Cyber-physical systems (CPS) encompass the next generation of computerized control for countless aspects of the physical world and interactions thereof. The typical engineering process for CPS reuses existing designs, models, components, and software from one version to the next. For example, in automotive engineering, it is common to reuse significant portions of existing model-year vehicle designs when developing the next model-year vehicle, and such practices are common across CPS industries, from aerospace to biomedical. While reuse drastically enhances efficiency and productivity, it leads to the possibility of introducing unintended mismatches between subcomponents' specifications. For example, a 2011 US National Highway Traffic Safety Administration (NHTSA) recall of over 1.5 million model-year 2005-2010 vehicles was due to the upgrade of a physical transmission component that was not appropriately addressed in software. A mismatch between cyber and physical specifications may occur when a software or hardware upgrade (in effect, a cyber or physical specification change) is not addressed by an update (in effect, a matching specification change) in the other domain. This research will develop new techniques and software tools to detect automatically if cyber-physical specification mismatches exist, and then mitigate the effects of such mismatches at runtime, with the overall goal to yield more reliable and safer CPS upon which society increasingly depends. The detection and mitigation methods developed will be evaluated in an energy CPS testbed. While the evaluation testbed is in the energy domain, the methods are applicable to other CPS domains such as automotive, aerospace, and biomedical. The educational goals will bridge gaps between computer science and electrical engineering, preparing a diverse set of next-generation CPS engineers by developing education platforms to enhance CPS engineering design and verification skills. The proposed research is to develop new techniques and tools to automatically identify and mitigate the effects of cyber-physical specification mismatches. There are three major research objectives. The first objective is to identify cyber-physical specification mismatches. To identify mismatches, a detection problem will be formalized using the framework of hybrid input/output automata (HIOA). Offline algorithms will be designed to find candidate specifications from models and implementations using static and dynamic analyses, and then identify candidate mismatches. The second objective is to monitor and assure safe CPS upgrades. As modern CPS designs are complex, it may be infeasible to determine all specifications and mismatches between all subcomponents at design time. Runtime monitoring and verification methods will be developed for inferred specifications to detect mismatches at runtime. When they are identified, a runtime assurance framework building on supervisory control and the Simplex architecture will assure safe CPS runtime operation. The third objective is to evaluate safe CPS upgrades in an example CPS. The results of the other objectives and their ability to ensure safe CPS upgrades will be evaluated in an energy CPS testbed, namely an AC electrical distribution microgrid that interfaces DC-producing renewables like photovoltaics to AC.

Cyber-physical systems (CPS) are engineered systems created as networks of interacting physical and computational processes. Most modern products in major industrial sectors, such as automotive, avionics, medical devices, and power systems already are or rapidly becoming CPS driven by new requirements and competitive pressures. However, in recent years, a number of successful cyber attacks against CPS targets, some of which have even caused severe physical damage, have demonstrated that security and resilience of CPS is a very critical problem, and that new methods and technologies are required to build dependable systems. Modern automotive vehicles, for example, employ sensors such as laser range finders and cameras, GPS and inertial measurement units, on-board computing, and network connections all of which contribute to vulnerabilities that can be exploited for deploying attacks with possibly catastrophic consequences. Securing such systems requires that potential points of compromise and vehicle-related data are protected. In order to fulfill the great promise of CPS technologies such as autonomous vehicles and realize the potential technological, economic, and societal impact, it is necessary to develop principles and methods that ensure the development of CPS capable of functioning dependably, safely, and securely. In view of these challenges, the project develops an approach for integration of reconfigurable control software design and moving target defense for CPS. The main idea is to improve CPS security by making the attack surface dynamic and unpredictable while ensuring safe behavior and correct functionality of the overall system. The proposed energy-based control design approach generates multiple alternatives of the software application that are robust to performance variability and uncertainty. A runtime environment is designed to implement instruction set randomization, address space randomization, and data space randomization. The heart of the runtime environment is a configuration manager that can modify the software configuration, either proactively or reactively upon detection of attacks, while preserving the functionality and ensuring stable and safe CPS behavior. By changing the control software on-the-fly, the approach creates a cyber moving target and raises significantly the cost for a successful attack without impacting the essential behavior and functionality. Demonstration and experimental evaluation will be performed using a hardware-in-the-loop simulation testbed for automotive CPS.

The objective of this research is to design a semi-automated, efficient, and secure emergency response system to reduce the time it takes emergency vehicles to reach their destinations, while increasing the safety of non-emergency vehicles and emergency vehicles alike. Providing route and maneuver guidance to emergency vehicles and non-emergency vehicles will make emergency travel safer and enable police and other first responders to reach and transport those in need, in less time. This should reduce the number of crashes involving emergency vehicles and associated litigation costs while improving medical outcomes, reducing property damage, and instilling greater public confidence in emergency services. At the same time, non-emergency vehicles will also be offered increased safety and, with the reduction of long delays attributed to emergency vehicles, experience reduced incident-related travel time, which will increase productivity and quality of life for drivers. Incorporating connected vehicles into the emergency response system will also provide synergistic opportunities for non-emergency vehicles, including live updates on accident sites, areas to avoid, and information on emergency routes that can be incorporated into navigation software so drivers can avoid potential delays. While the proposed system will naturally advance the quality of transportation in smart cities, it will also provide a platform for future techniques to build upon. For example, the proposed system could be connected with emergency care facilities to balance the load of emergency patients at hospitals, and act as a catalyst toward the realization of a fully-automated emergency response system. New courses and course modules will be developed to recruit and better prepare a future workforce that is well versed in multi-disciplinary collaborations. Video demos and a testbed will be used to showcase the research to the public. The key research component will be the design of an emergency response system that (1) dynamically determines EV routes, (2) coordinates actions by non-emergency vehicles using connected vehicle technology to efficiently and effectively clear paths for emergency vehicles, (3) is able to adapt to uncertain traffic and network conditions, and (4) is difficult to abuse or compromise. The project will result in (1) algorithms that dynamically select EV routes based on uncertain or limited traffic data, (2) emergency protocols that exploit connected vehicle technology to facilitate emergency vehicles maneuvers, (3) an automation module to assist with decision making and maneuvers, and (4) an infrastructure and vehicle hardening framework that prevents cyber abuse. Experiments will be performed on a testbed and a real test track to validate the proposed research.

This work examines how to get safety and security in Internet of Things (IoT) systems where multiple devices (things), each designed in isolation from others, are brought together to form a networked system, controlled via one or more software applications ("apps"). "Things" in an IoT environment can include simple devices such as switches, lightbulbs, smart locks, thermostats, and safety alarms as well as complex systems such as appliances, smartphones, and cars. Software IoT "apps" can monitor and control multiple devices in homes, cars, cities, and businesses, providing significant benefits such as energy efficiency, security, safety, and user convenience. Unfortunately, programmable IoT systems also introduce new risks, including enabling remote control by hackers of devices in smart homes, cars, and cities, via buggy IoT apps. Testing IoT apps to remove bugs is currently challenging due to a variety of physical devices with which such apps may interact, including devices that were not even available during app development. The proposed work will help develop techniques for testing IoT apps efficiently and for enforcing safety and security constraints on their run-time behavior. More specifically, the proposed work is centered around three technical thrusts: 1) creating virtual device models to help efficiently test IoT apps systematically without knowing the precise details of physical devices that the apps will control in advance; 2) automating test development for an IoT app to check safety and security specifications against a flexible set of devices; and 3) providing support for enforcement of specifications at run-time for security and safety assertions. The work includes extensive experimentation and evaluation using diverse devices and will represent a significant advance in hardening this important spaces

By 2050, 70% of the world's population is projected to live and work in cities, with buildings as major constituents. Buildings' energy consumption contributes to more than 70% of electricity use, with people spending more than 90% of their time in buildings. Future cities with innovative, optimized building designs and operations have the potential to play a pivotal role in reducing energy consumption, curbing greenhouse gas emissions, and maintaining stable electric-grid operations. Buildings are physically connected to the electric power grid, thus it would be beneficial to understand the coupling of decisions and operations of the two. However, at a community level, there is no holistic framework that buildings and power grids can simultaneously utilize to optimize their performance. The challenge related to establishing such a framework is that building control systems are neither connected to, nor integrated with the power grid, and consequently a unified, global optimal energy control strategy at a smart community level cannot be achieved. Hence, the fundamental knowledge gaps are (a) the lack of a holistic, multi-time scale mathematical framework that couples the decisions of buildings stakeholders and grid stakeholders, and (b) the lack of a computationally-tractable solution methodology amenable to implementation on a large number of connected power grid-nodes and buildings. In this project, a novel mathematical framework that fills the aforementioned knowledge gaps will be investigated, and the following hypothesis will be tested: Connected buildings, people, and grids will achieve significant energy savings and stable operation within a smart city. The envisioned smart city framework will furnish individual buildings and power grid devices with custom demand response signals. The hypothesis will be tested against classical demand response (DR) strategies where (i) the integration of building and power-grid dynamics is lacking and (ii) the DR schemes that buildings implement are independent and individual. By engaging in efficient, decentralized community-scale optimization, energy savings will be demonstrated for participating buildings and enhanced stable operation for the grid are projected, hence empowering smart energy communities. To ensure the potential for broad adoption of the proposed framework, this project will be regularly informed with inputs and feedback from Southern California Edison (SCE). In order to test the hypothesis, the following research products will be developed: (1) An innovative method to model a cluster of buildings--with people's behavior embedded in the cluster's dynamics--and their controls so that they can be integrated with grid operation and services; (2) a novel optimization framework to solve complex control problems for large-scale coupled systems; and (3) a methodology to assess the impacts of connected buildings in terms of (a) the grid's operational stability and safety and (b) buildings' optimized energy consumption. To test the proposed framework, a large-scale simulation of a distribution primary feeder with over 1000 buildings will be conducted within SCE?s Johanna and Santiago substations in Central Orange County.