14-829 / 18-638: Mobile and IoT Security - Fall 2021

Lab 5: Surveying IoT Application Platforms

Due: Oct 15

Description: As your first lab in the IoT space, the first small task for you to complete is a survey of the current IoT app development/testing landscape. Though it doesn't comprise very complex tasks, this lab will be instrumental in forming a foundation for the remaining labs in the course. As such, please make sure to pay attention to all of the tasks and prepare yourself to take follow-up actions around all of them.

Tasks:

1. What IoT app platforms and markets can you find? - Unlike the mobile ecosystem which has converged to just a few major app markets, the IoT ecosystem is much more fragmented. This means that there is no main "go to" location for app developers to go to make their living and market their talents. Taking the role of an IoT app developer, search through the landscape of IoT platforms and their corresponding markets or other methods for distributing/installing IoT apps. Identify at least three (3) different platforms/markets and provide a brief summary of each, including whether the platform relies on a developer account, a paid license, specific hardware platforms, or other requirements.
2. What are the main features and models of these platforms? - For each of the platforms you identified in the first task, summarize the main features of the development landscape, available SDK/APIs/tools, how applications are distributed or delivered or installed, and what type of support the platform offers for security features that are attractive in a marketplace.
3. Which platforms share apps that can be downloaded and studied? - Some IoT app platforms make their apps available to users (and analysts) in open source, while others never disclose code packages or even let code leave their cloud service / host. For each of the platforms you identify, see if you can find a way to get access to source code for the apps that can be installed or if you can at least get access to compiled binaries. If none of your chosen platforms allow such analysis, maybe keep searching for other options...
4. Which platforms provide emulators that developers can use for testing? - Since not all IoT app developers have access to all available IoT device hardware, many platforms provide simulation or emulation tools that allow developers to develop and test their app code in a virtualized environment, sometimes additionally virtualizing network protocols, device-to-device interactions, sensing or other data/event creation capabilities, or actuation/control capabilities. For each of your chosen platforms, determine whether such virtualized services are provided and explain what these services entail. If none of your chosen platforms allow any such emulation, maybe keep searching for other options...
5. Comparison of platforms - Of the platforms that you studied, which provides the best support for (i) independent developers without huge resource budgets, (ii) security analysts who want to understand platform and market security, and (iii) developers who have no hardware resources but want to develop for complex IoT systems?

Deliverables and Submission: Prepare a written summary of your efforts and responses for the above tasks. The summary report should identify each of your target platforms and responses for each of the subsequent tasks above. Make sure to address all of the questions and complete all of the tasks, as labs 6 through 8 will build on your findings in this survey study. This summary should be formatted in an easy-to-read way, using font size 10 or greater, and submitted as a .pdf document.

Grading: This lab is worth 10 points, with 3 points allocated for the study and description of each of the IoT platforms that you include in your survey and 4 points for summarizing the comparison of platforms. We reserve the right to take off points for unreadable reports, poor writing, missing details, inappropriate content, etc.