Secure Algorithms for Cyber-Physical Systems Invariants for Cross-Domain and Distributed Correctness
pdf
The objective of this project is to formulate and validate a methodology for creating secure algorithms in cyber-physical systems. The algorithms must be secure even when the devices do not trust each other. A typical CPS is composed of many devices, each with both a cyber component and a physical component, interacting in a common physical system and communicating with their neighbors. The devices may be malicious and provide false information or fail to take actions as claimed, or the communication channel may be compromised. The key observation is that Information flows between devices through both the network and the shared physical resource.
Disruption of information flow leads to successful integrity attacks. By discovering points in the CPS where information disruption is detrimental, additional paths are created using invariants, largely on the physical state of the system, that are monitored at run time to detect and mitigate the attack. Coupled with this is a reputation-based approach in distributed CPS algorithms that also identify bad actors and ignore them in the algorithm’s execution. The approach has been successfully applied to aviation situational systems, vehicular systems, chemical plant systems, power systems, and water systems with actual implementation in the last two systems.
Submitted by Jonathan Kimball
on
The objective of this project is to formulate and validate a methodology for creating secure algorithms in cyber-physical systems. The algorithms must be secure even when the devices do not trust each other. A typical CPS is composed of many devices, each with both a cyber component and a physical component, interacting in a common physical system and communicating with their neighbors. The devices may be malicious and provide false information or fail to take actions as claimed, or the communication channel may be compromised. The key observation is that Information flows between devices through both the network and the shared physical resource.
Disruption of information flow leads to successful integrity attacks. By discovering points in the CPS where information disruption is detrimental, additional paths are created using invariants, largely on the physical state of the system, that are monitored at run time to detect and mitigate the attack. Coupled with this is a reputation-based approach in distributed CPS algorithms that also identify bad actors and ignore them in the algorithm’s execution. The approach has been successfully applied to aviation situational systems, vehicular systems, chemical plant systems, power systems, and water systems with actual implementation in the last two systems.