└── README.md /README.md: -------------------------------------------------------------------------------- 1 | It is a list of IoT security papers from recent top conferences. 2 | 3 | **Alexa Control:** 4 | - [A Scalable Neural Shortlisting-Reranking Approach for Large-Scale Domain Classification in Natural Language Understanding](https://www.amazon.science/blog/hyprank-how-alexa-determines-what-skill-can-best-meet-a-customers-need), 2018 5 | 6 | **Access Control:** 7 | - [TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24287-paper.pdf), NDSS, 2020 8 | 9 | - [Multi-User Multi-Device-Aware Access Control System for Smart Home](https://arxiv.org/pdf/1911.10186.pdf), WiSec, 2020 10 | 11 | - [IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_07A-1_Celik_paper.pdf), NDSS, 2019 12 | 13 | - [Situational Access Control in the Internet of Things](https://www.cs.cornell.edu/~shmat/shmat_ccs18.pdf), CCS, 2018 14 | 15 | - [HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes](https://www.usenix.org/system/files/sec21summer_fu.pdf), USENIX Security, 2021 16 | 17 | - [PFirewall: Semantics-Aware Customizable Data Flow Control for Home Automation Systems](https://arxiv.org/pdf/1910.07987.pdf), NDSS, 2021 18 | 19 | - [Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling](https://arxiv.org/pdf/1808.02125.pdf), DSN, 2020 20 | 21 | **App Vulnerabilities:** 22 | - [Real-time Analysis of Privacy-(un)aware IoT Applications](https://arxiv.org/pdf/1911.10461.pdf), Security arXiv, 2020 23 | 24 | - [Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps](https://www.usenix.org/system/files/sec19-wang-xueqiang_0.pdf), USENIX Security, 2019 25 | 26 | - [If This Then What? Controlling Flows in IoT Apps](https://www.cse.chalmers.se/~andrei/ccs18.pdf), CCS, 2018 27 | 28 | 29 | **Device or Network Vulnerabilities:** 30 | - [SoK: Security Evaluation of Home-Based IoT Deployments](https://astrolavos.gatech.edu/articles/sok_sp19.pdf), IEEE S&P, 2019 31 | 32 | - [Burglars' IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds](http://homes.sice.indiana.edu/luyixing/bib/oakland20-mqtt.pdf), IEEE S&P, 2020 33 | 34 | - [Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses](https://www.adwaitnadkarni.com/pdf/manandhar-oakland20.pdf), IEEE S&P, 2020 35 | 36 | - [Packet-Level Signatures for Smart Home Devices](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24097-paper.pdf), NDDS, 2020 37 | 38 | - [BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_06B-4_Xu_paper.pdf), NDSS, 2020 39 | 40 | - [All Things Considered: An Analysis of IoT Devices on Home Networks](https://www.usenix.org/system/files/sec19-kumar-deepak_0.pdf), USENIX Security, 2019 41 | 42 | - [HoMonit: Monitoring Smart Home Apps from Encrypted Traffic](http://web.cse.ohio-state.edu/~zhang.5840/assets/CCS2018/ccs18.pdf), CCS , 2018 43 | 44 | **Inter-app or Platform Vulnerabilities:** 45 | - [Charting the Attack Surface of Trigger-Action IoT Platforms](https://adambates.org/documents/Wang_Ccs19.pdf), CCS, 2019 46 | 47 | 48 | - [Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms](https://www.usenix.org/system/files/sec19-zhou.pdf), USENIX Security, 2019 49 | 50 | 51 | - [IoTRemedy: Non-Intrusive Rule Decomposition for User Privacy in Modern IoT Platforms](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9141818), ITOEC, 2020 52 | 53 | 54 | **Firmware Vulnerabilities:** 55 | - [Dominance as a New Trusted Computing Primitive for the Internet of Things](https://www.computer.org/csdl/proceedings-article/sp/2019/666000b223/19skggDcR0s), IEEE S&P, 2019 56 | 57 | - [FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation](https://www.usenix.org/system/files/sec19-zheng_0.pdf), USENIX Security, 2019 58 | 59 | - [IOTREPAIR: Systematically Addressing Device Faults in Commodity IoT](https://arxiv.org/pdf/2002.07641.pdf), Security arXiv, 2020 60 | 61 | 62 | **Botnet:** 63 | - [Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_02B-3_Herwig_paper.pdf), NDSS, 2019 64 | 65 | - [Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_02B-2_Cetin_paper.pdf), NDSS, 2019 66 | 67 | - [A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24161-paper.pdf), NDSS, 2020 68 | 69 | - [Not Everything is Dark and Gloomy: Power Grid Protections Against IoT Demand Attacks](https://www.usenix.org/system/files/sec19-huang.pdf), USENIX Security, 2019 70 | 71 | 72 | **Multi Users:** 73 | - [Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study](https://www.usenix.org/system/files/sec19-zeng.pdf), USENIX Security, 2019 74 | 75 | - [Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA](https://www.usenix.org/system/files/sec19fall_apthorpe_prepub.pdf), USENIX Security, 2019 76 | 77 | - [Multi-User Multi-Device-Aware Access Control System for Smart Home](https://arxiv.org/pdf/1911.10186.pdf), Security arXiv, 2020 78 | 79 | **User Study:** 80 | - [Ask the Experts: What Should Be on an IoT Privacy and Security Label?](http://www.cs.cmu.edu/~pemamina/publication/SP'20/SP20.pdf), IEEE S&P, 2020 81 | 82 | - [Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products](https://arxiv.org/pdf/1906.11094.pdf),IEEE S&P, 2020 83 | 84 | - [How Risky Are Real Users' IFTTT Applets?](https://www.usenix.org/system/files/soups2020-cobb.pdf), Soups, 2020 85 | 86 | 87 | **Others:** 88 | - [Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors](https://www.ndss-symposium.org/wp-content/uploads/2020/02/23053-paper.pdf), NDSS, 2020 89 | 90 | - [Pinto: Enabling Video Privacy for Commodity IoT Cameras](https://dl.acm.org/doi/pdf/10.1145/3243734.3243830), CCS, 2018 91 | 92 | - [Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT](https://web.cse.ohio-state.edu/~lin.3021/file/SEC20a.pdf), USENIX Security, 2020 93 | 94 | - [SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants](https://www.usenix.org/system/files/sec20summer_quinonez_prepub.pdf), USENIX Security, 2020 95 | 96 | - [T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices](https://cse.sc.edu/~zeng1/papers/2020-ccs-t2pair.pdf), CCS, 2020 97 | 98 | - [Peeves: Physical Event Verification in Smart Homes](https://beerkay.github.io/cs590S20/content/papers/birnbach.pdf), CCS, 2019 99 | --------------------------------------------------------------------------------