Systems and Control Methods for Cyber-Physical Security

Course objectives

General Objectives. The course introduces to the modeling and analysis of cyber-physical systems subject to attacks, mainly using concepts and methods from control theory and risk management (concepts and methods will be recalled for completeness). It is shown how it is possible to design sophisticated attacks capable of disrupting a cyber-physical control system, bypassing the detection and protection mechanisms of the system, and producing degradation of service or even physical damage to the system. Relevant types of cyber-physical attacks (false data injection, denial of service, replay attack, zero dynamics attack, covert attack, etc.) are studied, by mathematically modeling them and analyzing their working principle, also by making use of computer simulations. Theoretical results to determine whether a given cyber-physical system may be subject to undetectable attacks will be presented. Basic methodologies for detecting attacks, and for mitigating them, are introduced. During the course, examples from different application fields are studied and discussed, particularly in the context of control systems and critical infrastructures (with special focus on smart grids). Computer simulations are performed (using software such as Matlab, Python, Julia, Gurobi) to practically illustrate the concepts studied during the course. Specific Objectives. Knowledge and understanding: At the end of the course, the student will know the main methodologies for modeling and analyzing cyber-physical systems and the main types of cyber-physical attacks. The student will know and understand important theoretical results for analyzing the vulnerability of control systems to cyber-physical attacks, as well as methods for detection and mitigation of attacks. Apply knowledge and understanding: The student will be able to model a cyber-physical system and analyze its security properties. He/she will be able to model and analyze different attack scenarios, evaluating impacts and possible mitigation strategies. He/She will be able to use the computer to perform relevant quantitative analyses through simulation. Critical and judgment skills: The student will be able to critically and quantitatively evaluate the security properties of cyber-physical control systems against different possible attack scenarios. He/she will be able to suggest strategies for improving the security of the system and for mitigating possible attacks. The student will be able to critically read and assimilate relevant technical documentation. Communication Skills: The student will be able to communicate clearly and effectively in relation to the main issues pertaining to the security of cyber-physical systems (modeling, analysis of attack scenarios, design of prevention and protection strategies, etc.). Learning ability: Through the direct study of scientific articles, and with an emphasis on the study of rational and systematic methods for dealing with cyber-security problems, the course will strengthen the students' ability to continue the study autonomously, in the industry or in the research.

Channel 1
FRANCESCO LIBERATI Lecturers' profile

Program - Frequency - Exams

Course program
- Introduction to cyber-physical systems; - Notions of quantitative risk management for cyber-physical systems; - Recap of the basic notions from automatic control and system theory; - Modelling of cyber-physical systems, accordingo to two of the most popular approaches. Modelling of the attack space. Detectability and identifiability conditions; - Modelling and analysis of main cyber-physical attacks (false data injection attacks (FDIAs), DoS attack, replay attacks, covert attacks, zero dynamics attacks, etc.); - Detection and mitigation techniques (residual-based detection, watermarking, etc.); - Encripted control; - Applications from the context of smart grids (introduction to the smart grid, FDIAs against the state estimation, load redistribution attacks, topology attacks, switching attacks, multi-level attacks, optimal defence problem); Examples of applications and simulations performed on the computer during lessons, using software such as Matlab, Python, and Julia. Applications on electrical, mechanical, hydraulic systems, etc.
Prerequisites
Fundamentals of mathematical analysis (derivatives, integrals, differential equations), geometry (linear systems, matrices, determinant, rank), physics (elementary physical systems: circuits, mechanical systems, etc.). Typical courses where these preparatory topics are covered are: Geometry, Mathematical Analysis, Physics. However, these propaedeutic concepts will be recalled where useful during the course.
Books
For each topic covered, precise study references (scientific articles and book chapters) will be provided. All details will be available on the course website during the course (see, for example, the 2025 course website - https://sites.google.com/diag.uniroma1.it/liberati/home/teaching/2025-systems-and-control-methods-for-cyber-physical-security). All materials will be freely accessible. Additionally, the instructor will provide lecture notes and a book edited by him. Lessons will be recorded, and the recordings will be made available through the website.
Frequency
Attendance is strongly recommended, but not mandatory. Lessons will be recorded, for the benefit of the students who cannot attend due to overlaps.
Exam mode
Written exam (exercises and open-ended questions) plus an optional oral exam. Typically, the written exam lasts 2 or 3 hours and includes one or more exercises and one or more open-ended questions. No consultation of materials (notes, books, etc.) is allowed. After the written exam is graded, the student may choose to take the oral exam. As an alternative to the written exam, the student may carry out (also in small groups) and discuss a project involving the study of one or more scientific articles related to a topic covered in class, and the computer implementation of the simulations contained in the article. Before the project discussion, the student must submit a written report and the simulation code. For students who choose the project instead of the written exam, the oral exam is mandatory and takes place during the project discussion. The project discussion date is agreed upon between the instructor and the students, generally close to the written exam date. In all cases, students must register on Infostud.
Bibliography
A basic book is: Taha, Walid M., Abd-Elhamid M. Taha, and Johan Thunberg. Cyber-Physical Systems: A Model-Based Approach. Springer Nature, 2021. Available online at this link: https://link.springer.com/book/10.1007/978-3-030-36071-9. A more advanced text is: Ferrari, Riccardo MG, and André MH Teixeira, eds. Safety, Security and Privacy for Cyber-Physical Systems. Springer, 2021. https://link.springer.com/book/10.1007/978-3-030-65048-3 The study of these two books is not mandatory for the course, which will primarily rely on scientific articles, book chapters, and the book written by the instructor, which covers all the topics addressed.
Lesson mode
In presence lectures covering both theory and exercises. In some lessons we will use the computer to carry out simple experiments. Attendance is strongly recommended. Lessons will be recorded, for the benefit of the students who cannot attend due to overlaps.
FRANCESCO LIBERATI Lecturers' profile

Program - Frequency - Exams

Course program
- Introduction to cyber-physical systems; - Notions of quantitative risk management for cyber-physical systems; - Recap of the basic notions from automatic control and system theory; - Modelling of cyber-physical systems, accordingo to two of the most popular approaches. Modelling of the attack space. Detectability and identifiability conditions; - Modelling and analysis of main cyber-physical attacks (false data injection attacks (FDIAs), DoS attack, replay attacks, covert attacks, zero dynamics attacks, etc.); - Detection and mitigation techniques (residual-based detection, watermarking, etc.); - Encripted control; - Applications from the context of smart grids (introduction to the smart grid, FDIAs against the state estimation, load redistribution attacks, topology attacks, switching attacks, multi-level attacks, optimal defence problem); Examples of applications and simulations performed on the computer during lessons, using software such as Matlab, Python, and Julia. Applications on electrical, mechanical, hydraulic systems, etc.
Prerequisites
Fundamentals of mathematical analysis (derivatives, integrals, differential equations), geometry (linear systems, matrices, determinant, rank), physics (elementary physical systems: circuits, mechanical systems, etc.). Typical courses where these preparatory topics are covered are: Geometry, Mathematical Analysis, Physics. However, these propaedeutic concepts will be recalled where useful during the course.
Books
For each topic covered, precise study references (scientific articles and book chapters) will be provided. All details will be available on the course website during the course (see, for example, the 2025 course website - https://sites.google.com/diag.uniroma1.it/liberati/home/teaching/2025-systems-and-control-methods-for-cyber-physical-security). All materials will be freely accessible. Additionally, the instructor will provide lecture notes and a book edited by him. Lessons will be recorded, and the recordings will be made available through the website.
Frequency
Attendance is strongly recommended, but not mandatory. Lessons will be recorded, for the benefit of the students who cannot attend due to overlaps.
Exam mode
Written exam (exercises and open-ended questions) plus an optional oral exam. Typically, the written exam lasts 2 or 3 hours and includes one or more exercises and one or more open-ended questions. No consultation of materials (notes, books, etc.) is allowed. After the written exam is graded, the student may choose to take the oral exam. As an alternative to the written exam, the student may carry out (also in small groups) and discuss a project involving the study of one or more scientific articles related to a topic covered in class, and the computer implementation of the simulations contained in the article. Before the project discussion, the student must submit a written report and the simulation code. For students who choose the project instead of the written exam, the oral exam is mandatory and takes place during the project discussion. The project discussion date is agreed upon between the instructor and the students, generally close to the written exam date. In all cases, students must register on Infostud.
Bibliography
A basic book is: Taha, Walid M., Abd-Elhamid M. Taha, and Johan Thunberg. Cyber-Physical Systems: A Model-Based Approach. Springer Nature, 2021. Available online at this link: https://link.springer.com/book/10.1007/978-3-030-36071-9. A more advanced text is: Ferrari, Riccardo MG, and André MH Teixeira, eds. Safety, Security and Privacy for Cyber-Physical Systems. Springer, 2021. https://link.springer.com/book/10.1007/978-3-030-65048-3 The study of these two books is not mandatory for the course, which will primarily rely on scientific articles, book chapters, and the book written by the instructor, which covers all the topics addressed.
Lesson mode
In presence lectures covering both theory and exercises. In some lessons we will use the computer to carry out simple experiments. Attendance is strongly recommended. Lessons will be recorded, for the benefit of the students who cannot attend due to overlaps.
  • Lesson code1054963
  • Academic year2025/2026
  • CourseControl Engineering
  • CurriculumSingle curriculum
  • Year1st year
  • Semester2nd semester
  • SSDING-INF/04
  • CFU6