Welcome! This website documents research in Internet of Things and Cyber-Physical Systems Security. The research is primarily conducted by the University of Michigan and its collaborators at Microsoft Research, University of Illinois, University of Washington, University of California Berkeley, and Stony Brook University. We provide a few resources in the form of research papers, code, demo videos and frequently asked questions (FAQs).
- SmartThings Security Analysis: An analysis focused on security design of IoT platforms. Our findings include overprivilege and insufficient event protection. (IEEE S&P 2016 (“Oakland”). Distinguished Practical Paper Award)
- FlowFence: An information flow control (IFC) system for Android and for IoT apps. (Usenix Security Symposium 2016)
- ContexIoT: A system that provides contextual permission prompts in SmartThings apps. (NDSS 2017)
- Heimdall: A system that enables privacy-respecting collection of recommendation data from the phone and the built environment. (MobiSys 2017)
- Robust Physical Perturbations: Can real physical objects be manipulated in ways that cause DNN-based classifiers to misclassify them? (CVPR 2018)
- Object Detector Attacks: Physical Adversarial Examples for state-of-the-art object detectors. (WOOT 2018)
- DTAP: Clean-slate design for trigger-action platforms to support decentralized action integrity. (NDSS 2018)
- Tyche: Risk-based Permission Modeling and Grouping. (SECDEV 2018. Best Paper Award)
- Security analysis of UPI-based mobile payment systems in India. (Accepted to Usenix Security, 2020).
Acknowledgments: This material is based upon work supported by the National Science Foundation under Grant Nos. 1318722, 1646392, and 1740897. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.