This course schedule is preliminary, and will be altered as the semester progresses. While I will try to announce changes as they happen, it is the responsibility of the students to frequently check this web-page for any changes to the schedule, readings or assignments.
Note: The slides will be available after each lecture via a slides link below the lecture topic.
| Date | Topics | Readings | Notes | |
|---|---|---|---|---|
| 08/28/2025 | Course Introduction | - | Project Proposal assigned; due September 11th at 11:59pm | |
| 09/02/2025 | Research Methods 1 (Reading Papers and Writing Effective Reviews) | [READ] Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link) | ||
| 09/04/2025 | [Dwight Smith] Smart Home Platform Security Analysis | [Ungraded REVIEW] 1. Security Analysis of Emerging Smart Home Applications (link) | ||
| 09/09/2025 | Project Speed Dating! | 1. USENIX Security Proceedings (link) 2. ACM CCS Proceedings (link) 3. IEEE Security & Privacy Proceedings (link) 4. ISOC NDSS Proceedings (link) |
Sept 8th, Last Day to ADD/DROP | |
| 09/11/2025 | Research Methods 2 - Writing Papers | 1. Project Proposal Due, 2. Related work assigned; due October 14th at 11:59pm |
||
| 09/16/2025 | [Nathan Stettler] Basic Crypto Misuse Analysis | [READ] 1. Fahl, Sascha, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. “Why Eve and Mallory love Android: An analysis of Android SSL (in) security.” In Proceedings of the 2012 ACM conference on Computer and communications security, pp. 50-61. ACM, 2012. (link) [OPTIONAL] 2. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS ‘93. (link) |
||
| 09/18/2025 | [Chenghao Du] Network Security | [REVIEW] SoK: Security Evaluation of Home-Based IoT Deployments (link) | ||
| 09/23/2025 | [Student Presentation] Smart home platforms | [REVIEW] Kaushal Kafle, K. Moran, Sunil Manandhar, Adwait Nadkarni, and D. Poshyvanyk, “A Study of Data Store-based Home Automation,” in Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY), Dallas, TX, USA, 2019, pp. 73–84. (link) | ||
| 09/25/2025 | [Student Presentation] Fine-grained access control | [REVIEW] Decentralized Action Integrity for Trigger-Action IoT Platforms (link) | ||
| 09/30/2025 | [Peyton Boggs] Provenance | [REVIEW] Fear and Logging in the Internet of Things (link) | ||
| 10/02/2025 | [Robiul Islam] Detecting security and safety issues in IoT Apps | [REVIEW] Soteria: Automated IoT Safety and Security Analysis (link) | ||
| 10/07/2025 | [Student Presentation] Data Leaks in “IoT Apps” | [REVIEW] 1. Sensitive Information Tracking in Commodity IoT (link) [BACKGROUND Read] 2. A Study of Android Application Security (link) |
||
| 10/09/2025 | FALL BREAK, NO CLASS | |||
| 10/14/2025 | [Student Presentation] Preventing security and safety issues in IoT Apps | [REVIEW] IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT (link) | 1. Related Work Due, 2. Research Plan assigned; due November 4th at 11:59pm |
|
| 10/16/2025 | [Student Presentation] IoT Apps? | [REVIEW] Sunil Manandhar, K. Moran, Kaushal Kafle, Ruhao Tang, D. Poshyvanyk, and Adwait Nadkarni, “Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses.,” in Proceedings of the IEEE Symposium on Security & Privacy (S&P), San Francisco, CA, USA, 2020. (link) | ||
| 10/21/2025 | [Student Presentation] Consumer Expectations. Guest Lead: Prianka Mandal (Remote Class) | [REVIEW] Kustosch, Lorenz, Carlos Gañán, Mattis van’t Schip, Michel van Eeten, and Simon Parkin. “Measuring Up to (Reasonable) Consumer Expectations: Providing an Empirical Basis for Holding {IoT} Manufacturers Legally Responsible.” In 32nd USENIX Security Symposium (USENIX Security 23), pp. 1487-1504. 2023. (link) | ||
| 10/23/2025 | Project Status Presentations (Remote Class) | Oct 27, last day to withdraw | ||
| 10/28/2025 | Project Status Presentations (Remote Class) | |||
| 10/30/2025 | [Student Presentation] Economics of IoT Security (Remote Class) | [REVIEW] Emami-Naeini, Pardis, Janarth Dheenadhayalan, Yuvraj Agarwal, and Lorrie Faith Cranor. “Are Consumers Willing to Pay for Security and Privacy of IoT Devices?.” In In Proceedings of the 32nd USENIX Security Symposium. 2023. (link) | ||
| 11/04/2025 | ELECTION DAY, NO CLASS | Research Plan Due | ||
| 11/06/2025 | [Student Presentation] Privacy Policies | [REVIEW] Manandhar, Sunil, Kaushal Kafle, Benjamin Andow, Kapil Singh, and Adwait Nadkarni. “Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage.” In 31st USENIX Security Symposium (USENIX Security 22), pp. 3521-3538. 2022. (Link) | ||
| 11/11/2025 | [Student Presentation] Security Compliance - Analysis and User Perceptions | [REVIEW] Mandal, Prianka, Amit Seal Ami, Victor Olaiya, Sayyed Hadi Razmjo, and Adwait Nadkarni. “Belt and suspenders or just red tape?: Investigating Early Artifacts and User Perceptions of IoT App Security Certification.” (Link) | ||
| 11/13/2025 | [Student Presentation] Industry Perspectives on IoT Security Compliance | [REVIEW] Prianka Mandal and Adwait Nadkarni. “`We can’t change it overnight’: Understanding Industry Perspectives on IoT Product Security Compliance and Certification.” (Link) | ||
| 11/18/2025 | [Student Presentation] Legal Implications of IoT Security Failures | [REVIEW] Prianka Mandal, Amit Seal Ami, Iria Giuffrida, Daniel Shin, Ella Sullivan, and Adwait Nadkarni. “`We can’t allow IoT vendors to pass off all such liability to the consumer’: Investigating the U.S. Legal Perspectives on Liability for IoT Product Security.” (Link) | ||
| 11/20/2025 | [Student Presentation] Physical Event Verification | [REVIEW] Ozmen, Muslum Ozgur, Ruoyu Song, Habiba Farrukh, and Z. Berkay Celik. “Evasion attacks and defenses on smart home physical event verification.” NDSS, 2023. (Link) | ||
| 11/25/2025 | [Student Presentation] (Remote Class) Sensor spoofing! | [REVIEW] Kim, Hyungsub, Rwitam Bandyopadhyay, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Yongdae Kim, and Dongyan Xu. “A systematic study of physical sensor attack hardness.” (Link) | ||
| 11/27/2025 | THANKSGIVING, NO CLASS | |||
| 12/02/2025 | [Student Presentation] Controllers: Mobile-IoT apps | [REVIEW] Jin, Xin, Sunil Manandhar, Kaushal Kafle, Zhiqiang Lin, and Adwait Nadkarni. “Understanding iot security from a market-scale perspective.” (Link) | ||
| 12/04/2025 | [Student Presentation] Controllers: Matter | [REVIEW] Wang, Haoqiang, Yiwei Fang, Yichen Liu, Ze Jin, Emma Delph, Xiaojiang Du, Qixu Liu, and Luyi Xing. “Hidden and Lost Control: on Security Design Risks in IoT User-Facing Matter Controller.” (Link) | Final Paper Due, including the artifact |