Design and Implementation of Attack-Resilient Cyber-Physical Systems
Presented as part of the 2014 HCSS conference.
Abstract:
Modern embedded control architectures have moved from isolated systems to open architectures, such as new automotive systems with services that include remote diagnostics, code updates, and vehicle-to- vehicle communication. However, this increasing set of functionalities, network interoperability, and complexity of system design have also introduced security vulnerabilities that are easily exploitable, since the current embedded systems have not been built with security in mind. Furthermore, the tight interaction between information technology and physical world makes these systems vulnerable to malicious attacks beyond the standard cyber-attacks, and thus relying exclusively on cyber-security techniques is insufficient to provide guarantees on system performance. This is highlighted in cases when non-invasive sensor attacks occur (i.e., when the physical environment around a sensor is compromised to allow for injection of a malicious signal) as shown in recent attacks on Anti-lock Braking Systems and GPS sensors.
Consequently, there is a need to change the way we reason about control in Cyber-Physical Systems and to start designing attack-resilient control schemes and architectures capable of dealing with cyber-physical attacks on the environment of the controller (e.g., sensors, actuators, and communication media). To utilize knowledge of the system dynamics for attack detection and identification, we have to focus on a new set of problems such as attack-resilient state estimation, sensor and controller fusion under attacks, and detecting attacks in presence of noise and model uncertainty. In this talk, we present our recent efforts on the design of attack-resilient control schemes for cyber-physical systems. We focus on the problem of state estimation in presence of attacks, for systems with noise and modeling errors. When a state-based feedback controller uses the estimated states, we show that the attacker cannot destabilize the system by exploiting the difference between the model used for the state estimation and the real physical dynamics of the system. Furthermore, we describe how implementation issues such as jitter, latency, and synchronization errors can be mapped into parameters of the state estimation procedure that describe modeling errors, and provide a bound on the state-estimation error caused by the modeling errors. For a given control algorithm, such a robust method allows for the mapping of desired control guarantees into real-time performance requirements from the underlying OS and networks, which facilitates reasoning about attack-resilience across different implementation layers. Finally, we illustrate the use of this approach on two real-world case studies by implementing attack-resilient cruise control on an unmanned ground vehicle and a state-of-the-art American Built Car.
Speaker Bio:
Miroslav Pajic is a Postdoctoral Researcher in the Department of Electrical & Systems Engineering and PRECISE Center (Penn Research in Embedded Computing and Integrated System) at the University of Pennsylvania. He received his Ph.D. and M.S. degrees in Electrical Engineering from the University of Pennsylvania in 2012 and 2010, and the M.S. and Dipl. Ing. degrees from the University of Belgrade, Serbia, in 2007 and 2003, respectively. His research interests focus on the design and analysis of cyber-physical systems and in particular real-time and embedded systems, distributed/networked control system, and high-confidence medical device systems. Dr. Pajic received various awards including the ACM SIGBED Frank Anger Memorial Award, the Joseph and Rosaline Wolf Award for Best Dissertation from Penn Engineering, the Best Paper Award at the 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS), the Best Student Paper Award at the 2012 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), and Honeywell User Group Wireless Innovation Award.