Systems and Control Methods for Cyberphysical Security
Embedded Files
NEWS
Extraordinary exam session date: 02/04/2026, hour 08:30-11:30, Classroom A2, DIAG Department, Via Ariosto 25. Note: this is an extraordinary exam session, open only to students meeting proper conditions.
The first lesson of the 2026 edition of the course will be on next Thursday the 26th, 17:00-19:00, Classroom T1, Building E, Viale Regina Elena 295. See on Google Maps.
Lessons will be in presence only. They will be recorded (audio/video).
Google Class: A Google class is used for communications and for sharing study materials. Please subscribe at the following link only using your Sapienza student email. Please unsubscribe from the group if you do not plan to take the exam.
2026 EXAM DATES:
See next exam dates at the official link.
06/02/2026, hour 09:00-12:00, Aula T1, Via Regina Elena.
02/04/2026, hour 08:30-11:30, Classroom A2, DIAG Department, Via Ariosto 25. Note: this is an extraordinary exam session, open only to students meeting proper conditions.
12/06/2026. Time and place to be specified.
03/07/2026. Time and place to be specified.
16/09/2026. Time and place to be specified.
Goal of the course.
At the end of the course the student will be able to understand how well-crafted cyberattacks can lead to the physical disruption of a target system, while remaining undetected to the operator of the system for a sufficiently long time. The student will learn how to model the attack and its physical effect on the system, and in which cases the attack can remain undetected. Several important attack types and defence strategies will be examined, also with the help of simulations. The knowledge gained proves useful in practice also for vulnerability assessment and for improving the design of the systems, to make them more resilient to attacks.
Logistic and course description
Logistic and course description
Schedule of the lessons (link to official schedule):
Thursday, 17:00-19:00, Classroom T1, Building E, Viale Regina Elena 295. See on Google Maps.
Friday, 12:00-15:00, Classroom T1, Building E, Viale Regina Elena 295.
Each lesson will be recorded and the recording made available in the section Lecture Summary below. This is to facilitate students who cannot always attend in presence due to overlaps. Lecture notes written by myself will be made available at the start of the course.
Office hours: Thursday at 10:00-12:00 in room A213, DIAG department, or online (Google Meet link). Please send me an email in advance. We can agree on a different day/hour.
Contact: liberati@diag.uniroma1.it. Write me for any question.
Google Class: A Google class is used for communications and for sharing study materials. Please subscribe at the following link only using your Sapienza student email. Please unsubscribe from the group if you do not plan to take the exam.
Description: The goal of the course it to provide an in-depth introduction to cyber-physical systems modelling, analysis, and protection against cyber-physical attacks. The course starts with an overview of practical examples of cyber-physical systems, and the study of known recent cyber-physical attacks, to familiarize with the important concepts. The key concepts and standards in risk management are presented, as risk management is the correct framework to systematically organize and manage all the activities related with cyber-physical security of a system. The practical concepts introduced are then abstracted and formalized by relying methodologies from system theory. This allows to model a cyber-physical system, the attack, and the perturbation that the attack causes in the system. Conditions are then developed to check whether it is possible or not to attack a system in an undetectable way. The most common and important types of attacks are modelled and analysed (bias injection attacks, replay attacks, false data injection attacks, switching attacks, zero dynamics attacks, covert attacks, etc.). Finally, methods are presented to build attack detectors, and to optimally protect a system againts attacks. During the entire course, most of the concepts introduced will be demonstrated through simulations (of attacks and detectors/defence schemes) in Matlab and Julia. In this latest edition of the course we will also cover new topics such as encrypted control and control allocation.
Prerequisites: Fundamentals of mathematical analysis (derivatives, integrals, differential equations), geometry (linear systems, matrices, determinant, rank), physics (elementary physical systems: circuits, mechanical systems, etc.). These propaedeutic concepts will be recalled where useful during the course, so to make the course accessible for everyone.
Study materials: For each lesson of the course, the specific study references (book sections, papers, etc.) will be indicated in the lesson summary (see section "Lecture summaries"). Link to the lecture slides, the blackboard notes and the zoom recordings of the lessons will be available. You can also take advantage of the slides, notes and zoom recordings of the previous version of the course, see website at this link. Lecture notes written by myself will be made available at the start of the course.
For further reading, the student can refer, for instance, to these two books:
Taha, Walid M., Abd-Elhamid M. Taha, and Johan Thunberg. Cyber-Physical Systems: A Model-Based Approach. Springer Nature, 2021. Available for free online at this link: https://link.springer.com/book/10.1007/978-3-030-36071-9. This is a basic/intermediate level book.
Ferrari, Riccardo MG, and André MH Teixeira, eds. Safety, Security and Privacy for Cyber-Physical Systems. Springer, 2021. https://link.springer.com/book/10.1007/978-3-030-65048-3. This is an advanced textbook.
Program
Program
(Subject to minor variations before the course starts)
- Introduction to cyber-physical systems. What is a cyber-physical system. Examples from the critical infrastructures domain. Overview of known past and recent cyber-physical attaks to power systems and other critical infrastructures. Goal of the attackers and goal of the defender. Introduction to the protection of cyber-physical systems. Introduction to risk management and to a quantitative risk-based approach for securing cyber-physcal systems. Overview of main risk management standards and regulations;
- Modelling of cyber-physical systems: Modelling of an attack (the attack space, model knowledge, disclosure resources, disruption resources). First general detectability and identifiability conditions. Introduction to the design of attack detectors. The consistency property of detectors;
- Modelling and analysis of the main cyber-physical attack types, from static to more complex dynamical ones: false data injection attacks (FDIAs) against state estimation, denial of service attacks, replay attacks, switching attacks, covert attacks, zero dynamics attacks, etc.;
- Detection and mitigation techniques: Detectability of cyber-physical attacks in presence of side initial state information. Detectors and observers. Watermarking. Secure control allocation. Encrypted control. Resilient control.
- Experiments: during the course, many of the theoretical concepts will be implemented through simulations in Matlab and Julia, presenting design and simulations of attacks and detection/defence strategies.
Exams and Grading
Exams and Grading
ALL STUDENTS MUST BOOK THE EXAM ON INFOSTUD.
EXAM DATES
See next exam dates at the official link.
06/02/2026, hour 09:00-12:00, Aula T1, Via Regina Elena.
12/06/2026. Time and place to be specified.
03/07/2026. Time and place to be specified.
16/09/2026. Time and place to be specified.
EXAM MODALITIES
The student has two alternative options (you have to book the exam in Infostud in any case):
Written exam plus optional oral exam. The date of the written exam is the one listed below and specified in infostud. After the correction of the written exam, the student can decide to have the oral exam to try to improve the grade. The date of the oral exam will be fixed later, few days after the written exam. The written test lasts 2 to 3 hours, and includes one or two exercises, and one or two open-ended questions. No materials (notes, books, etc.) may be consulted. Students may ask for an additional oral exam after the written exam. Past exams are available at the bottom of the website. The exam dates for the written exam are listed below.
Project assignement plus mandatory oral exam. Towards the end of the course, the interested students (groups of 1 or 2 students max per project) can ask for a project, which will be typically on the study of one or two papers in the cyber-physical security field, and in the replication of their simulations. The students might also propose to me a topic of their interest for the project - I will evaluate if it is suitable for the development of a project. The project must be discussed in a period that goes from the written exam date to max 10 days after (because I have to close the exams in infostud). The students must send me the completed project at least 2 days before the day of discussion of the project. We will agree on a discussion date via email, once you have finished the project.
Lecture Summaries
Lecture Summaries
This section will be populated during the course. After each lesson, the specific study references (book sections, papers, etc.) will be indicated in the lesson summary. Link to the lecture slides, the blackboard notes and the zoom recordings of the lessons will be available. You can also take advantage of the slides, notes and zoom recordings of the previous versions of the course (listed at this link). To have an idea of the detailed, you can have a look at the past year website - link (as explained above, this year we will not have the initial lessons with the recap of system theory concept. These concept will be introduced only when needed during the explanation of the attack and defence schemes. This will make the course much more accessible for students from cybersecurity.
Lesson 1 - Introduction to the Course
We discussed the logistics of the course and then we started discussing an overview of the technical content of the course, to be completed in the next lesson.
Zoom recordings of the lesson. Sorry I forgot to share the screen so you have only the audio. Listen to it with the blackboard notes open for reference.
Lesson 2 - Introduction to Cyber-physical Systems (CPSs)
Introduction to the main topics discussed in the course. Overview of one of the most important CPS, the power system.
Slides. See also the suggested study materials listed in one of the last slides.
Lesson 3 - Introduction to Cyber-physical Systems (CPSs) - continued
We continues the overview of the power system.
Slides. See also the suggested study materials listed in one of the last slides.
First chapter of the lecture nodes to be uploaded soon.
Lesson 4 - Risk management - Starting of modelling of CPS
We gave a quick overview of the risk management process steps. The course can be seen as providing methods for performing quantitiative risk management. Then, we started the technical content of the course, by starting the discussion of the modelling of cyberphysical systems. We start from the modelling of the plant under control, and we discussed a simple example from mechanical physics, to show how to derive in general the state space model of a system.
Slides on risk management. See also the suggested study materials listed in one of the last slides. Note: slides changed a lot compared to last year.
First chapter of the lecture nodes to be uploaded soon.
Some Readings
Some Readings
Report abuse