North Carolina State University, Department of Computer Science
- CSC474 - Network Security
- Fall 2012, Fall 2013, Fall 2014
- CSC574 - Computer and Network Security
- Fall 2011, Spring 2013
- CSC591-006 - Smartphone OS Security
- CSC705 - OS Security
- Spring 2014, Spring 2015
- CSC801-001 - Systems Seminar
Pennsylvania State University, College of Engineering
- CSE/EE458 - Communications Networks
- CSE597a - Cellular Phone Operating Systems Security
Text Analytics for Security
Computing systems that make security decisions often fail to take into account human expectations. This failure occurs because human expectations are typically drawn from in textual sources (e.g., mobile application description and requirements documents) and are hard to extract and codify. Recently, researchers in security and software engineering have begun using text analytics to create initial models of human expectation. In this tutorial, we will provide an introduction to popular techniques and tools of natural language processing (NLP) and text mining, and share our experiences in applying text analytics to security problems. We will also highlight the current challenges of applying these techniques and tools for addressing security problems. We conclude with discussion of future research directions.
Intro to Securing Android Applications
Raleigh Chapter of ISSA, Back-to-Basics session
December 4, 2014
The Android platform runs on hundreds of millions of smartphones and mobile devices, with over a million applications available in the Google Play Store. As Android continues to mature to meet the requirements of enterprises, companies have begun to develop custom Android applications that allow employees to access business information. When developing these applications, application security is of utmost importance. In this talk, we will discuss common security failures in Android applications. We will also discuss best practices and overview security features that Android makes available to developers.
Intro to Developing Android Applications
Raleigh Chapter of ISSA, Back-to-Basics session
October 2, 2014
Android has become pervasive as a computing platform. In addition to smartphones and tablets, Android is increasingly appearing in embedded systems such as TVs and cars. This adoption is occurring because Android provides an embedded platform on top of which software can be easily developed. This talk will start the attendees on their way of developing Android applications. We will overview the basic design of an Android application and then work through a "Hello World" example. Throughout the talk, we will point the attendees towards valuable resources for learning to develop Android apps. Note that to get the most out of this talk, attendees should bring a laptop pre-setup with the Android SDK (http://developer.android.com/sdk) and have a basic knowledge of Java.
Understanding Android's Security Framework
The Google Android mobile phone platform is one of the most anticipated smartphone operating systems. Android defines a new component-based framework for developing mobile applications, where each application is comprised of different numbers and types of components. Activity components form the basis of the user interface; each screen presented to the user is a different Activity. Service components provide background processing that continues even after its application loses focus. Services also define arbitrary interfaces for communicating with other applications. Content Provider components share information in relational database form. For instance, the system includes an application with a Content Provider devoted to sharing the user's address book upon which other applications can query. Finally, Broadcast Receiver components act as an asynchronous mailbox for messages from the system and other applications. As a whole, this application framework supports a flexible degree of collaboration between applications, where dependencies can be as simple or complex as a situation requires.
In this tutorial, we will overview the mechanisms required to develop secure applications within the Android development framework, indicating how the environment has evolved with recent releases of the SDK. We will begin with the basics of building an Android application; no prior knowledge of Android is required. From this base, we will demonstrate how applications can communicate and provide services to one another. However, these interfaces must be carefully secured to defend against general malfeasance. We show how Android's security model aims to provide mechanisms for requisite protection of applications and critical smartphone functionality and present a number of "best practices" for secure application development within the environment
The slides and example application source code are available.