Security and Fault Tolerance of Cyber-Physical Systems

信息物理系统的安全与容错

• 批准号: RGPIN-2015-04273
• 负责人: Kwong, Raymond
• 金额: $ 1.6万
• 依托单位: University of Toronto
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2019
• 资助国家: 加拿大
• 起止时间: 2019-01-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=678874
• 关键词: Security; Fault; Tolerance; Cyber; Physical

Critical infrastructures such as power grids, water supply systems, and traffic networks involve networked control systems with distributed sensors and actuators. We refer to them as cyber-physical systems. One key requirement for such systems is security from malicious attacks, often in the form of cyber-attacks aimed at compromising supervisory control and data acquisition (SCADA) systems. The second key requirement is fault tolerance: the ability of the control system to continue functioning despite component failures. Component failures can occur as a consequence of malicious actions by an attacker, but can also occur as a result of hardware breakdown or unforeseen operating conditions.***Most approaches to combat cyber-attacks focus on prevention through firewalls. With the advent of smart sensors and stealth technologies, preventing access and detecting intrusion are becoming increasingly difficult. There is an urgent need to develop counter-measures that can combat malicious intruders after intrusion has occurred. Traditional approaches to fault-tolerant control design are also inadequate as they often rely on first carrying out accurate fault diagnosis, followed by control reconfiguration. The system may be damaged or irrecoverable while waiting for diagnostic information. ***Our proposed research aims to improve the security and fault-tolerance of control systems central to cyber-physical systems. The two main objectives of our proposed research program are: (1) to develop novel methodology to detect malicious intruders and prevent them from inflicting damage to the control system; and (2) to maintain functionality and safe operation of control systems when components fail. ***The first objective focuses on security at the system level, typically involving SCADA systems describable using discrete event system models. Our methodology will make use of the theory of supervisory control and diagnosis for discrete event systems to perform intrusion detection and to counteract malicious behaviour. The novelty in our formulation is our focus on the control aspects after an intrusion has occurred, on how the feedback loop induces interactions between the actions of the attacker and defender.***The second objective focuses on resilience of the control system at the physical level when actuators and/or sensors fail. The novelty of our approach is that we focus on decentralized fault-tolerant control design which does not depend on accurate diagnostic knowledge. We propose to study fault-tolerant control as an integrated problem of distributed diagnosis and control reconfiguration, exploiting redundancies through coupling, and investigate network effects such as cascading failures. ***Protecting cyber-physical systems is of great national interest. Our proposed research can provide significant improvements on the security and resilience of cyber-physical systems.

电网、供水系统和交通网络等关键基础设施涉及具有分布式传感器和执行器的网络控制系统。我们称之为网络物理系统。此类系统的一个关键要求是免受恶意攻击的安全性，恶意攻击通常以网络攻击的形式出现，目的是破坏监控和数据采集（SCADA）系统。第二个关键要求是容错性：控制系统在组件发生故障时仍能继续工作的能力。组件故障可能是攻击者恶意操作的结果，但也可能是硬件故障或不可预见的操作条件的结果。***大多数对抗网络攻击的方法侧重于通过防火墙进行预防。随着智能传感器和隐身技术的出现，防止访问和检测入侵变得越来越困难。目前迫切需要开发能够在入侵发生后对抗恶意入侵者的对策。传统的容错控制设计方法也不充分，因为它们通常依赖于首先进行准确的故障诊断，然后再进行控制重构。在等待诊断信息的过程中，可能导致系统损坏或无法恢复。我们提出的研究旨在提高网络物理系统中心控制系统的安全性和容错性。我们提出的研究计划的两个主要目标是：(1)开发新的方法来检测恶意入侵者并防止他们对控制系统造成损害；(2)当部件发生故障时，保持控制系统的功能和安全运行。第一个目标侧重于系统级的安全性，通常涉及使用离散事件系统模型描述的SCADA系统。我们的方法将利用离散事件系统的监督控制和诊断理论来执行入侵检测和抵消恶意行为。我们公式的新颖之处在于我们关注入侵发生后的控制方面，关注反馈回路如何诱导攻击者和防御者的行动之间的交互。***第二个目标侧重于当执行器和/或传感器失效时控制系统在物理层的弹性。该方法的新颖之处在于，我们专注于分散的容错控制设计，而不依赖于准确的诊断知识。我们建议将容错控制作为分布式诊断和控制重构的集成问题来研究，通过耦合利用冗余，并研究级联故障等网络效应。***保护网络物理系统事关重大国家利益。我们提出的研究可以为网络物理系统的安全性和弹性提供重大改进。