The schedule will change as the course progresses, in part based on student interests. If you are particularly interested in some topic not covered here, send an email to the instructor.

Monday Tuesday Wednesday Thursday Friday
Aug 23 Aug 24: Introduction to CPS and IoT Security
LEC 1: Course Logistics and Overview
Aug 25 Aug 26: Introduction to CPS and IoT Security
LEC 2: Project Introduction
Aug 27
Aug 30 Aug 31: Attack Surface and Vulnerabilities
LEC 3: Attack Surface and Vulnerabilities
Project Group Formation
Sep 1 Sep 2: Attack Surface and Vulnerabilities
Reading: Comprehensive Experimental Analyses of Automotive Attack Surfaces [Security'11]
Presentation 1: Shiven Pandya
Project Discussion 1
Sep 3
Sep 6
Labor Day
Sep 7: Automotive Vehicles
Reading: Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study [Security'10]
Presentation 2: Sydney Medina
LEC 4: Automotive Vehicles
Sep 8 Sep 9: Automotive Vehicles
Reading: Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps [NDSS'20]
Presentation 3: Shiven Pandya
Project Discussion 2
Sep 10
Sep 13 Sep 14: Packet Sniffing and Analysis
Reading: CANnon: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers [S&P'21]
Presentation 4: Emily Wojciechowski
LEC 5: Packet Sniffing and Analysis
Sep 15 Sep 16: Packet Sniffing and Analysis
Reading: Exposing New Vulnerabilities of Error Handling Mechanism in CAN [Security'21]
Presentation 5: Alex Armstrong
Project Discussion 3
Sep 17
Sep 20 Sep 21: Penetration Testing
Reading: Evading Voltage-Based Intrusion Detection on Automotive CAN [NDSS'21]
Presentation 6: William Ryder
LEC 6: Penetration Testing
Sep 22 Sep 23: Penetration Testing
Reading: Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT [Security'20]
Presentation 7: Emily Wojciechowski
Project Discussion 4
Sep 24
Sep 27 Sep 28
Class Cancelled (No Class)
Sep 29 Sep 30: Project Discussion
Reading: LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks [Security'21],
AVGuardian: Detecting and Mitigating Publish-Subscribe Overprivilege for Autonomous Vehicle Systems [EuroS&P'21]
Presentation 8: William Ryder
Presentation 9: Simin Chen
Project Discussion 5
Oct 1
Oct 4 Oct 5: Fuzz Testing
Reading: Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems [Security'21]
Presentation 10: Ramin Nourbakhsh
LEC 7: Fuzz Testing
Oct 6 Oct 7: Fuzz Testing
Reading: Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing [Security'21]
Presentation 11: James Landry
Project Discussion 6
Oct 8
Oct 11 Oct 12
Mid-term Week (No Class)
Oct 13 Oct 14
Mid-term Week (No Class)
Oct 15
Oct 18 Oct 19: Project Pitch Day
DUE: Project Pitch Presentation
Oct 20 Oct 21: Program Analysis
Reading: Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks [CCS'20]
Presentation 12: Ishpreet Bhasin
LEC 8: Proram Analysis
Oct 22
Oct 25 Oct 26: Self-Driving Cars
Reading: Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations [Security'21]
Presentation 13: Ramin Nourbakhsh
LEC 9: Self-Driving Cars
Oct 27 Oct 28: Self-Driving Cars
Reading: Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World Attack [Security'21]
Presentation 14: Ajey Bangalore Subrahmanya
Project Discussion 7
Oct 29
Nov 1 Nov 2: Drones
Reading: SoK: Security and Privacy in the Age of Commercial Drones [S&P'21]
Presentation 15: Ajey Bangalore Subrahmanya
LEC 10: Drones
Nov 3 Nov 4: Drones
Reading: PHYSFRAME: Type Checking Physical Frames of Reference for Robotic Systems [FSE'21]
Presentation 16: Simin Chen
Project Discussion 8
Nov 5
Nov 8 Nov 9: IoT Devices and Platforms
Reading: The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle [Security'21]
Presentation 17: Kunal Mukherjee
LEC 11: IoT Devices and Platforms
Nov 10 Nov 11: IoT Devices and Platforms
Reading: MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols [Security'21]
Presentation 18: James Landry
Project Discussion 9
Nov 12
Nov 15 Nov 16: Industrial Control Systems
Reading: HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems [CCS'20]
Presentation 19: Kunal Mukherjee
LEC 12: Control Systems
Nov 17 Nov 18: Industrial Control Systems
Reading: Jetset: Targeted Firmware Rehosting for Embedded Systems [Security'21]
Presentation 20: Alex Armstrong
Project Discussion 10
Nov 19
Nov 22
Fall Break
Nov 23
Fall Break
Nov 24
Fall Break
Nov 25
Thanksgiving Day
Nov 26
Black Friday
Nov 29 Nov 30: ARM Instruction Set
LEC 13: ARM Instruction Set
Dec 1 Dec 2: Project Demo Day
DUE: Final Project Demo & Presentation
Dec 3
Dec 6
Dec 7
Last Day of Classes (No Class)
DUE: Final Project Submission
Dec 8
Dec 9
Final Exam Period (No Exam)
Dec 10
Final Exam Period (No Exam)
Dec 13
Final Exam Period (No Exam)
Dec 14
Final Exam Period (No Exam)
Dec 15
Final Exam Period (No Exam)
Dec 16
Dec 17