I have been teaching the Mobile Security Topics in CS463 and CS563 at the University of Illinois at Urbana-Champaign since 2014.

I usually lead two 75-minute lectures in the context of the “Computer Security II (CS463)” course at the University of Illinois at Urbana-Champaign. The goal of the lectures is to introduce students to security and privacy issues related to mobile devices with a focus on smartphones. We draw a comparison between traditional computer security and how the attack surface transforms with the advent of smart mobile devices.

Topics covered in the first lecture include iOS security mechanisms and Android security models. In the second lecture we cover mobile advertising and risks on Android, side channel attacks on Android and defense mechanisms; bluetooth attacks on Android, attacks on external resources on Android, SELinux on Android. The lectures are commonly augmented with a machine problem to provide students with a hands on experience on how adversaries can take advantage of mobile OS security limitations. In the past we have asked students to develop a side-channel privacy attack from a userspace mobile application and to simulate a privacy attack by a malicious mobile advertising library .

For this class I introduce state of the art papers in security and privacy in mobile advertising. Papers presented include but are not limited to the following: “Unsafe exposure analysis of mobile in-app advertisements” by Grace et. al; “AdSplit: separating smartphone advertising from applications” by Shekhar et. al; and “AdDroid: privilege separation for applications and advertisers in Android” by Pearce et. al.

In Fall 2017, I presented a lecture on IoT Security, introducing all academic work and articles reported on the WWW from 2010 until 2017. I classified the papers into attack and defense papers. Next I discussed each paper with respect to five main problem areas in IoT, different solution approaches and a variety of security assessment properties.