Systems and Control Methods for Cyberphysical Security

Logistic

Lectures: Tuesday 10:00-13:00 Aula Alfa (Dipartimento di Informatica, via Salaria 113 - link maps), and Thursday 16:00-18:00, Aula T1 Edificio E (Viale Regina Elena, 295 - link maps).

Office hours: Thursdady, at 10:00-12:00 in room A213, DIAG department, or online (Google Meet link). Please send me an email in advance.

Contact: liberati@diag.uniroma1.it. Write me for any question.

Google Class: Please join the Google class of the course . It will be used mainly for communications. Please send me an email to be subscribed.

Description: The goal of the course it to provide an in-depth introduction to cyber-physical systems modelling, analysis, and protection against cyber-physical attacks. The course starts with an overview of practical examples of cyber-physical systems, and the study of known recent cyber-physical attacks, to familiarize with the important concepts. The key concepts and standards in risk management are presented, as risk management is the correct tool to systematically organize and manage all the activities related with cyber-physical security of a system. The practical concepts introduced are then abstracted and formalized by relying on mathematical tools from system theory. This allows to model a cyber-physical system, the attack, and the perturbation that the attack causes in the system. Then, conditions are developed to check whether it is possible or not to attack a system in an undetectable way. The most common and important types of attacks are then modelled and analysed. Finally, methods are presented to build attack detectors, and to optimally protect a system againts attacks. During the entire course, most of the concepts introduced will be  demonstrated through simulations (of attacks and detectors/defence schemes) in Matlab and Julia.

Prerequisites: Fundamentals of mathematical analysis (derivatives, integrals, differential equations), geometry (linear systems, matrices, determinant, rank), physics (elementary physical systems: circuits, mechanical systems, etc.). These propaedeutic concepts will be recalled where useful during the course, so to make the course accessible for everyone.

Study materials: For every topic of the course, specific book sections and papers to study will be provided. The lecture slides and the blackboard notes are available in the shared folder at this link. Slides and recordings are password-protected. The study materials related to each lesson is specified in one of the last slides in the lecture slides. The zoom recordings of the lessons is available below in the website section Lecture Summaries and Study Materials.

You can also take advantage of the slides, notes and zoom recordings of the previous version of the course, see website at this link.

Program

(Subject to minor variations during the course)

- Introduction to cyber-physical systems. What is a cyber-physical system. Examples from the critical infrastructures domain. Overview of known past and recent cyber-physical attaks to power systems and other critical infrastructures. Goal of the attackers and goal of the defender. Introduction to the protection of cyber-physical systems. Introduction to risk management and to a quantitative risk-based approach for securing cyber-physcal systems. Overview of main risk management standards and regulations;

- Modelling of cyber-physical systems, Part I: Recap of basic notions from automatic control and system theory (state space model, descriptor models, transfer functions, stability, controllability and observability);

- Modelling of cyber-physical systems, Part II: Modelling of an attack (the attack space, model knowledge, disclosure resources, disruption resources). First general detectability and identifiability conditions. Introduction to the design of attack detectors. False positives, false negatives, and the role of the consistency property of detectors;

- Modelling and analysis of the main cyber-physical attack types, from static to more complex dynamic ones: false data injection attacks (FDIAs) against state estimation, denial of service attacks, replay attacks, switching attacks, covert attacks, zero dynamics attacks, etc.;

- More on detection and mitigation techniques: Detectability of cyber-physical attacks in presence of side initial state information. Detectors and observers. Watermarking. Secure control allocation. Resilient control.

- Applications from the smart grids domain: during the course, many of the theoretical concepts will be implemented through simulations in Matlab and Julia, presenting design and simulations of attacks and detection/decence strategies.

Exams and Grading

The student can decide between these two alternatives:

1 - Written exam (exercises and open-ended questions) plus optional oral exam. Typically, the written test lasts 2 to 3 hours, and includes one or two exercises, and one or two open-ended questions. No materials (notes, books, etc.) may be consulted. Students may ask for an additional oral exam after the written exam;

2 - Discussion and a practical project, plus mandatory oral exam. The project is about studying one or more scientific articles on a topic agreed with the teacher, and replicating the simulations contained in the article(s). Once completed, the project will be presented to the teacher, in a day agreed. Before the discussion, the student(s) must send the written reports, and the code implementing the simulations. Students can do the project alone, or in group of max 2 people.

Exam dates (further details on hour and place will follow). The student must book the exam on infostud.


For students doing the project, we must discuss the project within max 10 days after the above written exam dates.

Lecture Summaries and Study Materials


Lecture 1 (27 February) - Introduction

Introduction to the course. Course logistic. Discussion of the program. Exam modalities. Introduction to cyber-physical systems. Overview of the power system as an example of a complex cyber-physical system. For the students who could not attend the lesson, please complete the following initial survey.


Lecture 2 (29 February) - Risk management Framework

Overview of a risk management framework for information security. The process of security risk management and its main steps, with focus on risk assessment. Quantitative approach to risk assessment. Incident scenarios. In the following lessons, some techniques will be presented that can be useful in performing quantitative risk assessment.


Lecture 3 (5 March) - Recap of Basics of System Theory - 1

Structure of the feedback control loop. The notion of static and dynamical system. The state space representation in continuous time.  Implicit and explicit models. Examples of modelling of dynamical systems (electrical circuit and mechanical system).


Lecture 4 (7 March) - Recap of Basics of System Theory - 2

The solution of the state space representation. Free and forced responce. Diagonalization of the A matrix: the role of the eigenvectors and the eigenvalues of A. The spectral form. The natural modes in the free response in the state. 

Lecture 5 (12 March) - Recap of Basics of System Theory -3

Examples covering the previous lesson. Stability. Nonlinear systems. 


Lecture 6 (14 March) - Recap of Basics of System Theory - 4

Linearization of a nonlinear system. Stabilization via static state feedback. Controllability/reachability of a system. Example in Matlab: simulation of a pendulum


Lecture 7 (19 March) - Recap of Basics of System Theory - 5

Observability and state reconstruction. Luenberger observers. Analysis in the Laplace domain. The transfer function for linear systems.


Lecture 8 (21 March) - Recap of Basics of System Theory - 6

The transfer function is a partial model of the system, concerning only the forced input-output behaviour of the system. The Kalman decomposition. The steady state response. Conditions for its existance. The steady state response for two inputs: the steady state step response and the steady state armonic response. The role of W(s) in their calculation.


Lecture 9 (26 March) - Recap of Basics of System Theory - 7

The steady state response. Examples. The transfer function of interconnected systems. The superimposition principle. Modelling of the pendulum in Matlab/Simulink. Started presentation on the classification of systems. You can download Matlab for free as Sapienza students. See: https://web.uniroma1.it/infosapienza/portale-matlab-sapienza


Lecture 10 (4 April) - Modelling of Cyberphysical Systems - First Approach by Teixeira et al.

Study of the approach proposed by André Teixeira et al. for modelling cyberphysical systems and their interaction with the attacker. The approach was first proposed in the paper: André Teixeira et al. “A secure control framework for resource limited adversaries”. In: Automatica 51 (2015), pp. 135–148.

Lecture 11 (9 April) - Modelling of Cyberphysical Attacks

We apply the above modelling approach proposed by André Teixeira et al. to model some well-known attacks (replay, false data injection, DoS, etc.).

Lecture 12 (11 April) - Modelling of Cyberphysical Systems - Second Approach by Pasqualetti et al. + Monitors and their Fundamental Limitations

Study of a second modelling approach for cyber-physical systems, proposed by Pasqualetti et al. 

Definition of monitors, and study of their fundamental limitations.

Lecture 13 (16 April) - False Data Injection Attacks (FDIAs) against State Estimation in Power Systems. State estimation and Bad Data Detector

Finished the last part of the lesson with the presentation of a centralized detector, and some notes on the third consistency property. 

Started the discussion of the FDIAs against state estimation in power systems.

Lecture 14 (18 April) - FDIA against SE. Attack formulation.

FDIAs against state estimation in power systems. Solution of the state estimation problem, design of the bad data detector and formulation of the attack.

Lecture 15 (23 April) - FDIA against SE. Security indicators, minimum sparsity attacks, simulations

Security indices for FDIAs. Minimum sparsity attacks. The protection problem. Simulations. Started the FDIA-based attacks (topology attacks).

Lecture 16 (25 April) - No lesson Liberation anniversary 

No lesson

Lecture 17 (30 April) - Load Altering Attacks. 

Load altering attacks. System modelling, attack formulation, effect of the attack, aotimal protection schemes.

Lecture 18 (2 May) - Switching Attacks. Complex-Coordinated Attacks (Multilevel Attacks).

The first part of the lesson was on switching attacks, from design to simulation. Presentation 10 was finished. In the second part of the lesson, we finished discussing about FDIA-based attacks, introducing the idea and the general formulation of complex-multilevel attacks.


Lecture 19 (7 May) - Covert Attacks.

Covert attacks to control systems, allowing an attacker to modify the output of a controlled system, possibly remaining undetected. Study material. Read the following paper up to section "Covert control structure for nonlinear plants", excluded. 

R. S. Smith, "Covert Misappropriation of Networked Control Systems: Presenting a Feedback Structure," in IEEE Control Systems Magazine, vol. 35, no. 1, pp. 82-92, Feb. 2015, https://dx.doi.org/10.1109/MCS.2014.2364723. 

Lecture 20 (9 May) - Zero Dynamics Attacks.

Started the discussion of the ZDA, up to the attack formulation.

Lecture 21 (14 May) - Zero Dynamics Attacks

Finished discussing the ZDAa, from formulation in unmatched conditions to discussion of detection techniques. Finished the presentation.

Lecture 22 (16 May) - Attack Detection with Side Initial State Information.

Attack detection with side initial state information. From formulation to undetectability theorem. 

Lecture 23 (21 May) - Attack Detection with Side Initial State Information + Attack Detection via Watermarking

Finished the topic of attack detection with side initial state information. Started and finished the topic on replay attack detection using watermarking. Note: the recording of the second part of the lesson on watermarking was lost.

Lecture 24 (23 May) - Encrypted Control

Introduction to encrypted control. Homomofphic encription allows to perform calculations on the encrypted data. This can be used to derive "encrypted" version of some controllers. The derivation of the encrypted version of the linear state feedback controller is derived.

Lecture 25 (28 May) - Conclusions

We revised briefly each topic covered during the course. There are no notes for this lesson.



The detailed references for study are in one of the last slide inside of each presentation. When studying the suggested papers, you can skip the parts not covered at lesson. Ask me for any doubt,

Past Exams