Loading…

Loading grant details…

Completed STANDARD GRANT National Science Foundation (US)

Collaborative Research: SaTC: CORE: Medium: Toward safe, private, and secure home automation: from formal modeling to user evaluation

$8.72M USD

Funder National Science Foundation (US)
Recipient Organization Carnegie-Mellon University
Country United States
Start Date Oct 01, 2021
End Date Aug 31, 2025
Duration 1,430 days
Number of Grantees 2
Roles Principal Investigator; Co-Principal Investigator
Data Source National Science Foundation (US)
Grant ID 2114148
Grant Description

IoT devices such as smart door locks and platforms and applications that connect these devices and other online services (e.g., IFTTT, Zapier) make life more convenient but have also raised security and privacy concerns. These concerns arise because smart home devices can collect potentially sensitive data about their users and the data and devices can be accessed (e.g., to unlock doors or disable home security systems) in the absence of physical human actions.

Further, the risks posed by smart-home devices can impact people other than the device owners, such as home service workers and children. There is a need for a systematic understanding of the security and privacy impact of such platforms. However, existing work is often too coarse-grained to capture the context in which these devices are used (e.g., camera in public area vs. in the bedroom) and mostly focuses on risks and harms to device owners rather than more broadly.

This project aims to gain a deeper understanding of smart homes' security and privacy impact, with a focus on end-user programming platforms like IFTTT and Zapier, and to mitigate potential harms via formal modeling and automated analysis tools. One of the identifying characteristics of this project is that user studies are used to both identify user needs and to evaluate potential solutions, including models and formal analysis tools.

This project follows an iterative process, where tools and models are first built (based on results of preliminary user studies); next, user studies are conducted to evaluate the tools and learn about users' needs; then, results from user studies are used to refine the tools and models. This project builds detailed, context-rich models and characterizations of risks and harms from home automation platforms, customized to individual users' perspective, and thus fills the gap between what existing models and tools can do and users' perceptions and needs.

This project also builds usable, context-aware, configurable analysis tools that extend traditional information-flow analysis to calculate attackers’ precise knowledge of and influence over the system. These analysis tools take into consideration different threat models, which account for attackers’ different capabilities to observe relevant events and interact with the system.

Finally, the project designs warnings and nudges to help users understand their smart home systems better and avoid potential harm.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

All Grantees

Carnegie-Mellon University

Advertisement
Apply for grants with GrantFunds
Advertisement
Browse Grants on GrantFunds
Interested in applying for this grant?

Complete our application form to express your interest and we'll guide you through the process.

Apply for This Grant