the startup and supplemental material (URLs are in the schedule) and submit via the CMS 2-3 questions they would ask in the Q&A. Questions could be related to the niche in the market that the company occupies, the target group they aim at, pitfalls and challenges etc.

Joint event

At the end of the semester (tentative date: TBA) we will have a joint 1-day event where every student/team pitches its own idea for a product in a short presentation with subsequent feedback/discussion. The idea of this event is to make students go once through the process of developing an idea, doing the necessary background research, and then pitching it in front of an audience. 

To this end, the CISPA faculty will provide a short list of recent research results with potential for tech transfer into a product, and students/teams should derive their product idea and pitch from this list. This avoids the need to reveal any real business idea that students already have in mind and at the same time this day also provides an opportunity to exchange ideas and thoughts with the CISPA faculty.

To prepare for this event, in the introduction, you'll get to know

  • General guidelines for entrepreneurial pitches
  • A typical pitch structure
  • How to motivate your topic

Grading and requirements for passing the course

The final grade is based on your pitch at the joint event. We base this grade on:

  1. 50% Content:
    • A 5-page report, showing the research for your product idea 
  2. 50% Form, of which 12.5% each:
    1. Structure/Thread
    2. Action Titles (covered in intro lecture)
    3. MECE (https://en.wikipedia.org/wiki/MECE_principle, covered in intro lecture)
    4. General presentation (e.g., rhetoric)

To pass the course, you need:

  1. Hand in the Q&A questions in preparation for each talk
  2. Attend the talks
  3. Achieve at least 50% in your pitch

LSF Registration

You have to register for the course in LSF until Nov 11 in order to receive a grade.

Winter 2021/22

Mobile Security

About the course

This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).

Central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
  • What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.

Where and when

The lectures will take place every Friday from 10:00 – 12:00 starting from October 22, 2021.

Note: Physical presence will not be required and lecture recordings will be provided (via Youtube). Whether the lecture takes place physically or as a "flipped classroom" is yet to be determined.

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java (and C/C++)
  • should be comfortable with working with Linux

Actual programming experience on Android or at the OS level is not a prerequisite, but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices better into context.

Requirements for obtaining credit points (Scheinvergabe)

For passing the course, you need the following minimum amount of points:

  • 50% of the points from the final exam.

For admission to the exam, you need:

  • at least 50% of the points from the exercises.

The final grade is based purely on your exam results.

The end-term exam will take place TBD

The backup exam will take place TBD

Registration

Register for the course here in the CISPA CMS. Registration is open since September 01, 2021. Once you are registered here, don't forget to register in the LSF for the exam.

Summer 2020

Seminar: Selected Topics in Mobile Security

In this seminar, we will discuss current results and new problems in the mobile security domain based on relevant scientific papers. The focus of the selected papers lies on Android, given its high popularity among researchers. The topics include usability aspects of Android's permission system and security-relevant APIs, security extensions at different levels of Android's software stack, app analysis, and newly identified attack vectors.

More Information

Winter 2019/20

Advanced Lecture: Mobile Security

This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem.