CS-6263 - Introduction to Cyber Physical Systems Security
| CPSS |
Toggle to Select Spcific Semesters
Reviews
The projects were engaging and kept the class interesting. Although frustrating, you have to use trial and error to get it working correctly. Boolean logic will help with the first project, YouTube videos on how ladder logic works helps on the second. Especially the ‘order of operations’ in ladder logic, eg how it assigns variables can mess up your program. The third project wasn’t too intensive. As soon as you know where to look for the modbus values and filtering the Wireshark, it was straight forward. The last overflow project was definitely tricky and some good GDB debugging will help find the overflow. Really look at the write up FAQ and visualize the read write registers.
Exams were decently challenging. Most came from the lectures however, I recommend reading the text because the lectures are just an abbreviations of what the text covers. So, the text might reiterate a topic multiple times and the lectures hit on it once and of course, a question is on the exam of that glosses over topic from the lectures. Some questions did get into the weeds of the project and lectures so take good notes on your one/two sided paper.
Solid class. Lectures are good. They follow the Intro to Network Security Textbook very closely. I watched all of the lectures week by week and then read the textbook chapters to review for the final. I think it was a good strategy.
The lectures combine the topics of IT/networking/cybersecurity with the topic of industrial automation. I definitely wish I had reviewed more networking material before taking the course. I hadn’t taken a formal networking course and although there was a background lecture on it, I found the networking topics to be the most difficult.
I really enjoyed the mini-projects. I highly recommend starting them early, since the time they take can vary drastically depending on your background knowledge in industrial controls and cybersecurity.
The paper presentation assignment would have been a lot more enjoyable if it were as well organized as the mini-projects. There wasn’t a written instruction document, just a post on Piazza and the announcements section of Canvas. The way to sign up for a time slot and claim a paper to present on was also not great. It was just a big spreadsheet that everyone had edit access to. We were told that our grade on the assignment would be significantly docked if we chose a paper that someone else had already claimed or if we messed up the spreadsheet. I think there could have been some sort of form or signup webpage to do this. The spreadsheet was kind of messy and I could see how someone could accidentally mess it up or choose a paper that was already chosen. I also don’t see much reason why the submission deadlines for this assignment were staggered. I would have preferred if the assignment was due at the same time for everyone.
All in all, it was an interesting course. I hope the course staff figure out a better way of handling the paper presentation assignment, but besides that I was a big fan of the material and the way the class was run.
A good course with some challenging projects, and as with everything in Cybersecurity you need to be familiar with Python. You can pair this with another class, but be warned that the first and second (perhaps even the fourth) projects will take up all your time. Project 1 took me 100 hours, Project 2 took about 60 hours, Project 3 & 4 about 20 hours each. The mid term and final are well outlined in Piazza when they release them, and there is a presentation project that was actually fun to create. The TAs are quick to respond in Piazza, and some will respond in the Slack.
Project 1 is heavy on system resources, and if you run Mac or Linux you’re going to have a bad time as it only runs on Windows. The project tasks are straight forward but the project will easily suck up the two weeks to complete it. The difficulty is learning the program (read the entire manual!), and your own logic will work against you. Keep things simple and organized. For Project 2, I found the PLC Editor was far better on Windows, the Linux one is sluggish and doesn’t do highlighting.
The lectures are OK. Halfway through the course the professor started talking fast and dropped a lot of heavy information to digest, expect to rewind multiple times. The books are useless, don’t get them unless you’ll be working around ICS or enjoy doing embedded projects.
This was my first semester, I took this class with IIS, which ended up being good because there was a lot of overlap.
I wouldn’t say that this class is difficult, but its easy to mess up on one or two things and have a big hit to your grade.
The big grades are: 4 Projects, 2 Exams, 1 Paper Presentation
Projects: The projects are super front-loaded, the first two projects are monoliths that take up a huge amount of time. The second two are much easier and much more straightforward. My biggest problem with the projects is that there are tiny obscure requirements littered throughout the writeups, in turn, there are also hints, occasionally misleading, also littered throughout the writeup. These tiny obscure requirements can lead to huge grade hits, even if they do not affect the functionality of the project. This knocked me quite a few points and probably cost me the A. A lot of people seemed to underestimate the amount of work/time and didn’t start until the weekend before they were due. If anything else, utilize all of the time given, usually you will need it.
Project 1: This is creating a “factory” in a program called factory I/O, Its a very neat project, but there are a lot of edge cases and extreme specifics. Programming is done using functional blocks, so it can take a little getting used to. Takes a lot of time, but overall is neat. Expect to spend between 35 and 45 hours on this, and if you don’t have a computer with a decent GPU, you’re going to have a bad time.
Project 2: This one is similar to project 1, but instead of functional blocks, it was with ladder logic. I already had some experience with ladder logic so it wasn’t a huge learning curve, but the program and VM used are absolute garbage, its buggy, non-deterministic and performance deteriorates as it goes on. Luckily this project had an autograder so you could know if you were right at least. The autograder had extremely tight tolerances though and I could only get it to pass by giving the VM 16+ GB of Memory. Many people got dinged on this for not passing the Autograder.
Project 3: This one was by far the easiest, but also the one I did the worst on by getting dinged for obscure details. It’s just analyzing a modbus wireshark capture and answering questions, then setting up your own modbus communication and sending things back and forth.
Project 4: This was a buffer overflow attack, very similar to the first project of CS6035, but with a few extra steps. Wasn’t too difficult once you figured out the main part.
Exams There are only 2 exams the midterm and the final.
The midterm was really poorly written, with a lot of unclear and obscure questions. You could bring a 1-page sheet of notes, but it was useless since basically none of the questions were from the slides, and were just testing if you could remember that one obscure piece of info from the lectures.
I found the final to be much better written and much more relevant to the material.
Lectures
The lectures are well-produced, but they circle a lot, repeat the same information, are poorly organized, and the professor talks ridiculously fast with no breaks between sentences. If there weren’t questions on the midterm based solely on things he said from the lectures, I’d say just forget the lectures and read the book. 95% of the lectures are him just reading the slides, but it’s that last 5% that was the entirety of the midterm.
The lectures also only occasionally line up with the projects and are usually completely detached.
Presentation
The presentation was a small amount of work, coming up with something to say for a 20-minute video was the hardest part. You can pick your paper. Pretty straightforward.
Professor/TA Interaction
The professor was completely absent from the entire course, I never saw him once for office hours, on Piazza, or anything else.
The TAs were pretty helpful, but definitely didn’t take any bullshit. There was more than one occasion where a TA would verbally smackdown a student for being whiney or unable to figure something out. They were always available for office hours, quick on piazza, and obvious that they ran the entire class.
Overall
I didn’t particularly enjoy the class, it was interesting, but I don’t think I’d take it again unless I had to. The projects were definitely the highlight of the class.
Looks like right now I’ll be ending with a B, but If I paid closer attention to the requirements for Projects 1 and 3, I would easily have an A.
I took this class based on the reviews that it was not particularly difficult. The reviews were accurate, this class is not difficult. It did not have the rigor that I expected from a graduate-level class.
There was a lot of whining that the first two projects were difficult, I did not find them to be a problem, but I did start as soon as possible, which gave me some cushion to get them done. I would not wait until the last minute to do any of them.
The class appears to be completely run by TAs, there is no interaction with the professor at all.
It is an easy class. Lectures were bit boring. Projects were fun especially if you don’t have experience with ICS. I think they’ve changed the format or something. It is much more time consuming now.
The first two projects took me 30-35 hours each. Project 3 and 4 were much easier and less time consuming, and I spent no more than 5 hours each. I put almost minimal effort other than doing projects. I spent 2-3 hours watching the video (played at 2x) right before each exam, and finished each in less than 20 minutes. For presentation, it took me less than 5 hours. I got 100% on projects/presentation and 70%+ on exams. I ended up with an A.
The main problem with the class is that assignments were not distributed evenly. Many people dropped after first or second project because they were way too time consuming. Things eased after the first two projects.
My background: Took this my first semester alongside IIS. No experience in integrated control systems or any of the technology in this course.
Projects: Four projects this semester where the work varied pretty greatly. The first two took me between 30-40 hours each and were somewhat stressful. While the work wasn’t necessarily difficult, it was certainly time consuming as it took forever to get used to the tech. There is almost no documentation on the tools used for any of the 4 projects, so a lot of the learning is trial and error. Project 2 in particular had an autograder that seemed to be inconsistent and I had to get a regrade because of a 10 point difference between my local performance and how their system ran it the first time.
Projects 3 and 4 are a lot simpler and take less time, but they are both somewhat tricky. Each of them I spent around 20-25 hours on where most of the time I spent banging my head against the wall until I got my “aha” moment.
Tests: The midterm was pretty easy and could be studied for easily in a week. I made a crazy long cheat sheet that I ended up not using at all because the questions weren’t directly from the lecture content. As I write this I haven’t taken the final yet, but it looks to be similar. I will update if it isn’t.
Presentation: You are also responsible for creating a research presentation which is super simple. You get points for responding to other presenters, which obviously isn’t difficult but it is easy to forget. The TA team seemed to be good but I think they’re fairly limited in the questions they are able to answer about the projects. I had much better luck getting help in office hours than I did asking private questions in Piazza.
Overall, I’d recommend this course if you have the time to do the projects and are interested in exploits against Modbus based systems or learning how they work in general. My biggest issue was that the learning was mostly in how to create and work with the systems rather than securing them or learning exploits against them, especially in the first two projects. The work is not hard but does take a decent amount of time. I don’t know if I’d choose to take this if I wasn’t interested in cyber security, as the actual technology itself is limited in usefulness for most people, I’d imagine.
Class was fairly easy. You learn how to use GDB and Factory I/O software. Some fill in the blank questionare type assignments informing you of how industrial hardware can be searched as easily as search for something on google. I recommend this class because it’s easy, and we need more easy classes.
This class was great in introducing how physical systems are used and implemented. I enjoyed learning about the grid and how insecure it was, and ways to better secure it. The grading on a few of the projects was harsher as compared to the other projects so I suggest really paying attention to the requirements and following them. Their autograder, which isn’t released, was rough.
A shout out to the TA’s, they are doing all the work and the instructor was nowhere to be seen the entire time.
This class feels like a waste of time. The first 2 projects are definitely time consuming, so plan on reserving time to complete them. They are the meat of the course. They are not hard, just very tedious. After the first 2 projects the rest of the class is smooth sailing. Projects 3 and 4 can be completed in a day with relative ease. The TA’s are mostly helpful, but I would find that they would sometimes contradict each other in Piazza. There is also paper presentation that we also have to upload to Youtube. I am pretty sure they were very lenient with grading for it because I didn’t even read the paper when making the presentation. The lectures are more boring than watching paint dry. Plan on bringing duct tape to keep yourself awake. Exams are easy because you can bring a notes sheet, so there is no point in studying or buying the textbook. Overall, this not a good graduate course. I would not recommend this course until the contents of it are restructured. I wish I had taken something else.
I took this class as an easy filler. I was planning to take the summer off, but with the potential of limited summer activities with COVID i thought id slip in an easy class.
This class is anything but easy. The lectures are short and sweet, but give boring a new meaning.
You have to write a paper, and if you happen to have limited access to a computer for the first few weeks of class, you will miss the sign up for your date.
This means that you will have to pick an article, from basically nothing since they are all gone, and then read an article, and then do a youtube presentation and upload it. All in like a day since you signed up late.
Oh i forgot to mention, this is also while you are spending the 120 hours on the first project, because its an insane amount of tedious work.
Then you get to start project 2. Which is another application, in a different ide/simulator. Which, guess what. Also take like 100 hours to do.
Project 3 is not as bad. However, this is like the only place in the class i got a bad grade. Be careful when doing this. It seems easy, but i feel like it is done to trick you.
Project 4… The omit important things to attempt to make you learn, but its just irritating. Then for the last part, they actually provide with you incorrect instructions, and the only way you know is if you attend office hours, or pay attention in slack.
And without these important things, this project took me 80 hours or so, until i got frustrated and started reading through slack, and then watched office hours.
The exams are a joke. No need to study anything. Just good luck.
This class is not per say hard, but it is really time consuming, and really frustrating.
All that aside, the first two projects were fun and the class contained some interesting stuff you dont normally think about.
Would not recommend as a filler and/or an easy class. Be aware.
Edit: LOL at the people below me. this class consumed my life.
First, the good prior review (from the summer 2020 semester) doesn’t seem legitimate and/or could potentially be a TA. This course has completely changed and is very strict now. For all projects, there are no partial credit points and it’s a pass or fail model. They’ve done curves in the past and given additional points which are now not an option.
The lead TA runs the course (like most of the OMS courses), and even makes new rules as they go along. They actually stated they had little time in the summer, and attempted to change course policy to mark additional points off any assignment that you submitted (which was blocked by the actual professor…).
The exams were ok, but just had random questions that didn’t have much meaning from the lectures. It’s more of a guessing game to make a higher score. I did enjoy the actual content from the professor via the lectures, but sadly most of it wasn’t really applicable to the projects.
The presentations were educational, and we made a short video over a topic of Cyber Physical Systems (which could nicely be done in a weekend…). You had to comment on other presentations as well and start somewhat of a mini discussion.
The first two projects were terrible. They are controls and PLC oriented, and will take you a minimum of 35-60 hours each (which is ridiculous for a 2 week span project). It is impossible to do it in a few hours as the prior review states. The last two projects are copied from other classes (CS-6250, the mininet project & CS-6262 buffer overflow) with modbus thrown in. The mininet project is the easiest, but the TA switched up how the project was setup and suggested using Docker which wouldn’t work for many causing countless wasted hours.
What’s sad about the last two projects is that if you haven’t taken the other classes it makes the projects much more challenging since the TA’s really don’t teach “how” to actually do the project. They also don’t explain the concepts which are at the core of “learning the material”. What’s the point in the class if the knowledge of how to solve the problem is not taught?
I would HIGHLY advise you to take pretty much any other class. I’m almost finished with the program and this has been the worst not in content difficulty (b/c the content understanding is trivial), but in dealing with poor documentation, *utmost restrict requirements on every single assignment, and the length of assignments.
Edit: I would still not take the prior review seriously even if they *edited their post to say they’re not a TA. The review right before it, speaks to what I’m saying and I’m only stating facts here about the course. Of course there will be people that like and dislike a course, but the legitimacy of the review is mainly in question due to what it said (such as getting the initial labs done in a few hours, which is *impossible unless you’re an expert in Factory IO and PLC programming using openPLC).
First class in OMSCS, and as a Controls Engineer of 8 years (BS in Computer Engineering), I wanted a good class to get me back in the swing of things as far as combining work and school. This class was fairly easy and flexible, though you have to take your background into account when judging for yourself.
Project 1 was fun, though edge cases for some of the Robotic challenges were a bit irritating. This project took me the most time. For learning the basics of Control Systems, I thought the workload for this project was overkill with the quantity of processes and details. Additionally, when selecting between Control System “languages”, I felt that projects 1 and 2 should have been swapped. The sequential/timing logic of project 1 was better suited for ladder, and vice versa. Due to logical execution order and a few other concepts, using the function block of FactoryIO felt clunky for this application.
Project 2 had some interesting content, but the simulation environment is bad. However, coming from the Controls realm, I know that there aren’t many good options for simulating ladder logic. If you get the hang of the software quickly, this CAN be quicker than the first project. I feel the biggest “gotcha” for others was not understanding how the PLC scans through the program and constantly updates the same registers. (AKA, if a coil is evaluated as TRUE, it can still be re-evaluated back to FALSE further down in the program. Basically, it’s not like an “if statement”. It WILL turn off the coil if it’s evaluated as FALSE.
Project 3 was a Wireshark project, and the easiest by far.
Project 4 involved buffer overflow via a low-level Controls communications protocol called MODBUS, and really consisted of 2-3 “a-ha!” moments that gets you through to the end.
The Midterm and Final were straight from the lectures, though there were a few questions that felt a bit too “gotcha”. If you watch the lectures and pay attention/take basic notes, I feel it’s fairly easy to get an A or B. The paper presentation I put together in one weekend, and got an A on it.
Final grade was an A+ for a low-ish average workload that really was better characterized by weeks of nothing and some weeks of large spikes.
I took this course Spring 2020. I am not a developer or programmer and was able to get through the course without much of a problem. I ended up with an A overall. I spent a lot of time on the first 2 projects. I lost a few points for not following clear instructions in the write up that would have been trivial to get. I think some of the requirements were added just to make sure you read the instructions carefully.
The TAs were very helpful and I would recommend attending office hours if you’re having troubles with the projects.
As an EE/Controls Engineer, I was very interested in this class. The projects (called Mini-Projects) are released in plenty of time and the VM’s provided worked well for me, but others in the class had issues. All in all, I thought the class was well managed and the TA’s were very responsive. Excellent texts were assigned to compliment the lectures and if you studied the lectures and did the readings, the exams were not difficult. I would highly recommend this course, especially if you work at all in Industrial Controls.
This was my second class in the OMSCS program, and I learned a lot of practical skills in this class. I felt the goal of the course was to get students familiar with PLCs and the tools used to program/configure them. There are 4 projects that aim to teach things like how to program PLCs, understanding and exploiting the Modbus protocol, and using openly available tools to locate vulnerable devices on the Internet. Some feel the class was a bit light as it relates to the security of embedded systems, but I believe the skills taught in this course give me a deeper understanding of how to defend against attackers in this domain (as the course title says, it is an ‘intro’ to these topics).
The class format worked well for me, and I didn’t feel it was too much work. I even bombed the second project (family vacations in the middle of a project isn’t a great idea), but I was still able to catch up and make a B. The teaching assistants were constantly on top of things in this class and did a very good job in facilitating all aspects. I highly recommend this course.
Other reviews have good descriptions of projects. The first 2 projects are quite different from other programming assignments. More like logic gate thinking than normal code. After some initial struggles to understand how to translate loop and conditional programming logic into this hardware world, things went pretty smoothly. No auto grading, so not as easy to know if they did everything correctly, but most of it can be checked yourself to be pretty confident.
The paper presentation (20-27minutes) is not difficult and as long as you follow instructions seems like an straightforward 100%.
The exams were straight from the 6.5 hours of lecture videos. The readings may reinforce those, but I did not read of the books. Each exam was 20 question multiple choice. One page of hand written cheat sheet was allowed. The questions were not tricky, but some were fairly specific to remember. I did well on exams, but with each question being worth 5 points it is easy to miss just a few and not get a great grade. Final is cumulative, but any material from first half of class felt more like just knowing the high level concept rather than specifics like on first exam.
Overall a pretty straightforward class without a ton of work. The lectures in the first half of class were pretty good. The second half drug a little bit, but with only 6.5 hours total it wasn’t a big deal.
This was a class I required for Computing Systems and I have mixed feelings about though mostly in the end I’d say positive. It has lot of potential but I think a bit of organization (technical organization cause TAs are great but requirements are never set in stone and can change so keep an eye on piazza) will help make it more popular. It has 4 projects (20/20/10/10):
- Factory I/O software is required. This is basically you engineering logic gates to create a program. Its easy but time consuming. One requirement is that the software is only for Windows and requires a decent iGPU at the very least so make sure you have that sorted. 40 hours maybe over two weeks.
- Similar to project 1 but the software is OpenPLC. Here the simulation is digital instead of graphical. The VM is terrible. I think the TAs need to spend a bit more time on making the VM since its a deprecated and yet recent Ubuntu version 18.10 or something. Easy like Project 1 but maybe 20-25 hrs instead.
- This is a coding project but very little coding involved. If you took CN youll know exactly the tools in the class and it will take you 1 hour at best once your tools are setup which is also like 1 hour at best if you know what you are doing. I dont think I spent more than 2 hours on this project.
- This was hardest. IIS Project 1 will help to know what you need to do, but this project is different. Unlike what other reviews say, this is not harder than IIS, its just that the documentation online for the type of attack is little to no and so it takes time to figure out what you need to do.
Presentation grading (10) is very lenient. I did terrible in it in my opinion especially with the recording and still got full grade.
Exams (2x15) are kind of tricky. You need to do well in exams otherwise you cannot get an A. However, if you study well, then 90% in them should be easy.
An extra credit of 9% was awarded where you had to give some feedback on things like software and auto-grading. I didn’t need it for an A but did it anyway. I didn’t do well in it (2/9) even though I thought I had spent enough time on it. So don’t depend on it. Make sure you do everything else well.
Overall I learned few things about CPSs that I had no idea about so for me it was informative. I think this is low workload class if you can put enough time in first 2 projects. But overall it was okay.
To preface my review, this is my first class. I’ve been in the software industry for 10+ years. I have a BS and MS in Computer/Electrical engineering and have a slight background in security through web development. I’m doing this degree for fun. I didn’t learn very much security related in this class. The first project was hard as balls. Since I have a degree in EE, I eventually realized I could finish the projects using state machine. The professor mentions state machine briefly in the lectures. Of course, I didn’t watch the lectures till the week of mid-terms. But regardless, you would need to be able to create complex state machines to do the projects successfully, and easily. The 3rd project was meh, but the 4th actually had some security related components.
I spent most of my course time on the first 2 projects…probably 40+ hours each. I received 90%+ on everything, and a 75 on the final. Since I’m doing this degree ‘for fun’, I just wanted a B or higher. Once I practically solidified my B, even if I got a 0 on the final (assuming a high project grade)…I decided not to study for the final. Still got a 75 just be thinking through each question (average was 83) and ended up w/ an A in the class.
The lectures were mostly the professor reading from the book. If you watch the lectures, then read the book, you’ll be reading it in his voice. I can’t comment on the lectures after the mid-term…didn’t watch them.
I wish the first 2 projects weren’t so time consuming (they weren’t difficult, just time consuming) and/or was more related to security. The only thing ‘security’ related was to put a “logic bomb” in your complex state machine…which is a piece of cake if you actually got the project working.
If you’re worried about getting a good grade…focus on the items that weighed the most (projects…). Start early, and attend office hours if you’re not confident. I never attended office hours, but did watch recorded videos if I got stuck. So thanks to those who attended and asked questions!
The TAs were helpful all and all in office hours and the forums.
I really enjoyed this course and found the projects interesting. The first project took sometime to finish but it was OK. The projects write ups are clear and the TAs are very helpful.
The lectures and the book go hand by hand. They have a huge focus on industrial protocols, so not much of a CS course in my opinion.
This course has two exams and they really just test your understanding of the subject. If you watch the lectures and read the required chapters, you will pass them easily.
The professor and the TAs were generous and gave extra credit assignments that add up to 9% to the total grade. This is too much in my opinion.
I track my time pretty closely. The whole class took 70hrs and 37 minutes. So that’s just under 4 and a half hours a week. But importantly that’s not evenly distributed over the whole semester. There are 4 projects for the class. I spent almost all of my time in the week before a project was due. Otherwise I was able to completly ignore the class for weeks at a time. So most weeks were zero hours, and then crunch time before the project due date.
The lectures were super boring. The readings were so bad I just skipped them entirely. But the 4 projects were actually a lot of fun.
This class is front loaded for sure.
The first project is really hard and time consuming. I spent over 60-80 hours on it. It was really painful. I was certain I was going to drop the class. It just didn’t click for like ever. The first project was the nightmare one. It uses functional block diagrams on a quite iffy system.
It is different. Its challenging. If you complete it, you’ll feel amazing and be like ‘oh wow, look at how cool this is that I made!’ If you don’t, you have a good chance at being one of the many who dropped after that. Take this advice: Don’t brute force your way through it. Take the time to understand all the different function blocks and then map out the process, draw it if you need to, but write it out and take your time. I tried brute forcing for way to long and it caused a lot of anger and depression on my end. If you can get by that assignment and do fairly well, the rest of the class should be smooth sailing. The 2nd assignment uses ladder logic, but if you successfully completed the first assignment, the 2nd should be a natural extension. Project 3 and 4 were much smaller and more manageable.
I had no background in security, networks, etc. so this class had a huge learning curve for me. I thought it was amazing though. I thought the material was well presented, the books are good and the TAs are amazing (p.s. don’t be afraid of office hours.) If you are struggling that is what they are for. Don’t let pride stand in the way :)
The midterms and finals (i haven’t gotten my final grade yet) are medium difficulty. If you watch the lectures, read and think about the material you’ve learned, you should be able to do ok on them.
This was one of the worse course, It was quite unstructured and the Projects were nightmare , TAs try to help but the underline software was so buggy that lot of time you dont figure out if its your fault or the underlined software’s. In addition to it, they have increased the complexity of mini project 1 which was using Factory IO . The underline software use block and uses physics engine which require high end computer and a paid software ( though you can get 30 days free trial ) . The mini project 2 uses OPENPLC , a non documented software ( good luck finding documentation on how to use it) , But TAs are really helpful. Last two projects are fun but its really dry content. In the last project we need to do buffer overflow . But TA/ Question doesn’t make anything clear about deliverable. Last Professor is never available on Office hours ( which is understandable) .
PS: As I mentioned about mini project 1 , TA even do not have auto grader so results are really late and can have lot of bug , make sure you ask for regrade .
The exams were pretty easy. If you watched the video lectures you learned most of the necessary material and if you actually read through the books and Piazza you should be good to go.
The presentation was pretty straightforward to put together and the grading seemed to be pretty light as long as you followed directions.
The content was interesting and fun.
The first few projects had you spending most of your time setting up a buggy environment with software that was poorly documented doing things that were never explained in class. I learned some stuff, sure. But it was not much that I cared about, nor was it a very realistic or effective way to learn.
The later projects were more fun and useful, but had many of the same problems.
Luckily the TAs and the classmates were pretty active on the forums.
I never went to office hours but they happened regularly.
I got an A in the course and would recommend this as an easier/fun elective if you need one.
Overall I enjoyed this class. It’s one of those dual purpose classes (It counts for CS as well as ECE I believe) so its not exactly your normal “programming” course but it was still fun. The projects were still logic based so if you have a background in CS you will be fine but your not going to compile code or anything. The tests were very straightforward and as long as you watched the lectures they were really easy. The projects were a bit of a learning curve for me but they end up being fun and I was happy once I completed it.
This was my third course in this program and i strongly disliked the course. The worst part about the course is that the schedule offers no flexibility to the students. Each mini project is released only 2 weeks prior to the deadline and each mini project involves a lot of overhead. There is minimal to almost no discussion about the software tools or platforms in the lectures and you are left all by yourself to search for relevant videos and figure out on my own. The grading is very unfair specially for mini project 2 because the software platform provided has a lot of bugs and auto-grader will give 0 if the output is delayed even by 100 ms. Overall I felt the course lacked the flexibility and enthusiasm i have seen in all the other courses i have taken so far.
Not a very difficult course, but one that I definitely learned something from. Expect the projects to have very little to do with the material learned. Overall, the class is fair and not too challenging. If you are a good self-teacher, you should be able to do well and learn a thing or two along the way.
I thought this class was interesting. The first 2 projects are pretty cool. You can make an automatic conveyer belt system. The last 2 projects are boring.
This class should not be rated on average taking 8 hours a week, I spent far more than that. Some of these projects took me 40 hours each. The exams are also pretty broad.
The presentation will suck some time out of you as well.
Overall, I liked the class.
CPS is a strange class, and I’m not sure how well I can recommend it, but I’m glad I did it. (However, I did it with a group of almost a dozen friends, which makes a lot of difference). I did this course for the OMSCS; there are also OCY students in this course.
Topic: I really appreciated the topic, and it’s a good counterpoint to normal cybersecurity thinking. When availability matters more than confidentiality, ideas like “fail-safe defaults” take on a different meaning. Super valuable to think about the different challenges that they face. It’s also a cross-discipline topic, so you have CS folks as well as electrical engineers and government regulators in the field too.
Lectures and readings: The lectures were mostly super short, they were ok. You can see them on Udacity. However, they were almost word-for-word from the textbook, which was really dry. I don’t think it was worth it to buy the textbook, and I ended up not reading it after the midterm, once I knew how the tests worked.
Tests: a midterm and a cumulative final. But, you get a cheat sheet for each - one page for the midterm, two pages for the final. Neither were bad. 20 multiple choice questions each.
Assignments: 4 projects. Proj 1 must be done on a Windows machine and uses software that simulates a factory floor - it’s a lot like a video game - so hopefully you have a reasonably good graphic card or this project will be painful. Proj 2 is in a VM, and had the most headaches associated with it - it was not set up in a way to make it easy to test whether you had done it right, although the autograder would measure to the .0001s. Proj 3 was relatively easy (it used mininet). Proj 4 was interesting, but it overlapped with IIS Proj 1. You also have to pick a paper and do a ~15-20 minute YouTube presentation on it.
TAs and Instructor: the instructor showed up on Piazza once or twice. The TAs held individual, unrecorded office hours. We felt like the TAs were very disorganized and not on the same page with each other. There were two TAs (and one of them was very active and vocal) that gave instructions in multiple instances that were later shown to be flat-out wrong and directly contradicted by the head TA. The head TA did a great job, but it was too much for him to keep track of everything. There were issues with each project release - each project had to have some instruction revised (exacerbated by TAs giving wrong information), and there was a lot of general confusion due to this - especially since sometimes the instructions changed halfway through the project window timeframe and we were threatened with zeros if we did not perfectly comply.
There was also a huge problem with Proj 2 where the autograder was set up incorrectly. The TAs pushed to release the project early, but there were a lot of problems with the instructions and it had to be revised. This was made worse by some of the TAs giving purposefully vague and unhelpful answers, despite the project requirements expecting us to have an exact and nuanced understanding of the sequence of events in the project description. The TAs then pushed to get grades back to the students before the withdrawal deadline, but because the autograder was set up incorrectly, the class scored very low (many people scoring zeros with grading comments that made no sense). In the end, they had to do a massive regrade (the professor gave everyone an extra 10% to help make up for this), but by this point, people had withdrawn from the course because they were worried about how low their initial grades were.
All that said, the projects weren’t too hard, but there were lots of annoying little details that had to be met exactly right. For CS folks, it can be a hurdle to work with ladder-logic - it’s logical but very different from normal programming.
Schedule and class flow: This was a pretty lightweight course. Even over summer, there were two or three times where I basically ignored the class for about a week at a time, and my friends did the same.
EC and curve: Grades were curved just a little bit. I want to say there was like 10% of the overall course grade available in EC. I didn’t attempt it, so I’m not sure how difficult that would have been.
_TL; DR_ - It’s ok, pretty easy, some interesting things to learn and do in the projects, but be cautious, there’s a reason old reviews have said this course has issues with how it’s run.
This course was very interesting. The projects were interactive and logical. I found the projects to be practical and informative. Completed projects with less investment in time. Would recommend to take this course along with any other course with more workload. If you have already taken CS 6035, this would be an easy walk for the last project. Feel light and knowledgeable.
Some good, some bad, some things different.
Pros: projects were generally interesting and different than most typical OMSCS projects. I loved making little robot boxes run through a factory floor, and then have a little robot arm start tossing them around. Some of them are finicky (ladder logic), but it’s an interesting experience.
The stability of the assignments was fine – the changes were minor and when there was a autograder messup it was corrected and we got a couple bonus points.
Cons: Tests are multiple choice with ambiguous questions that test your ability to parse meanings like the instructor more than having actually covered the materials. And the video lectures are virtually straight from the book, organized like a giant outline. Could be a pro in that you’re not missing anything I guess, but gets very tedious.
Still, it’s scary fun to learn about these vulnerable systems and it was overall a capably-run course.
The material was somewhat interesting, but the delivery was not the best.
Exams were pretty easy but I don’t think it tested the material too great. Some questions had 3 out of 4 possible answer evidently wrong so it made getting a good grade on those straightforward.
Project 1 was interesting, it simulated a factory floor using factoryio. It was more like playing a videog ame than anything. Project 2 was Ladder Logic. It was interesting, however the tools that they used were very unreliable. I worked on the last 2 our of 5 parts without being able to test it since my VM blew up. It happened throughout the whole project. Project 3 was very basic and used mininet and wireshark. Project 4 was a buffer overflow vulnerability exploit similar to IIS’s project 1.
You are also required to do a presentation, this was interesting and oddly enough enjoyable. This being said, the TAs say that you can use any paper pertaining to CPS and even outside the weekly assigned topic, This is untrue, I had papers rejected because of them being outside the weekly topic.
The TAs were not the best, the grading had errors. On Project 2 the auto grader messed up and everyone’s grade was affected, funny that none of the TAs thought that it was odd that the highest grade would be a ~80. They re graded and lo and behold people did get 100 on them.
My Project 3 was graded erroneous, i had to ask for a regrade to get back 10 points, which turns out it was yet another TA mistake that affected a number of students.
The TAs were often contradicting themselves when providing clarifications, you would have one say something then another one say something completely opposite a few posts down in the same thread.
Lastly, don’t bother being the 1st to try out projects, there’s been bugs and writeup errors with each and every one of them. The submission naming requirements would often change, and if you submitted early and never checked Piazza you could have lost up to 20% of your grade.
Advice for the TAs: Try giving the students Vagrant files, and deliver the project code via Git, it might simplify some of the issues and updates to projects.
Overall I would not recommend this class as it is now, I think that with some effort it could be a great class.
P.S.: In case you are wondering, I did get a comfortable A.
P.P.S: Considerable Extra credit was offered which was awesome to see, although i did not attempt it. It looked interesting though.
Lectures are pretty boring, but are only really needed for exam questions. Professor is very monotone and reads things to you.
I didn’t interact with any TAs, but they often seem to not be on the same page. At least one of the TAs only gives short vague answers to questions on Piazza, which can be frustrating.
I despise presentations, and there is a requirement to do a ~25 minute research presentation in this course. A lot of the good papers get taken up very early on in the semester. Don’t be like me and have to find your own paper that was out of date because anything good was already taken. You also get to choose your due date, which I wasn’t a huge fan of since you have to squeeze it in between other projects (but I was just going to wait until the last minute either way, right?).
Mini projects are easier if you have taken CN and IIS.
Project 1 was a lot of fun, very interesting and straightforward.
Project 2 was one of the most frustrating projects I have had to do in my 8 classes so far. The open source tools were very buggy and frustrating to work with. Project 2 also had major issues with the auto-grader, so most people had incorrect grades at the withdraw deadline.
Project 3 was fairly easy, especially having taken CN.
Project 4 was pretty frustrating, but it’s one of those where it could take you an hour or 10 hours, depending on when it clicks in your mind. IIS knowledge helped, but the project was just enough different to not make it very straightforward what the solution was. Report aspect to this project seemed pointless (but I generally hate report projects in CS).
Pretty easy course when compared to most others. I went a couple weeks at a time between projects without doing anything, even in the summer course. I would recommend this course if you are looking for an easy course to get some credits or if you are genuinely interested in CPS.
Main Review
Overall the class is decent, has good amount of information. I wasn't prepared to take the class at all. I thought it would be an easy class to take in the summer, plus I personal didn't hear of Security regarding Physical System, so I went in with zero knowledge and some Network Security knowledge. If you are like me, be prepared to put in a lot of effort.
The TA's are very good, compared to the previous classes I took. Lecture are very clear and informational. One draw back is that sometimes on Piazza they are very slow to reply back or don't reply back at all if you ask a dumb question. On another note: Lots of auto grader issues on the 2nd project :/
Projects
Projects were interesting, I would rate them between medium-hard level, most of them are very buggy. I wish I started a bit earlier just for the set-up. I would recommend looking into PLC, Python, memory stacks and registers.
- Project 1 (20%) - super fun and relatively easy
- Project 2 (20%) - super fun as well, but hard and very buggy. I recommend starting on the project early, people dropped out after this project :/
- Project 3 and 4 (10%-10%)- rather on the harder side for me because I had little knoweledge of how stacks, wireshark, Modbus worked. I lucked out because I started on these projects early
- Presentation (10%) - I enjoyed this one a lot. I got to choose a good paper to present on. This one is easy, just try to not mess up on this one
Exams
Midterm - 15%, Final- 15%. Exams are reasonable, some questions were tricky but exams were well made. The lectures mirror the books, but I highly recommend reading the books, they are awesome.
Note
Extra Credit was offered this semester. One was hard and other one was easy.
It was a really fun class. There were some issues with small annoying misunderstandings in how to take the exam and how to submit your projects. Also some of the projects were supposed to run on VirtualBox images of Windows machines. That setup was extremely slow for me on a powerful 2015 Mac. I ended up using a native Windows machine which I got from a friend. If I had no access to this machine, I would have not been able to finish at least two out of four projects. This scared me at the moment I realized this. The material was nice and I actually learned a lot.
To put things in perspective, I work in robotics and haven’t taken ISS/NS. Working in that field, I’m already quite familiar with some of the background concepts explained like controllers, industrial protocols, PLCs and so on. On the other hand, since I haven’t taken any other of the security classes, almost everything I learnt here in that regard was new, so there was no overlap for me as other folks explained. After all, this course gave me some security fundamentals that have a more direct application in my field that the one I would have got in other security classes.
Course organization
- Projects (60%)
- Project 1: Industrial programming using a delightful framework (FactoryIO). Believe me, is great, specially when compared to Project 2 environment.
- Project 2: Ladder logic under OpenPLC. I enjoyed it since I have always been curious about that programming language, but the write-up and virtual machine provided should be reviewed from scratch.
- Project 3: The easiest. Study some network traffic and implement a simple attack on Modbus.
-
Project 4: Buffer stack overflow under Modbus. Quite tricky, requiring lots of trial-and-error and and some “a-ha moments”. Folks who had already taken ISS said it was more difficult that the same project in that course.
-
Exams (15% + 15%). Based directly in the lectures. Regarding them, they are short, engaging and informative for the first 2/3. The rest is quite boring, specially the chapter focused on industrial protocols.
- Paper presentation (10%): Choose a research paper from a list (or propose one related with the class topics) and create a video-presentation of around 25’. For earning some participation points, watching the presentation of other students and making meaningful questions was required. This was an interesting way of learning about last trends in the field.
Things to improve:
- Consistent instructions between project submissions.
- Project 2, in general. The VM provided was not updated and worked really slow. In order to complete the assignment, we had to download a newer version of one of the programs included in the VM, what created some confusion among the students.
- My English is not great as you can see and even with that I could detect several mistakes in the assignment instructions.
In conclusion, a different but great summer class. Fun and easy, I would recommend it to everybody pursuing the CP&R specialization. I think it could go well to pair with a more demanding course in Fall/Spring.
Sneaky Challenging
This class was full of new information for me. As a java software developer, I never experienced PLC programming or ladder logic.
The first project was straight forward, block programming in a program called factory io. Once you get the hang of it, assignment was pretty easy to complete. The second project was most difficult and took the most time. The TA’s generously gave us an extension, which I needed. I am still not sure how my timers did not pass the autograder, but with extra credit, it wasn’t worth the regrade request. The midterm was very straightforward from the video lectures. Project 3 was using mininet, python and wireshark, similar difficulty to the first project. Project 4 dealt with a buffer overflow and was challenging for me, as I had no experience with gdp and assembler.
Overall, I loved the information presented in the class and the projects were unique and challenging. We were given two weeks to work on each project and one week to study for exams. I felt like it was enough time. I would usually wait 4-5 days after the project was released to start working on it, as sometimes the requirements changed midstream. Usually others worked out the kinks in that timeframe, but I also lost valuable time when it came to project 2. I felt like the VMs could have been set up a little better. We had to go through the rigmarole of installing a gui and guest additions and updating software before working on the projects. The TA’s work very hard to make it right. One scare in the semester when they released project 2 grades where the autograder failed to work correctly. It sent the class into a panic generating regrade requests, when in fact, it was something on their end. Professor ended up giving everyone extra credit, but I feel like it should have been caught before grades were posted. This is a grad class where most people get As or Bs, class average was in the 70s… in software development we called that a bad smell.
To be successful in this class, watch the lectures for the exams and do some research on the project topics before jumping in. There are not a lot of resources out there, as you will learn that is why there is a need for this class. Start the projects early and keep trying. TAs are helpful and don’t be afraid to ask questions, as a lot of this will be a new way of programming and thinking for many students.
As my fifth class in the OMSCS, this was my least favorite. The projects felt very unorganized and the VMs could be improved so they are project ready instead of having students get the VM working then start the project. Requirements changed and regrades were frequent and abundant. It felt as though the projects had not been properly tested. Some changes were being made to the projects and I can appreciate the work that is going into fixing them but at this point they still require a lot of work. In previous classes, I’ve had TAs post a short youtube video explaining the project and covering setup which I believe would benefit this class. Course is heavy on extra credit which I would guess became a requirement for many students that may have struggled on some of the 4 original projects. The course by itself isn’t a heavy course load with just 4 projects but factor in the extra work you’ll most likely end up doing for the extra credit and its a bit of a load for the summer semester. Tests were 20 questions multiple choice and fair for the most part. I mostly use piazza for communication and TAs were a bit slower to respond than other classes and a few questions went unanswered. I wish that there were more/better office hour times. There was one late Monday night and one session held in the middle of the workday (not very helpful when you’re trying to complete a project due Sunday night and you have a question). The OMSCS has created a high standard for me and I would like to see this class on par with the rest of the program!
This class was not that interesting, if you have taken IIS or NS you probably know everything there is here. It is some what an easy course if you can do projects with friends and all. The work material itself is very dry and boring.
The TAs are not very engaged except for a few. The auto grader for the project screws up regularly and the professor and TA have to work out how to fix it. The class has potential but it does not look like they will improve it.
The lectures are soooooo boring that you will probably sleep through most of it.
Like many other reviewers have mentioned, there is a noticeable issue of changing requirements with respect to the projects. However, I was never so inconvenienced that I felt outraged. The projects themselves are quite doable relative to other OMSCS courses I’ve taken. I do think you should take IIS before this though. Project 4 is a much harder version of IIS’s project 1. The tests are very straightforward if you watched the lectures. No deceptive/trick questions. And the readings are basically the same material as the lectures.
As for the material/learning experience itself, I’d say it was worth it! It’s very refreshing to complement your knowledge of computer science with the cyber physical realm. You’ll never look at traffic lights, power grids, factory floors, etc. the same way again.
This course covers industrial programming, security, and hacking. It is an end to end survey of the physical systems that leverage automation to ship packages, mix composite materials, generate power in a smart grid, etc. The projects can take a significant about of time, but they are very realistic with elegant solutions. The exams are straight forward if you followed the syllabus. The hardware in this course should be new to most CS students, but everything is virtualized and simulated very well. The course demystifies the industrial world significantly showing the increasing overlap with enterprise security concepts.
I thought this class was going to be a lot of fun.
It wasn’t.
Honestly, I feel really bad for the TAs. It feels like there are two or three very invested TAs who dedicate as much time as they have to run the course. Unfortunately, that shows.
The lectures are essentially the professor reading the readings back to you. You may as well just do the readings instead of the lectures.
This class consists of 4 mini projects, 2 exams (multiple choice, about 20ish questions, pretty easy if you just study a little), and 1 paper presentation (also pretty easy).
The thing that made this class un-fun was the shifting requirements for the projects. Things like project naming would change halfway through the project due date. This was really unfair to people who submitted early, especially because if you didn’t follow the name scheme you would get a 0.
I had to submit two projects for a re-grade because the TAs were sloppy about grading and would take more points off than what was appropriate. Honestly, if I hadn’t asked for the points back, it was the matter of getting two completely different grades amount of points taken away.
This is an overall easy course, so it’s recommended as a summer class. However, go in with the expectation that you’re going to probably have to resubmit a project multiple times and ask for regrades.
I thought this class was going to be a lot of fun.
It wasn’t.
Honestly, I feel really bad for the TAs. It feels like there are two or three very invested TAs who dedicate as much time as they have to run the course. Unfortunately, that shows.
The lectures are essentially the professor reading the readings back to you. You may as well just do the readings instead of the lectures.
This class consists of 4 mini projects, 2 exams (multiple choice, about 20ish questions, pretty easy if you just study a little), and 1 paper presentation (also pretty easy).
The thing that made this class un-fun was the shifting requirements for the projects. Things like project naming would change halfway through the project due date. This was really unfair to people who submitted early, especially because if you didn’t follow the name scheme you would get a 0.
I had to submit two projects for a re-grade because the TAs were sloppy about grading and would take more points off than what was appropriate. Honestly, if I hadn’t asked for the points back, it was the matter of getting two completely different grades amount of points taken away.
This is an overall easy course, so it’s recommended as a summer class. However, go in with the expectation that you’re going to probably have to resubmit a project multiple times and ask for regrades.
Note: This is for Summer 2019:
Overall - I thought this was a good course. It seems like it was better organized than past semesters, with that said, Project 2 was a difficult project and the grades were released right before the drop date. Furthermore, they had issues with the autograder so some students dropped when they might have had a decent grade. The first project was fun and provided an understanding of industrial systems. Project 2 had a much higher learning curve, primarily due to ladder logic that wasn’t well explained in the course material. There is one section in particular which could stand to use simplified logic.
Overall - there is a lot of material and I personally would de-emphasize the material on the smart grid.
Past reviews are right on about the tests - you are allowed a cheat sheet and there are not many questions.
You can handle the first three projects without any previous experience. Project 4 is much easier if you’ve taken IIS.
Tohid is the only good TA on the team. Some of the other TA’s will literally tell you things that are false.
The first project was a joy to work on.
The second project in this course is an insult to the quality of the program as a whole, and should be entirely removed. To be clear, my issue is not the content or the work we’re being asked for, it is the hideous structure of the development environment, and the vast diversity between the different sections that just makes this so much more work than it needs to be. Consider removing part 3 and changing the abstractions so that we’re not learning entirely new systems for each different part. It’s just too many details to the point where it takes away from the goals of the assignment. You could easily use factory IO for both project 1 and 2, I think that would actually be great, and could enable you to delve into more interesting PLCs and see them work on real machines which was the best part of P1.
The third project is interesting and fun, the fourth project is also good.
BE AWARE OF HIDDEN REQUIREMENTS.
It is so ridiculous how many times the project requirements “changed” due to the vagueness of the writeup, these new details only became clear after arguments on piazza.
Great class. The first 2 projects were interesting and challenging, but you learn a ton. Some people struggle with first 2 projects and drop. Majority of students really like the projects. They give you 2 weeks to complete each project and there was 1 extra project at the end. If you start early, you should be fine. Dr. Beyah and TAs were really helpful. I really liked this class and I’m glad I took it.
I liked the projects much. First project was very interactive and challenging. Second project was also interesting. The first 2 projects require some investment in time. While 3rd and 4th projects are easier. Exams were good with most of the questions from lectures. Need to focus on all aspects to get an A. Paper presentation helped a lot to learn more about what happens in current trend
Had no real prior experience with ICS, really enjoyed the class Instructor and TA’s and other students were really great. This is the first time that I experienced this in the program.
Overall: This course had some really interesting topics, but did not dive into them as deep as I would have liked. You can take and succeed in this course with little to no background in Security (I have one, so the topics were not at all new to me), my only suggestion is a basic background on networking. The majority of the workload was in the 4 projects and 1 paper presentation. TA’s and instructor were responsive and worked with students to even allow us to frontload the work a little. However, as a whole I think is course could be improved a good bit.
Paper presentation: An interesting assignment, made you read, understand, and provide a talk + slides on the topic. Took me about 15 hours total.
Project1: The most time-consuming. Not difficult, but takes time. Took me about 30-35 hours.
Project2: The second most time-consuming, dealing with PLC logic and state diagrams. This one used an unreliable environment that was the most frustrating part of it. Took me about 15-20 hours, about 5 of which were setup/fighting the unreliable tools required for it.
Project3: Very quick project, but was somewhat interesting as you were actually dealing with fieldbus protocols. Took me about 10 hours.
Project4: Basic use of GDB debugging and Return-oriented programming (ROP). Interesting and no problems with environment. Took me about 15 hours.
Both tests (midterm and final) are cumulative and based straight off the lectures and two primary textbooks. Not difficult if you watch the lectures and review some material.
Great Course! The assignments were fun. After taking this course I realized that industrial control systems are not really secure and the difficulty involved in securing them.
For context, I have a background in security, including being in charge of security architecture, being a CISO twice, and a (lapsed) CISSP. Given that, I didn’t think I’d learn a ton in this course, but that was not the case.
It turns out that, when you look at security through the lense of Cyber-Physical Systems and Industrial Control Systems, a lot of things you think are settled or solved are still open questions. In fact, we are creating new “legacy” situations every day as we invite all sorts of networked devices (with questionable security, monitoring, and updateability) into our lives. IoT, anyone?
As far as logistics, there were inevitable hiccups, but the TAs were on top of it and worked hard to make sure that we could learn. Very flexible and supportive.
Dr. Beyah has an engaging lecture style and covers the material well. I recommend this course if you have an interest in security, how infrastructure works, and what the “new infrastructure” (IoT, AVs, etc.) will be and how to secure it.
This course was excellent!
The material was well summarized by the professor in the video lectures and it gave a concise overview of the many aspects of CPS security.
The assignments were challenging but the TAs did it a good job in hinting us in the right direction when needed.
The use of Piazza was well organized and everyone from the Professor, to the TAs, to students participated well in the discussions.
The paper presentation also gave everyone the chance to get exposure to several research topics on this field.
Lots of reading and lots of work on projects but well worth the time.
Definitely not a easy class especially want a A grade. The projects are not easy, but if you take CS6035 and CS6250 before this class, those project won’t be a big deal. The extra projects are difficult, especially the first. TA didn’t provide any information regarding the extra projects, and the knowledge we need to accomplish those projects didn’t come from the lecture. I spend a whole weekend tried to figure out the right way to perform MITM attack. Overall, I think this is a interesting course, although may not be very useful
The exams were taken almost exclusively from the lectures. Take good notes as this is all you can have for the exams (limited notes only for exams, no open book). The text books and other readings were not used much at all. The projects were interesting, but the was little to no feedback on them after the were graded - no explanations, examples, or answers - just the instructors private comments. Some of the project requirements are vague, so be VERY careful when answering them. In this case, MUCH more information is better. Some of the test questions were ambiguous and I think one of them was flat out wrong (the “correct” answer was actually a sub-set of one of other excluded groups), but the head TA cited some extra material not covered anywhere else to show how they considered this answer “correct”. You should have taken the Information Security (CS6035) class as a prerequisite as one of the projects leans heavily on material covered there, so definitely NOT a good 1st course. Grading for the class seemed to take way to long (last day of semester and still waiting for a final grade for one assignment).
The professor reads directly from the book for all lectures (so no need to buy them). The projects are virtually unrelated to the curriculum (line logic PLC programming and low-level stack overflow coding - seriously?). TA’s are not buttoned up - assignment dates are arbitrary, deliverables change last minute, etc.. Professor makes 0 appearances during the semester. Unfortunately, it didn’t meet the GT bar…
If you’ve taken Computer Networks and Info Security like i have, there is not very much new technical material in the course - except for the ladder logic project, which was different and cool. The extra papers were good reads, but the official text was dry and verbose. One could almost do without it, but not quite, if getting an A is the goal. One specific gripe is with the tests, which are a large percent of the grade, not being worthy. Overall, just OK and possibly redundant. I’d rather have taken something else.
I took this course for Fall 2018, and withdrew as I had unplanned international travel right on the timelines for Project 2.
This is a very interesting course. Don’t come in expecting to learn the standard C/Java like programming assignments. This is a new domain (was at least new for me). If you come in with that curiosity, you will enjoy this course.
Teaching assistant team for this course is really good. Tohid is clearly passionate about this course and domain and does a fantastic job.
Course has three projects and 2 exams. Generally projects use non-traditional protocols and technologies such as ladder logic, somachine, mininet, modbus, etc. So there is a ramp up time before every project. But the learning curve is not too steep. If you start early, you will do well.
Median for this course is quite high given that lot of people do well. There is also an extra credit assignment (Between 1 to 3 % points). So don’t expect a curve for this course.
Piazza for this course is probably the best organized one in the entire OMSCS program. Tohid creates a thread for every part of the project and all the discussions are generally captured in that one place. It is much better than wading through several threads of totally disorganized topics in some of the other courses.
Office hours are also recorded, which is another plus.
Paper presentation was tried for the first time in this course in Fall 2018. It gives a very good exposure to a bunch of research topics on this field. If you are complaining about lack of an evaluation component in the first 4 weeks, here is one that you can pick. It is much easier to see a video done by one of the peer students for 20 minutes compared to reading through 40-50 research papers through the semester.
I found the course to be pretty interesting as it made me explore a different aspect of security which was quite an unknown zone for me and it had some decent projects though I really disliked the pacing of this course. Piazza was quite active for the most part with TA’s/students sharing articles/papers/news outside of the course content but still related to the subject matter. I really loved the documentary related to Stuxnet that was shared - well worth a watch.
I took the summer version - and there were 3 projects. First project was quite easy and required the use of Schneider Electric’s SoBasic. Second project was related to the protocols that you will study during the course - Modbus/DNP3 - I personally did horrible on this one as I was in the middle of relocating between countries due to my Job. But the class median on this project was quite high so I think it would have been doable, I just did not have the time to do it properly. The third project was nice and a bit tricky also - it required knowledge of using gdb to ultimately exploit a buffer overflow vulnerability. There was a 15 point extra credit on this project also.
Exams were fair, questions did not seem ambiguous but they were extremely short. They give you 2h 50mins for the final exam that you can complete in 10 minutes - I don’t understand the point of this. The first exam was 1 hour and frankly it had more questions where some “thought” was needed and there the 1 hour time was somewhat justified. Final exam is cumulative.
Coming to the pacing - I don’t know who has decided this schedule but there’s practically nothing that happens during the first few weeks and very little even in the first month and then you finally get something to do from the mid-term till the end. It would be really worthwhile to adjust the schedule and put two projects before the midterm instead of just one. Currently, the workload is a bad factor to judge this course on. Not saying the workload is too much, it’s just not indicative of the reality - I don’t think I ever spent 7 hours per week, but certainly spent 20+ hours on the 3rd project trying to figure out a silly error.
Overall, it was a decent course. My complain is the awkward pacing and the fact that the grading is quite weird - you basically have to do great on everything. With 100% in two projects and 90% in both exams, I still ended up with only a solid B since the second project pretty much screwed me over as I got a 50%. And since the overall class median/average is quite high, you cannot expect a curve. So if you have some important personal/job related stuff come up after the mid-term, then it could affect your performance in some projects.
As others have stated, this is a bad course, and the worst security course in OMSCS (I have taken all the other ones before this). The professor clearly doesn’t put any effort into the class or the tests. The projects are hard to interpret, but not too bad once you get past the setup time.
The real issue I had with this class were the tests. They are about 20 multiple choice questions that are terribly worded with answers that all make sense depending on the context that you do not have. Its more or less his opinion really, so you have to spend a ton of time trying to figure out what he believes is the best answer and not what is actually the best answer.
TAs were good. They had to deal with almost all aspects of the class because the professor was non-existant but they did a good job with that overall. I strongly recommend not taking this class, even if you want an easy A. Its not worth the time or effort you will spend.
I almost never write reviews for courses, but this one is so terrible that I wanted to make sure to warn people. The subject matter is dull and the lectures make it even worse, there are two ‘required’ books which I never touched, the TAs/professor got combative with people in Pizza on a few occasions, and there was almost no interaction at all. I mentioned the books. I never once opened them, but I got an ‘A’ in the class. I’ve no idea what is in them, but clearly it wasn’t needed.
By far, the best part of the course are the projects, but that isn’t much of a compliment. The things are terribly designed, require janky industrial software (seriously, why is industrial software so terrible), and have unclear requirements. Once you’ve figured out what you are being asked to do, however, the projects are simple and can be finished in an hour or two.
Beware the exams. They are easy (like 5-10 minutes easy), but there is often misleading wording to questions.
Is this an easy class? Yes. Does it require much thought or time? No. Will you still be sad you took it? Very much so.
Until theres a restructure, I would avoid this course. Unfortunately, its a poor reflection of the OMSCS program and hopefully the feedback on OMSCentral will be used to improve the course.
There is almost no interaction between the instructors/TA and students on Piazza – it was the least amount of Piazza/Slack activity I’ve observed so far in this program. There’s pretty much nothing due for the first 4 weeks, then there’s an extremely simple project that is made difficult through lack of clarity. After that, there’s nothing due for a few more weeks until the Midterm that contains less than 20 multiple choice questions and is worth 25% of your grade. There is no direction on what to study, because the assessments are meant test the student’s broad understand. This has the side effect of questions that are vague and open for interpretation, allowing multiple technically correct answers to some questions based on the level of abstraction of your interpretation. The books are just a really general overview of the topic. This course takes only a few hours of work per week to complete in its current state, and when the appropriate amount of effort is put forth, it will give you a 50% chance at a B, and 50% chance at an A.
The instructor is likable and he does a good job with the lectures, so that is one benefit. The instructor is knowledgeable in his field, just as you’d expect from a GA Tech professor.
This review isnt in retaliation for a bad grade, or a personal attack on any of the instructors; I received an A, and the instructors were willing to help a student when contacted. My theory is that outside of the lectures, the course was developed and operated by TAs from the brick and mortar program who just don’t have much stake in the online program. I’d love to see this course improved upon.
Overall, a good class. Yes, the lectures and books were often repetitive and some rote learning was involved. And yes, the professors and TA’s weren’t very active on Piazza. But the material was interesting and you get the understanding about what makes cyber security different for embedded systems versus general purpose systems. In contrast to what a previous reviewer said, when the professor said “I won’t debate you further. However, for the other students reading this, my statements were correct, “ I thought it was great. The student was arguing for the point of arguing on the Piazza forums, adding unneeded contention. And I didn’t really see any other students surprised or “roiled up” by that comment. Anyways, back to the class itself. Enjoyed it, and wasn’t a bad class to take during the shorter summer semester.
this is a good class, it provides good lectures, good books and reasonable projects. the issue is that the exams which represent 50% of the final grade are short multiple choice / true & false. The material is interesting. the semester didn’t provide an active piazza or slack channel. So it’s really about keeping up with the class. Office hours weren’t recorded which is a definite bummer if you do work on the program late at night.
Felt to be more of an survey of Industrial Control Systems and protocols than a security course. We periodically touched on security here/there, but much more of the focus was on a very wide brief introduction to a wide variety of systems and protocols with a never ending list of acronyms. I would have preferred much more time spent on the application of security (e. g. here’s a situation… this is what was done to secure it… or here’s an case where there was an exploit, this is what was done to discover it, this is how it could have been discovered earlier, this is what was done to fix it – in other words, learning from other’s mistakes and analysis).
The projects were very lightweight and completed with minimal time and effort. Others had trouble getting the systems up/running, but I did not have that issue.
The other half of the grade for the course is tied up in hair-splitting true/false questions on two tests (both of which have a fairly limited number of questions).
I think the course needs some work to take some slices of it deeper and give up on some of the broadness of the topics covered.
Let’s start with good cop- the lectures are fairly alright. The problem is that the course is a long, extensive enumeration of a bunch of things that you should memorize (snooze-triggering videos on the details of various protocols used in industrial control systems) and then the exams do a very poor job in measuring the extent to which you’ve absorbed that information. So what’s the point? I hate courses that function like a laundry list of concepts to memorize, but if they can’t even write unambiguous exam questions based on that list, the course is garbage. (Additionally, the lectures are just a condensed version of the book readings, rendering the readings redundant and unnecessary. ) The projects were poorly explained and there was much reliance on the student Slack channel for project setup (hint: project setup is like 90% of the work for the projects). To top it all off, the instructor was either unengaged or condescending. The course is technically “easy” in terms of workload and subject matter, but I would imagine that most people got B’s just due to there being few grading events that don’t measure your understanding very well. I just finished the final in less than three minutes, having settled on an end goal of getting over half of the T/F questions correct for a B (the A being unattainable or not worth it due to crap questions). The worst course I’ve taken in the program and could use some strong changes.
This class has a lot of potential that goes largely untapped. The professor runs the lectures of the course nearly directly from a technical book, with his preferences emphasized. It sometimes feels more like a survey of a wide range of industrial control topics with an emphasis on the power grid. The problem is that it’s a poorly written book in both language and conceptual layout. For example, you find repetition of facts at the beginning, middle, and end - but all high level concepts without specifics.
Technical papers the professor wrote were more interesting than anything in the book, and I wish the professor focused more on his work instead of the book - “Industrial Network Security”. There was a little bit of opinion/politics thrown into a couple lecture - and this is my ultimate pet peeve.
Not too much detail on most topics or specific technical challenges like you will find in nearly every other OMSCS course. Two of the three projects allow for a slightly deeper dive, but still not what you would expect from your average GT graduate course. The instructor did post a few things throughout the semester on piazza, but TA involvement was puzzling. Although the TAs do answer random questions, you definitely get the feeling that the TAs have a lot better things to do than answer questions on piazza. Even with that our TAs still really seem like great people, and I liked them.
The hardest part of the course is having so few grading events. There are two tests and three projects. And the tests are not long, so you have to make each grade count.
I write a review for every class I take, and this will be the first negative review for any class. That probably speaks to the strength of OMSCS. It’s not a BAD class, per se, but it does not stand up to many of the others. And that’s a pretty high bar.
SHITTIEST COURSE! A BIG WASTE OF TIME & MONEY.
This is not a Master level class. It does not teach you how to think, analyze, or reason with logic. Instead, it asks you to memorize concepts, protocols, and several shameless plugs from the instructor.
Don’t let the first few videos fool you with that hard yellow hat or the substation in the background into thinking the instructor is passionate about the class. On the contrary, you rarely see him participating. There was a question from a student and he condescendingly answered “I’m not going to debate with you but for other students, my statements were right. “ That surprised and roiled up many students. If there’s anything you’d learn in this class, unprofessional attitude is surely one.
The remaining of the videos are paraphrases from books, with a bunch of fundamental errors sprinkled in for taste. You’re expected to remember all of that, including misinformation.
The mini projects (i. e. homework) are ill prepared. Unlicensed Windows, outdated software, non-working environment, etc. These issues were reported in earlier semesters but none bothered to fix them. The staffs just don’t give a f*ck. And the previous sentence is my only review about the staffs.
The exams, as mentioned before, expect much rote-learning. But questions are badly written. In a true/false setting, most questions can go either way depending on the (missing) context. There is no way to reason them out, even security pros fail to match the answers. The final is especially terrible. Scheduled for ~3 hours, many completed in ~3 minutes. This class obviously does not meet any educational standard.
To recap, taking this class would set you back a few steps on your way to a good job. There are better security classes in the OMSCS program. But please do take this class if learning-by-rote is your kinda thing and you want to sell security to your boss. This class is easy and has enough spins for that.
This was the first semester this class was offered. It covered a wide range of topics from general network security, industrial control systems and programming in ladder logic. It is a lot of material and overall it is very interesting. The grading was fair and was based on 3 projects and 2 tests.
The tests were short, multiple choice and T/F tests. In general I ended up studying all the material for a very long time only to spend 5 to 10 min on each test. The testing on ladder logic was not done well since there was no effort to give partial credit. This I feel is important when testing knowledge of a programming language.
The projects were the best part of the course, but still fell short of providing that much challenge in the class. The actual tasks pertaining to the material were quite easy, but sometimes it was the preparation that took the longest. My feelings after taking the class were that homework should be given each week to introduce the students to the technologies they will be using, like VirtualBox, Wireshark and the ladder logic emulator. Therefore the projects could involve more of the class material and less learning about the project environment.
Lastly, TA involvement on Piazza was good. They were there to answer questions or concerns. Since the class grading involved only 5 assignments Piazza was quiet most of the semester.
I would like to see this class improve since the material is current and well-delivered. There should be some attempts to make the delivery focus more on the projects and less on the tests.
Fairly simple, but assumes a moderately broad basis of knowledge. A little programming would help, and a fair bit of information security, and a bit of networking. If you have that, it’s a short time commitment for several assignments and two exams. It was nice that it was fairly new material. One of my favorite classes, and I learned a good bit despite it not being labor intensive. Had A’s straight through, despite doing the assignments entirely later than I should have.
The class topic is very cool. The projects are good for learning about the Industrial Control System Environments. What makes the class more difficult is that there are only 5 gradable events. There is a midterm that had 19 questions total. (I mean, miss 3 and you are at a C-), and 3 projects, plus a Final. The questions on the midterm were somewhat ambiguous which left me very nervous. I liked the first project on Ladder Logic. The Second was Modbus, and I ran out of time because of conflicting project schedules with CS6262 Network Security. I ended up having to drop this one here in the Spring, but will look to redo in the summer. It is a good topic, but overall, I wish the exams had more questions so it had better coverage of the material and less “gotcha” ambiguous questions. And actually, I wish there were more projects too. Some parts of the class go a long time with simply reading a chapter and watching a lesson. Even smaller projects would be good here and cement the material.
Not sure how fall semester was but I took this in Spring semester and it was an awful awful class. I had to withdraw since my first midterm grade was very poor and the instructor had no intentions of giving a curve even though the class average was failing! Nobody got an A on the first exam and the exam did a poor job of gauging my understanding of the material since it was all T/F questions with 3 ineligible Multiple choice questions (we could not see the diagrams properly). Despite all of the students complaints, the instructors simply ignored them and moved on. On top of that, we never even got the answer key for the first exam so I don’t know what I got wrong (or could argue for any points back).
The mini projects could be fun; however, the lectures do not show how to solve them at all. I was very stuck on both thus far, not because it was necessarily difficult but because there was little documentation or little knowledge given to us about the project. On top of that, the VMs and instructions provided for the mini projects were very very poor and paltry when it came to details. I had to scour Piazza in order to troubleshoot some of the most basic issues with the VM (for instance, there was an Ubuntu VM given to us that had no taskbar and had I not known the command needed to use in the terminal in Piazza, I would’ve just been completely stuck). A lot of time is also spent configuring the VM, downloading files/applications, and installing everything just to begin the project - why the instructors/TAs don’t do this themselves and then provide the VM is beyond me.
I would strongly suggest to avoid this terrible class. It is sad because the material looks so cool but the lack of structure, direction, and overall unfairness of this class has lead me to believe that this is the worst class I have ever taken as a student (and this was my 8th class in the program).
An easy but rewarding course. The projects are perhaps a bit too easy, but I found the material and reading itself very rewarding. Gives me a new perspective on talk of ‘cyberwar’ in the news. I would strongly recommend reading the academic papers assigned - although they weren’t so relevant to the projects/exams, they were sometimes far more interesting than the textbooks.
My only complaint is easiness of the class - some of the projects definitely did not feel rigorous, especially in their programming component. But others may disagree, just my two cents.
Overall, I would recommend this class, but definitely as a second class in addition to something else more challenging.
Overall a great class! It has some issues, but fortunately they are ones I think will be resolved in future iterations of the course.
The course stands alone very well, and covers the necessary background material needed to be successful without needing to take other classes. If you have taken CN, InfoSec, and NetSec, you will find much of the material to be review. What is unique to this class is how this pertains to the realm of cyber physical systems like Programmable Logic Controllers, and how these devices are used in a conventional industrial plant.
This semester the course had 3 projects, each taking between 5-8 hours to complete. Each focused on it’s own area - Ladder Logic Programming, Industrial Protocols, and exploiting vulnerabilities in CPS. There was a one hour midterm consisting of multiple choice and T/F style problems. I have yet to take the final, but it is 3 hours long, has a similar format and length to the midterm, and is comprehensive. We are permitted to use a single sheet of notes for the tests.
The material spends a lot of time focusing on definitions of terms, policies, and best practices. It uses common terminology, so much of it will be familiar, just applied to a new realm. The videos are high quality, easy to understand, and you can tell Professor Beyah was well rehearsed and polished for their production. There are a few moments where I felt like I was watching the Turbo Encabulator video, but it wasn’t too terribly distracting.
The course also has some pacing issues. With only three short projects, straightforward material, two tests, and ~50 students this semester we probably won’t get higher than 300 threads in Piazza. I think the inclusion of meatier projects / more projects is likely to occur, and would benefit the class.
If you are looking to prepare for the course, you could learn Wireshark if you don’t already know how to use it, and potentially buy the books in advance and do some casual reading.
The instructor (Raheem Beyah) keeps his syllabus on his website at http://users. ece. gatech. edu/~rbeyah/classes/fall2016/cs8803/ (substitute your term as appropriate)
Grading summary: 2 projects @ 25% each Midterm & Final @ 25% each, via ProctorTrack (T/F, MC)
Project 1 was PLC ladder logic programming Project 2 analyzing ethernet traffic and using Python to inject bad commands Project 3 researching vulnerable devices (All projects are individual; no group projects)
Pace is slow, so a great class to take along side another. I’m taking CS6035 concurrently. This class does not require CS6035 as a prereq - it can stand on its own. The content is interesting and worthwhile. There haven’t been any office hours, but the TAs and instructor monitor Piazza well. Granted we only have ~50 students in the class during its 1st run.
Edit: updated review after finishing the class