CPS: Small: Integrated Reconfigurable Control and Moving Target Defense for Secure Cyber-Physical Systems

CPS：小型：用于安全网络物理系统的集成可重构控制和移动目标防御

• 批准号: 1739328
• 负责人: Xenofon Koutsoukos
• 金额: $ 40万
• 依托单位: Vanderbilt University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-10-01 至 2021-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1739328&HistoricalAwards=false
• 关键词: CPS; Small; Integrated; Reconfigurable; Control

Cyber-physical systems (CPS) are engineered systems created as networks of interacting physical and computational processes. Most modern products in major industrial sectors, such as automotive, avionics, medical devices, and power systems already are or rapidly becoming CPS driven by new requirements and competitive pressures. However, in recent years, a number of successful cyber attacks against CPS targets, some of which have even caused severe physical damage, have demonstrated that security and resilience of CPS is a very critical problem, and that new methods and technologies are required to build dependable systems. Modern automotive vehicles, for example, employ sensors such as laser range finders and cameras, GPS and inertial measurement units, on-board computing, and network connections all of which contribute to vulnerabilities that can be exploited for deploying attacks with possibly catastrophic consequences. Securing such systems requires that potential points of compromise and vehicle-related data are protected. In order to fulfill the great promise of CPS technologies such as autonomous vehicles and realize the potential technological, economic, and societal impact, it is necessary to develop principles and methods that ensure the development of CPS capable of functioning dependably, safely, and securely. In view of these challenges, the project develops an approach for integration of reconfigurable control software design and moving target defense for CPS. The main idea is to improve CPS security by making the attack surface dynamic and unpredictable while ensuring safe behavior and correct functionality of the overall system. The proposed energy-based control design approach generates multiple alternatives of the software application that are robust to performance variability and uncertainty. A runtime environment is designed to implement instruction set randomization, address space randomization, and data space randomization. The heart of the runtime environment is a configuration manager that can modify the software configuration, either proactively or reactively upon detection of attacks, while preserving the functionality and ensuring stable and safe CPS behavior. By changing the control software on-the-fly, the approach creates a cyber moving target and raises significantly the cost for a successful attack without impacting the essential behavior and functionality. Demonstration and experimental evaluation will be performed using a hardware-in-the-loop simulation testbed for automotive CPS.

信息物理系统（CPS）是作为交互物理和计算过程的网络而创建的工程系统。在新的需求和竞争压力的推动下，汽车、航空电子、医疗设备和电力系统等主要工业领域的大多数现代产品已经或正在迅速成为CPS。然而，近年来，针对CPS目标的一些成功的网络攻击，其中一些甚至造成了严重的物理损坏，这表明CPS的安全性和弹性是一个非常关键的问题，需要新的方法和技术来构建可靠的系统。例如，现代汽车采用传感器，如激光测距仪和相机、GPS和惯性测量单元、车载计算和网络连接，所有这些都有助于利用漏洞部署可能造成灾难性后果的攻击。保护这些系统需要保护潜在的危害点和车辆相关数据。为了实现CPS技术（如自动驾驶汽车）的巨大前景，并实现潜在的技术，经济和社会影响，有必要制定原则和方法，确保CPS能够可靠，安全和可靠地运行。针对这些挑战，本计画提出一种整合可重构控制软体设计与移动目标防御的方法。其主要思想是通过使攻击面动态和不可预测来提高CPS安全性，同时确保整个系统的安全行为和正确功能。所提出的基于能量的控制设计方法产生多个备选方案的软件应用程序，是强大的性能变化和不确定性。 运行时环境被设计为实现指令集随机化、地址空间随机化和数据空间随机化。运行时环境的核心是一个配置管理器，它可以在检测到攻击时主动或被动地修改软件配置，同时保留功能并确保稳定和安全的CPS行为。通过动态更改控制软件，该方法创建了一个网络移动目标，并在不影响基本行为和功能的情况下显著提高了成功攻击的成本。将使用汽车CPS的硬件在环仿真试验台进行演示和实验评估。

项目成果

Inductive Conformal Out-of-distribution Detection based on Adversarial Autoencoders

• DOI: 10.1109/coins51742.2021.9524167
• 发表时间: 2021-08
• 期刊: 2021 IEEE International Conference on Omni-Layer Intelligent Systems (COINS)
• 作者: Feiyang Cai;A. Ozdagli;Nicholas Potteiger;X. Koutsoukos

Leveraging EM Side-Channel Information to Detect Rowhammer Attacks

• DOI: 10.1109/sp40000.2020.00060
• 发表时间: 2020-05
• 期刊: 2020 IEEE Symposium on Security and Privacy (SP)
• 作者: Zhenkai Zhang;Zihao Zhan;D. Balasubramanian;B. Li;P. Völgyesi;X. Koutsoukos

A model-based design approach for simulation and virtual prototyping of automotive control systems using port-Hamiltonian systems

使用端口哈密尔顿系统进行汽车控制系统仿真和虚拟原型设计的基于模型的设计方法

• DOI: 10.1007/s10270-017-0646-1
• 发表时间: 2019
• 期刊: Software & Systems Modeling
• 影响因子: 2
• 作者: Dai, Siyuan;Zhang, Zhenkai;Koutsoukos, Xenofon
• 通讯作者: Koutsoukos, Xenofon

Integrated data space randomization and control reconfiguration for securing cyber-physical systems

用于保护网络物理系统的集成数据空间随机化和控制重新配置

• DOI: 10.1145/3314058.3314064
• 发表时间: 2019
• 期刊: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security (HotSoS '19
• 作者: Potteiger, Bradley;Zhang, Zhenkai;Koutsoukos, Xenofon
• 通讯作者: Koutsoukos, Xenofon

Triggering Rowhammer Hardware Faults on ARM: A Revisit

在 ARM 上触发 Rowhammer 硬件故障：重温

• DOI: 10.1145/3266444.3266454
• 发表时间: 2018
• 期刊: ASHES '18 Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security
• 作者: Zhang, Zhenkai;Zhan, Zihao;Balasubramanian, Daniel;Koutsoukos, Xenofon;Karsai, Gabor
• 通讯作者: Karsai, Gabor