Course Syllabus
Syllabus
CS 6963/5963: Cyber-physical systems (cps) and internet-of-things (iot) security
Instructor
Instructor: | Luis Garcia | Pre-requisites: | CS 3505 |
Department: | CS | Credit Hours: | 3.0 |
Office: | MEB 3450 | Semester: | Fall 2024 |
E-mail: | la.garcia@utah.edu | ||
Communication & Office Hours: | Review the "Communication" section below for more information. | PDF Syllabus: | N/A |
Teaching Assistant: | Vatsal Goel | ||
Email: | vatsal.goel@utah.edu |
Course Description
Overview
Course | CS 6963/5963 |
Department | Kahlert School of Computing |
Pre-Requisites | CS 3505 |
Credit Hours | 3.0 |
Semester | Fall 2024 |
Description | The widespread deployment of Cyber-physical Systems (CPS) and Internet of Things (IoT) systems has revolutionized the way we interact with the physical world, from smart homes to self-driving cars. However, these systems are also susceptible to cyber attacks, posing a threat to the safety, security, and privacy of users across safety-critical applications. This course provides an introduction to the fundamentals of IoT-CPS security, safety, and privacy, covering real-world attacks and defenses, embedded systems security, cryptography, safety verification, sensors/perception security, and more. We'll have hands-on security exercises, including capture-the-flag tournaments, across various CPS/IoT applications, including industrial controllers, commodity IoT devices, and autonomous vehicles. |
Goals & Objectives
This course provides an introduction to the fundamentals of IoT-CPS security, privacy, and safety, covering real-world attacks and defenses, embedded systems security, cryptography, safety verification, sensors and perception security, and more.
At the end of this course, students will be able to:
- Develop an understanding of the security, privacy, and safety challenges in IoT-CPS systems
- Learn the different types of attacks and defenses for various IoT-CPS domains
- Gain an understanding of the fundamentals of IoT-CPS security
- Understand the basics of safety verification using modeling techniques
- Learn the principles of sensors and perception security
- Develop the skills required to perform threat modeling for IoT-CPS systems
- Learn the basics of CPS program analysis and ML-in-the-loop security and privacy
- Understand the basics of trusted computing and distributed computing security
- Develop the ability to think critically about research problems in IoT-CPS security.
Required Materials
Materials required for this course are:
- Laptop
Ensure you have this ahead of time as they will be required to complete assignments and activities throughout the course. You will be required to install various open-source software packages throughout the course.
There is no official textbook for the class. Slides will be provided and reading materials for each topic will be assigned from research papers and the following references:
- Computer Security: Principles and Practice by Stallings and Brown
- Introduction to Embedded Systems: A Cyber-physical Approach by Lee and Seshia
- Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions (1st Edition), by Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, and Stephen Hilt, ISBN: 978-1259589713
- Security Engineering by Ross Anderson
Communication
Please review the communication methods and requirements for this course:
Piazza
We use Piazza for announcements and discussion about assignments and other course material.
Preferred Contact Methods
The easiest way to contact me is by e-mail
Office Hours
The instructor will hold office hours according to the following schedule:
By appointment
TA Information
Name: Vatsal Goal
E-mail: vatsal.goel@utah.edu
Office Hours:
Thursday 4-5pm (In Person), Friday 3:30-4:30pm(Online/In Person as needed)
Virtual Meeting Rooms(s)
By Appointment
Course Schedule
Here is an overview of the topics covered and tentative course schedule. Please note that this will be subject to change, and I will announce any schedule changes.
Module | Week | Date | Topic/Daily Activities | Deliverable/Announcement |
1: Introduction and Overview | 1 | T 8/20 | Overview and Logistics | |
Th 8/22 | CPS/IoT Security Challenges | |||
2 | T 8/27 | Real World CPS/IoT Attacks and Defenses |
HW1 Posted |
|
Th 8/29 | Security in a Nutshell (Part 1) |
|
||
2: CPS/IoT Program Analysis | 3 | T 9/3 |
Security in a Nutshell (Part 2) |
|
Th 9/5 | Embedded Control Flow Security |
|
||
4 | T 9/10 |
Program Analysis for IoT/CPS |
||
3: Formal Modeling and Verification of CPS | 4 | Th 9/12 | (Wrapping up Module 2) + Intro to Formal Modeling of CPS |
|
5 | T 9/17 | Intro to Model Checking and STL |
|
|
Th 9/19 | Intro to Model Checking and STL |
|
||
4: From Models to Exploits | 6 | T 9/24 | STL and Testing |
|
Th 9/26 | STL and Testing Cont'd |
|
||
5: Capture-the-Flag 1 Prep and Execution | 7 | T 10/1 | Psy Taliro + Testing |
|
Th 10/3 |
|
|
||
8 | T 10/8 | Fall Break (Woo!) | ||
Th 10/10 | ||||
9 | T 10/15 | CTF 1 Prep | ||
6: Sensors and Perception Security & Privacy (including out-of-band attacks) | Th 10/17 | CTF 1 Prep | ||
10 | T 10/22 | CTF 1 |
|
|
Th 10/24 | f |
|
||
11 | T 10/29 | ML-in-the-Loop Robustness |
|
|
Th 10/31 | Privacy Notions |
|
||
12 | T 11/5 | Privacy Notions 2 |
|
|
7: Establishing Trust for CPS | Th 11/7 | Side Channels (remote) |
|
|
13 | T 11/12 | Trusted Computing and Hardware Support + CPS Remote Attestation |
|
|
Th 11/14 | AI explainability and verifiability |
|
||
8: CTF 2 Prep and Execution | 14 | T 11/19 | CTF 2 Prep |
|
Th 11/21 | CTF 2 Prep | |||
15 | T 11/26 | CTF 2 | ||
Th 11/28 | Thanksgiving (Woo!) | |||
9: Final Project Presentations | 16 | T 12/3 | Final Project Presentations | |
Th 12/5 | Final Project Presentations |
|
Evaluation
Your performance in this course will be evaluated by:
- 1 Team research project (report + presentation)
- 6 Homework assignments
- 2 Capture-the-flag competitions (participation and report)
- 1 Research paper presentation + Artifact Evaluation
- Regular quizzes to test knowledge of each module
Course Policies
Submitting Assignments
All assignments, unless otherwise announced, must be submitted to the designated area of
Canvas. Do not submit assignments via email.
Late Assignments
Please start any assignments early and come to office hours if you need help. The assignments are intended to help you with your course project. There is a 20 percent late penalty for homework submissions up to 1 week late. After 1 week, there is a 40 percent penalty. You can submit any time until the last day of the class.
Grading
Grading for this course
- 40% Team Course Project (See description below)
- 10% Paper Presentation
- 10% Artifact Evaluation
- 10% Quizzes (usually at the beginning of class, 1 per module)
- 15% Capture-the-flag exercises (participation and reports)
- 15% Homework assignments
Research Paper + Artifact. You will be required to present a recent top-tier research publication (I will provide the requirements in class). In addition to the presentation, you will perform an artifact evaluation of the research artifacts presented in the paper. You will include the evaluation as part of the presentation.
Project Structure. Students will collaborate on research projects, with the aim of producing a report of conference-level quality by the semester's end. The chosen topic should be pertinent to CPS/IoT security, safety, or privacy, and the student or students should be the primary authors. Students will work in teams of two (in exceptional cases in single-person teams or teams of three). Expectations will be adjusted based on the size of the team. I will provide tailored guidance to each team or individual as required. The project's assessment will factor in grades from various milestone deliverables and the final report. Evaluation criteria include originality, depth, accuracy, presentation clarity, and effort. Project presentations will be scheduled for the concluding week of the course.
Project Deliverables:
1. Presentation:
When: Students will perform two presentations during the course. In Week 7, each team will give a 10-minute presentation on the mid-term project progress. In the final week, each team will give a 10- to 20-minute final presentation depending on time constraints.
Format: The proposal and mid-term presentation are expected to contain the following key elements following the NABC model (we'll go over this in class):
- Need: What problem am I trying to solve? Why is this problem important? Why is solving it difficult?
- Approach: What is my solution (high level intuition)? What are the details that I have to decide (thresholds, design flow, etc)? How can I reason about these decisions? What data can I use to test my solution? Do I have enough data? Is there noise? Do I understand ground truth? Can I generate synthetic data? What is my desired outcome at the end of the program? What is the smallest unit of work that I can complete to feel I've made progress on solving this problem? You should include a timeline of expected results that fits the course schedule.
- Benefit: like the need, but not the same; usually more specific ·or sometimes side-benefits not directly pertaining to need, but nice never the less
- Competition: review of related work (not exceeding 30% of the presentation); What has been done before (to solve that same problem, to solve related problems that I can leverage)? How do I compare to other efforts to solve that same problem - is my solution better and how? Take a look at a video here for an awesome overview on how to keep track of related works
The final project presentation is expected to contain the following elements: (a) summary of problem definition and solution, (b) key results and findings, (c) conclusions and related work.
2. Report: Students will submit a final report by a specified deadline in the finals week. The report will be expected to be single-column text, single-spaced pages in font size not exceeding 11pt. The report is expected to be at least 8 pages and at most 10 pages, excluding references. If the students wish to submit the work to a formal proceedings, the instructor can provide further guidance. The students will include a separate, brief document describing each team member's contribution, and all members will sign off on that report.
Project Timeline:
Week 2 |
Team member identification |
Week 4 |
Project Proposal Due |
Week 7 |
Mid-Term Project Progress |
Final Week |
Final Presentation & Report |
Grading Breakdown for the Project (Total weight = 40%):
Proposal Document |
5% |
Mid-term Project Progress |
10% |
Final Report/Demo |
20% |
Final Presentation |
5% |
University of Utah grading scale
Letter | Scoring |
---|---|
A | 100% - 94% |
A- | 93.9% - 90% |
B+ | 89.9%–87% |
B | 86.9%–84% |
B- | 83.9% - 80% |
C+ | 79.9%–77% |
C | 76.9%–74% |
C- | 73.9% - 70% |
D+ | 69.9%–67% |
D | 66.9%–64% |
D- | 63.9% - 60% |
E | 59.9%–0% |
Accommodations
Disclaimer
Accommodations will be considered on an individual basis and may require documentation.
Please contact your instructor and/or teaching assistant as soon as possible (preferably shortly before the semester begins) to request accommodations of any kind.
Content Warnings
Please be aware that some materials and discussions within this course may contain challenging content. Your instructor may choose to notify students of potentially difficult content (e.g. explicit language, graphic images, violent themes, etc.) throughout the course.
If there are specific subjects that you need advanced notice for, please contact your instructor at the beginning of the semester.
Extreme personal circumstances
Please contact your instructor as soon as possible if an extreme personal circumstance
(hospitalization, death of a close relative, natural disaster, etc.) is interfering with your ability to
complete your work.
Religious Practice
To request an accommodation for religious practices, contact your instructor at the beginning of the semester.
Active Duty Military
If you are a student on active duty with the military and experience issues that prevent you from participating in the course because of deployment or service responsibilities, contact your instructor as soon as possible to discuss appropriate accommodations.
Disability Access
All written information in this course can be made available in an alternative format with prior notification to the Center for Disability Services (CDS). CDS will work with you and the instructor to make arrangements for accommodations. Prior notice is appreciated. To read the full accommodations policy for the University of Utah, please see Section Q of the Instruction & Evaluation regulations.
If you will need accommodations in this class, contact:
Center for Disability Services
801-581-5020
disability.utah.edu
162 Union Building
200 S. Central Campus Dr.
Salt Lake City, UT 84112
Changes to the Syllabus
This syllabus is not a contract. It is meant to serve as an outline and guide for your course. Please note that your instructor may modify it to accommodate the needs of your class.
You will be notified of any changes to the Syllabus.
UOnline Expectations
UOnline Student Expectations
Though the online format allows students greater flexibility to complete their work, this course does have a structure and timeline! As such, the following is expected of all students in this class:
- Students must be self-motivated, organized, and willing to stay on top of their schedules. Students should take control of their learning while in this course.
- Students are expected to follow the Core Rules of Netiquette at all times while participating in the class and communicating with others.
- Students will log in to the course a minimum of 3 times per week.
- Students are not expected to interact with their classmates in person. Students may be expected to work with classmates via online communication options like Canvas Discussions, video conferencing, or other communication technologies of choice (Zoom, FaceTime, Google Hangouts, etc).
- Students will regularly check for course updates and will update their Canvas notification settings to ensure they receive timely notifications from the course.
- Students will contact their instructor or teaching assistant promptly if they have any questions, are struggling with course materials, or need further assistance from their instructor.
- If you do not hear back within 3 days after sending a message, please contact your instructor/TA again.
- Students will follow all official University of Utah policies regarding interpersonal conduct, academic dishonesty, and other rights and responsibilities of students outlined in the University of Utah Student Handbook and Code of Student Rights and Responsibilities.
- If you have any questions about this, please contact the Dean of Students.
UOnline Instructor Expectations
Your course instructor is an expert in the topics you will learn about this semester. Your instructor is your mentor and facilitator of the classroom experience, aided by teaching assistants. Instructors are committed to:
- The instructor will design the course to include lectures, learning materials, and assignments that are accessible and provide students with opportunities to learn and practice course content.
- The instructor and teaching assistants will ensure that the course remains a safe space where students can engage with difficult content thoughtfully and respectfully.
- The instructor and teaching assistants will interact with the class regularly via announcements, virtual office hours (one-on-one video conferencing), emails/the Canvas Inbox, feedback on assignments, and comments on Discussions, among other methods.
- The instructor and teaching assistants will respond to students promptly: within 48 hours, not including weekends and holidays.
- The instructor and teaching assistants will be available for an individual consultation via virtual office hours (one-on-one video conferencing), email, or phone and will not require students to meet in person.
- The instructor and teaching assistants will provide relevant feedback promptly.
- The instructor and teaching assistants will follow all official University of Utah policies regarding interpersonal conduct, accommodations, and other important duties.
University Policies
Americans with Disabilities Act (ADA)
The University of Utah seeks to provide equal access to its programs, services, and activities for people with disabilities.
All written information in this course can be made available in an alternative format with prior notification to the Center for Disability & Access (CDA). CDA will work with you and the instructor to make arrangements for accommodations. Prior notice is appreciated. To read the full accommodations policy for the University of Utah, please see Section Q of the Instruction & Evaluation regulations.
In compliance with ADA requirements, some students may need to record course content. Any recordings of course content are for personal use only, should not be shared, and should never be made publicly available. In addition, recordings must be destroyed at the conclusion of the course.
If you will need accommodations in this class, or for more information about what support they provide, contact:
Center for Disability & Access
801-581-5020
disability.utah.eduLinks to an external site.
162 Union Building
200 S. Central Campus Dr.
Salt Lake City, UT 84112
Safety at the U
The University of Utah values the safety of all campus community members. You will receive important emergency alerts and safety messages regarding campus safety via text message. For more safety information and to view available training resources, including helpful videos, visit safeu.utah.edu.
To report suspicious activity or to request a courtesy escort, contact:
Campus Police & Department of Public Safety
801-585-COPS (801-585-2677)
dps.utah.edu
1735 E. S. Campus Dr.
Salt Lake City, UT 84112
Addressing Sexual Misconduct
Title IX makes it clear that violence and harassment based on sex and gender (which includes sexual orientation and gender identity/expression) is a civil rights offense subject to the same kinds of accountability and the same kinds of support applied to offenses against other protected categories such as race, national origin, color, religion, age, status as a person with a disability, veteran’s status, or genetic information.
If you or someone you know has been harassed or assaulted, you are encouraged to report it to university officials:
Title IX Coordinator & Office of Equal Opportunity and Affirmative Action
801-581-8365
oeo.utah.edu
135 Park Building
201 Presidents' Cir.
Salt Lake City, UT 84112
Office of the Dean of Students
801-581-7066
deanofstudents.utah.edu
270 Union Building
200 S. Central Campus Dr.
Salt Lake City, UT 84112
To file a police report, contact:
Campus Police & Department of Public Safety
801-585-COPS (801-585-2677)
dps.utah.edu
1735 E. S. Campus Dr.
Salt Lake City, UT 84112
If you do not feel comfortable reporting to authorities, the U's Victim-Survivor Advocates provide free, confidential, and trauma-informed support services to students, faculty, and staff who have experienced interpersonal violence.
To privately explore options and resources available to you with an advocate, contact:
Center for Student Wellness
801-581-7776
wellness.utah.edu
328 Student Services Building
201 S. 1460 E.
Salt Lake City, UT 84112
Academic Misconduct
It is expected that students comply with University of Utah policies regarding academic honesty, including but not limited to refraining from cheating, plagiarizing, misrepresenting one’s work, and/or inappropriately collaborating. This includes the use of generative artificial intelligence (AI) tools without citation, documentation, or authorization. Students are expected to adhere to the prescribed professional and ethical standards of the profession/discipline for which they are preparing. Any student who engages in academic dishonesty or who violates the professional and ethical standards for their profession/discipline may be subject to academic sanctions as per the University of Utah’s Student Code: Policy 6-410: Student Academic Performance, Academic Conduct, and Professional and Ethical Conduct.
Plagiarism and cheating are serious offenses and may be punished by failure on an individual assignment, and/or failure in the course. Academic misconduct, according to the University of Utah Student Code:
“...Includes, but is not limited to, cheating, misrepresenting one’s work, inappropriately collaborating, plagiarism, and fabrication or falsification of information…It also includes facilitating academic misconduct by intentionally helping or attempting to help another to commit an act of academic misconduct.”
For details on plagiarism and other important course conduct issues, see the U's Code of Student Rights and Responsibilities.
The syllabus page shows a table-oriented view of the course schedule, and the basics of course grading. You can add any other comments, notes, or thoughts you have about the course structure, course policies or anything else.
To add some comments, click the "Edit" link at the top.
Course Summary:
Date | Details | Due |
---|---|---|