This course schedule is preliminary, and will be altered as the semester progresses. While I will try to announce changes as they happen, it is the responsibility of the students to frequently check this web-page for any changes to the schedule, readings or assignments.
Note: The slides will be available after each lecture via a slides link below the lecture topic.
| Date | Topics | Readings | Notes | |
|---|---|---|---|---|
| 08/31/2023 | Course Introduction Slides |
- | Project Proposal assigned; due September 21st at 11:59pm | |
| 09/05/2023 | Research Methods 1 (Reading Papers and Writing Effective Reviews) Slides |
[READ] Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link) | ||
| 09/07/2023 | Research Methods 2 - Writing Papers Slides |
Sept 11th, Last Day to ADD/DROP | ||
| 09/12/2023 | Smart Home Platform Security Analysis (and a visit to the past) Slides |
[Ungraded REVIEW] 1. Security Analysis of Emerging Smart Home Applications (link) [BACKGROUND] 2. Android Permissions Demystified (link) |
||
| 09/14/2023 | Project Speed Dating! | 1. USENIX Security Proceedings (link) 2. ACM CCS Proceedings (link) 3. IEEE Security & Privacy Proceedings (link) 4. ISOC NDSS Proceedings (link) |
||
| 09/19/2023 | Security and crypto basics Slides |
[READ] 1. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS ‘93. (link) [READ] 2. Fahl, Sascha, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. “Why Eve and Mallory love Android: An analysis of Android SSL (in) security.” In Proceedings of the 2012 ACM conference on Computer and communications security, pp. 50-61. ACM, 2012. (link) |
||
| 09/21/2023 | [Danny Otten] Network Security | [REVIEW] SoK: Security Evaluation of Home-Based IoT Deployments (link) | 1. Project Proposal Due, 2. Related work assigned; due October 19th at 11:59pm |
|
| 09/26/2023 | [Mostafa Ahmed] Smart home platforms | [REVIEW] Kaushal Kafle, K. Moran, Sunil Manandhar, Adwait Nadkarni, and D. Poshyvanyk, “A Study of Data Store-based Home Automation,” in Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY), Dallas, TX, USA, 2019, pp. 73–84. (link) | ||
| 09/28/2023 | [Mehedi Hasan Sun] Fine-grained access control | [REVIEW] Decentralized Action Integrity for Trigger-Action IoT Platforms (link) | ||
| 10/03/2023 | [Victor Olaiya] Data Leaks in “IoT Apps” | [REVIEW] 1. Sensitive Information Tracking in Commodity IoT (link) [BACKGROUND Read] 2. A Study of Android Application Security (link) |
||
| 10/05/2023 | [Aashutosh Poudel] Provenance | [REVIEW] Fear and Logging in the Internet of Things (link) | ||
| 10/10/2023 | [Md. Akram Khan] Detecting security and safety issues in IoT Apps | [REVIEW] Soteria: Automated IoT Safety and Security Analysis (link) | ||
| 10/12/2023 | FALL BREAK, NO CLASS | |||
| 10/17/2023 | [Shaochang Liu ] Preventing security and safety issues in IoT Apps | [REVIEW] IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT (link) | Research Plan assigned; due November 9th at 11:59pm | |
| 10/19/2023 | NSF Panel, No Class | Related Work Due | ||
| 10/24/2023 | [Alejandro Velasco] IoT Apps? | [REVIEW] Sunil Manandhar, K. Moran, Kaushal Kafle, Ruhao Tang, D. Poshyvanyk, and Adwait Nadkarni, “Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses.,” in Proceedings of the IEEE Symposium on Security & Privacy (S&P), San Francisco, CA, USA, 2020. (link) | ||
| 10/26/2023 | [Mostafa Ahmed] | [REVIEW] Kustosch, Lorenz, Carlos Gañán, Mattis van’t Schip, Michel van Eeten, and Simon Parkin. “Measuring Up to (Reasonable) Consumer Expectations: Providing an Empirical Basis for Holding {IoT} Manufacturers Legally Responsible.” In 32nd USENIX Security Symposium (USENIX Security 23), pp. 1487-1504. 2023. (link) | ||
| 10/31/2023 | Project Status Presentations | |||
| 11/02/2023 | Project Status Presentations | |||
| 11/07/2023 | ELECTION DAY, NO CLASS | |||
| 11/09/2023 | [Danny Otten] | [REVIEW] Emami-Naeini, Pardis, Janarth Dheenadhayalan, Yuvraj Agarwal, and Lorrie Faith Cranor. “Are Consumers Willing to Pay for Security and Privacy of IoT Devices?.” In In Proceedings of the 32nd USENIX Security Symposium. 2023. (link) | Research Plan Due | |
| 11/14/2023 | [Md. Akram Khan] Guest Lead: Prianka Mandal | [REVIEW] Vetrivel, Swaathi, Veerle van Harten, Carlos H. Gañán, Michel van Eeten, and Simon Parkin. “Examining consumer reviews to understand security and privacy issues in the market of smart home devices.” In 32nd USENIX Security Symposium (USENIX Security 23), pp. 1523-1540. 2023. (Link) | ||
| 11/16/2023 | [Aashutosh Poudel] Guest Lead: Sunil Manandhar (Remote) | [REVIEW] Manandhar, Sunil, Kaushal Kafle, Benjamin Andow, Kapil Singh, and Adwait Nadkarni. “Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage.” In 31st USENIX Security Symposium (USENIX Security 22), pp. 3521-3538. 2022. (Link) | ||
| 11/21/2023 | [Victor Olaiya] Guest Lead: Amit Seal Ami, Remote Class | [REVIEW] Ami, Amit Seal, Kevin Moran, Denys Poshyvanyk, and Adwait Nadkarni. “ “False negative–that one is going to kill you”: Understanding Industry Perspectives of Static Analysis based Security Testing.” arXiv preprint arXiv:2307.16325 (2023) (Link) | ||
| 11/23/2023 | THANKSGIVING, NO CLASS | |||
| 11/28/2023 | [Alejandro Velasco] | [REVIEW] Ozmen, Muslum Ozgur, Ruoyu Song, Habiba Farrukh, and Z. Berkay Celik. “Evasion attacks and defenses on smart home physical event verification.” NDSS, 2023. (Link) | ||
| 11/30/2023 | [Mehedi Hasan Sun] | Mandal, Prianka, Amit Seal Ami, Victor Olaiya, Sayyed Hadi Razmjo, and Adwait Nadkarni. “Belt and suspenders or just red tape?: Investigating Early Artifacts and User Perceptions of IoT App Security Certification.” (Link) | ||
| 12/05/2023 | No class, ACSAC travel | - | ||
| 12/07/2023 | [Shaochang Liu] Remote Class | [REVIEW] Stephenson, Sophie, Majed Almansoori, Pardis Emami-Naeini, and Rahul Chatterjee. ““It’s the Equivalent of Feeling Like You’re in Jail”: Lessons from Firsthand and Secondhand Accounts of IoT-Enabled Intimate Partner Abuse.” In 32nd USENIX Security Symposium (USENIX Security 23). 2023. (Link) | Final Paper Due, including the artifact |