CAREER: Foundations for Secure Control of Cyber-Physical Systems

职业：网络物理系统安全控制的基础

• 批准号: 1652544
• 负责人: Miroslav Pajic
• 金额: $ 44.2万
• 依托单位: Duke University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-03-15 至 2024-02-29
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652544&HistoricalAwards=false
• 关键词: CAREER; Foundations; Secure; Control; Cyber

The increasing set of functionalities, network interoperability, and system design complexity have introduced security vulnerabilities in cyber-physical systems (CPS). As recently demonstrated, a remote attacker can disrupt the operation of a car to either disable the vehicle or hijack it. High-profile security incidents in other CPS domains include a large-scale attack on Ukraine's power-grid and the StuxNet attack on an industrial system, while the RQ-170 Sentinel drone capture has shown that even safety-critical military CPS can be compromised. The tight integration of information technology and physical components has made CPS vulnerable to attack vectors well beyond the standard cyber-attacks. In addition, deep component embedding and long projected system lifetime limit the use of standard cyber security solutions that impose a significant computation and communication overhead. On the other hand, the safety-critical interaction with the physical world has made attacks on CPS extremely dangerous as they could result in significant physical damage and even loss of life. To address these challenges, this project will develop scientific foundations for design of secure control of CPS, resulting in a high-assurance CPS design framework in which a mix of attack-resilient control, security-aware human-CPS interactions, efficient controller instrumentation and system recovery provides safety and performance guarantees even in the presence of attacks.The goal of this project is to provide fundamentally new methods for security-aware modeling, analysis and design of safety-critical CPS, addressing the many different physical, functional and logical aspects of these heterogeneous systems in the presence of attacks. Specific research products include: 1) Cyber-physical security techniques that exploit the interaction between physical and cyber domains for attack-detection and resilient control; 2) Framework for secure control of Human-CPS that harnesses the human power of inductive reasoning and the ability to provide context, particularly during an attack, to improve the overall security guarantees; 3) Platform support for implementation of secure CPS controllers including design techniques and tools ensuring safe and efficient closed-loop recovery. Proposed high-assurance design framework will be used to develop security-aware automotive controllers for connected and autonomous vehicles with varying levels of autonomy and human supervision. Various components of the proposed research will be directly evaluated on relevant automotive applications and architectures, which will facilitate their transition into practice and immediate industrial impact. Furthermore, the general nature of the design framework provides a direct path for this research to have significant impact in other CPS domains leading to design of secure and safety-preserving CPS. The project also has an extensive education and outreach component, including curriculum development for high-assurance CPS with a strong systems and multidisciplinary perspective, expansion of hands-on research opportunities for undergraduate and graduate students, and cooperation with industry. These efforts are strongly motivated by industrial need to provide high-assurance for safety-critical CPS, and thus the results of this project will directly impact the way these systems are designed as well as education of the next generation workforce necessary to support evolution of safe and secure CPS.

不断增加的功能集、网络互操作性和系统设计复杂性在网络物理系统(CP)中引入了安全漏洞。正如最近证明的那样，远程攻击者可以扰乱汽车的操作，使汽车瘫痪或劫持它。其他CPS领域的高调安全事件包括对乌克兰电网的大规模攻击和对一个工业系统的Stuxnet攻击，而RQ-170哨兵无人机捕获事件表明，即使是对安全至关重要的军用CPS也可能受到威胁。信息技术和物理组件的紧密集成使CP容易受到远远超出标准网络攻击的攻击媒介的攻击。此外，深入的组件嵌入和较长的预计系统寿命限制了标准网络安全解决方案的使用，这些解决方案会带来大量的计算和通信开销。另一方面，与物理世界的安全关键交互使对CP的攻击变得极其危险，因为它们可能导致重大的物理损害，甚至生命损失。为了应对这些挑战，本项目将为CPS的安全控制设计建立科学基础，从而形成一个高保证的CPS设计框架，其中结合了攻击弹性控制、安全感知的人-CPS交互、高效的控制器工具和系统恢复，即使在存在攻击的情况下也能提供安全和性能保证。本项目的目标是为安全关键型CPS的安全感知建模、分析和设计提供全新的方法，解决这些异类系统在攻击存在时的许多不同的物理、功能和逻辑方面的问题。具体的研究产品包括：1)利用物理域和网络域之间的交互进行攻击检测和弹性控制的网络物理安全技术；2)人类-CPS安全控制框架，利用人类归纳推理的能力和提供上下文的能力，尤其是在攻击期间，以提高整体安全保障；3)为实施安全的CPS控制器提供平台支持，包括确保安全和高效的闭环恢复的设计技术和工具。拟议的高保证设计框架将用于开发联网和自动驾驶车辆的安全感知汽车控制器，这些车辆具有不同级别的自主性和人工监督。拟议研究的各个组成部分将直接在相关的汽车应用和架构上进行评估，这将有助于将其转化为实践并立即产生工业影响。此外，设计框架的一般性为本研究在其他CPS领域产生重大影响提供了直接途径，从而设计出安全和安全的CPS。该项目还包括广泛的教育和外联部分，包括为具有强大系统和多学科视角的高保障合作伙伴制定课程，扩大本科生和研究生的实践研究机会，以及与工业界合作。这些努力的强烈动机是行业需要为安全关键的CPS提供高度保证，因此该项目的结果将直接影响这些系统的设计方式以及支持安全和可靠CPS发展所需的下一代劳动力的教育。

项目成果

Sporadic data integrity for secure state estimation

• DOI: 10.1109/cdc.2017.8263660
• 发表时间: 2017-12
• 期刊: 2017 IEEE 56th Annual Conference on Decision and Control (CDC)
• 作者: Ilija Jovanov;Miroslav Pajic

A hybrid stochastic game for secure control of cyber-physical systems

用于安全控制网络物理系统的混合随机博弈

• DOI: 10.1016/j.automatica.2018.03.012
• 发表时间: 2018
• 期刊: Automatica
• 影响因子: 6.4
• 作者: Miao, Fei;Zhu, Quanyan;Pajic, Miroslav;Pappas, George J.
• 通讯作者: Pappas, George J.

Security Analysis for Distributed IoT-Based Industrial Automation

• DOI: 10.1109/tase.2021.3106335
• 发表时间: 2021-09-02
• 期刊: IEEE TRANSACTIONS ON AUTOMATION SCIENCE AND ENGINEERING
• 影响因子: 5.6
• 作者: Lesi, Vuk;Jakovljevic, Zivana;Pajic, Miroslav
• 通讯作者: Pajic, Miroslav

Operator Strategy Model Development in UAV Hacking Detection

无人机黑客检测中的运营商策略模型开发

• DOI: 10.1109/thms.2018.2888578
• 发表时间: 2019
• 期刊: IEEE Transactions on Human-Machine Systems
• 影响因子: 3.6
• 作者: Zhu, Haibei;Cummings, Mary L.;Elfar, Mahmoud;Wang, Ziyao;Pajic, Miroslav
• 通讯作者: Pajic, Miroslav

Attack-resilient state estimation with intermittent data authentication

具有间歇性数据认证的抗攻击状态估计

• DOI: 10.1016/j.automatica.2021.110035
• 发表时间: 2022
• 期刊: Automatica
• 影响因子: 6.4
• 作者: Khazraei, Amir;Pajic, Miroslav
• 通讯作者: Pajic, Miroslav