CEG 4440: Android Internals and Security
Revised Feb 2019.
Catalog Description: Internals of the Android OS. Linux refresher of Networking, File System, and other subsystems. Android Security Architecture. Reverse engineering of APKs. Well known TCP/IP exploits on Android. Analyses of Android malware. Security enhancement of Android Framework. ASLR and ROP. Android Forensics. Future of body-hugging computing/networking devices.
Prerequisite(s): Undergraduate level CS 3100 Minimum Grade of C. Further Advice: Fluent in CEG 2350 OS Concepts and Usage; Fluent in Java; Recommended (Senior Level) Operating Systems Internals and Design.
There is no required text book this term. The course home page leads to lecture notes on every topic of this course.
Full attendance is expected.
Lab work is a significant part of this course. The ordering of lectures, in contrast to the course content topics listed below, is largely due to this influence.
|1||Course overview; Android Develop|
|*||Refreshers: OS internals, TCP/IP|
|2||Android-Internals; Security #1||L1||AndroidIntro||5%|
|3||Android Virtual Devices, Networking • Exploits Overview|
|4||ReverseEngineering, Dissection of APKs • Security #2|
|8||Android SM, AM • ashmem|
|9||Android Rooting Exploits||L4||Malware||5%|
|a||AOSP/ LineageOS Tour||L5||Rooting||5%|
|b||Code Injection/ Shell Code; ASLR • ROP|
|c||Exploit Prevention: Secure Coding||L6||CodeInject||5%|
|d||Exploit Prevention: Hardening|
|e||Pocket Spy; Violations of Privacy||5%|
|f||Last Lecture = TBA • Final||FI||Final||30%|
There are two exams contributing
30% 20% and 30%
to the final grade. The mid term is scheduled around the sixth week,
and the final during the exam week as set by the Registrar.
The labs + projects contribute
40% to the final
grade. I expect to give eight six five labs +
projects. These must be submitted by midnight on the due date
posted. The subject matter of these labs is included in the
All lab work can be conducted within various WSU computer labs. But, it is highly recommended that you setup your own desktop/laptop for this work.
In this course, a project generally will begin with studying the source code tree given to you. It may require you to build an executable after suitable reconfiguration using tools such as make or gradle. The code will be in Java/ Kotlin for Android SDK.
The labs + projects are to be performed by the student individually. This must be work done solely by you, except for the parts I provided/agreed.
There are no homework assignments to be turned in.
Students enrolled in CEG 6440 are required to do additional tasks, at a graduate student level, on one of the topics below. Undergraduate students and graduate students will be graded separately. This semester the graduate tasks are to (i) sketch a new lab experiment based on that topic, and (ii) carry out that experiment and submit a lab report as usual. Your article and lab experiment should look like one of those already included in the course. If a topic beyond this list interests you, I am happy to consider it.