SECURITY OF CYBER-PHYSICAL SYSTEMS

Teaching in italian
SECURITY OF CYBER-PHYSICAL SYSTEMS
Teaching
SECURITY OF CYBER-PHYSICAL SYSTEMS
Subject area
ING-INF/05
Reference degree course
ENGINEERING FOR SAFETY OF CRITICAL INDUSTRIAL AND CIVIL INFRASTRUCTURES
Course type
Master's Degree
Credits
6.0
Teaching hours
Frontal Hours: 54.0
Academic year
2024/2025
Year taught
2025/2026
Course year
2
Language
ENGLISH
Curriculum
INDUSTRIAL ENGINEERING SYSTEMS

Teaching description

Teaching program is provisional and may be subject to changes

Basic knowledge about cyber-physical systems are welcome

Cyber-physical systems (CPS) are complex systems that combine physical and computational components, forming a larger attack surface. Ensuring the security of CPS is crucial to prevent potential disruptions, damage, or harm to people and the environment.

Key principles include interconnectedness, physical and cyber threats, real-time operation, safety and security, layered defense, secure communication, device and system authentication, regular updates and maintenance, human factors, resilience and recovery, and compliance with relevant standards and regulations.

CPS face both physical and cyber threats, such as tampering, sabotage, natural disasters, hacking, malware, or denial-of-service attacks. Real-time operation ensures that security measures do not introduce significant latency or impact system performance. Safety and security are closely linked, with a security breach compromise the system's safety and a safety failure have security implications.

Device and system authentication ensures only authorized components can interact with the CPS. Regular updates and maintenance ensure CPS remain secure and up-to-date with the latest security patches and protocols.

Starting from these basic assumptions, the course will provide a complete overview of the potential hazards and the corresponding countermeasures.

Essentially, the goals of the course are the following:

  1. Physical and Cyber Threats
  2. Cryptography for CPS
  3. Authentication and Authorization in CPS
  4. Access Control Models for CPS (e.g., MAC, DAC, RBAC)
  5. Standards and Regulations compliance
  6. Human Factors
  7. Regular Updates and Maintenance

Knowledge and understanding. Students must have a solid background related to the basics of security and safety management in cyber-physical systems:

  • They must have the basis to think analytically, creativelly and critically and being able to create abstraction and problem solving skills to cope with complex systems
  • They must have a basic knowledge of how to enforce security by adopting a security by design approach and implement solid and decisive countermeasures in the face of potential attacks
  • They must have knowledge about the tools/measures to enhance security of a cyber-physical system in different contexts
  • They must improve the skills to argument security in different scenario, the tools for managing them, together with its benefits and impact.

Applying knowledge and understanding. After the course the student will be able to:

  • Describe and analyse the security level of a cyber-physical system; illustrate the main security breaches from the cyber and physical perspectives and their impacts on the safety and security levels for a company.
  • Identify and distinguish the main attacks targeted to the physical assets of a cyber-physical system in order to react it by implementing appropriate countermeasures.
  • Identify and distinguish the main attacks targeted to the cyber entities of a cyber-physical system in order to react it by implementing appropriate countermeasures.
  • Analyse a real-world scenario, identify potential security breaches, studying and applying proper countermeasures, implementing preventative actions that can avoid or mitigate a possible future security attacks

Making judgements. Students are guided to critically approach the topics treated during the class, to compare and resolve/mitigate different security breaches, to identify and propose the most effective or efficient solution for a given scenario in an autonomous way.

Communication. The course teaches students to communicate effectively with diverse audiences, using domain-specific vocabulary and scientific knowledge to effectively present and argue on security and safety aspects and management in the context of cyber-physical systems, ensuring logical and coherent discussion.

Learning skills. Students should develop the critical ability to identify and mitigate risks and damage from security breaches, analyze scenarios, and develop reaction plans based on their learning. This will prepare them for higher academic careers or lifelong learning. Students should be able to adapt their learning approach based on different sources and objectives, ensuring they can achieve results and reach their intended audience. This will enable them to pursue higher education or pursue lifelong learning in a culturally and professionally relevant manner.

The course focuses on security and safety analysis and management, specifically in cyber-physical systems. It includes frontal lessons and classroom exercises, aiming to enhance students' understanding through the presentation of theories, techniques, and methods. Students are encouraged to participate autonomously, asking questions and presenting examples. The exercises use tools that support the techniques and approaches presented.

The exam is a combination of practical and descriptive aspects, assessing a student's ability to discuss potential security attacks, analyze security measures, propose countermeasures, and evaluate solutions. The descriptive part evaluates the student's knowledge and understanding of selected topics, and their ability to communicate them. Students can also develop specific use cases, as agreed upon by the teacher. Both aspects are crucial for a comprehensive understanding of security management.

Office Hours

By appointment; contact the instructor by email or at the end of class meetings.

  1. Physical and Cyber Threats
  2. Cryptography for CPS
  3. Authentication and Authorization in CPS
  4. Access Control Models for CPS (e.g., MAC, DAC, RBAC)
  5. Standards and Regulations compliance
  6. Human Factors
  7. Regular Updates and Maintenance

The instructor provides teaching materials during the course and publishes them on the official academic e-learning solution (https://elearning.unisalento.it/).

Semester

Exam type
Compulsory

Type of assessment
Oral - Final grade

Course timetable
https://easyroom.unisalento.it/Orario

Download teaching card (Apre una nuova finestra)(Apre una nuova finestra)