Systems and Control Methods for Cyberphysical Security
Embedded Files
NEWS
There will be no lesson on Thursday 02 and Friday 03 April 2026 (Easter Holidays).
Extraordinary exam session date: 02/04/2026, hour 08:30-11:30, Classroom A2, DIAG Department, Via Ariosto 25. Note: this is an extraordinary exam session, open only to students meeting proper conditions.
Google Class: A Google class is used for communications and for sharing study materials. Please subscribe at the following link only using your Sapienza student email. Please unsubscribe from the group if you do not plan to take the exam.
2026 EXAM DATES:
See next exam dates at the official link.
06/02/2026, hour 09:00-12:00, Aula T1, Via Regina Elena.
02/04/2026, hour 08:30-11:30, Classroom A2, DIAG Department, Via Ariosto 25. Note: this is an extraordinary exam session, open only to students meeting proper conditions.
12/06/2026. Time and place to be specified.
03/07/2026. Time and place to be specified.
16/09/2026. Time and place to be specified.
Goal of the course.
At the end of the course the student will be able to understand how well-crafted cyberattacks can lead to the physical disruption of a target system, while remaining undetected to the operator of the system for a sufficiently long time. The student will learn how to model the attack and its physical effect on the system, and in which cases the attack can remain undetected. Several important attack types and defence strategies will be examined, also with the help of simulations. The knowledge gained proves useful in practice also for vulnerability assessment and for improving the design of the systems, to make them more resilient to attacks.
Logistic and course description
Logistic and course description
Schedule of the lessons (link to official schedule, link academic calendar):
Thursday, 17:00-19:00, Classroom T1, Building E, Viale Regina Elena 295. See on Google Maps.
Friday, 12:00-15:00, Classroom T1, Building E, Viale Regina Elena 295.
Each lesson will be recorded and the recording made available in the section Lecture Summary below. This is to facilitate students who cannot always attend in presence due to overlaps. Lecture notes written by myself will be made available at the start of the course.
Office hours: Thursday at 10:00-12:00 in room A213, DIAG department, or online (Google Meet link). Please send me an email in advance. We can agree on a different day/hour.
Contact: liberati@diag.uniroma1.it. Write me for any question.
Google Class: A Google class is used for communications and for sharing study materials. Please subscribe at the following link only using your Sapienza student email. Please unsubscribe from the group if you do not plan to take the exam.
Description: The goal of the course it to provide an in-depth introduction to cyber-physical systems modelling, analysis, and protection against cyber-physical attacks. The course starts with an overview of practical examples of cyber-physical systems, and the study of known recent cyber-physical attacks, to familiarize with the important concepts. The key concepts and standards in risk management are presented, as risk management is the correct framework to systematically organize and manage all the activities related with cyber-physical security of a system. The practical concepts introduced are then abstracted and formalized by relying methodologies from system theory. This allows to model a cyber-physical system, the attack, and the perturbation that the attack causes in the system. Conditions are then developed to check whether it is possible or not to attack a system in an undetectable way. The most common and important types of attacks are modelled and analysed (bias injection attacks, replay attacks, false data injection attacks, switching attacks, zero dynamics attacks, covert attacks, etc.). Finally, methods are presented to build attack detectors, and to optimally protect a system againts attacks. During the entire course, most of the concepts introduced will be demonstrated through simulations (of attacks and detectors/defence schemes) in Matlab and Julia. In this latest edition of the course we will also cover new topics such as encrypted control and control allocation.
Prerequisites: Fundamentals of mathematical analysis (derivatives, integrals, differential equations), geometry (linear systems, matrices, determinant, rank), physics (elementary physical systems: circuits, mechanical systems, etc.). These propaedeutic concepts will be recalled where useful during the course, so to make the course accessible for everyone.
Study materials: For each lesson of the course, the specific study references (book sections, papers, etc.) will be indicated in the lesson summary (see section "Lecture summaries"). Link to the lecture slides, the blackboard notes and the zoom recordings of the lessons will be available. You can also take advantage of the slides, notes and zoom recordings of the previous version of the course, see website at this link. Lecture notes written by myself will be made available at the start of the course.
For further reading, the student can refer, for instance, to these two books:
Taha, Walid M., Abd-Elhamid M. Taha, and Johan Thunberg. Cyber-Physical Systems: A Model-Based Approach. Springer Nature, 2021. Available for free online at this link: https://link.springer.com/book/10.1007/978-3-030-36071-9. This is a basic/intermediate level book.
Ferrari, Riccardo MG, and André MH Teixeira, eds. Safety, Security and Privacy for Cyber-Physical Systems. Springer, 2021. https://link.springer.com/book/10.1007/978-3-030-65048-3. This is an advanced textbook.
Program
Program
(Subject to minor variations before the course starts)
- Introduction to cyber-physical systems. What is a cyber-physical system. Examples from the critical infrastructures domain. Overview of known past and recent cyber-physical attaks to power systems and other critical infrastructures. Goal of the attackers and goal of the defender. Introduction to the protection of cyber-physical systems. Introduction to risk management and to a quantitative risk-based approach for securing cyber-physcal systems. Overview of main risk management standards and regulations;
- Modelling of cyber-physical systems: Modelling of an attack (the attack space, model knowledge, disclosure resources, disruption resources). First general detectability and identifiability conditions. Introduction to the design of attack detectors. The consistency property of detectors;
- Modelling and analysis of the main cyber-physical attack types, from static to more complex dynamical ones: false data injection attacks (FDIAs) against state estimation, denial of service attacks, replay attacks, switching attacks, covert attacks, zero dynamics attacks, etc.;
- Detection and mitigation techniques: Detectability of cyber-physical attacks in presence of side initial state information. Detectors and observers. Watermarking. Secure control allocation. Encrypted control. Resilient control.
- Experiments: during the course, many of the theoretical concepts will be implemented through simulations in Matlab and Julia, presenting design and simulations of attacks and detection/defence strategies.
Exams and Grading
Exams and Grading
ALL STUDENTS MUST BOOK THE EXAM ON INFOSTUD.
EXAM DATES
See next exam dates at the official link.
06/02/2026, hour 09:00-12:00, Aula T1, Via Regina Elena.
12/06/2026. Time and place to be specified.
03/07/2026. Time and place to be specified.
16/09/2026. Time and place to be specified.
EXAM MODALITIES
The student has two alternative options (you have to book the exam in Infostud in any case):
Written exam plus optional oral exam. The date of the written exam is the one listed below and specified in infostud. After the correction of the written exam, the student can decide to have the oral exam to try to improve the grade. The date of the oral exam will be fixed later, few days after the written exam. The written test lasts 2 to 3 hours, and includes one or two exercises, and one or two open-ended questions. No materials (notes, books, etc.) may be consulted. Students may ask for an additional oral exam after the written exam. Past exams are available at the bottom of the website. The exam dates for the written exam are listed below.
Project assignement plus mandatory oral exam. Towards the end of the course, the interested students (groups of 1 or 2 students max per project) can ask for a project, which will be typically on the study of one or two papers in the cyber-physical security field, and in the replication of their simulations. The students might also propose to me a topic of their interest for the project - I will evaluate if it is suitable for the development of a project. The project must be discussed in a period that goes from the written exam date to max 10 days after (because I have to close the exams in infostud). The students must send me the completed project at least 2 days before the day of discussion of the project. We will agree on a discussion date via email, once you have finished the project.
Lecture Summaries
Lecture Summaries
This section will be populated during the course. After each lesson, the specific study references (book sections, papers, etc.) will be indicated in the lesson summary. Link to the lecture slides, the blackboard notes and the zoom recordings of the lessons will be available. You can also take advantage of the slides, notes and zoom recordings of the previous versions of the course (listed at this link). To have an idea of the detailed, you can have a look at the past year website - link (as explained above, this year we will not have the initial lessons with the recap of system theory concept. These concept will be introduced only when needed during the explanation of the attack and defence schemes. This will make the course much more accessible for students from cybersecurity.
Lesson 1 - 26/02/2026 Introduction to the Course
We discussed the logistics of the course and then we started discussing an overview of the technical content of the course, to be completed in the next lesson.
Zoom recordings of the lesson. Sorry I forgot to share the screen so you have only the audio. Listen to it with the blackboard notes open for reference.
Lesson 2 - 27/02/2026 Introduction to Cyber-physical Systems (CPSs)
Introduction to the main topics discussed in the course. Overview of one of the most important CPS, the power system.
Slides. See also the suggested study materials listed in one of the last slides.
Lesson 3 - 05/03/2026 Introduction to Cyber-physical Systems (CPSs) - continued
We continues the overview of the power system.
Slides. See also the suggested study materials listed in one of the last slides.
NEW! Link to first chapter of the lecture notes: Chapter 1 - Introduction.pdf
Lesson 4 - 06/03/2026 Risk management - Starting of modelling of CPS
We gave a quick overview of the risk management process steps. The course can be seen as providing methods for performing quantitiative risk management. Then, we started the technical content of the course, by starting the discussion of the modelling of cyberphysical systems. We start from the modelling of the plant under control, and we discussed a simple example from mechanical physics, to show how to derive in general the state space model of a system.
Slides on risk management. See also the suggested study materials listed in one of the last slides. Note: slides changed a lot compared to last year.
Lesson 5 - 12/03/2026 Example on state space and additional notes
We did another example of how to derive the state space model of a system, then we discussed some notes on the notion of state, simulation models derived from the implicit state space model, discretization to derive an equivalent discrete time model, and change of coordinates.
No slides for this lesson.
NEW! Chapter 3 - Modelling of Cyberphysical Systems and Attacks.pdf Chapter of the lecture notes covering the topics of Lessons 5, 6 and 7. We discussed up to section 3.2.6. See also the study references listed at the end of the chapter.
Lesson 6 - 13/03/2026 Overall model of a networked cyberphysical system
We discussed the overal model of a block scheme comprising all the main elements of a networked cyberphysical system: the plant, the controller, the detector, the communication networks and the attacker. We then discussed a high level model of the main attacks, starting from eavesdropping and bias injection attacks.
No slides for this lesson.
NEW! Chapter 3 - Modelling of Cyberphysical Systems and Attacks.pdf Chapter of the lecture notes covering the topics of Lessons 5, 6 and 7. We discussed up to section 3.2.6. See also the study references listed at the end of the chapter.
Lesson 7 - 19/03/2026 Basic Modelling of CPS Attacks + Started the discussion of the solution of the state space model
We modelled the denial of service attack and the replay attack using the CPS modelling approach discussed in the previous lessons. Then we did a simple example to start the discussion of the solution of the state space model in continuous time. We discussed again the difference between static systems and dynamical systems.
No slides for this lesson.
Zoom recordings of the lesson. The last part of the lesson was lost due to Internet problem.
NEW! Chapter 3 - Modelling of Cyberphysical Systems and Attacks.pdf Chapter of the lecture notes covering the topics of Lessons 5, 6 and 7. We discussed up to section 3.2.6. See also the study references listed at the end of the chapter.
Lesson 8 - 20/03/2026 Solution of the Linear State Space Model
We discuss the solution of the linear state space model. We tackled the problem in steps of increasing difficulty. We will complete the discussion in the next lesson.
No slides for this lesson.
NEW! Appendix A - Introduction to Feedback Control and the State.pdf. Appendix of the lecture notes covering topics of Lesson 7 to Lesson 10.
Lesson 9 - 26/03/2026 Solution of the Linear State Space Model
We continued the discussion of the solution of the linear state space model. We introduced the notion of natural modes of a system.
No slides for this lesson.
NEW! Appendix A - Introduction to Feedback Control and the State.pdf. Appendix of the lecture notes covering topics of Lesson 7 to Lesson 10.
Lesson 10 - 27/03/2026 Final notes on the solution of the Linear State Space Model - Stability conditions - Linearized models, etc.
We continued the discussion of the solution of the linear state space model. We introduced the notion of stability of the equilibrium points of a system and we discussed the stability conditions for the linear systems, for both the continuous time and the discrete time cases. We discussed the use of linear approximations of nonlinear models.
No slides for this lesson.
NEW! Appendix A - Introduction to Feedback Control and the State.pdf. Appendix of the lecture notes covering topics of Lesson 7 to Lesson 10.
Lesson 11 - 09/04/2026 Fundamental limitations of detection
We started the discussion of monitors (algorithms for detection and identification) and we introduced the consistency properties, in view of the definition of undetectable attacks.
Lesson 12 - 10/04/2026 Undetectable and unidentifiable attacks
In this lesson, we discussed the consistency properties of the monitors and we defined undetected and unidentifiable attacks, giving two theorems to describe them.
Lesson 13 - 16/04/2026 False Data Injection Attacks (FDIA) on State Estimation (SE) in Power Systems
We have started the discussion of FDIA on SE in power systems, one of the first attack schemes to be proposed in the literature, around 2009. We have discussed the linearized power flow equations, and the problem of weighted state estimation.
New! Chapter 4 - FDAI on SE in Power Systems-protected.pdf Chapter of the lecture notes on the FDIA on SE in power systems. See the references for study at the end of the chapter.
New! Slides.
Lesson 14 - 17/04/2026 Attack Formulation
We solved the weighted least square (WLS) state estimation problem and discussed about the bad data detector. We then discussed the attack formulation, including the analysis of the undetectability condition and the impact on the estimated state. We started discussing about related vulnerability indicators and the minimum sparsity attack problem.
New! Chapter 4 - FDAI on SE in Power Systems-protected.pdf Chapter of the lecture notes on the FDIA on SE in power systems. See the references for study at the end of the chapter.
New! Slides.
Lesson 15 - 23/04/2026 Security indices, attack formulation in a protected scenario, optimal protection problem
We discussed how to compute possible security indices to evaluate the resiliancy of an infrastructure wrt the attack. We then formulated the attack in a protected scenario, and discussed a way to optimize the allocation of protection measures.
New! Chapter 4 - FDAI on SE in Power Systems-protected.pdf Chapter of the lecture notes on the FDIA on SE in power systems. See the references for study at the end of the chapter.
New! Slides.
Lesson 16 - 24/04/2026 Exercise and Simulations on FDIA on SE
We did a simple exercise on FDIA. Then we did Matlab simulations on FDIA on SE in a real power grid. Then we discussed how to solve in practice the problem to compute the alpha_i indicator, by building and solving a mixed-integer linear programming problem.
New! Chapter 4 - FDAI on SE in Power Systems-protected.pdf Chapter of the lecture notes on the FDIA on SE in power systems. See the references for study at the end of the chapter.
2026 - MATLAB - simulation of simple FDIA against SE Folder with MATLAB code to run simple experiments on FDIA attack. You can install Matlab with Sapienza academic licence for free from here Sapienza Università di Roma - Accesso a MATLAB per tutti - MATLAB & Simulink.
New! Slides.
Some Readings
Some Readings
Report abuse