A household with smart devices may consist of a complex intermingling of device owners and non-owners, residents and visitors, adults and children, and many other categories of users. Although a common assumption is that each individual has their own un-shared account, it is common for multiple users to share the same account and password for… Read More SPLICE Publication: Optimistic Access Control for the Smart Home
System architects and developers may wonder whether adding a new feature or using data in a novel way would create privacy problems. User experience designers and researchers may want to know which privacy choices require user attention and how to understand users’ attitudes. Policy writers and implementers may want to figure out the best ways… Read More New SPLICE Publication on Contextual Integrity
With the increasing use and popularity of smart-home devices, there is an increasing need for a robust ecosystem to support the interoperability of devices from different manufacturers. The current ecosystem is fragmented, presenting difficulties for inter-device communications from different vendors. Matter, a unifying standard for smart home devices, released the first version of its specification… Read More New SPLICE Publication: Connected Smart Home over Matter Protocol
Misuse of smart devices by household members or visitors have been documented but have not been previously studied.… Read More New SPLICE Publication: Characterizing Everyday Misuse of Smart Home Devices
a provenance-based auditing framework that enables precise tracing of suspicious events in serverless applications… Read More SPLICE Publication: ALASTOR: Reconstructing the Provenance of Serverless Intrusions
Imagine you just moved to a new home or are renting a place for a weekend trip. A visual inventory can help you figure out where the refrigerator, TV, and even some security cameras are, but what if there are additional, hidden, electronic devices that were left behind by others? This paper focuses on detecting… Read More SPLICE Publication: The effect of polarization on nonlinear junction detection
This past month, team members from all seven SPLICE institutions traveled to Hanover, New Hampshire, to meet in-person for the first time since the start of the project in October of 2020. Our annual meeting lasted two and a half days, with the first day including team professional development events, research-based meetings, and a poster… Read More Reflecting on Two Years of SPLICE Achievements
The Cybersecurity Assurance & Policy (CAP) Center at Morgan State University hosted two undergraduate engineering students and a high school STEM teacher to conduct IoT security research throughout summer ’21. The goal was for students to develop their team-building and leadership skills while working on an assigned research project and for the teacher to be… Read More SPLICE Paper on Engaging Students and Teachers in IoT Security Research
Fitness tracking applications allow athletes to record and share their exercises online, including GPS routes of their activities. However, sharing mobility data potentially raises real-world privacy and safety risks. One strategy to mitigate that risk is a “Privacy Zone,” which conceals portions of the exercise routes that fall within a certain radius of a user-designated… Read More New SPLICE Paper: ‘Users Can Deduce Sensitive Locations Protected by Privacy Zones on Fitness Tracking Apps’
As consumers adopt new Internet-connected devices, apps, and other software, they are often exposed to security and privacy vulnerabilities that they likely do not have time, expertise, or incentive to evaluate themselves. Can professionals and institutions help by evaluating the security and privacy of these products on behalf of consumers? As a first step, we… Read More New SPLICE Publication: ‘The Role of Product Reviewers in Evaluating Security and Privacy’
SPLICE 