Visible to the public SURE Meeting Presentations 2015 March 17-18

SoS Newsletter- Advanced Book Block

SoS Logo

SecUrity and REsilience


Cyber-Physical Systems (SURE) Presentations

SURE Meeting Presentations 2015 March 17-18

The research projects presented at the Six Month Review meeting between NSA and the four System Science of SecUrity and REsilience for Cyber-Physical Systems (SURE) project universities--Vanderbilt, Hawaii, California-Berkeley, and MIT-- covered behavioral and technical subjects related to resiliency and introduced the Resilient Cyber Physical Systems Testbed.  A summary of each presentation and a link to the original document are provided.


Project Overview;  Xenofon Koutsoukos (Vanderbilt) URL: Project Thrustsare Hierarchical Coordination and Control; Risk analysis and incentive design that aim at developing regulations and strategies at the management level; Resilient monitoring and control of the networked control system infrastructure; Science of decentralized security which aims to develop a framework that will enable reasoning about the security of all the integrated constituent CPS components; Reliable and practical reasoning about secure computation and communication in networks which aims to contribute a formal framework for reasoning about security in CPS; Evaluation and experimentation using modeling and simulation integration of cyber and physical platforms that directly interface with human decision makers; and Education and outreach.


Evaluation Testbed; Peter Volgyesi and Himanshu Neema (Vanderbilt University) URL:  The objectives of  the RCPS Testbed  is to develop and maintain well-defined domains,  language, rules, tools, and metrics; integrate existing robust domain tools and technologies, simulators, analysis tools, middleware; maintain model libraries and repositories; Red Team vs Blue Team scenarios and challenges; simulate real adversary behavior; integration technology; meta-programmable tools; strong versioning; web-based interfaces;  and cloud-based, scalable services. Current research being conducted on the RCSP Testbed includes complex attack strategies, attack description language, using and orchestrating existing atomic action, adversarial risk analysis, repeated, automated simulation runs: probabilistic interdependency graphs, optimization, resilient monitoring and control and science of decentralized security


Demo: Resilient and Secure Component-Based Software for CPS Architectures; William Emfinger and Pranav Kumar (Vanderbilt University) URL:   The RCPS Testbed consists of  embedded system hardware with hosts running actual code,  a physical system simulator,, code running on the hosts communicates with the physics simulator to get current sensor state and to control the actuators, a smart network switch that  allows emulation of network resources to accurately emulate the system’s network, integrated analysis and measurement tools  and modeling tools, code generators, and deployment/monitoring utilities.  The demonstration showed many of these features using a simulated GPS satellite constellation.


Science of Adversarial Risk in CPS; Yevgeniy Vorobeychik (Vanderbilt University) URL: CPS security relies on many individual decision makers making good choices.  Risk stems from choices which are optimal for individuals, but not for the system as a whole, but in most real CPS security, the system involves multiple defenders, with each defender “charged” with security for

a subset of assets.   When security decisions are decentralized and decision makers have different interests, system-level security can be sub-optimal.  Next steps will be to use simulation as a “multi-defender” platform to form a bridge into the evaluation testbed and to develop automated methods for CPS model-based risk analysis in GME using the attack description language.


Incentive Mechanisms for CPS Security; Saurabh Amin (MIT) URL:  Incentive mechanisms are needed to encourage the building of secure systems. For certain regulatory regimes, electricity distributors make sub-optimal investment in monitoring; user steals less when  fines are higher or detection probability is higher.  Distributor invests more in monitoring when costs of monitoring lower or user stealing is higher. Due to information deficiencies, R and S are interdependent

Equilibrium depends on relative frequencies of failures and reliability failure distribution.  Defenders should co-design defenses against faults & attacks. Contributions of the work are a network game with interdependent reliability and security, full characterization of equilibria, and a polynomial-time algorithm for enumerating all equilibria.  Future work will be to study defender interactions with multiple strategic attackers, game parameters not known to all players, link capacities, and edge reinforcement.


Putting Humans in the Loop: Active Learning at Scale for Malware Detection; Anthony Joseph (UC Berkeley)  URL:  This study looks at use of  Machine Learning  to separate positive (malicious) from negative (benign) instances. Security Analytics: Using Robust ML for adversary resistant security, metrics and analytics,  Pattern mining and prediction, at scale, on big data, with adversaries;  Detecting and classifying malicious actions within Cyber-Physical Systems, malware, spam; Situational Awareness: Helping the humans-in-the-loop;  Real-time, Machine Learning-based analytics for human domain experts;  Interaction with multiple thrusts; Hierarchical Coordination and Control via a ML pipeline addressing CPS security needs for Resilient Monitoring and Control and Evaluation and experimentation using humans and real-world data (malware).


Modeling Privacy in Human CPS; Roy Dong (UC Berkeley) URL:  From an engineering perspective, there are two dominant paradigms: control over information and secrecy.  The author proposes privacy contracts since privacy is a good: higher privacy settings could cost more.  There is asymmetric information in this problem, and adverse selection becomes an issue.


Secure Computation in Actor Networks; Dusko Pavlovic (U of Hawai’i) URL:  Security is both a suitable subject for science and the process of security is also similar to the process of science, since both science and security depend on the methods of inductive inference. A scientific theory can never be definitely proved, but can only be disproved by new evidence, and improved into a better theory. Because of the same dependency, every security claim and method has a lifetime, and always eventually needs to be improved.


Resilient Sensor Network Design for Flow Networks; Waseem Abbas (Vanderbilt University) URL: leakages and faults in flow networks cause commercial and physical losses.  Using water supply information, they systematically examine early detection and localization mechanisms of reported and unreported breaks in an efficient way.  Resilience issues include uncertainty in system response to burst pipes, inherent model uncertainty,  transient system analysis, additional uncertainty in infrastructure topology and characteristics, underground infrastructure that is not visible and hard to access, and  the spatial distribution of the networks and complex looped topology due to constant expansion and rehabilitation.  This approach considers pipe burst events as opposed to previously majority of work considering water quality.  There is very limited work on localization as compared to detection, and issue for resiliency.


Attack-Resilient Observation Selection; Aron Laszka (Vanderbilt University)  URL: To dynamically control any system, accurate information about its evolving state  systems to be monitored can extend over a vast area  resulting in many possible points of observation.  Focused on traffic patterns, this study posits that the resilience of monitoring to denial-of-service type attacks can be achieved by placing sensors in a resilient way.  Resilient sensor placement is formulated as a constrained optimization problem based on a formal prediction model that is applicable to multiple domains.  Previous work focused on observation selection while current work is addressing resilient observation selection.  Future work will address  unit costs of uncertainty for both the “no-attack” case and the “attacked” and selections minimizing the sum cost of both uncertainties.


Using Machine Learning to Improve the Resilience of Control; Claire Tomlin (UC Berkeley) URL: Using data from air traffic control, the authors use machine learning as a tool to  visualize a model of resiliency.  They conclude research in the security of control systems has assumed a fixed control algorithm, and considered attack of the sensors, algorithm, machine learning adapts the control based on data collected.  In theory, the learning could be used to detect anomalies and intrusions. However, if an attacker knew the learning algorithm, it would be easier to spoof the system without detection


Resilient and Secure Component-Based Software for CPS Architectures; Gabor Karsai (Vanderbilt University) URL: The ‘CPS Cloud’ is used as an open sensing/Computing/Actuation Platform where various customer applications can run side-by-side.  The physical world can be simulated in real-time with the desired degree of fidelity, including faults, the network can be emulated in real-time with a desired degree of fidelity, including cyber effects, and embedded computing platforms are very affordable. Some examples of potential CPS Cloud subjects include fractionated satellite –observation platforms, coordinated swarm of UAVs executing a mission, fleet of UUVs collecting data while in motion, and monitoring and control nodes on the Smart Grid Challenges in building this CPS Cloud include networked, distributed control systems, fault-and security resilience, and applications with different trust and security levels that must run side-by-side.


System-Level Co-design for CPS Security; Janos Sztipanovits (Vanderbilt University) ) URL:  The traditional system-level synthesis problem for the “cyber” side of CPS is to dDerive specification for the behavior of the  system components that will be implemented using networked computing, derive a functional model for the information architecture and componentize the system, select computing/networking platform, derive deployment model assigning components of the information architecture to processing and communication platforms, generate code for software components, and perform timing analysis in order to make security part of system-level  co-design processes.  Mitigation of security vulnerabilities cost performance, timing, and functionality.  Integration into design processes will reduce performance degradation.


Science of Security Virtual Organization; Katie Dey (Vanderbilt University) ) URL:   The Cyber Physical Systems Virtual Organization is a tool to develop community, collaborate, and support technology transfer and translational research.  The CPS-VO web page is the focal point for information sharing and community outreach and development. Nodes provide information about SURE activities, meetings, and research as well as general announcements about upcoming events, funding opportunities, discussion forums and chat, and a newsletter containing current research bibliographies about topics of interest to the Science of Security community.



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.