CPTS 439
Cybersecurity of Critical Infrastructure Systems, Spring 2024
Last updated
Cybersecurity of Critical Infrastructure Systems, Spring 2024
Last updated
This course explores the principles, techniques, and challenges of securing safety-critical cyber-physical systems. Students will gain a deep understanding of the vulnerabilities and threats in these systems and learn how to design and implement security measures. Example domains that we will study include the security of industrial control systems, automotive systems, smart grids, time-critical systems, and commodity Internet-of-things (IoT).
Instructor:
Email: monowar.hasan@wsu.edu
Class time: Monday, Wednesday, Friday 1:10-2:00 PM
Class Location: Pullman Campus,
Office Hours (EME B53): Monday, Wednesday 2:30-3:30 PM or by appointment
Important: To better prepare yourself for office hours, read carefully the excellent guides from :
The course syllabus is available .
The course uses materials from state-of-the-art cyber-physical and IoT security literature. In-class discussions and lecture slides will be sufficient to understand the basic concepts. No textbook is required.
Note: The lectures and code files are hosted on the WSU OneDrive cloud. You need WSU credentials to access the materials. If you are from outside WSU and want to use these materials, please email Prof. Hasan at monowar.hasan@wsu.edu.
01/08 (Mon)
Course overview
01/10 (Wed)
CPS/ICS background
01/12 (Fri)
CPS security overview
01/15 (Mon)
No Class
Martin Luther King Jr Day
01/17 (Wed)
Safety and security
No Class
Reading assignment 1 released MH is traveling
01/19 (Fri)
Access control
01/22 (Mon)
Access control mechanisms
01/24 (Wed)
Access control mechanisms
Reading assignment 1 due
01/26 (Fri)
No Class
Class cancelled
01/29 (Mon)
Isolation techniques
Project proposal due
01/31 (Wed)
Virtualization
02/02 (Fri)
Trusted execution environments
02/05 (Mon)
Program-level isolation
Prog. assignment 1 released
02/07 (Wed)
Security models
02/09 (Fri)
Information flow
02/12 (Mon)
Covert channels
02/14
Covert channel (contd.) ICS
02/16
ICS network
Prog. assignment 1 due
02/19 (Mon)
No Class
President's Day
02/21
Exam-1 review
02/23
Mid-Term Exam
In-class, closed-book exam Time limit: 45 minutes
02/26 (Mon)
ICS network protocols
Prog. assignment 2 released
02/28
ICS network protocols
03/01
ICS network protocols
03/04 (Mon)
ICS network security
03/06 (Wed)
Ccontroller area network
03/08 (Fri)
CAN security
Prog. assignment 2 due
03/11 (Mon)
No Class
Spring vacation Prog. assignment 3 released Reading assignment 2 released
03/13 (Wed)
No Class
Spring vacation
03/15 (Fri)
No Class
Spring vacation
03/18 (Mon)
Real-time systems
03/20 (Wed)
Real-time security
03/22 (Fri)
Real-time security
Project update due
03/25 (Mon)
Real-time security
03/27 (Wed)
Real-time security
Reading assginment 2 due
03/29 (Fri)
Real-time security
Prog. assignment 3 due
04/01 (Mon)
Hardware security
Prog. assignment 4 released
04/03 (Wed)
Hardware trojans
Reading assignment 3 released
04/05 (Fri)
Hardware security and trust
04/08 (Mon)
System auditing
04/10 (Wed)
System auditing
Reading assignment 3 due
04/12 (Fri)
Secure CPS design
Prog. assignment 4 due
04/15 (Mon)
Exam review and closing
04/17 (Wed)
No class — presentation preparation
Buffer day before project presentation
04/19 (Fri)
Project presentation Matthew Gerola Griffin Gerry & Freeman Trader Alexander Hagood
Project due
04/22 (Mon)
No Class
MH is traveling for a workshop
04/24 (Wed)
Project presentation Dathan Le Kyle Parker Howie Potter Ganesh Krishnamoorthy
End of class!
04/26 (Fri)
No class — exam preparation
04/29 (Mon)
Final Exam 04/29, 1:30-3:00 PM @ Classroom
In-class closed-book exam Time limit: 90 minutes
There will be three reading assignments: Week 2, Week 10, and Week 13. Grading for reading assignments will be based on submission or non-submission: total points for attempted assignments with reasonable answers will be awarded, while unattempted tasks will receive no points.
Students will engage in a semester-long project related to critical infrastructure security. A team of a maximum of two students is acceptable. The students will submit an end-of-semester report and a recorded presentation (time limit: 10 minutes). The term project could be one of the following types:
Survey: Students will survey the related research fields. The survey should include a summary of at least 8 papers from top journals/conferences.
Exploration: Students will explore a new research problem related to CPS/IoT security.
Some problems of interest are as follows (NOTE: this is NOT the list you are required to choose from):
Integrating security monitoring/cryptographic primitives in CPS
Using trusted computing time-critical CPS
Lightweight and privacy-preserving machine learning models for autonomous systems
Review of TEE-related (TrustZone/SGX) security vulnerabilities for the CPS applications
Investigating covert/side-channels in real-time/CPS/SCADA applications
Project Deliverables:
Project proposal: The term project proposal with a timeline (max two pages) must be submitted and approved by the instructor by the end of Week 4.
Mid-semester update: A progress report (max three pages) of the project is due by Week 10.
There will be two exams on Week 7 and Week 17 (Finals Week). Details will be announced on Canvas/Class.
We will have four programming assignments in this course. The assignments must be completed individually.
Assignment 1: CPS Security Warm-Up -- Analyzing a Firmware Image
Assignment 2: Attacking a Cyber-Physical Plant
Assignment 3: Hacking an Automotive System (Controller Area Network)
Assignment 4: UAV Autopilot Controller Security
Notes:
You will need access to a Linux machine (or VM) to complete the labs.
Due to the incompatibility of newer M-series (ARM) Mac computers, it is recommended to use X86-based Windows/Linux machines (or older Intel-based Macs) to create the VM images.
For those with M-series Macs (or if you can't use your laptop), we will provide compatible systems (located in EME labs). However, no remote access is available -- you must be physically present in the lab to use those machines.
For each lab, you will find a GitHub Classroom link on Canvas. Once you click the link and log into your GitHub account, find your name in the student list and click it to accept the assignment. Please double-check your name and email address before accepting the assignment. If you accidentally choose another student's name, please contact the instructor.
A repo named wsu-cpts439-term/paX-name will be automatically created for you and hosted on GitHub with the starter code.
You can then "clone" your repository onto your development machine. You will complete assignments on your development computer and then "push" your work to the GitHub-hosted remote repository for us to grade.
Final submission:
Copy the URL of your GitHub repository on the corresponding assignment section on Canvas.
For any questions on setting up GitHub, please reach out to the instructor.
Informal feedback ()
Final submission: The final project, all related code/data, and a recorded talk (maximum 10 minutes) are due by the exam week. Use the template for your report. Reports can be up to 6 pages, excluding references (and appendices, if any). The final project is due by Week 15.
For Windows systems, is not recommended. You must install a standalone VM image.
We will use to deliver programming assignments. To learn more about the GitHub workflow, see .
Are You Using GitHub for the first time on your machine?
If you are using GitHub for the first time on your development machine, you need to authenticate your account — one way to do this is by using . Install GitHub CLI using the instructions given . Then run the following command and follow the prompts to authenticate your system: gh auth login.
