COM6017 Security of Control and Embedded Systems
Summary |
This module will explore security issues in systems where computation is carried out to sense, analyse, and control physical system elements. These
systems typically react in real time to external events. Examples include washing machines, autonomous vehicles and traffic management
systems, power distribution systems, automated manufacturing systems, robotic applications, and web-enabled toys. Many now, or will, operate as
part of the "Internet of Things". A breach in the security of the systems of interest could also have catastrophic safety consequences. Complications arise
when intrusions are detected, e.g. closing down a system may simply not be possible. |
Session |
Spring 2023/24 |
Credits |
15 |
Assessment |
- Group Report
- Individual poster
|
Lecturer(s) |
Dr Benjamin Dowling & Dr Aryan Pasikhani |
Resources |
|
Aims |
This unit aims to:
- A1 develop understanding of the fundamental security issues facing modern critical control and embedded architectures and of the
techniques and mechanisms to address them;
- A2 develop knowledge and understanding of the constraints under which embedded and control systems operate and how these affect how
security may be provided, e.g., how resources can be traded against security and what technologies are available for providing security in low
resource environments;
- A3 develop the student's ability to analyse the risks of specific embedded systems and to determine (synthesise) appropriate risk reduction
measures for a variety of embedded and control systems;
- A4 develop the student's team working and collaboration skills;
- A5 develop the ability to research a security topic and communicate findings to a security audience.
|
Learning Outcomes |
By the end of the unit, a candidate will be able to:
- LO1 describe and explain the security properties desired of systems with embedded or control architectures, such as robots, manufacturing control systems, autonomous vehicles, and the Internet of Things, and explain why they are important;
- LO2 identify the threats to embedded and control systems, determine what the vulnerabilities of such systems are, and describe and explain what attacks can be used to compromise security;
- LO3 identify practical resource constraints that apply, evaluate how these influence the security that can be provided, specify/synthesise appropropriate security requirements, architectures and mechanisms used to uphold desired security properties; and provide justification for choices or proposals made;
- LO4 explain how the safety of such systems is critically dependent on security and analyse security and safety with relevant tools;
- LO5 experience and appreciate the practical issues faced when working in a team (e.g., how skills and capabilities of team members can be harnessed effectively, how levels of commitment vary, how task work may be allocated fairly, how constructive criticism may be engineered, how tasks may be planned and organised, and how team working can go wrong) and resolve such issues when they arise, including distant working measures in an online setting.
- LO7 Critically reflect on their collaborative experience.
- LO6 independently research a topic and communicate their findings about it to the general public either in a physical environment or online.
|
Content |
Cyber-physical systems:
- SCADA and SMART systems.
- Robots, autonomous vehicles, advanced manufacturing systems, and the Internet of Things
- Threat models for such systems and attacks on them
- Trust and reputation in these systems
- Security of operating systems and middleware (e.g. for robot devices and for IoT middleware)
- Secure communications & protocols and relevant standards
- Hardware assurance and trusted computing
- Effects of limited resources. low power design
- Exemplars:
- Smart card security
- RFIDs and their security
- Trojans and IC security
- Security of robot devices
- Manufacturing control systems
- Drone security
Intrusion handling and difficult issues:
- Intrusion detection in control and embedded systems and intrusion responses in various contexts
- Safety and security considered together:
- Analysis approaches
|
Teaching Method |
- 10 hours of online materials. (LO1, LO2, LO3 and LO4);
- 10 hours (5 x 2 hours) practical sessions: Students work individually and also
in teams (LO1, LO2, LO3, LO4 and LO5);
- 10 hours of seminars/discussions by external speakers (LO1, LO2, LO3, and LO4);
- 70 hours of independent study of supporting referenced material: Wherever possible,
referenced materials will be freely-available on the web. Students are expected to read around the subject. Independent study is an
important component of the module (LO1, LO2, LO3, LO4 and LO6) [Note that the major assessment is a group project for 30 hours and the minor assessment is an individual element for 20 hours.
LO6 is addressed via the creation of an assessed poster and the independent
research needed to create it].
|
Feedback |
Assignments marked using published criteria, submission
commented and returned by Blackboard within 3 weeks. Students will meet with their supervisors regularly (and, where relevant, external clients) to discuss progress and problems encountered,
and to review issues that arise during the project.
Formative feedback will be provided by:
a) online quizzes or multiple choice quizzes, for all lectures and related content,
b) surgery hours by teaching staff,
c) verbal feedback in practical sessions. |
|