Visible to the public Cyber-Physical System Security and Privacy, 2014, Part 1

SoS Newsletter- Advanced Book Block


SoS Logo

Cyber-Physical System

Security and Privacy, 2014

Part 1

Cyber-Physical systems generally are systems where computers control physical entities. They exist in areas as diverse as automobiles, manufacturing, energy, transportation, chemistry, and computer appliances. In this bibliography, the primary focus of published research is in smart grid technologies—the use of cyber-physical systems to coordinate the generation, transmission, and use of electrical power and its sources. Because of its strategic importance and the consequences of intrusion, smart grid is of particular importance to the Science of Security. The work presented here was published in 2014.

Armin Wasicek, Patricia Derler, Edward A. Lee. “Aspect-oriented Modeling of Attacks in Automotive Cyber-Physical Systems.” DAC '14 Proceedings of the 51st Annual Design Automation Conference, June 2014, Pages 1-6. doi:10.1145/2593069.2593095
Abstract: This paper introduces aspect-oriented modeling (AOM) as a powerful, model-based design technique to assess the security of Cyber-Physical Systems (CPS). Particularly in safety-critical CPS such as automotive control systems, the protection against malicious design and interaction faults is paramount to guaranteeing correctness and reliable operation. Essentially, attack models are associated with the CPS in an aspect-oriented manner to evaluate the system under attack. This modeling technique requires minimal changes to the model of the CPS. Using application-specific metrics, the designer can gain insights into the behavior of the CPS under attack.
Keywords: Aspect-oriented Modeling, Cyber-Physical Systems, Security (ID#: 15-5832)


Sven Wohlgemuth. “Is Privacy Supportive for Adaptive ICT Systems?” iiWAS '14 Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services, December 2014, Pages 559-570. doi:10.1145/2684200.2684363
Abstract: Adaptive ICT systems promise to improve resilience by re-using and sharing ICT services and information related to electronic identities and real-time requirements of business networking applications. The aim is to improve welfare and security of a society, e.g. a "smart" city. Even though adaptive ICT systems technically enable everyone to participate both as service consumer and provider without running the required technical infrastructure by oneself, uncertain knowledge on enforcement of legal, business, and social requirements impedes taking advantage of adaptive ICT systems. Not only IT risks on confidentiality and accountability are undecidable due to lack of control with the current trust infrastructure but also IT risks on integrity and availability due to lack of transparency. Reasons are insufficient quantification of IT risk as well as unacceptable knowledge on cause-and-effect relationships and accountability. This work introduces adaptive identity management to improve control and transparency for a trustworthy spontaneous information exchange as the critical activity of adaptive ICT systems.
Keywords: Adaptive ICT System, Game Theory, IT Risk Management, Identity Management, Multilateral IT Security, Privacy, Resilience, Security (ID#: 15-5833)


Jin Dong, Seddik M. Djouadi, James J. Nutaro, Teja Kuruganti. “Secure Control Systems with Application to Cyber-Physical Systems.” CISR '14 Proceedings of the 9th Annual Cyber and Information Security Research Conference, April 2014, Pages 9-12. doi:10.1145/2602087.2602094
Abstract: Control systems are computer-based systems with networked units consisting of sensors, actuators, control processing units, and communication devices. The role of control system is to interact, monitor, and control physical processes. Reactive power control is a fundamental issue in ensuring the security of the power network. It is claimed that Synchronous Condensers (SC) have been used at both distribution and transmission voltage levels to improve stability and to maintain voltages within desired limits under changing load conditions and contingency situations. Performance of PI controller corresponding to various tripping faults are analyzed for SC systems. Most of the effort in protecting these systems has been in protection against random failures or reliability. However, besides failures these systems are subject to various signal attacks for which new analysis are discussed here. When a breach does occur, it is necessary to react in a time commensurate with the physical dynamics of the system as it responds to the attack. Failure to act swiftly enough may result in undesirable, and possibly irreversible, physical effects. Therefore, it is meaningful to evaluate the security of a cyber-physical system, especially to protect it from cyber-attack. Illustrative numerical examples are provided together with an application to the SC systems.
Keywords: SCADA systems, cyber-physical systems, secure control, security (ID#: 15-5834)


Andrei Costin, Aurélien Francillon. “Short Paper: A Dangerous ‘Pyrotechnic Composition’: Fireworks, Embedded Wireless and Insecurity-by-Design.” WiSec '14 Proceedings of the 2014 ACM Conference on Security and Privacy In Wireless & Mobile Networks, July 2014, Pages 57-62. doi:10.1145/2627393.2627401
Abstract: Fireworks are used around the world to salute popular events such as festivals, weddings, and public or private celebrations. Besides their entertaining effects fireworks are essentially colored explosives which are sometimes directly used as weapons. Modern fireworks systems heavily rely on 'wireless pyrotechnic firing systems'. Those 'embedded cyber-physical systems' (ECPS) are able to remotely control pyrotechnic composition ignition. The failure to properly secure these computer sub-systems may have disastrous, if not deadly, consequences. They rely on standardized wireless communications, off the shelf embedded hardware and custom firmware. In this short paper, we describe our experience in discovering and exploiting a wireless firing system in a short amount of time without any prior knowledge of such systems. In summary, we demonstrate our methodology starting from analysis of firmware, the discovery of vulnerabilities and finally by demonstrating a real world attack. Finally, we stress that the security of pyrotechnic firing systems should be considered seriously, which could be achieved through improved safety compliance requirements and control.
Keywords: embedded, exploitation, firing systems, security, vulnerabilities, wireless (ID#: 15-5835)


Marco Balduzzi, Alessandro Pasta, Kyle Wilhoit. “A Security Evaluation of AIS Automated Identification System.” ACSAC '14 Proceedings of the 30th Annual Computer Security Applications Conference, December 2014, Pages 436-445. doi:10.1145/2664243.2664257
Abstract: AIS, Automatic Identification System, is an application of cyber-physical systems (CPS) to smart transportation at sea. Being primarily used for collision avoidance and traffic monitoring by ship captains and maritime authorities, AIS is a mandatory installation for over 300,000 vessels worldwide since 2002. Other promoted benefits are accident investigation, aids to navigation and search and rescue (SAR) operations. In this paper, we present a unique security evaluation of AIS, by introducing threats affecting both the implementation in online providers and the protocol specification. Using a novel software-based AIS transmitter that we designed, we show that our findings affect all transponders deployed globally on vessels and other maritime stations like lighthouses, buoys, AIS gateways, vessel traffic services and aircraft involved in SAR operations. Our concerns have been acknowledged by online providers and international standards organizations, and we are currently and actively working together to improve the overall security.
Keywords: (not provided) (ID#: 15-5836)


Shivam Bhasin, Jean-Luc Danger, Tarik Graba, Yves Mathieu, Daisuke Fujimoto, Makoto Nagata. “Physical Security Evaluation at an Early Design-Phase: A Side-Channel Aware Simulation Methodology.” ES4CPS '14 Proceedings of International Workshop on Engineering Simulations for Cyber-Physical Systems, March 2014, Pages 13. doi:10.1145/2559627.2559628
Abstract: Cyber-Physical Systems (CPS) are often deployed in critical domains like health, traffic management etc. Therefore security is one of the major driving factor in development of CPS. In this paper, we focus on cryptographic hardware embedded in CPS and propose a simulation methodology to evaluate the security of these cryptographic hardware cores. Designers are often concerned about attacks like Side-Channel Analysis (SCA) which target the physical implementation of cryptography to compromise its security. SCA considers the physical "leakage" of a well chosen intermediate variable correlated with the secret. Certain countermeasures can be deployed, like dual-rail logic or masking, to resist SCA. However to design an effective countermeasure or to fix the vulnerable sources in a circuit, it is of prime importance for a designer to know the main leaking sources in the device. In practice, security of a circuit is evaluated only after the chip is fabricated followed by a certification process. If the circuit has security concerns, it should pass through all the design phases right from RTL to fabrication which increases time-to-market. In such a scenario, it is very helpful if a designer can determine the vulnerabilities early in the design cycle and fix them. In this paper, we present an evaluation of different strategies to verify the SCA robustness of a cryptographic circuit at different design steps, from the RTL to the final layout. We compare evaluation based on digital and electrical simulations in terms of speed and accuracy in a side-channel context. We show that a low-level digital simulation can be fast and sufficiently accurate for side-channel analysis.
Keywords: Design-Time security Evaluation, Side-Channel Analysis (ID#: 15-5837)


Lujo Bauer, Florian Kerschbaum. “What are the Most Important Challenges for Access Control in New Computing Domains, such as Mobile, Cloud and Cyber-Physical Systems?” SACMAT '14 Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, June 2014, Pages 127-128. doi:10.1145/2613087.2613090
Abstract: We are seeing a significant shift in the types and characteristics of computing devices that are commonly used. Today, more smartphones are sold than personal computers. An area of rapid growth are also cloud systems; and our everyday lives are invaded by sensors like smart meters and electronic tickets. The days when most computing resources were managed directly by a computer's operating system are over—data and computation is distributed, and devices are typically always connected via the Internet. In light of this shift, it is important to revisit the basic security properties we desire of computing systems and the mechanisms that we use to provide them. A building block of most of the security we enjoy in today's systems is access control. This panel will examine the challenges we face in adapting the access control models, techniques, and tools produced thus far to today's and tomorrow's computing environments. Key characteristics of these new systems that may require our approach to access control to change is that in many (e.g., cloud) systems users do not directly control their data; that a vast population of users operating mobile and other new devices has very little education in their use; and that cyber-physical systems permeate our environment to the point where they are often invisible to their users. Access control comprises enforcement systems, specification languages, and policy-management tools or approaches. In each of these areas the shifting computing landscape leaves us examining how current technology can be applied to new contexts or looking for new technology to fill the gap. Enforcement of access-control policy based on a trusted operating system, for example, does not cleanly translate to massively distributed, heterogeneous computing environments; to environments with many devices that are minimally administered or administered with minimal expertise; and to potentially untrusted clouds that hold sensitive data and computations that belong to entities other than the cloud owner. What technologies or system components should be the building blocks of enforcement in these settings?
Keywords: access control, challenges, panel (ID#: 15-5838)


Mayur Naik. “Large-Scale Configurable Static Analysis.” SOAP '14 Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, June 2014, Pages 1-1. doi:10.1145/2614628.2614635
Abstract: Program analyses developed over the last three decades have demonstrated the ability to prove non-trivial properties of real-world programs. This ability in turn has applications to emerging software challenges in security, software-defined networking, cyber-physical systems, and beyond. The diversity of such applications necessitates adapting the underlying program analyses to client needs, in aspects of scalability, applicability, and accuracy. Today's program analyses, however, do not provide useful tuning knobs. This talk presents a general computer-assisted approach to effectively adapt program analyses to diverse clients. The approach has three key ingredients. First, it poses optimization problems that expose a large set of choices to adapt various aspects of an analysis, such as its cost, the accuracy of its result, and the assumptions it makes about missing information. Second, it solves those optimization problems by new search algorithms that efficiently navigate large search spaces, reason in the presence of noise, interact with users, and learn across programs. Third, it comprises a program analysis platform that facilitates users to specify and compose analyses, enables search algorithms to reason about analyses, and allows using large-scale computing resources to parallelize analyses.
Keywords: (not provided) (ID#: 15-5839)


Anis Ben Aissa, Latifa Ben Arfa Rabai, Robert K. Abercrombie, Ali Mili, Frederick T. Sheldon. “Quantifying Availability in SCADA Environments Using the Cyber Security Metric MFC.” CISR '14 Proceedings of the 9th Annual Cyber and Information Security Research Conference, April 2014, Pages 81-84. doi:10.1145/2602087.2602103
Abstract: Supervisory Control and Data Acquisition (SCADA) systems are distributed networks dispersed over large geographic areas that aim to monitor and control industrial processes from remote areas and/or a centralized location. They are used in the management of critical infrastructures such as electric power generation, transmission and distribution, water and sewage, manufacturing/industrial manufacturing as well as oil and gas production. The availability of SCADA systems is tantamount to assuring safety, security and profitability. SCADA systems are the backbone of the national cyber-physical critical infrastructure. Herein, we explore the definition and quantification of an econometric measure of availability, as it applies to SCADA systems; our metric is a specialization of the generic measure of mean failure cost.
Keywords: MFC, SCADA, availability, dependability, security measures, security requirements, threats (ID#: 15-5840)


Teklemariam Tsegay Tesfay, Jean-Pierre Hubaux, Jean-Yves Le Boudec, Philippe Oechslin. “Cyber-Secure Communication Architecture for Active Power Distribution Networks. SAC '14 Proceedings of the 29th Annual ACM Symposium on Applied Computing, March 2014, Pages 545-552. doi:10.1145/2554850.2555082
Abstract: Active power distribution networks require sophisticated monitoring and control strategies for efficient energy management and automatic adaptive reconfiguration of the power infrastructure. Such requirements are realised by deploying a large number of various electronic automation and communication field devices, such as Phasor Measurement Units (PMUs) or Intelligent Electronic Devices (IEDs), and a reliable two-way communication infrastructure that facilitates transfer of sensor data and control signals. In this paper, we perform a detailed threat analysis in a typical active distribution network's automation system. We also propose mechanisms by which we can design a secure and reliable communication network for an active distribution network that is resilient to insider and outsider malicious attacks, natural disasters, and other unintended failure. The proposed security solution also guarantees that an attacker is not able to install a rogue field device by exploiting an emergency situation during islanding.
Keywords: PKI, active distribution network, authentication, islanding, smart grid, smart grid security, unauthorised access (ID#: 15-5841)


Mahdi Azimi, Ashkan Sami, Abdullah Khalili. “A Security Test-Bed for Industrial Control Systems.” MoSEMInA 2014 Proceedings of the 1st International Workshop on Modern Software Engineering Methods for Industrial Automation, May 2014, Pages 26-31. doi:10.1145/2593783.2593790
Abstract: Industrial Control Systems (ICS) such as Supervisory Control And Data Acquisition (SCADA), Distributed Control Systems (DCS) and Distributed Automation Systems (DAS) control and monitor critical infrastructures. In recent years, proliferation of cyber-attacks to ICS revealed that a large number of security vulnerabilities exist in such systems. Excessive security solutions are proposed to remove the vulnerabilities and improve the security of ICS. However, to the best of our knowledge, none of them presented or developed a security test-bed which is vital to evaluate the security of ICS tools and products. In this paper, a test-bed is proposed for evaluating the security of industrial applications by providing different metrics for static testing, dynamic testing and network testing in industrial settings. Using these metrics and results of the three tests, industrial applications can be compared with each other from security point of view. Experimental results on several real world applications indicate that proposed test-bed can be successfully employed to evaluate and compare the security level of industrial applications.
Keywords: Dynamic Test, Industrial Control Systems, Network Test, Security, Static Test, Test-bed (ID#: 15-5842)


Bogdan D. Czejdo, Michael D. Iannacone, Robert A. Bridges, Erik M. Ferragut, John R. Goodall. “Integration of External Data Sources with Cyber Security Data Warehouse.”  CISR '14 Proceedings of the 9th Annual Cyber and Information Security Research Conference, April 2014, Pages 49-52. doi:10.1145/2602087.2602098
Abstract: In this paper we discuss problems related to integration of external knowledge and data components with a cyber security data warehouse to improve situational understanding of enterprise networks. More specifically, network assessment and trend analysis can be enhanced by knowledge about most current vulnerabilities and external network events. The cyber security data warehouse can be modeled as a hierarchical graph of aggregations that captures data at multiple scales. Nodes of the graph, which are summarization tables, can be linked to external sources of information. We discuss problems related to timely information about vulnerabilities and how to integrate vulnerability ontology with cyber security network data.
Keywords: aggregation, anomaly detection, cyber security, natural language processing, network intrusion, situational understanding, vulnerability, vulnerability ontology (ID#: 15-5843)


Dina Hadžiosmanović, Robin Sommer, Emmanuele Zambon, Pieter H. Hartel. “Through the Eye of the PLC: Semantic Security Monitoring for Industrial Processes.” ACSAC '14 Proceedings of the 30th Annual Computer Security Applications Conference, December 2014, Pages 126-135. doi:10.1145/2664243.2664277
Abstract: Off-the-shelf intrusion detection systems prove an ill fit for protecting industrial control systems, as they do not take their process semantics into account. Specifically, current systems fail to detect recent process control attacks that manifest as unauthorized changes to the configuration of a plant's programmable logic controllers (PLCs). In this work we present a detector that continuously tracks updates to corresponding process variables to then derive variable-specific prediction models as the basis for assessing future activity. Taking a specification-agnostic approach, we passively monitor plant activity by extracting variable updates from the devices' network communication. We evaluate the capabilities of our detection approach with traffic recorded at two operational water treatment plants serving a total of about one million people in two urban areas. We show that the proposed approach can detect direct attacks on process control, and we further explore its potential to identify more sophisticated indirect attacks on field device measurements as well.
Keywords: (not provided) (ID#: 15-5844)


Ting Liu, Yuhong Gui, Yanan Sun, Yang Liu, Yao Sun, Feng Xiao. “SEDE: State Estimation-Based Dynamic Encryption Scheme for Smart Grid Communication.” SAC '14 Proceedings of the 29th Annual ACM Symposium on Applied Computing, March 2014, Pages 539-544. doi:10.1145/2554850.2555033
Abstract: The vision of smart grid relies heavily on the communication technologies as they provide a desirable infrastructure for real-time measurement, transmission, decision and control. But various attacks such as eavesdropping, information tampering and malicious control command injection that are hampering the communication in Internet, would impose great threat on the security and stability of smart grids. In this paper, a State Estimation-based Dynamic Encryption (SEDE) scheme is proposed to secure the communication in smart grid. Several states of power system are employed as the common secrets to generate a symmetric key at both sides, which are measured on the terminals and calculated on the control center using state estimation. The advantages of SEDE are 1) the common secrets, used to generate symmetric key, are never exchanged in the network due to the state estimation, that observably improves the security of SEDE; 2) the measurement and state estimation are the essential functions on the terminals and control center in power system; 3) the functions, applied to encrypt and decrypt data, are simple and easy-implemented, such as XOR, Hash, rounding, etc. Thus, SEDE is considered as an inherent, light-weight and high-security encryption scheme for smart gird. In the experiments, SEDE is simulated on a 4-bus power system to demonstrate the process of state estimation, key generation and error correction.
Keywords: dynamic encryption, security, smart grid, state estimation (ID#: 15-5845)


Amel Bennaceur, Arosha K. Bandara, Michael Jackson, Wei Liu, Lionel Montrieux, Thein Than Tun, Yijun Yu, Bashar Nuseibeh. “Requirements-Driven Mediation for Collaborative Security.” SEAMS 2014 Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, June 2014, Pages 37-42. doi:10.1145/2593929.2593938
Abstract: Security is concerned with the protection of assets from intentional harm. Secure systems provide capabilities that enable such protection to satisfy some security requirements. In a world increasingly populated with mobile and ubiquitous computing technology, the scope and boundary of security systems can be uncertain and can change. A single functional component, or even multiple components individually, are often insufficient to satisfy complex security requirements on their own.  Adaptive security aims to enable systems to vary their protection in the face of changes in their operational environment. Collaborative security, which we propose in this paper, aims to exploit the selection and deployment of multiple, potentially heterogeneous, software-intensive components to collaborate in order to meet security requirements in the face of changes in the environment, changes in assets under protection and their values, and the discovery of new threats and vulnerabilities. However, the components that need to collaborate may not have been designed and implemented to interact with one another collaboratively. To address this, we propose a novel framework for collaborative security that combines adaptive security, collaborative adaptation and an explicit representation of the capabilities of the software components that may be needed in order to achieve collaborative security. We elaborate on each of these framework elements, focusing in particular on the challenges and opportunities afforded by (1) the ability to capture, represent, and reason about the capabilities of different software components and their operational context, and (2) the ability of components to be selected and mediated at runtime in order to satisfy the security requirements. We illustrate our vision through a collaborative robotic implementation, and suggest some areas for future work.
Keywords: Security requirements, collaborative adaptation, mediation (ID#: 15-5846)


Liliana Pasquale, Carlo Ghezzi, Claudio Menghi, Christos Tsigkanos, Bashar Nuseibeh. “Topology Aware Adaptive Security.” SEAMS 2014 Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, June 2014, Pages 43-48. doi:10.1145/2593929.2593939
Abstract: Adaptive security systems aim to protect valuable assets in the face of changes in their operational environment. They do so by monitoring and analysing this environment, and deploying security functions that satisfy some protection (security, privacy, or forensic) requirements. In this paper, we suggest that a key characteristic for engineering adaptive security is the topology of the operational environment, which represents a physical and/or a digital space - including its structural relationships, such as containment, proximity, and reachability. For adaptive security, topology expresses a rich representation of context that can provide a system with both structural and semantic awareness of important contextual characteristics. These include the location of assets being protected or the proximity of potentially threatening agents that might harm them. Security-related actions, such as the physical movement of an actor from a room to another in a building, may be viewed as topological changes. The detection of a possible undesired topological change (such as an actor possessing a safe’s key entering the room where the safe is located) may lead to the decision to deploy a particular security control to protect the relevant asset. This position paper advocates topology awareness for more effective engineering of adaptive security. By monitoring changes in topology at runtime one can identify new or changing threats and attacks, and deploy adequate security controls accordingly. The paper elaborates on the notion of topology and provides a vision and research agenda on its role for systematically engineering adaptive security systems.
Keywords: Topology, adaptation, digital forensics, privacy, security (ID#: 15-5847)


Steven D. Fraser, Djenana Campara, Michael C. Fanning, Gary McGraw, Kevin Sullivan. “Privacy and Security in a Networked World.” SPLASH '14 Proceedings of the companion publication of the 2014 ACM SIGPLAN conference on Systems, Programming, and Applications: Software for Humanity, October 2014, Pages 43-45. doi:10.1145/2660252.2661294
Abstract: As news stories continue to demonstrate, ensuring adequate security and privacy in a networked "always on" world is a challenge; and while open source software can mitigate problems, it is not a panacea. This panel will bring together experts from industry and academia to debate, discuss, and offer opinions -- questions might include: What are the "costs" of "good enough" security and privacy on developers and customers?  What is the appropriate trade-off between the price provide security and cost of poor security? How can the consequences of poor design and implementation be managed?  Can systems be enabled to fail "security-safe"?  What are the trade-offs for increased adoption of privacy and security best practices?  How can the "costs" of privacy and security -- both tangible and intangible -- be reduced?
Keywords: cost, design, privacy, security, soft issues (ID#: 15-5848)


Qi Zhu, Peng Deng. “Design Synthesis and Optimization for Automotive Embedded Systems.” ISPD '14 Proceedings of the 2014 on International Symposium on Physical Design, March 2014, Pages 141-148. doi:10.1145/2560519.2565873
Abstract: Embedded software and electronics are major contributors of values in vehicles, and play a dominant role in vehicle innovations. The design of automotive embedded systems has become more and more challenging, with the rapid increase of system complexity and more requirements on various design objectives. Methodologies such as model-based design are being adopted to improve design quality and productivity through the usage of functional models. However, there is still a significant lack of design automation tools, in particular synthesis and optimization tools, that can turn complex functional specifications to correct and optimal software implementations on distributed embedded platforms. In this paper, we discuss some of the major technical challenges and the problems to be solved in automotive embedded systems design, especially for the synthesis and optimization of embedded software.
Keywords: automotive embedded systems, design automation, software synthesis and optimization (ID#: 15-5849)


Chen Liu, Chengmo Yang, Yuanqi Shen. “Leveraging Microarchitectural Side Channel Information to Efficiently Enhance Program Control Flow Integrity.” CODES '14 Proceedings of the 2014 International Conference on Hardware/Software Codesign and System Synthesis, October 2014, Article No. 5. doi:10.1145/2656075.2656092
Abstract: Stack buffer overflow is a serious security threat to program execution. A malicious attacker may overwrite the return address of a procedure to alter its control flow and hence change its functionality. While a number of hardware and/or software based protection schemes have been developed, these countermeasures introduce sizable overhead in performance and energy, thus limiting their applicability to embedded systems. To reduce such overhead, our goal is to develop a low-cost scheme to "filter out" potential stack buffer overflow attacks. Our observation is that attacks to control flow will trigger certain microarchitectural events, such as mis-predictions in the return address stack or misses in the instruction cache. We therefore propose a hardware-based scheme to monitor these events. Only upon detecting any suspicious behavior, a more precise but costly diagnosis scheme will be invoked to thoroughly check control flow integrity. Meanwhile, to further reduce the rate of false positives of the security filter, we propose three enhancements to the return address stack, instruction prefetch engine and instruction cache, respectively. The results show that these enhancements effectively reduce more than 95% of false positives with almost no false negatives introduced.
Keywords: instruction cache, return address stack, security, stack buffer overflow (ID#: 15-5850)


Jakob Axelsson, Avenir Kobetski. “Architectural Concepts for Federated Embedded Systems.” ECSAW '14 Proceedings of the 2014 European Conference on Software Architecture Workshops, August 2014, Article No. 25. doi:10.1145/2642803.2647716
Abstract: Federated embedded systems (FES) is an approach for systems-of-systems engineering in the domain of cyber-physical systems. It is based on the idea to allow dynamic addition of plug-in software in the embedded system of a product, and through communication between the plug-ins in different products, it becomes possible to build services on the level of a federation of products. In this paper, architectural concerns for FES are elicited, and are used as rationale for a number of decisions in the architecture of products that are enabled for FES, as well as in the application architecture of a federation. A concrete implementation of a FES from the automotive domain is also described, as a validation of the architectural concepts presented.
Keywords: Systems-of-systems, cyber-physical systems, federated embedded systems, system architecture (ID#: 15-5851)


Jurgo Preden. “Generating Situation Awareness in Cyber-Physical Systems: Creation and Exchange of Situational Information.” CODES '14 Proceedings of the 2014 International Conference on Hardware/Software Codesign and System Synthesis, October 2014, Article No. 21. doi:10.1145/2656075.2661647
Abstract: Cyber-physical systems depend on good situation awareness in order to cope with the changes of the physical world and in the configuration of the system to fulfill their goal functions. Being aware of the situation in the physical world enables a cyber-physical system to adapt its behaviour according to the actual state of the world as perceived by the cyber-physical system. Understanding the situation of the cyber-physical system itself enables adaptation of the behaviour of the system according to the current capabilities and state of the system, e.g., providing less features or features with limited functionality in case some of the system components are not functional. In order to build resilient cyber-physical systems we need to build systems that are able to consider both of these aspects in their operation.
Keywords: cyber physical system, situation awareness (ID#: 15-5852)


Kaliappa Ravindran, Ramesh Sethu. “Model-Based Design of Cyber-Physical Software Systems for Smart Worlds: A Software Engineering Perspective.” MoSEMInA 2014 Proceedings of the 1st International Workshop on Modern Software Engineering Methods for Industrial Automation, May 2014, Pages 62-71. doi:10.1145/2593783.2593785
Abstract: The paper discusses the design of cyber-physical systems software around intelligent physical worlds (IPW). An IPW is the embodiment of control software functions wrapped around the external world processes, exhibiting self-adaptive behavior over a limited operating region of the system. This is in contrast with the traditional models where the physical world is basically dumb. A self-adaptation of IPW is feasible when certain system properties hold: function separability and piece-wise linearity of system behavioral models. The IPW interacts with an intelligent computational world (ICW) to work over wide range of operating conditions, by patching itself with suitable control parameters and rules & procedures relevant to a changed condition. The modular decomposition of a complex adaptive system into IPW and ICW has many advantages: lowering overall software complexity, simplifying system verification, and supporting easier evolution of system features. The paper illuminates our concept of IPW with software engineering-oriented case study of an industrial application: automotive system.
Keywords: Cyber-physical system, Hierarchical control, Self-managing system, Software module reuse, System feature evolution (ID#: 15-5853)


Nikola Trcka, Mark Moulin, Shaunak Bopardikar, Alberto Speranzon. “A Formal Verification Approach to Revealing Stealth Attacks on Networked Control Systems.” HiCoNS '14 Proceedings of the 3rd International Conference on High Confidence Networked Systems, April 2014, Pages 67-76. doi:10.1145/2566468.2566484
Abstract: We develop methods to determine if networked control systems can be compromised by stealth attacks, and derive design strategies to secure these systems. A stealth attack is a form of a cyber-physical attack where the adversary compromises the information between the plant and the controller, with the intention to drive the system into a bad state and at the same time stay undetected. We define the discovery problem as a formal verification problem, where generated counterexamples (if any) correspond to actual attack vectors. The analysis is entirely performed in Simulink, using Simulink Design Verifier as the verification engine. A small case study is presented to illustrate the results, and a branch-and-bound algorithm is proposed to perform optimal system securing.
Keywords: control system, cyber-physical security, formal verification (ID#: 15-5854)


Jakub Szefer, Pramod Jamkhedkar, Diego Perez-Botero, Ruby B. Lee. “Cyber Defenses for Physical Attacks and Insider Threats in Cloud Computing.” ASIA CCS '14 Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, June 2014, Pages 519-524. doi:10.1145/2590296.2590310
Abstract: In cloud computing, most of the computations and data in the data center do not belong to the cloud provider. This leaves owners of applications and data concerned about cyber and physical attacks which may compromise the confidentiality, integrity or availability of their applications or data. While much work has looked at protection from software (cyber) threats, very few have looked at physical attacks and physical security in data centers. In this work, we present a novel set of cyber defense strategies for physical attacks in data centers. We capitalize on the fact that physical attackers are constrained by the physical layout and other features of a data center which provide a time delay before an attacker can reach a server to launch a physical attack, even by an insider. We describe how a number of cyber defense strategies can be activated when an attack is detected, some of which can even take effect before the actual attack occurs. The defense strategies provide improved security and are more cost-effective than always-on protections in the light of the fact that on average physical attacks will not happen often -- but can be very damaging when they do occur.
Keywords: cloning, cloud computing, data center security, insider threats, migration, physical attacks (ID#: 15-5855)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.