• Group Report
• Individual poster

• Blackboard
• Unconfirmed practical marks when available

This unit aims to:

• A1 develop understanding of the fundamental security issues facing modern critical control and embedded architectures and of the techniques and mechanisms to address them;
• A2 develop knowledge and understanding of the constraints under which embedded and control systems operate and how these affect how security may be provided, e.g., how resources can be traded against security and what technologies are available for providing security in low resource environments;
• A3 develop the student's ability to analyse the risks of specific embedded systems and to determine (synthesise) appropriate risk reduction measures for a variety of embedded and control systems;
• A4 develop the student's team working and collaboration skills;
• A5 develop the ability to research a security topic and communicate findings to a security audience.

By the end of the unit, a candidate will be able to:

• LO1 Identify and explain the security properties desired of and threats to control and embedded systems and explain how these threats undermine their security.
• LO2 Analyse and explain the architecture, resources constraints and security mechanisms used in control and embedded systems.
• LO3 Independently research a topic in the security of control and embedded systems, communicating their findings to a specialised audience.
• LO4 Analyse a specified control and embedded system, explaining the safety, security and ethical implications of the system and its security requirements with relevant tools.
• LO5 Collaboratively synthesise a report analysing the security of a control and embedded system, experiencing the practical issues faced by working in a team, resolving issues as they arise and critically reflecting on the process.  

Cyber-physical systems:

• SCADA and SMART systems.
• Robots, autonomous vehicles, advanced manufacturing systems, and the Internet of Things
• Threat models for such systems and attacks on them
• Trust and reputation in these systems
• Security of operating systems and middleware (e.g. for robot devices and for IoT middleware)
• Secure communications & protocols and relevant standards
• Hardware assurance and trusted computing
• Effects of limited resources. low power design
• Exemplars:
  • Smart card security
  • RFIDs and their security
  • Trojans and IC security
  • Security of robot devices
  • Manufacturing control systems
  • Drone security

Intrusion handling and difficult issues:

• Intrusion detection in control and embedded systems and intrusion responses in various contexts
• Safety and security considered together:
• Analysis approaches
  

• 10 hours of online materials. (LO1, LO2, LO3 and LO4);
• 10 hours (5 x 2 hours) practical sessions: Students work individually and also in teams (LO1, LO2, LO3, LO4 and LO5);
• 10 hours of seminars/discussions by external speakers (LO1, LO2, LO3, and LO4);
• 70 hours of independent study of supporting referenced material: Wherever possible, referenced materials will be freely-available on the web. Students are expected to read around the subject. Independent study is an important component of the module (LO1, LO2, LO3, LO4 and LO6) [Note that the major assessment is a group project for 30 hours and the minor assessment is an individual element for 20 hours. LO6 is addressed via the creation of an assessed poster and the independent research needed to create it].

Assignments marked using published criteria, submission commented and returned by Blackboard within 3 weeks. Students will meet with their supervisors regularly (and, where relevant, external clients) to discuss progress and problems encountered, and to review issues that arise during the project.
Formative feedback will be provided by:
a) online quizzes or multiple choice quizzes, for all lectures and related content,
b) surgery hours by teaching staff,
c) verbal feedback in practical sessions.