skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 10:00 PM ET on Friday, February 6 until 10:00 AM ET on Saturday, February 7 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Invited Paper: Smart Autonomous Cyber-Physical Systems
Cyber-Physical Systems (CPS) integrate computing, networking, and physical processes, making them critical in applications such as smart homes, industrial control systems, autonomous vehicles, smart grids, and medical devices. Ensuring CPS security is essential, as vulnerabilities can have serious consequences. CPS share key security requirements with traditional IT systems-confidentiality, integrity, and availability-but also introduce additional challenges due to real-time constraints, interactions with physical processes, and safety considerations. Standard security practices include secure design principles, redundancy, continuous monitoring, resilient control algorithms, and rigorous verification and validation procedures. However, security techniques must be tailored to specific CPS domains. Some of the requirements may interact with each other, e.g., adding security mechanisms violating timely responses, or lack of security measures impacting safety. The complexity of securing CPS is further heightened by the integration of artificial intelligence (AI), which enables greater system autonomy in tasks like energy optimization and security monitoring. In this paper, we present results from two previous projects that focused on smart IoT systems and avionic systems, respectively. In both cases, arriving at solutions that combine many requirements is at the heart of the methodology. Based on this past work, we discuss open research directions.  more » « less
Award ID(s):
2229876
PAR ID:
10663420
Author(s) / Creator(s):
;
Publisher / Repository:
ACM
Date Published:
Page Range / eLocation ID:
3 to 12
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, IEEE Consumer Electronics Magazine)
    The smart city landscape is rife with opportunities for mobility and economic optimization, but also presents many security concerns spanning the range of components and systems in the smart ecosystem. One key enabler for this ecosystem is smart transportation and transit, which is foundationally built upon connected vehicles. Ensuring vehicular security, while necessary to guarantee passenger and pedestrian safety, is itself challenging due to the broad attack surfaces of modern automotive systems. A single car contains dozens to hundreds of small embedded computing devices known as electronic control units (ECUs) executing 100s of millions of lines of code; the inherent complexity of this tightly-integrated cyber-physical system (CPS) is one of the key problems that frustrates effective security. We describe an approach to help reduce the complexity of security analyses by leveraging unsupervised machine learning to learn clusters of messages passed between ECUs that correlate with changes in the CPS state of a vehicle as it moves through the world. Our approach can help to improve the security of vehicles in a smart city, and can leverage smart city infrastructure to further enrich and refine the quality of the machine learning output. 
    more » « less
  2. ; ; ; ; (, Proceedings of the 33rd USENIX Conference on Security Symposium)
    With the proliferation of safety-critical real-time systems in our daily life, it is imperative that their security is protected to guarantee their functionalities. To this end, one of the most powerful modern security primitives is the enforcement of data flow integrity. However, the run-time overhead can be prohibitive for real-time cyber-physical systems. On the other hand, due to strong safety requirements on such real-time cyber-physical systems, platforms are often designed with enough reservation such that the system remains real-time even if it is experiencing the worst-case execution time. We conducted a measurement study on eight popular CPS systems and found the worst-case execution time is often at least five times the average run time. In this paper, we propose opportunistic data flow integrity, OP-DFI, that takes advantage of the system reservation to enforce data flow integrity to the CPS software. To avoid impacting the real-time property, OP-DFI tackles the challenge of slack estimation and run-time policy swapping to take advantage of the extra time in the system opportunistically. To ensure the security protection remains coherent, OP-DFI leverages in-line reference monitors and hardware-assisted features to perform dynamic fine-grained sandboxing. We evaluated OP-DFI on eight real-time CPS. With a worst-case execution time overhead of 2.7%, OP-DFI effectively performs DFI checking on 95.5% of all memory operations and 99.3% of safety-critical control-related memory operations on average. 
    more » « less
  3. ; ; ; ; ; (, Euromicro Conference on Software Engineering and Advanced Applications)
    Unmanned aerial vehicles (UAVs) are becoming increasingly pervasive in everyday life, supporting diverse use cases such as aerial photography, delivery of goods, or disaster reconnaissance and management. UAVs are cyber-physical systems (CPS): they integrate computation (embedded software and control systems) with physical components (the UAVs flying in the physical world). UAVs in particular and CPS in general require monitoring capabilities to detect and possibly mitigate erroneous and safety-critical behavior at runtime. Existing monitoring approaches mostly do not adequately address UAV CPS characteristics such as the high number of dynamically instantiated components, the tight integration of elements, and the massive amounts of data that need to be processed. In this paper we report results of a case study on monitoring in UAVs. We discuss CPS-specific monitoring challenges and present a prototype we implemented by extending REMINDS, a framework for software monitoring so far mainly used in the domain of metallurgical plants. Additionally, we demonstrate the applicability and scalability of our approach by monitoring a real control and management system for UAVs in simulations with up to 30 drones flying in an urban area. 
    more » « less
  4. ; ; ; (, IEEE RE'24 Workshop on Environment-Driven Requirements Engineering)
    Cyber-Physical Systems (CPS) interact closely with their surroundings. They are directly impacted by their physical and operational environment, adjacent systems, user interactions, regulatory codes, and the underlying development process. Both the requirements and design are highly dependent upon assumptions made about the surrounding world, and therefore environmental assumptions must be carefully documented, and their correctness validated as part of the iterative requirements and design process. Prior work exploring environmental assumptions has focused on projects adopting formal methods or building safety assurance cases. However, we emphasize the important role of environmental assumptions in a less formal software development process, characterized by natural language requirements, iterative design, and robust testing, where formal methods are either absent or used for only parts of the specification. In this paper, we present a preliminary case study for dynamically computing the safe minimum separation distance between two small Uncrewed Aerial Systems based on drone characteristics and environmental conditions. In contrast to prior community case studies, such as the mine pump problem, patient monitoring system, and train control system, we provide several concrete examples of environmental assumptions, and then show how they are iteratively validated at various stages of the requirements and design process, using a combination of simulations, field-collected data, and runtime monitoring. 
    more » « less
  5. ; ; ; (, SPIE Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications)
    Recent technological advances provide the opportunities to bridge the physical world with cyber-space that leads to complex and multi-domain cyber physical systems (CPS) where physical systems are monitored and controlled using numerous smart sensors and cyber space to respond in real-time based on their operating environment. However, the rapid adoption of smart, adaptive and remotely accessible connected devices in CPS makes the cyberspace more complex and diverse as well as more vulnerable to multitude of cyber-attacks and adversaries. In this paper, we aim to design, develop and evaluate a distributed machine learning algorithm for adversarial resiliency where developed algorithm is expected to provide security in adversarial environment for critical mobile CPS. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email