Course Syllabus

Syllabus

CS 6963/5963: Cyber-physical systems (cps) and internet-of-things (iot) security

Instructor

Instructor: Luis Garcia Pre-requisites: CS 3505
Department: CS Credit Hours: 3.0
Office: MEB 3450 Semester: Fall 2024
E-mail: la.garcia@utah.edu
Communication & Office Hours:  Review the "Communication" section below for more information. PDF Syllabus: N/A
Teaching Assistant: Vatsal Goel
Email: vatsal.goel@utah.edu

Course Description

Overview

Course CS 6963/5963
Department Kahlert School of Computing
Pre-Requisites CS 3505
Credit Hours 3.0
Semester Fall 2024
Description The widespread deployment of Cyber-physical Systems (CPS) and Internet of Things (IoT) systems has revolutionized the way we interact with the physical world, from smart homes to self-driving cars. However, these systems are also susceptible to cyber attacks, posing a threat to the safety, security, and privacy of users across safety-critical applications. This course provides an introduction to the fundamentals of IoT-CPS security, safety, and privacy, covering real-world attacks and defenses, embedded systems security, cryptography, safety verification, sensors/perception security, and more.  We'll have hands-on security exercises, including capture-the-flag tournaments, across various CPS/IoT applications, including industrial controllers, commodity IoT devices, and autonomous vehicles. 

Goals & Objectives

This course provides an introduction to the fundamentals of IoT-CPS security, privacy, and safety, covering real-world attacks and defenses, embedded systems security, cryptography, safety verification, sensors and perception security, and more.

At the end of this course, students will be able to:

  • Develop an understanding of the security, privacy, and safety challenges in IoT-CPS systems
  • Learn the different types of attacks and defenses for various IoT-CPS domains
  • Gain an understanding of the fundamentals of IoT-CPS security
  • Understand the basics of safety verification using modeling techniques
  • Learn the principles of sensors and perception security
  • Develop the skills required to perform threat modeling for IoT-CPS systems
  • Learn the basics of CPS program analysis and ML-in-the-loop security and privacy
  • Understand the basics of trusted computing and distributed computing security
  • Develop the ability to think critically about research problems in IoT-CPS security.

Required Materials

Materials required for this course are:

  • Laptop

Ensure you have this ahead of time as they will be required to complete assignments and activities throughout the course. You will be required to install various open-source software packages throughout the course.

There is no official textbook for the class. Slides will be provided and reading materials for each topic will be assigned from research papers and the following references:

 

Communication

Please review the communication methods and requirements for this course:

Piazza

We use Piazza for announcements and discussion about assignments and other course material.

Preferred Contact Methods

The easiest way to contact me is by e-mail

Office Hours

The instructor will hold office hours according to the following schedule:

By appointment

TA Information

Name: Vatsal Goal

E-mail: vatsal.goel@utah.edu 

Office Hours:

Thursday 4-5pm (In Person), Friday 3:30-4:30pm(Online/In Person as needed) 

Virtual Meeting Rooms(s)

By Appointment

Course Schedule

Here is an overview of the topics covered and tentative course schedule. Please note that this will be subject to change, and I will announce any schedule changes. 

Module  Week Date Topic/Daily Activities Deliverable/Announcement
1: Introduction and Overview 1 T   8/20 Overview and Logistics
Th 8/22 CPS/IoT Security Challenges
2 T   8/27 Real World CPS/IoT Attacks and Defenses

HW1 Posted

Th 8/29 Security in a Nutshell (Part 1)
  • Sign up for Paper Presentations by 11:59 PM
2: CPS/IoT Program Analysis 3 T   9/3

Security in a Nutshell (Part 2)

  • Course Project Team Member Identification by 11:59 PM
Th 9/5 Embedded Control Flow Security
  • First Quiz on Canvas at the beginning of class
  • Class presentations start
4 T 9/10

Program Analysis for IoT/CPS

3: Formal Modeling and Verification of CPS 4 Th 9/12 (Wrapping up Module 2) + Intro to Formal Modeling of CPS
  • Quiz 2
  • HW2 Posted
5 T   9/17 Intro to Model Checking and STL
  • Course project proposal Due by 11:59 PM
Th 9/19 Intro to Model Checking and STL

 

4: From Models to Exploits 6 T   9/24 STL and Testing
  • HW2 Due
Th 9/26 STL and Testing Cont'd
  • Quiz 3
  • CTF1 Team member identification due by 11:59 PM
  • HW3 posted by midnight
5: Capture-the-Flag 1 Prep and Execution 7 T   10/1 Psy Taliro + Testing

 

  • Quiz 4
Th 10/3
  • Midterm Project Presentations
  • Midterm project presentation due
  • HW3 due by 11:59 PM
8 T   10/8 Fall Break (Woo!)
Th 10/10
9 T   10/15 CTF 1 Prep
6: Sensors and Perception Security & Privacy (including out-of-band attacks) Th 10/17 CTF 1 Prep
10 T   10/22 CTF 1

 

Th 10/24 f

 

 

11 T   10/29 ML-in-the-Loop Robustness
  • Quiz 5
Th 10/31 Privacy Notions 
  • Quiz 6
12 T   11/5 Privacy Notions 2
  • HW 4 Posted
  • Quiz 7
7: Establishing Trust for CPS Th 11/7 Side Channels  (remote)

 

13 T   11/12 Trusted Computing and Hardware Support + CPS Remote Attestation
  • HW 4 Due
  • HW 5 Posted
Th 11/14 AI explainability and verifiability
  • CTF2 Team member identification due by 11:59 PM
  • Quiz 9
8: CTF 2 Prep and Execution 14 T   11/19 CTF 2 Prep
  • Quiz 10
  • HW5 Due
Th 11/21 CTF 2 Prep
15 T   11/26 CTF 2
Th 11/28 Thanksgiving (Woo!)
9: Final Project Presentations 16 T   12/3 Final Project Presentations
Th 12/5 Final Project Presentations
  • Final Projects Reports will be due at 11:59 PM on the day of our Final
  • CTF2 Report due by 11:59 PM 

Evaluation

Your performance in this course will be evaluated by:

  • 1 Team research project (report + presentation)
  • 6 Homework assignments
  • 2 Capture-the-flag competitions (participation and report)
  • 1 Research paper presentation + Artifact Evaluation
  • Regular quizzes to test knowledge of each module

Course Policies

Submitting Assignments

All assignments, unless otherwise announced, must be submitted to the designated area of
Canvas. Do not submit assignments via email.

Late Assignments

Please start any assignments early and come to office hours if you need help. The assignments are intended to help you with your course project. There is a 20 percent late penalty for homework submissions up to 1 week late. After 1 week, there is a 40 percent penalty. You can submit any time until the last day of the class.

Grading

Grading for this course

  • 40% Team Course Project (See description below)
  • 10% Paper Presentation 
  • 10% Artifact Evaluation 
  • 10% Quizzes (usually at the beginning of class, 1 per module)
  • 15% Capture-the-flag exercises (participation and reports)
  • 15% Homework assignments 

Research Paper + Artifact. You will be required to present a recent top-tier research publication (I will provide the requirements in class). In addition to the presentation, you will perform an artifact evaluation of the research artifacts presented in the paper. You will include the evaluation as part of the presentation.

Project Structure. Students will collaborate on research projects, with the aim of producing a report of conference-level quality by the semester's end. The chosen topic should be pertinent to CPS/IoT security, safety, or privacy, and the student or students should be the primary authors. Students will work in teams of two (in exceptional cases in single-person teams or teams of three). Expectations will be adjusted based on the size of the team. I will provide tailored guidance to each team or individual as required. The project's assessment will factor in grades from various milestone deliverables and the final report. Evaluation criteria include originality, depth, accuracy, presentation clarity, and effort. Project presentations will be scheduled for the concluding week of the course.

 

Project Deliverables:

1. Presentation:

When: Students will perform two presentations during the course. In Week 7, each team will give a 10-minute presentation on the mid-term project progress. In the final week, each team will give a 10- to 20-minute final presentation depending on time constraints.

Format: The proposal and mid-term presentation are expected to contain the following key elements following the NABC model (we'll go over this in class):

  • Need: What problem am I trying to solve? Why is this problem important? Why is solving it difficult?
  • Approach: What is my solution (high level intuition)? What are the details that I have to decide (thresholds, design flow, etc)? How can I reason about these decisions? What data can I use to test my solution? Do I have enough data? Is there noise? Do I understand ground truth? Can I generate synthetic data? What is my desired outcome at the end of the program? What is the smallest unit of work that I can complete to feel I've made progress on solving this problem? You should include a timeline of expected results that fits the course schedule.
  • Benefit: like the need, but not the same; usually more specific ·or sometimes side-benefits not directly pertaining to need, but nice never the less
  • Competition: review of related work (not exceeding 30% of the presentation); What has been done before (to solve that same problem, to solve related problems that I can leverage)? How do I compare to other efforts to solve that same problem - is my solution better and how? Take a look at a video here for an awesome overview on how to keep track of related works

The final project presentation is expected to contain the following elements: (a) summary of problem definition and solution, (b) key results and findings, (c) conclusions and related work.

2. Report: Students will submit a final report by a specified deadline in the finals week. The report will be expected to be single-column text, single-spaced pages in font size not exceeding 11pt. The report is expected to be at least 8 pages and at most 10 pages, excluding references. If the students wish to submit the work to a formal proceedings, the instructor can provide further guidance. The students will include a separate, brief document describing each team member's contribution, and all members will sign off on that report.

Project Timeline: 

Week 2

Team member identification

Week 4

Project Proposal Due

Week 7

Mid-Term Project Progress

Final Week

Final Presentation & Report 

 

Grading Breakdown for the Project (Total weight = 40%):

Proposal Document

5%

Mid-term Project Progress

10%

Final Report/Demo

20%

Final Presentation

5%

University of Utah grading scale

Letter Scoring
A 100% - 94%
A- 93.9% - 90%
B+ 89.9%–87%
B 86.9%–84%
B- 83.9% - 80%
C+ 79.9%–77%
C 76.9%–74%
C- 73.9% - 70%
D+ 69.9%–67%
D 66.9%–64%
D- 63.9% - 60%
E 59.9%–0%

Accommodations

Disclaimer

Accommodations will be considered on an individual basis and may require documentation.

Please contact your instructor and/or teaching assistant as soon as possible (preferably shortly before the semester begins) to request accommodations of any kind.

Content Warnings

Please be aware that some materials and discussions within this course may contain challenging content. Your instructor may choose to notify students of potentially difficult content (e.g. explicit language, graphic images, violent themes, etc.) throughout the course.

If there are specific subjects that you need advanced notice for, please contact your instructor at the beginning of the semester.

Extreme personal circumstances

Please contact your instructor as soon as possible if an extreme personal circumstance
(hospitalization, death of a close relative, natural disaster, etc.) is interfering with your ability to
complete your work.

Religious Practice

To request an accommodation for religious practices, contact your instructor at the beginning of the semester.

Active Duty Military

If you are a student on active duty with the military and experience issues that prevent you from participating in the course because of deployment or service responsibilities, contact your instructor as soon as possible to discuss appropriate accommodations.

Disability Access

All written information in this course can be made available in an alternative format with prior notification to the Center for Disability Services (CDS). CDS will work with you and the instructor to make arrangements for accommodations. Prior notice is appreciated. To read the full accommodations policy for the University of Utah, please see Section Q of the Instruction & Evaluation regulations.

If you will need accommodations in this class, contact:

Center for Disability Services
801-581-5020
disability.utah.edu
162 Union Building
    200 S. Central Campus Dr.
     Salt Lake City, UT 84112

Changes to the Syllabus

This syllabus is not a contract. It is meant to serve as an outline and guide for your course. Please note that your instructor may modify it to accommodate the needs of your class.

You will be notified of any changes to the Syllabus.

UOnline Expectations

UOnline Student Expectations

Though the online format allows students greater flexibility to complete their work, this course does have a structure and timeline! As such, the following is expected of all students in this class:

  • Students must be self-motivated, organized, and willing to stay on top of their schedules. Students should take control of their learning while in this course.
  • Students are expected to follow the Core Rules of Netiquette at all times while participating in the class and communicating with others.
  • Students will log in to the course a minimum of 3 times per week.
  • Students are not expected to interact with their classmates in person. Students may be expected to work with classmates via online communication options like Canvas Discussions, video conferencing, or other communication technologies of choice (Zoom, FaceTime, Google Hangouts, etc).
  • Students will regularly check for course updates and will update their Canvas notification settings to ensure they receive timely notifications from the course.
  • Students will contact their instructor or teaching assistant promptly if they have any questions, are struggling with course materials, or need further assistance from their instructor.
    • If you do not hear back within 3 days after sending a message, please contact your instructor/TA again.
  • Students will follow all official University of Utah policies regarding interpersonal conduct, academic dishonesty, and other rights and responsibilities of students outlined in the University of Utah Student Handbook and Code of Student Rights and Responsibilities.

UOnline Instructor Expectations

Your course instructor is an expert in the topics you will learn about this semester. Your instructor is your mentor and facilitator of the classroom experience, aided by teaching assistants. Instructors are committed to:

  • The instructor will design the course to include lectures, learning materials, and assignments that are accessible and provide students with opportunities to learn and practice course content.
  • The instructor and teaching assistants will ensure that the course remains a safe space where students can engage with difficult content thoughtfully and respectfully.
  • The instructor and teaching assistants will interact with the class regularly via announcements, virtual office hours (one-on-one video conferencing), emails/the Canvas Inbox, feedback on assignments, and comments on Discussions, among other methods.
  • The instructor and teaching assistants will respond to students promptly: within 48 hours, not including weekends and holidays.
  • The instructor and teaching assistants will be available for an individual consultation via virtual office hours (one-on-one video conferencing), email, or phone and will not require students to meet in person.
  • The instructor and teaching assistants will provide relevant feedback promptly.
  • The instructor and teaching assistants will follow all official University of Utah policies regarding interpersonal conduct, accommodations, and other important duties.

University Policies

Americans with Disabilities Act (ADA)

The University of Utah seeks to provide equal access to its programs, services, and activities for people with disabilities.

All written information in this course can be made available in an alternative format with prior notification to the Center for Disability & Access (CDA). CDA will work with you and the instructor to make arrangements for accommodations. Prior notice is appreciated. To read the full accommodations policy for the University of Utah, please see Section Q of the Instruction & Evaluation regulations.

In compliance with ADA requirements, some students may need to record course content. Any recordings of course content are for personal use only, should not be shared, and should never be made publicly available. In addition, recordings must be destroyed at the conclusion of the course.

If you will need accommodations in this class, or for more information about what support they provide, contact:

Center for Disability & Access

  801-581-5020
  disability.utah.eduLinks to an external site.
  162 Union Building
  200 S. Central Campus Dr.
  Salt Lake City, UT 84112

Safety at the U

The University of Utah values the safety of all campus community members. You will receive important emergency alerts and safety messages regarding campus safety via text message. For more safety information and to view available training resources, including helpful videos, visit safeu.utah.edu.

To report suspicious activity or to request a courtesy escort, contact:

Campus Police & Department of Public Safety

  801-585-COPS (801-585-2677)
  dps.utah.edu
  1735 E. S. Campus Dr.
  Salt Lake City, UT 84112

Addressing Sexual Misconduct

Title IX makes it clear that violence and harassment based on sex and gender (which includes sexual orientation and gender identity/expression) is a civil rights offense subject to the same kinds of accountability and the same kinds of support applied to offenses against other protected categories such as race, national origin, color, religion, age, status as a person with a disability, veteran’s status, or genetic information.

If you or someone you know has been harassed or assaulted, you are encouraged to report it to university officials: 

Title IX Coordinator & Office of Equal Opportunity and Affirmative Action

  801-581-8365
  oeo.utah.edu
  135 Park Building
  201 Presidents' Cir.
  Salt Lake City, UT 84112

Office of the Dean of Students

  801-581-7066
  deanofstudents.utah.edu
  270 Union Building
  200 S. Central Campus Dr.
  Salt Lake City, UT 84112

To file a police report, contact:

Campus Police & Department of Public Safety

  801-585-COPS (801-585-2677)
  dps.utah.edu
  1735 E. S. Campus Dr.
  Salt Lake City, UT 84112

If you do not feel comfortable reporting to authorities, the U's Victim-Survivor Advocates provide free, confidential, and trauma-informed support services to students, faculty, and staff who have experienced interpersonal violence.

To privately explore options and resources available to you with an advocate, contact:

Center for Student Wellness

  801-581-7776
  wellness.utah.edu
  328 Student Services Building
  201 S. 1460 E.
  Salt Lake City, UT 84112

Academic Misconduct

It is expected that students comply with University of Utah policies regarding academic honesty, including but not limited to refraining from cheating, plagiarizing, misrepresenting one’s work, and/or inappropriately collaborating. This includes the use of generative artificial intelligence (AI) tools without citation, documentation, or authorization. Students are expected to adhere to the prescribed professional and ethical standards of the profession/discipline for which they are preparing. Any student who engages in academic dishonesty or who violates the professional and ethical standards for their profession/discipline may be subject to academic sanctions as per the University of Utah’s Student Code: Policy 6-410: Student Academic Performance, Academic Conduct, and Professional and Ethical Conduct.

Plagiarism and cheating are serious offenses and may be punished by failure on an individual assignment, and/or failure in the course. Academic misconduct, according to the University of Utah Student Code:

“...Includes, but is not limited to, cheating, misrepresenting one’s work, inappropriately collaborating, plagiarism, and fabrication or falsification of information…It also includes facilitating academic misconduct by intentionally helping or attempting to help another to commit an act of academic misconduct.”

For details on plagiarism and other important course conduct issues, see the U's Code of Student Rights and Responsibilities.

Course Summary:

Date Details Due