This module will explore security issues in systems where computation is carried out to sense, analyse, and control physical system elements. These systems typically react in real time to external events. Examples include washing machines, autonomous vehicles and traffic management systems, power distribution systems, automated manufacturing systems, robotic applications, and web-enabled toys. Many now, or will, operate as part of the 'Internet of Things'. A breach in the security of the systems of interest could also have catastrophic safety consequences. Complications arise when intrusions are detected, e.g., closing down a system may simply not be possible.

This module has the explicit objective of developing group teamwork skills. Participation in teamwork is mandatory and failure to participate will result in deduction of marks and eventually loss of credits. Passing this module is essential for being awarded a degree accredited by the British Computer Society (BCS). If this module is failed, the teamwork requirement means that the resit attempt must be in the next academic year.

• Group Report
• Individual Viva

• Blackboard
• Unconfirmed practical marks when available

This unit aims to:

• A1 develop understanding of the fundamental security issues facing modern critical control and embedded architectures and of the techniques and mechanisms to address them;
• A2 develop knowledge and understanding of the constraints under which embedded and control systems operate and how these affect how security may be provided, e.g., how resources can be traded against security and what technologies are available for providing security in low resource environments;
• A3 develop the student's ability to analyse the risks of specific embedded systems and to determine (synthesise) appropriate risk reduction measures for a variety of embedded and control systems;
• A4 develop the student's team working and collaboration skills;
• A5 develop the ability to research a security topic and communicate findings to a security audience.

By the end of the unit, a candidate will be able to:

• LO1 Identify and explain the security properties desired of and threats to control and embedded systems and explain how these threats undermine their security.
• LO2 Analyse and explain the architecture, resources constraints and security mechanisms used in control and embedded systems.
• LO3 Research a topic in the security of control and embedded systems, and individually communicate their findings to a specialised audience.
• LO4 Analyse a specified control and embedded system, explaining the safety, security and ethical implications of the system and its security requirements with relevant tools.
• LO5 Collaboratively synthesise a report analysing the security of a control and embedded system, experiencing the practical issues faced by working in a team, resolving issues as they arise and critically reflecting on the process.  

Cyber-physical systems:

• SCADA and SMART systems.
• Robots, autonomous vehicles, advanced manufacturing systems, and the Internet of Things
• Threat models for such systems and attacks on them
• Trust and reputation in these systems
• Security of operating systems and middleware (e.g. for robot devices and for IoT middleware)
• Secure communications & protocols and relevant standards
• Hardware assurance and trusted computing
• Effects of limited resources. low power design
• Exemplars:
  • Smart card security
  • RFIDs and their security
  • Trojans and IC security
  • Security of robot devices
  • Manufacturing control systems
  • Drone security

Intrusion handling and difficult issues:

• Intrusion detection in control and embedded systems and intrusion responses in various contexts
• Safety and security considered together:
• Analysis approaches
  

• 10 hours of online materials. (LO1, LO2, LO3 and LO4);
• 10 hours (5 x 2 hours) practical sessions: Students work individually and also in teams (LO1, LO2, LO3, LO4 and LO5);
• 10 hours of seminars/discussions by external speakers (LO1, LO2, LO3, and LO4);
• 70 hours of independent study of supporting referenced material: Wherever possible, referenced materials will be freely-available on the web. Students are expected to read around the subject. Independent study is an important component of the module (LO1, LO2, LO3, LO4 and LO6) [Note that the major assessment is a group project for 30 hours and the minor assessment is an individual element for 20 hours. LO6 is addressed via the creation of an assessed poster and the independent research needed to create it].

Assignments marked using published criteria, submission commented and returned by Blackboard within 3 weeks. Students will meet with their supervisors regularly (and, where relevant, external clients) to discuss progress and problems encountered, and to review issues that arise during the project.
Formative feedback will be provided by:
a) online quizzes or multiple choice quizzes, for all lectures and related content,
b) surgery hours by teaching staff,
c) verbal feedback in practical sessions.