University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Facebook
Follow us on twitter
Twitter
Linked in
Linked in
Google plus
Google plus
Digg
Digg
Pinterest
Pinterest
Stumble Upon
Stumble Upon
MSS

Mobile Systems Security

Mobile phones have had a very significant impact on individuals and businesses over the past ten years and their influence continues to grow. Their technologies are also being incorporated into a variety of other mobile systems. Very significant amounts of personal data, financial data, and corporate data are being carried around on devices which are increasingly prone to data loss through both theft and software-based attack. Even in businesses the security of mobile devices is often still ignored. For both the development of new functionality and the emergence of new security threats, these mobile platforms are the centre of attention, moving focus away from PC and laptop devices. Ensuring and maintaining mobile security is of paramount importance to all of us. This course analyses the whole subject of mobile security, across the complex industry of multiple players, threats and technologies.

Course dates

31st October 2016Oxford University Department of Computer Science09 places remaining.
5th June 2017Oxford University Department of Computer Science09 places remaining.
13th November 2017Oxford University Department of Computer Science15 places remaining.
4th June 2018Oxford University Department of Computer Science17 places remaining.

Objectives

The successful participant will:

  • Be able to describe the threat landscape for mobile devices and applications, and be able to map its co-evolution with security controls and anticipated trajectories for the future;
  • Have a working knowledge of the main sources of vulnerabilities in mobile applications - deriving from the whole hardware and software stack - and their impacts
  • Understand the subject of mobile handset forensics, the difficulties to be encountered and how the objectives for extracting evidence often conflict with keeping a device secure.
  • Understand the differing security and privacy requirements of sets of users and be able to implement privacy and security elements by design into mobile applications.
  • Be able to form a coherent design strategy for usable, friendly security in mobile applications whilst minimising the risk to users.
  • Be able to describe the future threat landscape for mobile and connected devices, understanding the physical security impacts of emerging technologies used in smart cities such as machine-to-machine.
  • Understand the strengths and weaknesses of the mobile application lifecycle from digital signing of applications, application distribution through to methods for detecting maliciousness in applications, software upgrades and kill switches.

Contents

The mobile industry
Introduction and history of mobile security, the mobile industry players and stakeholders
The mobile threat landscape
End-to-end mobile security
Wireless bearer security and how the mobile network interacts with the device, hardware security, applications, signing and App Store security.
Secure software development on mobile
Native application and mobile web application security, mobile application development and developer ecosystems, authentication, encryption, hardware security and trust
Mobile Malware
Methods and techniques used by malware developers, static and dynamic analysis, best practices for countering malware throughout the mobile value chain, industry information sharing
Mobile Security Design and Management Considerations
Privacy, child protection and workplace policies, mobile handset forensics, incident handling, cyber security
The Future
M2M, smart cities, small cells, Cloud, NFC, financial services and other emerging technologies

Requirements

Participants should have a basic understanding computer security to the level provided by the Security Principles course. General familiarity with software development techniques, and personal experience of mobile devices will also be assumed.