Loading…
Loading grant details…
| Funder | National Science Foundation (US) |
|---|---|
| Recipient Organization | Carnegie-Mellon University |
| Country | United States |
| Start Date | Oct 01, 2021 |
| End Date | Aug 31, 2025 |
| Duration | 1,430 days |
| Number of Grantees | 2 |
| Roles | Principal Investigator; Co-Principal Investigator |
| Data Source | National Science Foundation (US) |
| Grant ID | 2114148 |
IoT devices such as smart door locks and platforms and applications that connect these devices and other online services (e.g., IFTTT, Zapier) make life more convenient but have also raised security and privacy concerns. These concerns arise because smart home devices can collect potentially sensitive data about their users and the data and devices can be accessed (e.g., to unlock doors or disable home security systems) in the absence of physical human actions.
Further, the risks posed by smart-home devices can impact people other than the device owners, such as home service workers and children. There is a need for a systematic understanding of the security and privacy impact of such platforms. However, existing work is often too coarse-grained to capture the context in which these devices are used (e.g., camera in public area vs. in the bedroom) and mostly focuses on risks and harms to device owners rather than more broadly.
This project aims to gain a deeper understanding of smart homes' security and privacy impact, with a focus on end-user programming platforms like IFTTT and Zapier, and to mitigate potential harms via formal modeling and automated analysis tools. One of the identifying characteristics of this project is that user studies are used to both identify user needs and to evaluate potential solutions, including models and formal analysis tools.
This project follows an iterative process, where tools and models are first built (based on results of preliminary user studies); next, user studies are conducted to evaluate the tools and learn about users' needs; then, results from user studies are used to refine the tools and models. This project builds detailed, context-rich models and characterizations of risks and harms from home automation platforms, customized to individual users' perspective, and thus fills the gap between what existing models and tools can do and users' perceptions and needs.
This project also builds usable, context-aware, configurable analysis tools that extend traditional information-flow analysis to calculate attackers’ precise knowledge of and influence over the system. These analysis tools take into consideration different threat models, which account for attackers’ different capabilities to observe relevant events and interact with the system.
Finally, the project designs warnings and nudges to help users understand their smart home systems better and avoid potential harm.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
Carnegie-Mellon University
Complete our application form to express your interest and we'll guide you through the process.
Apply for This Grant