The University of Sheffield
Department of Computer Science

COM6017 Security of Control and Embedded Systems

Summary This module will explore security issues in systems where computation is carried out to sense, analyse, and control physical system elements. These systems typically react in real time to external events. Examples include washing machines, autonomous vehicles and traffic management systems, power distribution systems, automated manufacturing systems, robotic applications, and web-enabled toys. Many now, or will, operate as part of the "Internet of Things". A breach in the security of the systems of interest could also have catastrophic safety consequences. Complications arise when intrusions are detected, e.g. closing down a system may simply not be possible.
Session Spring 2024/25
Credits 15
Assessment
  • Group Report
  • Individual poster
Lecturer(s) Prof. John Clark & Dr Aryan Pasikhani
Resources
Aims

This unit aims to:

  • A1 develop understanding of the fundamental security issues facing modern critical control and embedded architectures and of the techniques and mechanisms to address them;
  • A2 develop knowledge and understanding of the constraints under which embedded and control systems operate and how these affect how security may be provided, e.g., how resources can be traded against security and what technologies are available for providing security in low resource environments;
  • A3 develop the student's ability to analyse the risks of specific embedded systems and to determine (synthesise) appropriate risk reduction measures for a variety of embedded and control systems;
  • A4 develop the student's team working and collaboration skills;
  • A5 develop the ability to research a security topic and communicate findings to a security audience.
Learning Outcomes 

By the end of the unit, a candidate will be able to:

  • LO1 Identify and explain the security properties desired of and threats to control and embedded systems and explain how these threats undermine their security.
  • LO2 Analyse and explain the architecture, resources constraints and security mechanisms used in control and embedded systems.
  • LO3 Independently research a topic in the security of control and embedded systems, communicating their findings to a specialised audience.
  • LO4 Analyse a specified control and embedded system, explaining the safety, security and ethical implications of the system and its security requirements with relevant tools.
  • LO5 Collaboratively synthesise a report analysing the security of a control and embedded system, experiencing the practical issues faced by working in a team, resolving issues as they arise and critically reflecting on the process.  
Content

Cyber-physical​ ​systems:

  • SCADA​ ​and​ ​SMART​ ​systems.
  • Robots,​ ​autonomous​ ​vehicles,​ ​​advanced​ ​manufacturing​ ​systems, and ​the Internet​ ​of​ ​Things
    • Threat​ ​models​ ​for​ ​such​ ​systems​ ​and​ ​attacks​ ​on​ ​them
    • Trust​ ​and​ ​reputation​ ​in​ ​these​ ​systems
    • Security​ ​of​ ​operating​ ​systems​ ​and​ ​middleware​ ​(e.g.​ ​for​ ​robot​ ​devices​ ​and​ ​for​ ​IoT middleware)
    • Secure​ ​communications​ ​& ​protocols and​ ​relevant​ ​standards
    • Hardware​ ​assurance​ ​and​ ​trusted​ ​computing
    • Effects​ ​of​ ​limited​ ​resources.​ low​ ​power​ ​design
    • Exemplars:
      • Smart​ ​card​ ​security
      • RFIDs and their security
      • Trojans and IC security
      • Security​ ​of​ ​robot​ ​devices
      • Manufacturing​ ​control​ ​systems
      • Drone​ ​security

Intrusion​ ​handling​ ​and​ ​difficult​ ​issues:

  • Intrusion​ ​detection​ ​in​ ​control​ ​and​ ​embedded​ ​systems and intrusion​ ​responses​ ​in​ ​various​ ​contexts
  • Safety​ ​and​ ​security​ ​considered​ ​together:
  • Analysis​ ​approaches
Restrictions  Optional modules within the department have limited capacity. We will always try to accommodate all students but cannot guarantee a place. 
Teaching Method
  • 10 hours of online materials. (LO1, LO2, LO3 and LO4);
  • 10 hours (5 x 2 hours) practical sessions: Students work individually and also in teams (LO1, LO2, LO3, LO4 and LO5);
  • 10 hours of seminars/discussions by external speakers (LO1, LO2, LO3, and LO4);
  • 70 hours of independent study of supporting referenced material: Wherever possible, referenced materials will be freely-available on the web. Students are expected to read around the subject. Independent study is an important component of the module (LO1, LO2, LO3, LO4 and LO6) [Note that the major assessment is a group project for 30 hours and the minor assessment is an individual element for 20 hours. LO6 is addressed via the creation of an assessed poster and the independent research needed to create it].
Feedback

Assignments marked using published criteria, submission commented and returned by Blackboard within 3 weeks. Students will meet with their supervisors regularly (and, where relevant, external clients) to discuss progress and problems encountered, and to review issues that arise during the project.
Formative feedback will be provided by:
a) online quizzes or multiple choice quizzes, for all lectures and related content,
b) surgery hours by teaching staff,
c) verbal feedback in practical sessions.