The course covers introductory topics in cyber-physical systems security. The goal is to expose students to fundamental security primitives specific to cyber-physical sysytems and to apply them to a broad range of current and future security challenges. Much of the course is taught with the focus on one instance of cyber-physical sytems - Industrial Control Systems (ICSs). However, students will be expected to generalize the concepts for other cyber-physical systems.
Students will work with various tools and techniques used by hackers to compromise computer systems or otherwise interfere with normal operations. Students will also use tools that are uniques to interacting with cyber-physical systems. The purpose of the class is NOT to teach you how to be a hacker, but rather to teach you the approaches used by hackers so you can better defend against them. Students will be graded based upon exams and completion of assignments.
Policy on Commenting Software:
Fully commenting code, even code that you were given as a starting point is mandatory. This is one of the instructor's pet peeves. You must fully comment all code you turn in and must include comments to explain all of the code you turn in. (Even those parts of the code you did not write but were given as a starting point). You must include in the comments an explanation of what the purpose of the code is, the date the code was originally written, and the date the code was last modified must be in the comments. The last date modified must be correct and in the comments.
Policy on Handouts:
The handouts can be downloaded from the Canvas which requires authentication. Handouts with proprietary or copyrighted material will be put on the protected page and should not be made publicly available by students.
Prerequisites: computer networking class, information security class, and programming experience with C and Python. In case that you want to prepare early on the projects, we will use the following languages/tools in each project:
1.
mini project #1: Factory IO (a software for design and implementation of controllers for industrial control systems) and block diagram programming
2.
mini project #2: Ladder logic programming using OpenPLC (an educational platform for PLC programming)
3.
mini project #3: mininet, python, Wireshark
4.
mini project #4: Assembly x86, C, GDB debugger
There are two required textbooks. We cover lots of really good material and no one textbook has it all. These are excellent references and will serve you well in future jobs or research projects. We will also occasionally review conference and journal publications. You can either buy these books or get access to them through Georgia Tech library's website. As students, you have access to all the journal articles and book services subscribed to by the university. You just have to log in similar you would in Canvas.
Text One: Required
|
|
|
Industrial Network Security, Second Edition: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems (2nd Edition), by Eric D. Knapp and Joel Thomas Langill, ISBN: 978-0124201149
|
Text Two: Required
|
|
|
Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure (1st Edition), by Eric D. Knapp and Raj Samani, ISBN: 978-1597499989
|
Grading |
Paper Presentation |
10% |
Mini Project #1 |
20% |
Mini Project #2 |
20% |
Mini Project #3 |
10% |
Mini Project #4 |
10% |
Midterm Exam |
15% |
Final Exam |
15% |
Total |
100% |
|
|
Grading Scale |
90% - 100% |
A |
80% - 89% |
B |
70% - 79% |
C |
60% - 69% |
D |
< 60% |
F |
|
Responsibility for Material:
Students are responsible for all material in assigned sections of texts and other materials, even if not explicitly covered in lecture. Students are also responsible for all material covered in lecture. Students are also expected to check Piazza and Canvas at least twice a week to receive class updates (course syllabus may slightly change during the semester). Please note that it is the student's responsibility for turning in the correct assignment by the due date. Submitting the wrong files will lead to ZERO grade in the assignment without any further consideration.
Paper Presentation:
In order to get on the cutting-edge research, you must keep up with recently published papers. To achieve this goal, each student will prepare a paper presentation video and post its YouTube link on piazza. Other students can watch the videos and ask questions about the presentations. You can either choose your paper from the provided spreadsheet in Piazza or find your favorite paper from top conferences. Looking at the related work section of the recommended papers is a good way to find other papers. Everyone should sign up (we already sent you an email containing the access link to the spreadsheet) for presentation as we will have (around) 10 presentations in each week. In order to get the full credit of this section, each student should ask at least three questions from the other presentations as well as preparing his/her own presentation. You will need to submit your presentation along with your slides and the chosen paper at the end of the semester. It is the students' responsibility to determine if their presentation has been chosen by another student. Choosing repetitive topics will lead to zero points in this assignment.
Exams, Makeup Exams, and Incompletes:
All exams are closed book. However, during exam 1, students can bring a single-sided (one side must be blank), 8.5 x 11, handwritten note sheet. During the final exam, students can bring two single-sided (one side of each paper must be blank, or one double-sided sheet), 8.5 x 11, handwritten note sheets. Failutre to follow these instructions will lead to zero points in the exams. As a rule, makeup exams will be offered at the discretion of the professor and only for scheduled absences that are requested in writing at least one week in advance. Medical emergencies are the only exception to this rule and in case of such an emergency, the student must contact the professor as soon as possible to discuss the makeup. Incomplete grades will be given only in extraordinary circumstances.
Late Turn-in and Re-grading:
Assignments can be turned in two days after the due date and will be subject to a 20% penalty. The grade for the assignment will be zero after this window.
Exams and projects will not be considered for re-grading later than 48 hours after they are returned (or grades released). Re-grading requests should be submitted in writing with a specific explanation of the possible grading error.
Academic Honesty:
Although students are encouraged strongly to communicate with each other to assist in learning the course material, all students are expected to complete course work individually (unless instructed otherwise), following all instructions stated in conjunction with exams and assignments. All conduct in this course will be governed by the Georgia Tech honor code. Additionally, it is expected that students will respect their peers and the instructor such that no one takes unfair advantage of any other person associated with the course. Any suspected cases of academic dishonesty will be reported to the Dean of Students for further action. Please see the school's full policy in here.
Excused Absence Policy
Link
Disability Services Statement
If needed, we will make classroom accommodations for students with documented disabilities. These accommodations must be arranged in advance and in accordance with the Office of Disability Services Link
Link to class Piazza site
A tentative schedule of lectures (subject to change) is provided below.
Class Deliverables
- Mini Project 1 (Topic: Design and Simulation of Industrial and Control systems) - Assigned: May 19th, Due: June 2nd 11:59 pm EST
- Mini Project 2 (Topic: PLC Programming - Ladder Logic) - Assigned: June 2nd, Due: June 16th 11:59pm EST
- Midterm Exam - Friday, June 21st, 6pm Eastern Standard Time - Monday, June 24th, noon Eastern Standard Time
- Mini Project 3 (Topic: Industrial Control Systems Protocols) - Assigned: June 23rd, Due: July 7th 11:59pm EST
- Mini Project 4 (Topic: Vulnerability Exploitation and Reconnaissance Tools) - Assigned: July 7th, Due: July 21st 11:59pm EST
- Final Exam - Friday, July 26th, 6pm Eastern Standard Time - Monday, July 29th, noon Eastern Standard Time
Topic(s)/Lecture(s) to watch:
- L1 - Introduction to Cyber-Physical Systems
- L2 - Overview of CPS
Required Readings/Activities:
Recommended Readings/Activities:
- Olkan Gunes, Steffen Peter, Tony Givargis, and Frank Vahid. A Survey on Concepts, Applications, and Challenges in Cyber-Physical Systems. KSII Transactions on Internet and Information Systems, vol. 8, num. 12, pp. 4242-4268, 2014.
- Alvaro Cardenas, Saurabh Amin, Bruno Sinopoli, Annarita Giani, Adrian Perrig, Shankar Sastry. Challenges for Securing Cyber Physical Systems. Workshop on Future Directions in Cyber-physical Systems Security, DHS, July 23, 2009.
Topic(s)/Lecture(s) to watch:
- L3a - Background - Networking
- L3b - Background - Information Security
- L3c - Background - Control Systems
Required Readings/Activities:
Recommended Readings/Activities:
Topic(s)/Lecture(s) to watch:
- L4 - Industrial Networks
- L5 - Industrial Cyber Security History and Threats
Required Readings/Activities:
- Knapp and Langill (Chapters 1, 2, 3)
Recommended Readings/Activities:
Topic(s)/Lecture(s) to watch:
- L6 - Introduction to Industrial Control Systems And Operations
- L7 - Ladder Logic Demo
Required Readings/Activities:
- Knapp and Langill (Chapters 4)
Recommended Readings/Activities:
- Various ladder logic tutorials on the web
Topic(s)/Lecture(s) to watch:
- L8 - Industrial Network Design and Architecture
Required Readings/Activities:
- Knapp and Langill (Chapters 5)
Recommended Readings/Activities:
Topic(s)/Lecture(s) to watch:
- L9 - Industrial Network Protocols
Required Readings/Activities:
- Knapp and Langill (Chapters 6)
Recommended Readings/Activities:
Midterm Exam You will have 50 minutes to take the test
Topic(s)/Lecture(s) to watch:
- L10 - Power Delivery Systems (Example Industrial Control System)
Required Readings/Activities:
- Knapp and Samani (Chapters 1, 2)
Recommended Readings/Activities:
Topic(s)/Lecture(s) to watch:
- L11 - Hacking Industrial Control Systems
Required Readings/Activities:
Recommended Readings/Activities:
Topic(s)/Lecture(s) to watch:
- L12 - Securing Industrial Control Systems
Required Readings/Activities:
- Knapp and Langill (Chapter 9), Knapp and Samani (Chapter 6)
- Chuck McParland, Sean Peisert, and Anna Scaglione. Monitoring Security of Networked Control Systems: It's the Physics. In the IEEE Security and Privacy Magazine.
- David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, and Raheem Beyah. Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems. In the Proceedings of the Network and Distributed System Security (NDSS) Symposium, February 2016.
- Samuel Litchfield, David Formby, Jonathan Rogers, Sakis Meliopoulos, and Raheem Beyah. Rethinking the Honeypot for
Cyber-Physical Systems. In the IEEE Internet Computing Magazine - Special Issue on Cyber-Physical Security and Privacy.
Recommended Readings/Activities:
Topic(s)/Lecture(s) to watch:
- L13 - Privacy in Cyber-Physical Systems
Required Readings/Activities:
Recommended Readings/Activities:
- Ann Cavoukian, Jules Polonetsky, and Christopher Wolf. Smart Privacy for the Smart Grid: Embedding
Privacy Into the Design of Electricity Conservation. Identity in the Information Society, Vol 3., 275-294, 2010.
- Jairo Giraldo, Alvaro Cardenas, Eduardo Mojica-Nava, Nicanor Quijano, Roy Dong. Delay
and Sampling Independence of a Consensus Algorithm and its Application to Smart Grid Privacy. Proceedings of the 53th Conference on Decision and Control, 2014.
- Xiaojing Liao, Preethi Srinivasan, David Formby, and Raheem A. Beyah. Di-PriDA: Differentially Private Distributed Load
Balancing Control for the Smart Grid. White Paper, 2015.
Topic(s)/Lecture(s) to watch:
- L14 - Threats to Cyber-Physical Systems in Other Domains
Required Readings/Activities:
- Chen Yan, Wenyuan Xu, David Formby, and Jianhao Liu. Can You Trust Autonomous Vehicles: Contactless Attacks
against Sensors of Self-Driving Vehicles. White Paper, 2016.
- Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel. Pacemakers and Implantable Cardiac Defibrillators:
Software Radio Attacks and Zero-Power Defenses. IEEE Security and Privacy (Oakland), 2008.
Recommended Readings/Activities:
FINAL EXAM You will have 50 minutes to take the test