2024 Available from: March 2025 Software Security, Memory Safety Mitigations, and Android Security Supervisor: Lucas Becker Note: I currently cannot supervise additional theses. Please check back next term. I mostly offer topics in the area of memory safety, memory safety mitigations, and Android Security/Privacy. If you are interested in doing a thesis in a related topic, drop me an E-mail and we can discuss possible options. Potential techniques include reverse engineering, fuzzing, program analysis, and similar approaches. Some basic familiarity with practical security is highly appreciated.
2024 2024 IEEE Conference on Communications and Network Security (CNS) Conference A Data-Driven Evaluation of the Current Security State of Android Devices Ernst Leierzopf René Mayrhofer Michael Roland Wolfgang Studier Lawrence Dean Martin Seiffert Florentin Putz Lucas Becker Daniel Thomas BibTeX DOI: 10.1109/CNS62487.2024.10735682 Abstract Android’s fast-paced development cycles and the large number of devices from different manufacturers do not allow for an easy comparison between different devices’ security and privacy postures. Manufacturers each adapt and update their respective firmware images. Furthermore, images published on OEM websites do not necessarily match those installed in the field. Relevant software aspects do not remain static after initial device release, but need to be measured on real devices that receive these updates. There are various potential sources for collecting such attributes, including webscraping, crowdsourcing, and dedicated device farms. However, raw data alone is not helpful in making meaningful decisions on device security and privacy. We make a website available to access collected data. Our implementation focuses on reproducible requests and supports filtering by OEMs, devices, device models, and attributes. To improve usability, we further propose a security score grounded on the list of attributes. Based on input from Android experts, including a focus group and eight individuals, we have created a method that derives attribute weights from the importance of attributes for mitigating threats on the Android platform. We derive weights for general use cases and suggest possible examples for more specialized weights for groups of confidentiality/privacy-sensitive users and integrity-sensitive users. Since there is no one-size-fits-all setting for Android devices, our website provides the possibility to adapt all parameters of the calculated security score to individual needs.