# CPTS/EE 439 & 539 *** ### Overview This course explores the principles, techniques, and challenges of securing safety-critical cyber-physical systems. Students will gain a deep understanding of the vulnerabilities and threats in these systems and learn how to design and implement security measures. Example domains that we will study include the security of industrial control systems, automotive systems, smart grids, time-critical systems, and commodity Internet-of-things (IoT). * **Instructor:** [Monowar Hasan](http://monowarhasan.info/) * **Email:** * **Class time:** Monday, Wednesday, Friday 1:10-2:00 PM * **Class Location:** Pullman Campus, [Sloan 7](https://li.wsu.edu/buildings-and-spaces/general-university-classrooms/classroom-specs/sloan-7/) * **Office Hours (EME B53):** Wednesday, Friday 2:15-3:00 PM or by appointment > **Important:** To better prepare yourself for office hours, read carefully the excellent guides from [Gabriel Parmer](https://www2.seas.gwu.edu/~gparmer/): > > * [Preparing and presenting yourself at office hours](https://www2.seas.gwu.edu/~gparmer/resources/2021-09-20-Office-Hours-HOWTO.html) > * [Expected norms for online interactions](https://www2.seas.gwu.edu/~gparmer/resources/2020-08-01-Online-Conduct.html) *** ### Course Syllabus The course syllabus is available [here](https://monowarhasan.info/courses/CPTS439_Syllabus_SP26.pdf). *** ### Textbook The course uses materials from state-of-the-art cyber-physical and IoT security literature. In-class discussions and lecture slides will be sufficient to understand the basic concepts. *No textbook is required.* *** ### Course Schedule **Note:** *The lectures and code files are hosted on the WSU OneDrive cloud. You need WSU credentials to access the materials. If you are from outside WSU and want to use these materials, please email Prof. Hasan at .*
WKDateTopicRemarks
101/12
(Mon)		Course overview
101/14
(Wed)		CPS/ICS background
101/16
(Fri)		CPS security overview
201/19
(Mon)		No ClassMartin Luther King Jr Day
201/21
(Wed)		Access controlReading assignment 1 released
201/23
(Fri)		Access control
301/26
(Mon)		Student presentation: Project proposalAll programming assignments released
301/28
(Wed)		Student presentation: Project proposalReading assignment 1 due
301/30
(Fri)		Student presentation: Project proposal
402/02
(Mon)		Isolation techniquesProject proposal document due
402/04
(Wed)		Trusted execution environments
402/06
(Fri)		Covert channels
502/09
(Mon)		ICS network
502/11
(Wed)		ICS network security
502/13
(Fri)		Controller area network (CAN)
602/16
(Mon)		No ClassPresident's Day
602/18
(Wed)		CAN security
602/20
(Fri)		Real-time systems

Programming assignment 1 due
702/23
(Mon)		Real-time security
702/25
(Wed)		Real-time security
702/27
(Fri)		CPS security remarks
803/02
(Mon)		Exam 1No Class
Open note, take-home exam
Time limit: 60 minutes
803/04
(Wed)		Student presentation: Project update
803/06
(Fri)		Student presentation: Project update
903/09
(Mon)		Student presentation: Project update
903/11
(Wed)		Student presentation: Project update
903/13
(Fri)		Student presentation: Project updateProgramming assignment 2 due
1003/16
(Mon)		No ClassSpring vacation
Reading assignment 2 released
1003/18
(Wed)		No ClassSpring vacation
1003/20
(Fri)		No ClassSpring vacation
1103/23
(Mon)		Student presentation:
IoT security
1103/25
(Wed)		Student presentation:
IoT security
1103/27
(Fri)		Student presentation:
IoT security		Project update due
1203/30
(Mon)		Student presentation:
Time-critical systems security
1204/01
(Wed)		Student presentation:
Time-critical systems security		Reading assginment 2 due
1204/03
(Fri)		Student presentation:
Time-critical systems security		Programming assignment 3 due
1304/06
(Mon)		Student presentation:
Autonomous system security
1304/08
(Wed)		Student presentation:
Autonomous system security		Reading assignment 3 released
1304/10
(Fri)		Student presentation:
Autonomous system security
1404/13
(Mon)		Student presentation:
Autonomous systems security
1404/15
(Wed)		No class (buffer day for final project presentation)Reading assignment 3 due
1404/17
(Fri)		Project presentationReading assignment 4 released
Programming assignment 4 due
1504/20
(Mon)		Project presentation
1504/22
(Wed)		Project presentation
1504/24
(Fri)		Project presentation
Reading assignment 4 due
1604/27
(Mon)		Buffer day: No class last week
1604/29
(Wed)		Buffer day: No class last week
1605/01
(Fri)		Buffer day: No class last weekLast day of instruction
1705/04
(Mon)		Project report due by 3:30 PMProject due
The date/time is chosen based on the final exam master schedule
*** ### Class Presentations Students will present academic papers and engage in class discussions on topics related to IoT, CPS, and critical infrastructure security. Presentations will be delivered individually, with **30 minutes** allocated for the presentation and **20 minutes** for Q\&A. The audience (i.e., students who are not presenting) is expected to ask questions and actively participate in the discussion. A significant portion of the class participation grade will be based on the quality and depth of audience engagement with the presenter. Tentative topic and timeline are listed below. * Week 11: IoT security * Week 12: Time-critical systems security * Week 13: Autonomous system security * Week 14: Automotive systems security *** ### Reading Assignments There will be **four** reading assignments: Week 2, Week 10, Week 13, Week 14. Grading for reading assignments will be based on ***submission*** or ***non-submission***: total points for attempted assignments with reasonable answers will be awarded, while unattempted tasks will receive no points. *** ### Term Project Students will engage in a semester-long project related to critical infrastructure security. For undergraduates, it is preferred that a **group of two students** form a team, with a **maximum of three** students acceptable. Graduate students can either work on the projects **individually** or **form a team** with other students. The students will engage in several in-class presentations (project proposal, update, and final output) and submit an end-of-semester report.\ \ The term project could be one of the following types: 1. **Survey:** Students will survey the related research fields. The survey should include a summary of at least 8 papers from top journals/conferences. 2. **Exploration:** Students will explore a new research problem related to CPS/IoT security. Some problems of interest are as follows (NOTE: this is NOT the list you are required to choose from): * Integrating security monitoring/cryptographic primitives in CPS * Using trusted computing time-critical CPS * Lightweight and privacy-preserving machine learning models for autonomous systems * Review of TEE-related (TrustZone/SGX) security vulnerabilities for the CPS applications * Investigating covert/side-channels in real-time/CPS/SCADA applications **Project Deliverables:** * **Project proposal:** The student will present their term project ideas in **Week 3** and get feedback from the instructor. The project proposal with a timeline (max two pages) must be submitted and approved by the instructor by the end of **Week 4**. * **Mid-semester update:** During **Week 8** and **Week 9**, student will present their project updates. A progress report (max three pages) of the project is due by **Week 11**. * **Project presentation:** Students present their work in class (maximum 10-15 minutes). Other students must ask questions and engage in discussions. * **Final submission:** The final project submission includes a report, all related code/data, and presentation slides. Use the [IEEE conference format](https://www.ieee.org/conferences/publishing/templates.html) template for your report. Reports can be up to 6 pages, excluding references (and appendices, if any). The final project is due by **Exam Week**. *** ### Exams There will be a take-home exam on **Week 8**. Details will be announced on Canvas/Class. *** ### Programming Assignments We will have **four** programming assignments in this course. The assignments must be completed individually. Grading for programming assignments will be based on ***submission*** or ***non-submission***: total points for attempted assignments with reasonable answers on **all** questions will be awarded, while unattempted tasks will receive no points. * Assignment 1: Analyzing an Embedded Firmware Image * Assignment 2: Attacking a Cyber-Physical Plant * Assignment 3: Hacking an Automotive System (Controller Area Network) * Assignment 4: UAV Autopilot Controller Security **Notes:** * You will need access to a Linux machine (or VM) to complete the labs. * For Windows systems, [WSL](https://learn.microsoft.com/en-us/windows/wsl/install) is **not recommended**. You must install a standalone VM image. * Due to the incompatibility of newer M-series (ARM) Mac computers, it is recommended to use X86-based Windows/Linux machines (or older Intel-based Macs) to create the VM images. * For those with M-series Macs (or if you can't use your laptop), we will provide compatible systems (located in EME labs). However, no remote access is available -- you must be physically present in the lab to use those machines. ### Programming Assignment Submission We will use [GitHub Classroom](https://classroom.github.com) to deliver programming assignments. To learn more about the GitHub workflow, see [GitHub Quickstart](https://docs.github.com/en/get-started/quickstart). **Are You Using GitHub for the first time on your machine?**\ If you are using GitHub for the first time on your development machine, you need to authenticate your account — one way to do this is by using [GitHub CLI](https://github.com/cli/cli). Install GitHub CLI using the instructions given [here](https://github.com/cli/cli#installation). Then run the following command and follow the prompts to authenticate your system: `gh auth login`. #### Submission Workflow 1. For each lab, you will find a GitHub Classroom link on Canvas. Once you click the link and log into your GitHub account, find your name in the student list and click it to accept the assignment. Please double-check your name and email address before accepting the assignment. *If you accidentally choose another student's name, please contact the instructor.* 2. A repo named `wsu-cpts439-term/paX-name` will be automatically created for you and hosted on GitHub with the starter code. 3. You can then "clone" your repository onto your development machine. You will complete assignments on your development computer and then "push" your work to the GitHub-hosted remote repository for us to grade. 4. **Final submission:** * Copy the URL of your GitHub repository on the corresponding assignment section on Canvas. For any questions on setting up GitHub, please reach out to the instructor. *** #### Got stuck? Questions about anything? Feel free to contact the instructor on Teams (preferred) or via email: !