skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Carving Out Control Code: Automated Identification of Control Software in Autopilot Systems
Cyber-physical systems interact with the world through software controlling physical effectors. Carefully designed controllers, implemented as safety-critical control software, also interact with other parts of the software suite, and may be difficult to separate, verify, or maintain. Moreover, some software changes, not intended to impact control system performance, do change controller response through a variety of means including interaction with external libraries or unmodeled changes only existing in the cyber system (e.g., exception handling). As a result, identifying safety-critical control software, its boundaries with other embedded software in the system, and the way in which control software evolves could help developers isolate, test, and verify control implementation, and improve control software development. In this work we present an automated technique, based on a novel application of machine learning, to detect commits related to control software, its changes, and how the control software evolves. We leverage messages from developers (e.g., commit comments), and code changes themselves to understand how control software is refined, extended, and adapted over time. We examine three distinct, popular, real-world, safety-critical autopilots—ArduPilot, Paparazzi UAV, and LibrePilot to test our method demonstrating an effective detection rate of 0.95 for control-related code changes.  more » « less
Award ID(s):
2514761 2221648
PAR ID:
10596603
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
ACM
Date Published:
Journal Name:
ACM Transactions on Cyber-Physical Systems
Volume:
8
Issue:
4
ISSN:
2378-962X
Page Range / eLocation ID:
1 to 20
Subject(s) / Keyword(s):
control software machine learning autopilot
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; ; ; (, 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019))
    null (Ed.)
    Ensuring the integrity of embedded programmable logic controllers (PLCs) is critical for safe operation of industrial control systems. In particular, a cyber-attack could manipulate control logic running on the PLCs to bring the process of safety-critical application into unsafe states. Unfortunately, PLCs are typically not equipped with hardware support that allows the use of techniques such as remote attestation to verify the integrity of the logic code. In addition, so far remote attestation is not able to verify the integrity of the physical process controlled by the PLC. In this work, we present PAtt, a system that combines remote software attestation with control process validation. PAtt leverages operation permutations—subtle changes in the operation sequences based on integrity measurements—which do not affect the physical process but yield unique traces of sensor readings during execution. By encoding integrity measurements of the PLC’s memory state (software and data) into its control operation, our system allows to remotely verify the integrity of the control logic based on the resulting sensor traces. We implement the proposed system on a real PLC controlling a robot arm, and demonstrate its feasibility. Our implementation enables the detection of attackers that manipulate the PLC logic to change process state and/or report spoofed sensor readings (with an accuracy of 97% against tested attacks). 
    more » « less
  2. ; ; ; ; ; ; ; (, AIChE Journal)
    Abstract This study provides an experimental validation of a multiple‐input multiple‐output (MIMO) model predictive control (MPC) strategy, coupled with dynamic risk modeling, to address two critical aspects of proton exchange membrane water electrolysis (PEMWE) operation: (i) process safety, by mitigating temperature imbalances, and (ii) system performance, through precise hydrogen production control. A cyber‐physical platform was developed for real‐time monitoring, state‐space modeling and validation, risk metrics analysis, control implementation, and visualization. Open‐loop experiments revealed limitations in managing thermal gradients, underscoring the need for feedback operating strategies. The proposed closed‐loop MPC approach achieved precise tracking of hydrogen production while maintaining safety by ensuring temperature stability. Moreover, the dynamic risk metrics show how thermal risk evolves with temperature and offer guidance for decision‐making. These findings demonstrate the effectiveness of MIMO MPC in enhancing the operational safety and efficiency of PEMWE systems, providing a foundation for scalable and sustainable hydrogen production. 
    more » « less
  3. ; ; ; ; ; ; ; (, Proceedings of the 32nd USENIX Conference on Security Symposium)
    With the proliferation of autonomous safety-critical cyber-physical systems (CPS) in our daily life, their security is becoming ever more important. Remote attestation is a powerful mechanism to enable remote verification of system integrity. While recent developments have made it possible to efficiently attest IoT operations, autonomous systems that are built on top of real-time cyber-physical control loops and execute missions independently present new unique challenges. In this paper, we formulate a new security property, Realtime Mission Execution Integrity (RMEI) to provide proof of correct and timely execution of the missions. While it is an attractive property, measuring it can incur prohibitive overhead for the real-time autonomous system. To tackle this challenge, we propose policy-based attestation of compartments to enable a trade-off between the level of details in measurement and runtime overhead. To further minimize the impact on real-time responsiveness, multiple techniques were developed to improve the performance, including customized software instrumentation and timing recovery through re-execution. We implemented a prototype of ARI and evaluated its performance on five CPS platforms. A user study involving 21 developers with different skill sets was conducted to understand the usability of our solution. 
    more » « less
  4. ; ; ; ; (, Transportation Research Record: Journal of the Transportation Research Board)
    null (Ed.)
    Connected vehicle (CV) application developers need a development platform to build, test, and debug real-world CV applications, such as safety, mobility, and environmental applications, in edge-centric cyber-physical system (CPS). The objective of this paper is to develop and evaluate a scalable and secure CV application development platform (CVDeP) that enables application developers to build, test, and debug CV applications in real-time while meeting the functional requirements of any CV applications. The efficacy of the CVDeP was evaluated using two types of CV applications (one safety and one mobility application) and they were validated through field experiments at the South Carolina Connected Vehicle Testbed (SC-CVT). The analyses show that the CVDeP satisfies the functional requirements in relation to latency and throughput of the selected CV applications while maintaining the scalability and security of the platform and applications. 
    more » « less
  5. ; ; (, HoTSoS '18 Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security)
    Cyber-Physical Systems (CPS) have been increasingly subject to cyber-attacks including code injection attacks. Zero day attacks further exasperate the threat landscape by requiring a shift to defense in depth approaches. With the tightly coupled nature of cyber components with the physical domain, these attacks have the potential to cause significant damage if safety-critical applications such as automobiles are compromised. Moving target defense techniques such as instruction set randomization (ISR) have been commonly proposed to address these types of attacks. However, under current implementations an attack can result in system crashing which is unacceptable in CPS. As such, CPS necessitate proper control reconfiguration mechanisms to prevent a loss of availability in system operation. This paper addresses the problem of maintaining system and security properties of a CPS under attack by integrating ISR, detection, and recovery capabilities that ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection attacks and reconfiguring the controller in real-time. The developed framework is demonstrated with an autonomous vehicle case study. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email