CSCI 780 – IoT Security

[Overview] [Syllabus] Schedule [Research Project]

This course schedule is preliminary, and will be altered as the semester progresses. While I will try to announce changes as they happen, it is the responsibility of the students to frequently check this web-page for any changes to the schedule, readings or assignments.

Note: The slides will be available after each lecture via a slides link below the lecture topic.

Date Topics Readings Notes  
08/31/2023 Course Introduction
- Project Proposal assigned; due September 21st at 11:59pm  
09/05/2023 Research Methods 1 (Reading Papers and Writing Effective Reviews)
[READ] Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link)    
09/07/2023 Research Methods 2 - Writing Papers
  Sept 11th, Last Day to ADD/DROP  
09/12/2023 Smart Home Platform Security Analysis (and a visit to the past)
[Ungraded REVIEW] 1. Security Analysis of Emerging Smart Home Applications (link)
[BACKGROUND] 2. Android Permissions Demystified (link)
09/14/2023 Project Speed Dating! 1. USENIX Security Proceedings (link)
2. ACM CCS Proceedings (link)
3. IEEE Security & Privacy Proceedings (link)
4. ISOC NDSS Proceedings (link)
09/19/2023 Security and crypto basics
[READ] 1. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS ‘93. (link)
[READ] 2. Fahl, Sascha, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. “Why Eve and Mallory love Android: An analysis of Android SSL (in) security.” In Proceedings of the 2012 ACM conference on Computer and communications security, pp. 50-61. ACM, 2012. (link)
09/21/2023 [Danny Otten] Network Security [REVIEW] SoK: Security Evaluation of Home-Based IoT Deployments (link) 1. Project Proposal Due,
2. Related work assigned; due October 19th at 11:59pm
09/26/2023 [Mostafa Ahmed] Smart home platforms [REVIEW] Kaushal Kafle, K. Moran, Sunil Manandhar, Adwait Nadkarni, and D. Poshyvanyk, “A Study of Data Store-based Home Automation,” in Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY), Dallas, TX, USA, 2019, pp. 73–84. (link)    
09/28/2023 [Mehedi Hasan Sun] Fine-grained access control [REVIEW] Decentralized Action Integrity for Trigger-Action IoT Platforms (link)    
10/03/2023 [Victor Olaiya] Data Leaks in “IoT Apps” [REVIEW] 1. Sensitive Information Tracking in Commodity IoT (link)
[BACKGROUND Read] 2. A Study of Android Application Security (link)
10/05/2023 [Aashutosh Poudel] Provenance [REVIEW] Fear and Logging in the Internet of Things (link)    
10/10/2023 [Md. Akram Khan] Detecting security and safety issues in IoT Apps [REVIEW] Soteria: Automated IoT Safety and Security Analysis (link)    
10/12/2023   FALL BREAK, NO CLASS    
10/17/2023 [Shaochang Liu ] Preventing security and safety issues in IoT Apps [REVIEW] IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT (link) Research Plan assigned; due November 9th at 11:59pm  
10/19/2023 NSF Panel, No Class   Related Work Due  
10/24/2023 [Alejandro Velasco] IoT Apps? [REVIEW] Sunil Manandhar, K. Moran, Kaushal Kafle, Ruhao Tang, D. Poshyvanyk, and Adwait Nadkarni, “Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses.,” in Proceedings of the IEEE Symposium on Security & Privacy (S&P), San Francisco, CA, USA, 2020. (link)    
10/26/2023 [Mostafa Ahmed] [REVIEW] Kustosch, Lorenz, Carlos Gañán, Mattis van’t Schip, Michel van Eeten, and Simon Parkin. “Measuring Up to (Reasonable) Consumer Expectations: Providing an Empirical Basis for Holding {IoT} Manufacturers Legally Responsible.” In 32nd USENIX Security Symposium (USENIX Security 23), pp. 1487-1504. 2023. (link)    
10/31/2023 Project Status Presentations      
11/02/2023 Project Status Presentations      
11/07/2023 ELECTION DAY, NO CLASS      
11/09/2023 [Danny Otten] [REVIEW] Emami-Naeini, Pardis, Janarth Dheenadhayalan, Yuvraj Agarwal, and Lorrie Faith Cranor. “Are Consumers Willing to Pay for Security and Privacy of IoT Devices?.” In In Proceedings of the 32nd USENIX Security Symposium. 2023. (link) Research Plan Due  
11/14/2023 [Md. Akram Khan] Guest Lead: Prianka Mandal [REVIEW] Vetrivel, Swaathi, Veerle van Harten, Carlos H. Gañán, Michel van Eeten, and Simon Parkin. “Examining consumer reviews to understand security and privacy issues in the market of smart home devices.” In 32nd USENIX Security Symposium (USENIX Security 23), pp. 1523-1540. 2023. (Link)    
11/16/2023 [Aashutosh Poudel] Guest Lead: Sunil Manandhar (Remote) [REVIEW] Manandhar, Sunil, Kaushal Kafle, Benjamin Andow, Kapil Singh, and Adwait Nadkarni. “Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage.” In 31st USENIX Security Symposium (USENIX Security 22), pp. 3521-3538. 2022. (Link)    
11/21/2023 [Victor Olaiya] Guest Lead: Amit Seal Ami, Remote Class [REVIEW] Ami, Amit Seal, Kevin Moran, Denys Poshyvanyk, and Adwait Nadkarni. “ “False negative–that one is going to kill you”: Understanding Industry Perspectives of Static Analysis based Security Testing.” arXiv preprint arXiv:2307.16325 (2023) (Link)    
11/23/2023   THANKSGIVING, NO CLASS    
11/28/2023 [Alejandro Velasco] [REVIEW] Ozmen, Muslum Ozgur, Ruoyu Song, Habiba Farrukh, and Z. Berkay Celik. “Evasion attacks and defenses on smart home physical event verification.” NDSS, 2023. (Link)    
11/30/2023 [Mehedi Hasan Sun] Mandal, Prianka, Amit Seal Ami, Victor Olaiya, Sayyed Hadi Razmjo, and Adwait Nadkarni. “Belt and suspenders or just red tape?: Investigating Early Artifacts and User Perceptions of IoT App Security Certification.” (Link)    
12/05/2023 No class, ACSAC travel -    
12/07/2023 [Shaochang Liu] Remote Class [REVIEW] Stephenson, Sophie, Majed Almansoori, Pardis Emami-Naeini, and Rahul Chatterjee. ““It’s the Equivalent of Feeling Like You’re in Jail”: Lessons from Firsthand and Secondhand Accounts of IoT-Enabled Intimate Partner Abuse.” In 32nd USENIX Security Symposium (USENIX Security 23). 2023. (Link) Final Paper Due, including the artifact  

back to the top