Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Awardee:CARNEGIE MELLON UNIVERSITY
Doing Business As Name:Carnegie-Mellon University
PD/PI:
  • Limin Jia
  • (412) 268-8746
  • liminjia@cmu.edu
Co-PD(s)/co-PI(s):
  • Ljudevit Bauer
Award Date:07/25/2021
Estimated Total Award Amount: $ 855,566
Funds Obligated to Date: $ 855,566
  • FY 2021=$855,566
Start Date:10/01/2021
End Date:09/30/2024
Transaction Type:Grant
Agency:NSF
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.070
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:Collaborative Research: SaTC: CORE: Medium: Toward safe, private, and secure home automation: from formal modeling to user evaluation
Federal Award ID Number:2114148
DUNS ID:052184116
Parent DUNS ID:052184116
Program:Secure &Trustworthy Cyberspace
Program Officer:
  • Sol Greenspan
  • (703) 292-7841
  • sgreensp@nsf.gov

Awardee Location

Street:5000 Forbes Avenue
City:PITTSBURGH
State:PA
ZIP:15213-3815
County:Pittsburgh
Country:US
Awardee Cong. District:18

Primary Place of Performance

Organization Name:Carnegie Mellon University
Street:5000 Forbes Avenue
City:Pittsburgh
State:PA
ZIP:15213-3890
County:Pittsburgh
Country:US
Cong. District:18

Abstract at Time of Award

IoT devices such as smart door locks and platforms and applications that connect these devices and other online services (e.g., IFTTT, Zapier) make life more convenient but have also raised security and privacy concerns. These concerns arise because smart home devices can collect potentially sensitive data about their users and the data and devices can be accessed (e.g., to unlock doors or disable home security systems) in the absence of physical human actions. Further, the risks posed by smart-home devices can impact people other than the device owners, such as home service workers and children. There is a need for a systematic understanding of the security and privacy impact of such platforms. However, existing work is often too coarse-grained to capture the context in which these devices are used (e.g., camera in public area vs. in the bedroom) and mostly focuses on risks and harms to device owners rather than more broadly. This project aims to gain a deeper understanding of smart homes' security and privacy impact, with a focus on end-user programming platforms like IFTTT and Zapier, and to mitigate potential harms via formal modeling and automated analysis tools. One of the identifying characteristics of this project is that user studies are used to both identify user needs and to evaluate potential solutions, including models and formal analysis tools. This project follows an iterative process, where tools and models are first built (based on results of preliminary user studies); next, user studies are conducted to evaluate the tools and learn about users' needs; then, results from user studies are used to refine the tools and models. This project builds detailed, context-rich models and characterizations of risks and harms from home automation platforms, customized to individual users' perspective, and thus fills the gap between what existing models and tools can do and users' perceptions and needs. This project also builds usable, context-aware, configurable analysis tools that extend traditional information-flow analysis to calculate attackers’ precise knowledge of and influence over the system. These analysis tools take into consideration different threat models, which account for attackers’ different capabilities to observe relevant events and interact with the system. Finally, the project designs warnings and nudges to help users understand their smart home systems better and avoid potential harm. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.