General Information
Instructor
Overview
A cyber physical system (CPS) typically includes a cyber subsystem with both hardware and software for sensing, computing, communications/networking, and control, and a physical subsystem used at home, and in the industries for manufacturing, medical, transportation, energy, environment, and others. Examples of CPS include but are not limited to smart appliances, smart grids, robots, and autonomous vehicles. A CPS is considered emerging if it recently started getting deployed in the real-world or is deemed promising for wide-scale deployment in the near future. The security issues surrounding such emerging systems, however, may prevent end-users from utilizing their full potential, or, even worse, may rule out the chances of their deployment in the future. Currently, these emerging systems are built based on technologies ranging from Internet of Things (IoT) and deep-learning systems to edge and 5G/Next-G systems. In this seminar course, we will discuss some of the latest work in the area of securing emerging CPS, including emerging network technologies and security (NFV, SDN, Edge, 5G/Next-G, etc.), IoT security and privacy (smart home, connected and autonomous vehicles, voice assistant platforms - Amazon Alexa and Google Assistant, etc.), and machine learning for security and privacy (adversarial attacks and defenses on deep learning, backdoor attacks and defenses on deep learning, etc.).
The main goal of the special topic course is to help students understand the state of the art in a variety of security topics in emerging CPS. As a secondary goal, students will learn how to read research papers and how to communicate technical material effectively.
The special topic course is suitable for students who have a strong interest in network and system security and intent to pursue a career in the area, e.g., Ph.D. students already working in cybersecurity or MS students interested in pursuing a Ph.D. or doing research in the field (in the form of independent studies and/or MS Thesis). One of the goals of this seminar is to identify, by the end of the semester, a set of open research problems on which students can work during the next semester, e.g., in the form of independent studies.
Tentative Schedule
| Date | Topic | Notes |
|---|---|---|
| Tuesday, 2/1, 2022 | Lecture 1 – Introduction | |
| Thursday, 2/3, 2022 | Lecture 2 – Class Overview | |
| Tuesday, 2/8, 2022 | Lecture 3 – Network Security | |
| Thursday, 2/10, 2022 | Lecture 4 – DNS Security | |
| Tuesday, 2/15, 2022 | Lecture 5 – Perimeter Defense & Firewall | |
| Thursday, 2/17, 2022 | Lecture 6 – Intrusion Detection Systems | Survey paper 1 due: Software-Defined Networking Security |
| Tuesday, 2/22, 2022 | Advanced Topic 1 - SDN/NFV Secuirty 1 | |
| Thursday, 2/24, 2022 | Advanced Topic 1 - SDN/NFV Secuirty 2 | |
| Tuesday, 3/1, 2022 | Advanced Topic 2 - CPS and Secuirty 1 | |
| Thursday, 3/3, 2022 | Advanced Topic 2 - CPS and Secuirty 2 | |
| Tuesday, 3/8, 2022 | Invited Talk 1: DEEPSECURE | Dr. Chunsheng Xin |
| Thursday, 3/10, 2022 | Advanced Topic 3 - IoT Security 1 | Review 1 due |
| Tuesday, 3/15, 2022 | Invited Talk 2: Robustness of Multimodal Learning | Nishant Vishwamitra |
| Thursday, 3/17, 2022 | Advanced Topic 3 - IoT Security 2 | Survey paper 2 due: Autonomous Vehicle Security |
| Tuesday, 3/22, 2022 | Spring Recess | |
| Thursday, 3/24, 20220 | Spring Recess | |
| Tuesday, 3/29, 2022 | Proposal Presentation | Proposal Due |
| Thursday, 3/31, 2022 | Advanced Topic 4 - Mobile Platform Secuirty 1 | |
| Tuesday, 4/5, 2022 | Advanced Topic 4 - Mobile Platform Secuirty 1 | |
| Thursday, 4/7, 2022 | Invited Talk 3: Lidar/Radar Spoofing Attack and Defense | Yi Zhu Review 2 due |
| Tuesday, 4/12, 2022 | Invited Talk 4: DL Security and Privacy | Dr. Hongyi Wu |
| Thursday, 4/14, 2022 |
Paper presnetation 1: “IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery” (NDSS'22) Paper presnetation 2: “Understanding Malicious Cross-library Data Harvesting on Android” (USENIX Security'21) |
Wenbo Ding Shreyas Kavathekar |
| Tuesday, 4/19, 2022 |
Paper presnetation 3: “Programmable In-Network Security for Context-aware BYOD Policies” (USENIX Security'20) Paper presnetation 4: “IMap: Fast and Scalable In-Network Scanning with Programmable Switches” (NSDI'22) |
Qiqing Huang Varun Sudarshan Survey paper 3 due: Smart Home Security |
| Thursday, 4/21, 2022 | Midterm Project Presentation | |
| Tuesday, 4/26, 2022 |
Paper presnetation 5: “Physically Realizable Adversarial Examples for LiDAR Object Detection” (CVPR'20) Paper presnetation 6: “BRAKTOOTH: Causing Havoc on Bluetooth Link Manager |
Ashwin Vinay Phadke Peteris Paikens |
| Thursday, 4/28, 2022 |
Paper presnetation 7: “Hidden Backdoors in Human-Centric language Models” (CCS'21) Paper presnetation 8:“Simple Black-box Adversarial Attacks ” (ICML '19) |
Keyan Guo Yunnan Yu |
| Tuesday, 5/3, 2022 |
Paper presnetation 9: “Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection” (NDSS’18) Paper presnetation 10: “Unexpected Data Dependency Creation and Chaining: A New Attack to SDN” (S&P'20) |
Jacob Springborn Rugved Jaysing Thorve Review 3 due |
| Thursday, 5/5, 2022 |
Paper presnetation 11: “PDF Malware Detection Using Visualization and Machine Learning” Paper presnetation 12: “On training Robust PDF Malware Classifiers” (USENIX Security'20) |
Yeshi Paljor Malav Vyas |
| Tuesday, 5/10, 2022 | Final Project Presentation 1 | Wenbo Ding Keyan Guo Qiqing Huang Shreyas Kavathekar Peteris Paikens Yeshi Paljor |
| Thursday, 5/12, 2022 | Final Project Presentation 2 | Ashwin Vinay Phadke Jacob Springborn Varun Sudarshan Rugved Jaysing Thorve Malav Vyas Yunnan Yu |
| Tuesday, 5/17, 2022 | No Class | Final project report due |
Course Structure and Assignments
We will present materials during the first a couple of classes, followed by several invited talks. Students then present selected papers during the remaining classes. A list of papers from top security and networking conferences (IEEE S&P - Oakland, USENIX Security, ACM CCS, NDSS, SIGCOMM, NSDI, etc.) will be provided for each topic. One of the papers for each topic will be listed as mandatory paper and the remaining ones as related papers. All students are encouraged to read the mandatory papers, submit reviews for a subset of them, and participate in discussions in class.
The course includes the following assignments:
- Paper reading: if you are not familar with reading research papers, I recommend reading "How to Read a Paper" by S. Keshav.
- Paper presentation: each student will present around 2 research papers for one class. You can find a set of recommendations on how to give a good presentation here.
- Paper reviews: each student will write reviews for 3 papers (you will choose which ones). The template of a review can be download here. You can find a set of recommendations on how to write a good reviews here.
- Survey Papers: each student will write 3 survey papers for specific topics.
- Class project: each student will finish a class project where you will reproduce the ideas of a discussed paper into practice and show your project demo at the end of the semester.
Please prepare your survey papers, proposal, final report using the following IEEE article template: https://www.ieee.org/conferences/publishing/templates.html
Class Project
The project in this course has two goals. The first goal is to help you learn more about doing research in general. The second goal is to give you the opportunity to study particular areas of CPS Security in greater detail. Therefore, you are expected to perform a substantial research project; this involves selecting an open problem, reading the related work, designing, implementing, and evaluating a solution, and presenting your results.
For your project, you need to read research paper(s) to identify a real security problem, understand the solution proposed by existing research paper(s), and provide a concrete implementation and extensive evaluation for the proposed solution. There will be three deliverables for this project which will count toward your final project grade: a project proposal (30%), class presentations (30%), and a final report (40%). You are encouraged to schedule periodic project status meetings with the instructors.
- Project Proposal: Your project proposal should be around 2 pages in length. The project proposal should clearly state the goals of your project and the research question you are investigating. Describe why you think the project you are proposing is interesting and important. Your research plan should include (1) related work that shows you have enough background in the area to know that you are not simply reproducing someone else's work, (2) hypotheses about the conclusions you expect to draw from the work, (3) experimental setup which describes what experiments you plan to conduct and how you plan to do your measurements, (4) a description of hardware or software you will need for your work so that we can make sure we have it available, and (5) a detailed schedule for your work including dates, milestones, and tasks that will be done.
- Project Presentations: Each student will give 3 presentations on their project in class. Proposal Presentation should be 5 minutes, with about 2 minutes for questions afterwards. Midterm Project Presentation should be 10 minutes, with about 2 minutes for questions afterwards. Final Project Presentation should be 20 minutes, with about 5 minutes for questions afterwards.
- Final Report: Your final report should be roughly 6 pages in length, including graphs, diagrams, and citations. You should complete the writing early enough that you have time to reread your work and critique it with the same rigor that you applied in reviewing other papers for the course. There should be a complete description of experimental results with all support measurements and data. You should be honest and state shortcomings in your work. You should discuss future work and possible follow-on projects.
Grading Scheme
- 15% Paper Presentation
- 15% Survey Papers
- 10% Paper Reviews
- 5% Participation
- 55% Final Project Proposal, Presentation and Report
Submission
All work are submitted electronically and due at 11:59 PM on the due date. Late policy is as follows:
- 10% grade penalty for one day of lateness
- 50% grade penalty for two days of lateness
- A grade of zero for >2 days of lateness
Academic Integrity
Zero tolerance on cheating!
- Students may discuss and advise one another on their lab projects, but groups are expected to turn in their own work. Discussing concepts is permitted. Referencing another group's code is not. Cheating on an exam or project submission will result in an grade of F in the course for all involved. It is the CSE department's policy not to provide financial support to any student disciplined for plagarism.
- Consult the University Statements on Academic Integrity: https://engineering.buffalo.edu/computer-science-engineering/information-for-faculty-and-staff/academic-integrity.html
Accessibility Resources
If you have a diagnosed disability (physical, learning, or psychological) that will make it difficult for you to carry out the course work as outlined, or that requires accommodations such as recruiting note-takers, readers, or extended time on exams or assignments, please advise the instructor during the first two weeks of the course so that we may review possible arrangements for reasonable accommodations. In addition, if you have not yet done so, contact: The Office of Accessibility Resources
Resources
ACM's Computing Research Repository
IEEE Symposium on Security and Privacy