Reconfigurable Real-Time Middleware for Distributed Cyber-Physical Systems with Aperiodic Events

Different distributed cyber-physical systems must handle aperiodic and periodic events with diverse requirements. While existing real-time middleware such as Real-Time CORBA has shown promise as a platform for distributed systems with time constraints, it lacks flexible configuration mechanisms needed to manage end-to-end timing easily for a wide range of different cyber-physical systems with both aperiodic and periodic events. The primary contribution of this work is the design, implementation and performance evaluation of the first configurable component middleware services for admission control and load balancing of aperiodic and periodic event handling in distributed cyber-physical systems. Empirical results demonstrate the need for, and the effectiveness of, our configurable component middleware approach in supporting different applications with aperiodic and periodic events, and providing a flexible software platform for distributed cyber-physical systems with end-to-end timing constraints

On the assessment of cyber risks and attack surfaces in a real-time co-simulation cybersecurity testbed for inverter-based microgrids

The integration of variable distributed generations (DGs) and loads in microgrids (MGs) has made the reliance on communication systems inevitable for information exchange in both control and protection architectures to enhance the overall system reliability, resiliency and sustainability. This communication backbone in turn also exposes MGs to potential malicious cyber attacks. To study these vulnerabilities and impacts of various cyber attacks, testbeds play a crucial role in managing their complexity. This research work presents a detailed study of the development of a real-time co-simulation testbed for inverter-based MGs. It consists of a OP5700 real-time simulator, which is used to emulate both the physical and cyber layer of an AC MG in real time through HYPERSIM software; and SEL-3530 Real-Time Automation Controller (RTAC) hardware configured with ACSELERATOR RTAC SEL-5033 software. A human–machine interface (HMI) is used for local/remote monitoring and control. The creation and management of HMI is carried out in ACSELERATOR Diagram Builder SEL-5035 software. Furthermore, communication protocols such as Modbus, sampled measured values (SMVs), generic object-oriented substation event (GOOSE) and distributed network protocol 3 (DNP3) on an Ethernet-based interface were established, which map the interaction among the corresponding nodes of cyber-physical layers and also synchronizes data transmission between the systems. The testbed not only provides a real-time co-simulation environment for the validation of the control and protection algorithms but also extends to the verification of various detection and mitigation algorithms. Moreover, an attack scenario is also presented to demonstrate the ability of the testbed. Finally, challenges and future research directions are recognized and discussed

Co-design of Security Aware Power System Distribution Architecture as Cyber Physical System

The modern smart grid would involve deep integration between measurement nodes, communication systems, artificial intelligence, power electronics and distributed resources. On one hand, this type of integration can dramatically improve the grid performance and efficiency, but on the other, it can also introduce new types of vulnerabilities to the grid. To obtain the best performance, while minimizing the risk of vulnerabilities, the physical power system must be designed as a security aware system. In this dissertation, an interoperability and communication framework for microgrid control and Cyber Physical system enhancements is designed and implemented taking into account cyber and physical security aspects. The proposed data-centric interoperability layer provides a common data bus and a resilient control network for seamless integration of distributed energy resources. In addition, a synchronized measurement network and advanced metering infrastructure were developed to provide real-time monitoring for active distribution networks. A hybrid hardware/software testbed environment was developed to represent the smart grid as a cyber-physical system through hardware and software in the loop simulation methods. In addition it provides a flexible interface for remote integration and experimentation of attack scenarios. The work in this dissertation utilizes communication technologies to enhance the performance of the DC microgrids and distribution networks by extending the application of the GPS synchronization to the DC Networks. GPS synchronization allows the operation of distributed DC-DC converters as an interleaved converters system. Along with the GPS synchronization, carrier extraction synchronization technique was developed to improve the system’s security and reliability in the case of GPS signal spoofing or jamming. To improve the integration of the microgrid with the utility system, new synchronization and islanding detection algorithms were developed. The developed algorithms overcome the problem of SCADA and PMU based islanding detection methods such as communication failure and frequency stability. In addition, a real-time energy management system with online optimization was developed to manage the energy resources within the microgrid. The security and privacy were also addressed in both the cyber and physical levels. For the physical design, two techniques were developed to address the physical privacy issues by changing the current and electromagnetic signature. For the cyber level, a security mechanism for IEC 61850 GOOSE messages was developed to address the security shortcomings in the standard

Incremental Latency Analysis of Heterogeneous Cyber-Physical Systems

REACTION 2014. 3rd International Workshop on Real-time and Distributed Computing in Emerging Applications. Rome, Italy. December 2nd, 2014.Cyber-Physical Systems, as used in automotive, avionics, or aerospace domains, have critical real-time require-ments. Time-related issues might have important impacts and, as these systems are becoming extremely software-reliant, validate and enforcing timing constraints is becoming difficult. Current techniques are mainly focused on validating these constraints late by using integration tests and tracing the system execution. Such methods are time-consuming and labor-intensive and, discovering timing issue late in the development process might incur significant rework efforts. In this paper, we propose an incremental model-based ap-proach to analyze and validate timing requirements of cyber-physical systems. We first capture the system functions, its related latency requirements and validate the end-to-end latency at a high level. This functional architecture is then refined into an implementation deployed on an execution platform. As system description is evolving, the latency analysis is being refined with more precise values. Such an approach provide latency analysis from a high level specification without having to implement the system, saving potential re-engineering efforts. It also helps engineers to select appropriate execution platform components or change the deployment strategy of system functions to ensure that latency requirements will be met when implementing the system.This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center

Aggregate Farming in the Cloud: The AFarCloud ECSEL project

Farming is facing many economic challenges in terms of productivity and cost-effectiveness. Labor shortage partly due to depopulation of rural areas, especially in Europe, is another challenge. Domain specific problems such as accurate monitoring of soil and crop properties and animal health are key factors for minimizing economical risks, and not risking human health. The ECSEL AFarCloud (Aggregate Farming in the Cloud) project will provide a distributed platform for autonomous farming that will allow the integration and cooperation of agriculture Cyber Physical Systems in real-time in order to increase efficiency, productivity, animal health, food quality and reduce farm labor costs. Moreover, such a platform can be integrated with farm management software to support monitoring and decision-making solutions based on big data and real-time data mining techniques.publishedVersio

Physical layer authentication using ensemble learning technique in wireless communications

Cyber-physical wireless systems have surfaced as an important data communication and networking research area. It is an emerging discipline that allows effective monitoring and efficient real-time communication between the cyber and physical worlds by embedding computer software and integrating communication and networking technologies. Due to their high reliability, sensitivity and connectivity, their security requirements are more comparable to the Internet as they are prone to various security threats such as eavesdropping, spoofing, botnets, man-in-the-middle attack, denial of service (DoS) and distributed denial of service (DDoS) and impersonation. Existing methods use physical layer authentication (PLA), the most promising solution to detect cyber-attacks. Still, the cyber-physical systems (CPS) have relatively large computational requirements and require more communication resources, thus making it impossible to achieve a low latency target. These methods perform well but only in stationary scenarios. We have extracted the relevant features from the channel matrices using discrete wavelet transformation to improve the computational time required for data processing by considering mobile scenarios. The features are fed to ensemble learning algorithms, such as AdaBoost, LogitBoost and Gentle Boost, to classify data. The authentication of the received signal is considered a binary classification problem. The transmitted data is labeled as legitimate information, and spoofing data is illegitimate information. Therefore, this paper proposes a threshold-free PLA approach that uses machine learning algorithms to protect critical data from spoofing attacks. It detects the malicious data packets in stationary scenarios and detects them with high accuracy when receivers are mobile. The proposed model achieves better performance than the existing approaches in terms of accuracy and computational time by decreasing the processing time

Hardware-in-the-Loop CPS Security Architecture for DER Monitoring and Control Applications

Deeper penetration of interoperable cyber-physical distributed energy resources (DER) and their utility-wide remote monitoring and control drastically increases cybersecurity attack surface. Utilities require to adopt the DER interconnection and communication standards to a range of autonomous, advanced and curve-based grid-support functions to securely monitor and control DER devices for ensuring power quality, voltage, and system frequency. In this paper, we present DER monitoring and control (DERMC) cyber-physical system (CPS) architecture including standard communication protocols such as IEEE 2030.5 [1] and discuss various stealthy cyber attack vectors that affect communications and operations of DER. We propose a hardware-in-the-loop (HIL) CPS security architecture and testbed design with industry-grade software and hardware systems and a real-time digital simulator for high-fidelity grid impact characteristic analysis against cyber attack vectors. We use the testbed to demonstrate impact characteristics for modified IEEE 13 bus system including 11 solar photovoltaic units. The experiments demonstrated significant results by 100% real-time performance and zero overruns

CHERI Macaroons: Efficient, host-based access control for cyber-physical systems

Cyber-Physical Systems (CPS) often rely on network boundary defence as a primary means of access control; therefore, the compromise of one device threatens the security of all devices within the boundary. Resource and real-time constraints, tight hardware/software coupling, and decades-long service lifetimes complicate efforts for more robust, host-based access control mechanisms. Distributed capability systems provide opportunities for restoring access control to resource-owning devices; however, such a protection model requires a capability-based architecture for CPS devices as well as task compartmentalisation to be effective. This paper demonstrates hardware enforcement of network bearer tokens using an efficient translation between CHERI (Capability Hardware Enhanced RISC Instructions) architectural capabilities and Macaroon network tokens. While this method appears to generalise to any network-based access control problem, we specifically consider CPS, as our method is well-suited for controlling resources in the physical domain. We demonstrate the method in a distributed robotics application and in a hierarchical industrial control application, and discuss our plans to evaluate and extend the method.Gates Cambridge Scholarshi