Advanced IoT, Real-Time, and Embedded Systems Security, Fall 2019

Instructor: Ning Zhang,, public key
TA: Fangchen Li,,
Meeting: Tue, Thurs: 10:00 am - 11:20 am
Classroom: Lopata Hall 101
Office Hour: Fri 2:00 - 4:00pm Jolley 321


Course Description

This class focus on the theory and practice of secure embedded/IoT system. Students will be exploring security and privacy issues in deployed or emerging IoT systems, examining a rich variety of devices from drones and self-driving cars to smart home light bulbs and implanted pacemakers, across different layers of computing from network to wireless signal, from application to device kernel and driver. This class is organized with a set of pre-selected topics, with lecture and discussion on those topics. It is a project oriented class, where each student or teams of student will pick a topic of their interest within the scope of the class, then develop a project to a real world security issue on IoT/embedded system.

Recommended Pre-req:
- Solid programming skill, Basic Networking and OS concepts (CSE 361S,422S,433S,473S,523S)
- Feel free to join the class without pre-req as long as you are willing to pick up the system knowledge in the first several weeks of the class.


There is no textbook for the class. We will use research papers for some of the topics. However, the following references can be helpful.


There is no exam in this class, evaluation will be based on class participation and final projects.

Class Participation
10% -- Blog
5% -- Studio
5% -- Discussion
20 %
15% -- Round 1 AI/ML Dev
20% -- Round 2 AI/ML Bug Find
15% -- Round 3 TEE Migration
30% -- Round 4 Final Project


Slides, Lab Assignments and QA are in the WUSTL backboard system.
Date Topics HW/Lab Assignment
8/27/2019 Course Overview - Embracing IoT and Insecurity
Reflections on Trusting Trust
Round 1
8/29/2019 Software Security Review - Application Level
Smashing the stack for fun and profit
9/3/2019 Cryptography Review, Part 1
A Graduate Course in Applied Cryptography
9/5/2019 Cryptography Review, Part 2
9/10/2019 Demo - AI/ML Module Round 2
9/12/2019 Cryptography Review Part 3
9/17/2019 Attack Demo & Rootkit (User land, Kernel land)
The Rootkit Arsenal - Chp 1, 2
9/19/2019 Understanding Linux Malware
9/24/2019 Software Attack and Defense
9/26/2019 Software Attack and Defense
10/1/2019 Software Attack and Defense Round 2 - Extra Credit - Due for Assigned Opponent
10/3/2019 Software Attack and Defense
10/8/2019 Secure System Design Principles - Least Privilege, isolation, access controls
10/10/2019 Secure System Architecture - Introspection, Isolation and Sandboxing
Sok: Introspections on trust and the semantic gap
The protection of information in computer systems
10/15/2019 Fall Break
10/17/2019 Trustworthy Computing
Bootstrapping Trust in Modern Computers
10/22/2019 Vulnerability Attack Demo Round 3
Final Project
10/24/2019 ARM TrustZone and its application
Demystifying Arm TrustZone: A Comprehensive Survey
10/29/2019 Instructor out of town
10/31/2019 Instructor out of town
11/5/2019 Intel SGX and Studio
Intel SGX Explained
11/7/2019 Challenges in hardware-assisted security
In Hardware We Trust
Round 3 Due
11/12/2019 Information Side Channel
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
Proposal Due
11/14/2019 Speculative execution side channel and defense
Meltdown: Reading Kernel Memory from User Space
Spectre Attacks: Exploiting Speculative Execution
A Systematic Evaluation of Transient Execution Attacks and Defenses
11/19/2019 Instructor out of town
11/21/2019 Instructor out of town
11/26/2019 Spectre/Meltdown Studio Lab
11/28/2019 Thanksgiving Break
12/3/2020 Debugging the Cyberphysical World with IoT
SoK: Security Evaluation of Home-Based IoT Deployments
12/5/2020 Final Project Demo
12/16/2020 Writeup Due


This assignment has two parts
If you need a suggestion, the topic can be one of the following
Log and lightning talk signup is here.
Our class blog is here


Format:The class project will be carried out by a team of 2 - 4 students, and is divided into four rounds with the last found being the final project. We will have demo/presentation after each round.

Project Scenario: On a sunny Saturday morning, you are sitting in your backyard in University City thinking about your strategies for the new startup on billion-dollar business of IoT. And you realize IoT really are nothing but decade-old sensors connected via mesh network without the intelligence behind. To be successful, you need to be able to understand your customer's preference and correctly predict that they actually want to have lasagna instead of fried rice such that you can put up the right suggestion of restaurants for them tonight and collect the referral fees. To gain that intelligence, you need computation power, lots of them, but then you are a startup that can't afford significant up front investment on just the infrastructure, so you decided to turn to the Cloud - the platform that solves all the problems. Our story begins here...

Round 1: Development of AI/ML module

Develop an AI/ML module of your choice that will perform the following. You could use our skeleton or not. However, no question will be answered regarding any code or internal design decisions of the skeleton. In the real world, you often won't have answers to code you borrow from other projects.
The provided skeleton contain four main components:
  1. main function - contains the CLI of the program
  2. crypto - contains cryptographic functions such as encryption and key generation
  3. access control - contains user account control
  4. ml - contains the functionality to train and use a model
You are encouraged to modify the provide skeleton code to fit the goal of your startup. If you consider the provided skeleton perfectly secure, you can keep everything. For AI/ML modules, kmeans is used in the provided example. It is recommended that you choose a different AI/ML module, i.e. either libSVM or CNN. You are welcome to use AI/ML modules of your own choice. However, keep in mind that if you choose to do so, TA might not be able to help you with porting it to the provided framework. Moreover, you are responsible for providing the training and testing datasets, their descriptions, and detailed documentation on how to run it.

Demo should show Submission should contain Evaluation: There are two parts of evaluation in this step:

Round 2: Attack of AI/ML module

Attack your opponent's software - your goal to violate any of the security assumption in the first round. You can assume you have program running on the same Linux machine of the target, but you may need to deploy different tactics according to your privilege levels. This includes but not limited to the following There are three types scenario you should be launching the attack, with increasing difficulty. Assuming you have
Evaluation: 20 pt - Able to demonstrate attack at any of three privilege levels - present at least three attacks, grading will be based on the novelty of the attack as well as the discovered attack vectors. You need to submit the following
For extra credit:
For each vulnerability you submit, there should be proof of concept (PoC) attack code as well as procedure to go with it. Up till 10/1, vulnerability you found on your opponent team belongs to you. However, after 10/1, you can work on any team and it is based on the order of discovery. You can find the current list of disclosed vulnerability here .

To submit a vulnerability, send your docmentation, PoC source code in an email to TA and cc me, with CSE 569S VD - "name" - "PoC name" in the title. TA will attempt to keep the spreadsheet updated daily. There could be a maximum delay of two days. Let the instructor know if there is any significant delay on your submission.

Round 3: Defend Module with TEE

Build your defense against the previous round of attack using TEE
Note that you just need to submit your design.

Evaluation will consist of two parts:

Round 4: Final Project - Futher Attack or Your Choice

The final project is an open ended project, where students are encourage to take on challenging project ideas by expanding on the previous rounds, this can be
Evaluation: Your grade will be evaluated by the novelty of the attack or defense(can be a failure), and the steps you took towards the goal. This project has to be a group project. There is no limitation on the size of the group, though groups with 3 - 5 students are often most effective. There are three checkpoints of the project Please note that reproducibility will be a key evaluation criteria, make sure all the submitted materials are clearly documented.


With greater power, comes greater responsibility. In this course, we will be learning about and exploring some vulnerabilities that could be used to attack systems. Students are expected to behave responsibly and ethically. You may not attack any system prior approval of the site owners, and may not use anything you learn in this class to disrupt services or harm others. If you have any doubts about whether or not something you want to do is ethical and legal, you should check with the course instructor.

Advanced IoT, Real-Time, and Embedded Systems Security, Fall 2019, Ning Zhang