CS 858: Topics on Mobile and IoT Security -- Fall 2023


Catalog Description

Cybercriminals are increasingly targeting mobile and IoT devices. This course will introduce common framework and application vulnerabilities exploited by malicious parties and will examine security mechanisms employed by smart devices' Operating Systems (particularly Android) to defend against the threat - major topics include access control, IoT security policies, framework and application security models. The course will further explore recent applications of program analysis techniques aiming to enhance the mobile and IoT security.

Location and Time

  • Fridays 1:00pm - 3:50pm in DC 2585


  • Name: Yousra Aafer
  • Email: yaafer AT uwaterloo DOT ca
  • Office: DC 3522
  • Office hours: By appointment

Course Requirements

The expectations for all CS 858 students are the following:
  1. Participate: Students are expected to attend every class and actively take part of the classroom discussions.
  2. Read Literature: Assigned papers should be read before each class.
  3. Write Weekly Critiques: Each Student is required to write a peer-review critique (at least 400 words) for all the papers, before the papers are presented in class. A review must include the following aspects: (1) Summary of the problem and how the paper tackles the problem, (2) Details of positive points, (3) Details of negative points or any improvement you can suggest, and (4) list of questions you would like to discuss in class.
  4. Present Literature: Each student is responsible to present two papers in the class for about 25 minutes and lead the discussion. More details about paper presentation expections will be discussed in the introductory section.
  5. Term Project: Students are expected to conduct a research project in mobile or IoT security (topics in systems and network security maybe accepted), with the major deliverable being a conference-style paper at the end of the semester. Project topics should be discussed outside of class with the professor within the first 3 weeks of class. Projects can be done individually or by groups of two. More details will be discussed in the first class as part of the introductory material.

Paper Selection

Use the signup sheet (link shared via email) to select which paper to present (first come first serve).


Component Weight
Paper Presentations 20%
Classroom Participation 15%
Weekly Critique 25%
Final Project 40% (10% for the Progress Report, 10% for Project Presentation, 20% for Project Report and Artifact

Policy for Late Submissions

Late submissions within 72 hours will be graded with 15% penalty for each day. Late submissions beyond 72 hours will not be graded. Exceptions may only be granted case by case with strong evidence presented.


(Tentative; specific topics to be covered will be updated soon)
Date Topics Lecture Notes Announcement
09/08 Admin Details, Syllabus and Overview
09/15 to 10/06 Papers discussion -- Mobile Access Control and IoT Security Policies
10/13 No Class READING WEEK
10/27 Project Progress Report Due
10/20 to 11/24 Papers discussion -- App Security, IoT Security evaluation, IoT Security enhancement
12/01 Project Presentations Final Report DUE DEC 9