CS 858: Topics on Mobile and IoT Security -- Fall 2023
Syllabus
Catalog Description
Cybercriminals are increasingly targeting mobile and IoT devices. This course will introduce common framework and application vulnerabilities exploited by malicious parties and will examine security mechanisms employed by smart devices' Operating Systems (particularly Android) to defend against the threat - major topics include access control, IoT security policies, framework and application security models. The course will further explore recent applications of program analysis techniques aiming to enhance the mobile and IoT security.
Location and Time
- Fridays 1:00pm - 3:50pm in DC 2585
Instructor
- Name: Yousra Aafer
- Email: yaafer AT uwaterloo DOT ca
- Office: DC 3522
- Office hours: By appointment
Course Requirements
The expectations for all CS 858 students are the following:
- Participate: Students are expected to attend every class and actively take part of the classroom discussions.
- Read Literature: Assigned papers should be read before each class.
- Write Weekly Critiques: Each Student is required to write a peer-review critique (at least 400 words) for all the papers, before the papers are presented in class. A review must include the following aspects: (1) Summary of the problem and how the paper tackles the problem, (2) Details of positive points, (3) Details of negative points or any improvement you can suggest, and (4) list of questions you would like to discuss in class.
- Present Literature: Each student is responsible to present two papers in the class for about 25 minutes and lead the discussion. More details about paper presentation expections will be discussed in the introductory section.
- Term Project: Students are expected to conduct a research project in mobile or IoT security (topics in systems and network security maybe accepted), with the major deliverable being a conference-style paper at the end of the semester. Project topics should be discussed outside of class with the professor within the first 3 weeks of class. Projects can be done individually or by groups of two. More details will be discussed in the first class as part of the introductory material.
Paper Selection
Use the signup sheet (link shared via email) to select which paper to present (first come first serve).
Grading
| Component |
Weight |
| Paper Presentations |
20% |
| Classroom Participation |
15% |
| Weekly Critique |
25% |
| Final Project |
40% (10% for the Progress Report, 10% for Project Presentation, 20% for Project Report and Artifact |
Policy for Late Submissions
Late submissions within 72 hours will be graded with 15% penalty for each day. Late submissions beyond 72 hours will not be graded. Exceptions may only be granted case by case with strong evidence presented.
Schedule
(Tentative; specific topics to be covered will be updated soon)
| Date |
Topics |
Lecture Notes |
Announcement |
| 09/08 |
Admin Details, Syllabus and Overview |
|
|
| 09/15 to 10/06 |
Papers discussion -- Mobile Access Control and IoT Security Policies |
|
| 10/13 |
No Class |
READING WEEK |
|
| 10/27 |
Project Progress Report Due |
|
| 10/20 to 11/24 |
Papers discussion -- App Security, IoT Security evaluation, IoT Security enhancement |
|
| 12/01 |
Project Presentations |
Final Report DUE DEC 9 |
|