Visible to the public Cyber-Physical Security Expert Systems 2015

SoS Newsletter- Advanced Book Block


SoS Logo

Cyber-Physical Security Expert Systems


Expert systems based on fuzzy logic hold promise for solving many problems. The research presented here addresses the use of expert systems to solve security problems in cyber-physical systems including the Internet of Things, black hole attacks in wireless sensor networks, plants, the Smart Grid, and vehicular and transportation networks. For the Science of Security community, the hard problems of resiliency, metrics, composability, and privacy are addressed. These works were presented in 2015.

Dieter Gollmann, Pavel Gurikov, Alexander Isakov, Marina Krotofil, Jason Larsen, Alexander Winnicki; “Cyber-Physical Systems Security: Experimental Analysis of a Vinyl Acetate Monomer Plant,” CPSS ’15, Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, April 2015, Pages 1–12. doi:10.1145/2732198.2732208
Abstract: We describe an approach for analysing and attacking the physical part (a process) of a cyber-physical system. The stages of this approach are demonstrated in a case study, a simulation of a vinyl acetate monomer plant. We want to demonstrate in particular where security has to rely on expert knowledge in the domain of the physical components and processes of a system and that there are major challenges for converting cyber attacks into successful cyber-physical attacks.
Keywords: (not provided) (ID#: 15-7023)


Bharathan Balaji, Mohammad Abdullah Al Faruque, Nikil Dutt, Rajesh Gupta, Yuvraj Agarwal; “Models, Abstractions, and Architectures: The Missing Links in Cyber-Physical Systems,” DAC’15, Proceedings of the 52nd Annual Design Automation Conference, June 2015, Article No. 82. doi:10.1145/2744769.2747936
Abstract: Bridging disparate realms of physical and cyber system components requires models and methods that enable rapid evaluation of design alternatives in cyber-physical systems (CPS). The diverse intellectual traditions of physical and mathematical sciences makes this task exceptionally hard. This paper seeks to explore potential solutions by examining specific examples of CPS applications in automobiles and smart buildings. Both smart buildings and automobiles are complex systems with embedded knowledge across several domains. We present our experiences with development of CPS applications to illustrate the challenges that arise when expertise across domains is integrated into the system, and show that creation of models, abstractions, and architectures that address these challenges are key to next generation CPS applications.
Keywords: abstractions, architectures, automobiles, cyber-physical systems, models, smart buildings (ID#: 15-7024)


Catia Trubiani, Anne Koziolek, Lucia Happe; “Exploiting Software Performance Engineering Techniques to Optimise the Quality of Smart Grid Environments,” ICPE’15, Proceedings of the 6th ACM/SPEC International Conference on Performance Engineering, January 2015, Pages 199–202. doi:10.1145/2668930.2695532
Abstract: This paper discusses the challenges and opportunities of Software Performance Engineering (SPE) research in smart-grid (SG) environments. We envision to use SPE techniques to optimise the quality of information and communications technology (ICT) applications, and thus optimise the quality of the overall SG. The overall process of Monitoring, Analysing, Planning, and Executing (MAPE) is discussed to highlight the current open issues of the domain and the expected benefits.
Keywords: quality optimisation, smart grid environment, software performance engineering (ID#: 15-7025)


Marina Krotofil, Jason Larsen, Dieter Gollmann; “The Process Matters: Ensuring Data Veracity in Cyber-Physical Systems,” ASIACCS ’15, Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 133–144. doi:10.1145/2714576.2714599
Abstract: Cyber-physical systems are characterized by an IT infrastructure controlling effects in the physical world. Attacks are intentional actions trying to cause undesired physical effects. When process data originating in the physical world is manipulated before being handed to the IT infrastructure, the data security property called “veracity” or trustworthiness will be violated. There is no canonical IT security solution guaranteeing that the inputs from a sensor faithfully represent reality. However, the laws of physics may help the defender to detect impossible or implausible sensor readings.  This paper proposes a process-aware approach to detect when a sensor signal is being maliciously manipulated. We present a set of lightweight real-time algorithms for spoofing sensor signals directly at the microcontroller of the field device. The detection of spoofed measurements takes the form of plausibility and consistency checks with the help of the correlation entropy in a cluster of related sensors. We use the Tennessee Eastman challenge process to demonstrate the performance of our approach and to highlight aspects relevant to the detection effectiveness.
Keywords: cluster entropy, cyber-physical systems, plausibility checks, signal spoofing, veracity (ID#: 15-7026)


Sanjit A. Seshia, Dorsa Sadigh, S. Shankar Sastry; “Formal Methods for Semi-Autonomous Driving,” DAC ’15, Proceedings of the 52nd Annual Design Automation Conference, June 2015, Article No. 148. doi:10.1145/2744769.2747927
Abstract: We give an overview of the main challenges in the specification, design, and verification of human cyber-physical systems, with a special focus on semi-autonomous vehicles. We identify unique characteristics of formal modeling, specification, verification and synthesis in this domain. Some initial results and design principles are presented along with directions for future work.
Keywords: automotive systems, control, cyber-physical systems, formal verification, learning, semi-autonomous driving, synthesis (ID#: 15-7027)


Christoph Schmittner, Zhendong Ma, Erwin Schoitsch, Thomas Gruber; “A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-Physical Systems,” CPSS’15, Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, April 2015, Pages 69–80. doi:10.1145/2732198.2732204
Abstract: The increasing integration of computational components and physical systems creates cyber-physical system, which provide new capabilities and possibilities for humans to control and interact with physical machines. However, the correlation of events in cyberspace and physical world also poses new safety and security challenges. This calls for holistic approaches to safety and security analysis for the identification of safety failures and security threats and a better understanding of their interplay. This paper presents the application of two promising methods, i.e. Failure Mode, Vulnerabilities and Effects Analysis (FMVEA) and Combined Harm Assessment of Safety and Security for Information Systems (CHASSIS), to a case study of safety and security co-analysis of cyber-physical systems in the automotive domain. We present the comparison, discuss their applicabilities, and identify future research needs.
Keywords: automotive, cyber-physical system, safety and security co-analysis, systems engineering (ID#: 15-7028)


Rafael Capilla, Mike Hinchey, Francisco J. Díaz; “Collaborative Context Features for Critical Systems,” VaMoS ’15, Proceedings of the Ninth International Workshop on Variability Modelling of Software-intensive Systems, January 2015, Pages 43–51. doi:10.1145/2701319.2701322
Abstract: Feature models and their extensions have been proposed and used over the past 20 years for modeling the commonality and variability of software systems. However, the increasing runtime demands and post-deployment configuration procedures of self-adaptive, context-aware and pervasive systems has brought the need for modeling context features. In addition, many critical systems that demand stringent collaborative features at runtime need also to share information dynamically. In this research-in-progress paper, we sketch our vision of where feature modeling should go to support collaborative aspects of systems. Our proposal suggests identifying and annotating context features models with collaborative information that becomes particularly useful for critical and swarm-based systems that require information exchange at runtime.
Keywords: Feature modeling, adaptation, context features, context-aware systems, runtime (ID#: 15-7029)


Robert K. Abercrombie, Frederick T. Sheldon, Bob G. Schlicher; “Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems,” CISR ’15, Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 18. doi:10.1145/2746266.2746284
Abstract: In cybersecurity, there are many influencing economic factors to weigh. This paper considers the defender-practitioner stakeholder points-of-view that involve cost combined with development and deployment considerations. Some examples include the cost of countermeasures, training and maintenance as well as the lost opportunity cost and actual damages associated with a compromise. The return on investment (ROI) from countermeasures comes from saved impact costs (i.e., losses from violating availability, integrity, confidentiality or privacy requirements). A measured approach that informs cybersecurity practice is pursued toward maximizing ROI. To this end for example, ranking threats based on their potential impact focuses security mitigation and control investments on the highest value assets, which represent the greatest potential losses. The traditional approach uses risk exposure (calculated by multiplying risk probability by impact). To address this issue in terms of security economics, we introduce the notion of Cybernomics. Cybernomics considers the cost/benefits to the attacker/defender to estimate risk exposure. As the first step, we discuss the likelihood that a threat will emerge and whether it can be thwarted and if not what will be the cost (losses both tangible and intangible). This impact assessment can provide key information for ranking cybersecurity threats and managing risk.
Keywords: Availability, Dependability, Integrity, Security Measures/Metrics, Security Requirements, Threats and Vulnerabilities (ID#: 15-7030)


Antonio Filieri, Henry Hoffmann, Martina Maggio; “Automated Multi-Objective Control for Self-Adaptive Software Design,” ESEC/FSE 2015, Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, August 2015, Pages 13–24. doi:10.1145/2786805.2786833
Abstract: While software is becoming more complex everyday, the requirements on its behavior are not getting any easier to satisfy. An application should offer a certain quality of service, adapt to the current environmental conditions and withstand runtime variations that were simply unpredictable during the design phase. To tackle this complexity, control theory has been proposed as a technique for managing software’s dynamic behavior, obviating the need for human intervention. Control-theoretical solutions, however, are either tailored for the specific application or do not handle the complexity of multiple interacting components and multiple goals. In this paper, we develop an automated control synthesis methodology that takes, as input, the configurable software components (or knobs) and the goals to be achieved. Our approach automatically constructs a control system that manages the specified knobs and guarantees the goals are met. These claims are backed up by experimental studies on three different software applications, where we show how the proposed automated approach handles the complexity of multiple knobs and objectives.
Keywords: Adaptive software, control theory, dynamic systems, non-functional requirements, run-time verification (ID#: 15-7031)


Chieh-Jan Mike Liang, Börje F. Karlsson, Nicholas D. Lane, Feng Zhao, Junbei Zhang, Zheyi Pan, Zhao Li, Yong Yu; “SIFT: Building an Internet of Safe Things,” IPSN’15, Proceedings of the 14th International Conference on Information Processing in Sensor Networks, April 2015, Pages 298–309. doi:10.1145/2737095.2737115
Abstract: As the number of connected devices explodes, the use scenarios of these devices and data have multiplied. Many of these scenarios, e.g., home automation, require tools beyond data visualizations, to express user intents and to ensure interactions do not cause undesired effects in the physical world. We present SIFT, a safety-centric programming platform for connected devices in IoT environments. First, to simplify programming, users express high-level intents in declarative IoT apps. The system then decides which sensor data and operations should be combined to satisfy the user requirements. Second, to ensure safety and compliance, the system verifies whether conflicts or policy violations can occur within or between apps. Through an office deployment, user studies, and trace analysis using a large-scale dataset from a commercial IoT app authoring platform, we demonstrate the power of SIFT and highlight how it leads to more robust and reliable IoT apps.
Keywords: (not provided) (ID#: 15-7032)


Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos; “Integrity Assurance in Resource-Bounded Systems through Stochastic Message Authentication,” HotSoS ’15, Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, April 2015, Article No. 1. doi:10.1145/2746194.2746195
Abstract: Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used towards this end introduce significant practical implementation challenges for resource-bounded systems, such as cyber-physical systems. For example, many control systems are built on legacy components which are computationally limited but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. We propose a formal game-theoretic framework for optimal stochastic message authentication, providing provable integrity guarantees for resource-bounded systems based on an existing MAC scheme. We use our framework to investigate attacker deterrence, as well as optimal design of stochastic message authentication schemes when deterrence is impossible. Finally, we provide experimental results on the computational performance of our framework in practice.
Keywords: economics of security, game theory, message authentication (ID#: 15-7033)


Doris Aschenbrenner, Michael Fritscher, Felix Sittner, Klaus Schilling; “Design Process for User Interaction with Robotic Manipulators in Industrial Internet Applications,” SIGDOC ’15, Proceedings of the 33rd Annual International Conference on the Design of Communication, July 2015, Article No. 18. doi:10.1145/2775441.2775474
Abstract: In the paper we want to share our experiences in developing a new telemaintenance system for industrial robots in an active production environment. This has been achieved within a three-year research project. In this article we describe the design methods we have used, and our evaluation approaches.  The challenge of developing user interfaces for those prototypes lies in the special requirements of the industrial work domain. Highly sophisticated technical tasks need to be carried out under time pressure and in a noisy environment. The human machine interaction of the remote tasks is especially difficult. There's no experience with those remote tasks, as they are only possible with the developed technology.  The scope of the paper lies in the design process, not in the evaluation results, which will be published separately.
Keywords: design process, experience report, human robot interaction, industrial internet, industrial robotics, maintenance, telemaintenance, telematics (ID#: 15-7034)


Shiguang Wang, Lu Su, Shen Li, Shaohan Hu, Tanvir Amin, Hongwei Wang, Shuochao Yao, Lance Kaplan, Tarek Abdelzaher; “Scalable Social Sensing of Interdependent Phenomena,” IPSN ’15, Proceedings of the 14th International Conference on Information Processing in Sensor Networks, April 2015, Pages 202–213. doi:10.1145/2737095.2737114
Abstract: The proliferation of mobile sensing and communication devices in the possession of the average individual generated much recent interest in social sensing applications. Significant advances were made on the problem of uncovering ground truth from observations made by participants of unknown reliability. The problem, also called fact-finding commonly arises in applications where unvetted individuals may opt in to report phenomena of interest. For example, reliability of individuals might be unknown when they can join a participatory sensing campaign simply by downloading a smartphone app. This paper extends past social sensing literature by offering a scalable approach for exploiting dependencies between observed variables to increase fact-finding accuracy. Prior work assumed that reported facts are independent, or incurred exponential complexity when dependencies were present. In contrast, this paper presents the first scalable approach for accommodating dependency graphs between observed states. The approach is tested using real-life data collected in the aftermath of hurricane Sandy on availability of gas, food, and medical supplies, as well as extensive simulations. Evaluation shows that combining expected correlation graphs (of outages) with reported observations of unknown reliability, results in a much more reliable reconstruction of ground truth from the noisy social sensing data. We also show that correlation graphs can help test hypotheses regarding underlying causes, when different hypotheses are associated with different correlation patterns. For example, an observed outage profile can be attributed to a supplier outage or to excessive local demand. The two differ in expected correlations in observed outages, enabling joint identification of both the actual outages and their underlying causes.
Keywords: data reliability, expectation maximization, maximum likelihood estimators, social sensing (ID#: 15-7035)


Anthony J. Clark, Philip K. McKinley, Xiaobo Tan; “Enhancing a Model-Free Adaptive Controller through Evolutionary Computation,” GECCO ’15, Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation, July 2014, Pages 137–144. doi:10.1145/2739480.2754762
Abstract: Many robotic systems experience fluctuating dynamics during their lifetime. Variations can be attributed in part to material degradation and decay of mechanical hardware. One approach to mitigating these problems is to utilize an adaptive controller. For example, in model-free adaptive control (MFAC) a controller learns how to drive a system by continually updating link weights of an artificial neural network (ANN). However, determining the optimal control parameters for MFAC, including the structure of the underlying ANN, is a challenging process. In this paper we investigate how to enhance the online adaptability of MFAC-based systems through computational evolution. We apply the proposed methods to a simulated robotic fish propelled by a flexible caudal fin. Results demonstrate that the robot is able to effectively respond to changing fin characteristics and varying control signals when using an evolved MFAC controller. Notably, the system is able to adapt to characteristics not encountered during evolution. The proposed technique is general and can be applied to improve the adaptability of other cyber-physical systems.
Keywords: adaptive control, differential evolution, flexible materials, model-free control, robotic fish (ID#: 15-7036)


Assaad Moawad, Thomas Hartmann, Francois Fouquet, Jacques Klein, Yves Le Traon; “Adaptive Blurring of Sensor Data to Balance Privacy and Utility for Ubiquitous Services,” SAC ’15, Proceedings of the 30th Annual ACM Symposium on Applied Computing, April 2015, Pages 2271–2278. doi:10.1145/2695664.2695855
Abstract: Given the trend towards mobile computing, the next generation of ubiquitous “smart” services will have to continuously analyze surrounding sensor data. More than ever, such services will rely on data potentially related to personal activities to perform their tasks, e.g. to predict urban traffic or local weather conditions. However, revealing personal data inevitably entails privacy risks, especially when data is shared with high precision and frequency. For example, by analyzing the precise electric consumption data, it can be inferred if a person is currently at home, however this can empower new services such as a smart heating system. Access control (forbid or grant access) or anonymization techniques are not able to deal with such trade-off because whether they completely prohibit access to data or lose source traceability. Blurring techniques, by tuning data quality, offer a wide range of trade-offs between privacy and utility for services. However, the amount of ubiquitous services and their data quality requirements lead to an explosion of possible configurations of blurring algorithms. To manage this complexity, in this paper we propose a platform that automatically adapts (at runtime) blurring components between data owners and data consumers (services). The platform searches the optimal trade-off between service utility and privacy risks using multi-objective evolutionary algorithms to adapt the underlying communication platform. We evaluate our approach on a sensor network gateway and show its suitability in terms of i) effectiveness to find an appropriate solution, ii) efficiency and scalability.
Keywords: blurring, component-based architecture, optimization, privacy, sensors, software-platform, trade-off (ID#: 15-7037)


Kutalmış Akpınar, Kien A. Hua, Kai Li; “ThingStore: A Platform for Internet-of-Things Application Development and Deployment,” DEBS ’15, Proceedings of the 9th ACM International Conference on Distributed Event-Based Systems, June 2015, Pages 162–173. doi:10.1145/2675743.2771833
Abstract: An advanced app-store concept, called ThingStore, is introduced in this paper. It provides a “market place” environment to facilitate collaboration on Internet-of-Things (IoT) applications development, and a platform to host their deployment. ThingStore services three categories of users: (1) Thing Provider — “Things” (such as online cameras and sensors) can be made more intelligent through event detection software routines called smart services. A thing provider may deploy “things” and advertise their smart services at ThingStore market place. (2) Software Developer — Software developers can develop apps that query relevant smart services using EQL (Event Query Language) much like the way traditional database applications are conveniently developed atop a standard database management system today. (3) End User — An end user may subscribe to a particular app for event notification and management. In this IoT architecture, ThingStore is a computation hub that links together human, “things,” and computer software in a cyber-physical lifecycle to enable fusion of human and machine intelligence to accomplish some common goal. Not only human, but also “things,” may adjust the physical world. New changes in the physical world may, in turn, incur new event detections and therefore initiate another cycle of this ecology-inspired computational lifecycle.
Keywords: ThingStore, complex event processing, data stream processing, event query language, internet of things, service-oriented architecture (ID#: 15-7038)


Manuel Oriol, Jan Carlson, Michael Wahler; “SANCS 2015: 1st International Workshop on Software Architectures for Next-Generation Cyber-Physical Systems,” ECSAW ’15, Proceedings of the 2015 European Conference on Software Architecture Workshops, September 2015, Article No. 14. doi:10.1145/2797433.2797447
Abstract: Cyber-physical systems have become complex and pervasive over time. They evolved from simple, single-task systems to systems with a large set of functionalities, connected to the Internet, distributed, multi-core, and with user-centric intuitive interfaces. Such an evolution advocates for better software architecture adapted to such systems. The SANCS 2015 workshop aims at gathering both practitioners and researchers on these topics to explore the next generation of cyber-physical systems.
Keywords: (not provided) (ID#: 15-7039)


Reza Matinnejad, Shiva Nejati, Lionel C. Briand, Thomas Bruckmann; “Effective Test Suites for Mixed Discrete-Continuous Stateflow Controllers,” ESEC/FSE 2015, Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, August 2015, Pages 84–95. doi:10.1145/2786805.2786818
Abstract: Modeling mixed discrete-continuous controllers using Stateflow is common practice and has a long tradition in the embedded software system industry. Testing Stateflow models is complicated by expensive and manual test oracles that are not amenable to full automation due to the complex continuous behaviors of such models. In this paper, we reduce the cost of manual test oracles by providing test case selection algorithms that help engineers develop small test suites with high fault revealing power for Stateflow models. We present six test selection algorithms for discrete-continuous Stateflows: An adaptive random test selection algorithm that diversifies test inputs, two white-box coverage-based algorithms, a black-box algorithm that diversifies test outputs, and two search-based black-box algorithms that aim to maximize the likelihood of presence of continuous output failure patterns. We evaluate and compare our test selection algorithms, and find that our three output-based algorithms consistently outperform the coverage- and input-based algorithms in revealing faults in discrete-continuous Stateflow models. Further, we show that our output-based algorithms are complementary as the two search-based algorithms perform best in revealing specific failures with small test suites, while the output diversity algorithm is able to identify different failure types better than other algorithms when test suites are above a certain size.
Keywords: Stateflow testing, failure-based testing, mixed discrete-continuous behaviors, output diversity, structural coverage (ID#: 15-7040)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.