Mobile Systems Security
Mobile phones have had a very significant impact on individuals and businesses over the past ten years and their influence continues to grow. Their technologies are also being incorporated into a variety of other mobile systems. Very significant amounts of personal data, financial data, and corporate data are being carried around on devices which are increasingly prone to data loss through both theft and software-based attack. Even in businesses the security of mobile devices is often still ignored. For both the development of new functionality and the emergence of new security threats, these mobile platforms are the centre of attention, moving focus away from PC and laptop devices. Ensuring and maintaining mobile security is of paramount importance to all of us. This course analyses the whole subject of mobile security, across the complex industry of multiple players, threats and technologies.
|9th June 2014||Oxford University Department of Computer Science||18 places remaining.|
The successful participant will:
- Be able to describe the threat landscape for mobile devices and applications, and be able to map its co-evolution with security controls and anticipated trajectories for the future;
- Have a working knowledge of the main sources of vulnerabilities in mobile applications - deriving from the whole hardware and software stack - and their impacts
- Understand the subject of mobile handset forensics, the difficulties to be encountered and how the objectives for extracting evidence often conflict with keeping a device secure.
- Understand the differing security and privacy requirements of sets of users and be able to implement privacy and security elements by design into mobile applications.
- Be able to form a coherent design strategy for usable, friendly security in mobile applications whilst minimising the risk to users.
- Be able to describe the future threat landscape for mobile and connected devices, understanding the physical security impacts of emerging technologies used in smart cities such as machine-to-machine.
- Understand the strengths and weaknesses of the mobile application lifecycle from digital signing of applications, application distribution through to methods for detecting maliciousness in applications, software upgrades and kill switches.
- The mobile industry
- Introduction and history of mobile security, the mobile industry players and stakeholders
- The mobile threat landscape
- End-to-end mobile security
- Wireless bearer security and how the mobile network interacts with the device, hardware security, applications, signing and App Store security.
- Secure software development on mobile
- Native application and mobile web application security, mobile application development and developer ecosystems, authentication, encryption, hardware security and trust
- Mobile Malware
- Methods and techniques used by malware developers, static and dynamic analysis, best practices for countering malware throughout the mobile value chain, industry information sharing
- Mobile Security Design and Management Considerations
- Privacy, child protection and workplace policies, mobile handset forensics, incident handling, cyber security
- The Future
- M2M, smart cities, small cells, Cloud, NFC, financial services and other emerging technologies
Participants should have a basic understanding computer security to the level provided by the Security Principles course. General familiarity with software development techniques, and personal experience of mobile devices will also be assumed.