CIS 4930 - Secure IoT
Class Schedule
This schedule will be updated as the semester progresses. Find the tentative syllabus here.
| Date | Topics | Recommended Readings | Other Activities/Notes |
|---|---|---|---|
| 08/27/2024 | Course Introductions [slides] | 1. Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link) |
1. Homework 1 assigned; due 09/03 2. Project Phase 1 (Idea and Team formation) assigned; due 09/05 11:59 pm |
| 08/29/2024 | 1. IoT Security fundamentals 2. Intro to HomeAssistant [slides] |
1. Security Engineering, Chapter 1 [link] 2. HomeAssistant Architecture [link1, link2] and Integrations [link1, link2] |
08/30 Last day to add/drop classes |
| 09/03/2024 | Crypto 1: Secret Key Crypto [slides] | Security Engineering, Chapter 5.1-5.5 [link] | Homework 1 Due |
| 09/05/2024 | Crypto 2: Hashes and Message Authentication [slides] | 1. Security Engineering, Chapter 5.6 [link] 2. Ross Anderson, Why Cryptosystems fail [link] |
1. Project Phase 1 Due 2. Homework 2 assigned; due 09/19 11:59 pm |
| 09/10/2024 | Crypto 3: Public Key Cryptography [slides] | Security Engineering, Chapter 5.7 [link] | Project Phase 2 assigned (HomeAssistant Integration Design and Implementation); due 10/22 11:59 pm |
| 09/12/2024 | SSL/TLS [slides] | SSL and TLS: A Beginner’s Guide [link] | |
| 09/17/2024 | Access Control Basics [slides] | 1. Operating System Security, Chapters 1,2 and 5 [link] 2. [Only Section I-A] J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308 [link] |
Project Plan due |
| 09/19/2024 | Information Flow Control [slides] [reading-papers] | 1. [BB] How risky are real users’ IFTTT applets? [link] | Homework 2 due |
| 09/24/2024 | Trigger-Action Programs [slides] | 1. [BB] Soteria: Automated IoT Safety and Security Analysis [link] 1. [BB] Towards a natural perspective of Smart Homes for Practical Security and Safety Analyses [link] |
Homework 3 assigned; due 10/08 due |
| 09/26/2024 | |
1. [BB] Security Analysis of Emerging Smart Home Applications [link] | |
| 10/01/2024 | Smart Home Platforms: Lateral Privilege escalation [slides] | 1. [BB] A Study of Data Store-based Home Automation [link] | |
| 10/03/2024 | Smart Home Security: Situational Access Control and Integrity Validation [slides] | 1. [BB] Situational Access Control in IoT [link] 2. [BB] Practical Integrity Validation in the Smart Home [link] |
|
| 10/08/2024 | Permission models: Smart Home vs Android apps | 1. [BB] Android Permissions Demystified [link] | |
| 10/10/2024 | 1. Smart Home: Challenges of Multiuser Access Control 2. Midterm exam review |
1. [BB] Rethinking Access Control and Authentication for the Home IoT [link] | |
| 10/15/2024 | Midterm Exam | ||
| 10/17/2024 | Security Analysis in IoT: Objectives and Methodology | 1. [BB] SoK: Security Evaluation of Home-based IoT Deployments [link] | Homework 3 due |
| 10/22/2024 | 1. Security Analysis: Evaluating results 2. Research Methods 1 (Reading a research paper) |
1. Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989 [link] | Project Phase 2 due |
| 10/24/2024 | 1. Introduction to Static Analysis 2. Case study: Analysis of IoT apps in the Wild |
1. [BB] Jin et. al., Understanding IoT Security from a Market-Scale Perspective, CCS 2022 [link] | Project Phase 3 (IoT app analysis proposal) assigned; due 10/31 |
| 10/29/2024 | Research Methods 2 (Writing a research paper) | Project Phase 4 (Implementation and Evaluation) assigned; due 12/12 | |
| 10/31/2024 | Smart Home Wrap-Up: Privacy Issues | 1. [BB] Smart Home Privacy Policies Demystified [link] | Project Phase 3 due |
| ... | TBA | TBA | ... |