Complete Mediation

Loading...

From the course by Vanderbilt University

Engineering Maintainable Android Apps

102 ratings

Vanderbilt University

Engineering Maintainable Android Apps

102 ratings

Course 4 of 5 in the Specialization Android App Development

Engineering Maintainable Android Apps, which is a 4 week MOOC that shows by example various methods for engineering maintainable Android apps, including test-driven development methods and how to develop/run unit tests using JUnit and Robotium (or equivalent automated testing frameworks for Android), as well as how to successfully apply common Java/Android software patterns to improve the extensibility and clarity of Android apps. Students will work on the appropriate automated unit quizzes, based on the material covered in the lecture videos. These lessons will demonstrate the benefits of good software engineering practices that are targeted at creating maintainable code for mobile apps. There will be roughly 3-4 hours of student engagement time per week, including video lectures, and quizzes. The ordering of the modules within the course is designed to be flexible. In particular, students can watch the videos in whatever order suits their experience and needs, e.g., they may want to watch the unit testing videos prior to the software pattern videos if they prefer to learn about unit testing first.

From the lesson

Security & Sustainability I

Security & Sustainability3:48

Economy of Mechanism4:10

Economy of Mechanism Example17:04

Least Privilege6:26

Least Privilege Example7:02

Complete Mediation3:10

Complete Mediation Example8:41

Secure Defaults5:35

Secure Defaults Example7:29

Meet the Instructors

Dr. Douglas C. Schmidt
Professor of Computer Science and Associate Chair of the Computer Science and Engineering Program
Electrical Engineering and Computer Science
Michael Walker
Instructor - Graduate Student pursuing PhD in Computer Science
EECS
Dr. C. Jules White
Assistant Professor of Computer Science
Electrical Engineering and Computer Science

When we're building apps that have sensitive data or

sensitive capabilities in them, we maybe storing somebody's personal memories or

we maybe doing something else in the app, it's really important that

we employ a principle of design called complete mediation.

And what we want to do is whenever some entity or

object in our system is accessing one of these sensitive capabilities or

pieces of information, we want to check that that access is appropriate and

do any type of authentication or other things that we need,

to make sure that that access is right.

Every time, if possible, we want to

check if that access should be happening.

If the thing that is accessing it really should have access to it

at that point in time, and given the context.

Complete mediation is being very,

very careful in doling out access to the sensitive capabilities.

There are sensitive pieces of information that our app has.

Now for example if we build a system where you log in once and then

once you've logged in, you always have access to these different capabilities,

that maybe not the best idea depending on the environment that we're operating in.

For example, let's say that we build an app that has very sensitive

banking information in it and you can once you signed in,

you can instantly launch that app and see all of the banking information.

And then we're not going to check anything that goes on with it.

That might be a violation because somebody else may be able to pick up that app,

that phone who isn't the owner of that bank account and

look at that banking information.

Or what if we create a system whereby once you've logged in as the user,

you can then issue any transactions you want.

You install the app once, you log in, and then you can open the app at any time and

make transactions.

And we accidentally expose an activity that can receive an intent

from the outside.

And suddenly the other apps on the device can start requesting that transactions

be made and we aren't rechecking that this really an appropriate access.

We're not completely mediating these transactions on the bank account and

making sure that they should really be happening.

This is a really important principle that we're always checking these

accesses to secure sensitive information to sensitive capabilities or a device.

And we're not just allowing and assuming that just because something's

authenticated once, that it's always going to get access and

that we shouldn't check those things later down the road.

We always want to carefully check what we're doing and ensure that we're not

creating in a security issue and this is what a complete mediation is about.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2018 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play