Towards secure cyber-physical systems for autonomous vehicles

Cyber-Physical systems have become ubiquitous. These systems integrate different functionalities to satisfy the performance requirements and take advantage of the available processing power of multi-core systems. Safety critical applications such as autonomous vehicles or medical devices rely not only on proving correct functionality of cyber-physical systems as essential certification criteria but they must also satisfy other design constraints such as energy efficiency, low power consumption and reliability. Their need to connect to the internet have created new challenges which means addressing the security vulnerabilities has become as the first-class design concern. In this talk, first a hardware/software co-design approach for two critical tasks, real-time pedestrian and vehicle detections, which are essential in advanced driving assistance systems (ADAS) and autonomous driving systems (ADS) is presented. We use partial dynamic reconfiguration on FPGA for adaptive vehicle detection. In the second part of this talk, a system-level security-aware design approach is presented to avoid or confine the impact of security compromises on the critical components of the cyber-physical systems implemented in multiprocessor systems on chip. Our system-level security approach considers the described system architecture for a specific application and analyzes its security vulnerability based on the specified security rules to generate an impact analysis report. Then, it creates a new system architecture configuration to protect the critical components of the system by providing isolation of tasks without the need to trust a central authority at run-time for heterogeneous multiprocessor system. This approach allows safe use of shared IP with direct memory access, as well as shared libraries by regulating memory accesses and the communications between the system components

Scheduling Real-time HiL Co-simulation of Cyber-Physical Systems on Multi-core Architectures

International audienceWhen designing complex cyber-physical systems, engineers have to integrate numerical models from different modeling environments in order to simulate the whole system and estimate its global performances. Co-simulation refers to such joint simulation of heterogeneous models. If some parts of the system are physically available, it is possible to connect these parts to the co-simulation in a Hardware-in-the-Loop (HiL) approach. In this case, the simulation has to be performed in real-time where models execution consists in periodically reacting to the real (physically available) components and providing periodic output updates. This paper deals with the parallelization and scheduling of real-time Hardware-in-the-Loop co-simulation of numerical models on multi-core architectures. A method for defining real-time constraints that have to be met is proposed. Also, an ILP formulation as well as a heuristic are proposed to solve the problem of scheduling the co-simulation on a multi-core architecture while satisfying the previously defined real-time constraints. The proposed approach is evaluated for different sizes of co-simulations and multi-core processors

Holistic Control for Cyber-Physical Systems

The Industrial Internet of Things (IIoT) are transforming industries through emerging technologies such as wireless networks, edge computing, and machine learning. However, IIoT technologies are not ready for control systems for industrial automation that demands control performance of physical processes, resiliency to both cyber and physical disturbances, and energy efficiency. To meet the challenges of IIoT-driven control, we propose holistic control as a cyber-physical system (CPS) approach to next-generation industrial automation systems. In contrast to traditional industrial automation systems where computing, communication, and control are managed in isolation, holistic control orchestrates the management of cyber platforms (networks and computing platforms) and physical plant control at run-time in an integrated architecture. Specifically, this dissertation research comprises the following primary components. Holistic wireless control: The core of holistic wireless control is a holistic controller comprising a plant controller and a network controller cooperating with each other. At run-time the holistic controller generates (1) control commands to the physical plant and (2) network reconfiguration commands to wireless networks based on both physical and network states. This part of dissertation research focused on the design and evaluation of holistic controllers exploiting a range of network reconfiguration strategies: (1) adapting transmission redundancy, (2) adapting sampling rates, (3) self-triggered control, and (4) dynamic transmission scheduling. Furthermore, we develop novel network reconfiguration protocols (NRP) as actuators to control network configurations in holistic control. Holistic edge control: This part of dissertation research explores edge computing as a multitier computing platform for holistic control. The proposed switching multi-tier control (SMC) dynamically switches controllers located on different computation platforms, thereby exploiting the trade-off between computation and communication in a multi-tier computing platform. We also design the stability switch between local and edge controllers under information loss from another perspective, based on co-design of edge and local controllers that are designed via a joint Lyapunov function. Real-time wireless cyber-physical simulators: To evaluate holistic control, we extend the Wireless Cyber-Physical Simulator (WCPS) to integrate simulated physical plants (in Simulink) with real wireless networks (WCPS-RT) and edge computing platforms (WCPS-EC). The real-time WCPS provides a holistic environment for CPS simulations that incorporate wireless dynamics that are challenging to simulate accurately, explore the impacts and trade-off of computation and communication of multi-tier platforms, and leverage simulation support for controllers and plants

Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems

In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric.Comment: Keywords: Security metrics, industrial control systems, cyber-physical systems, AND-OR graphs, MAX-SAT resolutio

Securing Real-Time Internet-of-Things

Modern embedded and cyber-physical systems are ubiquitous. A large number of critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality requires real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However RT- IoT are also increasingly becoming targets for cyber-attacks which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT- IoT frameworks

Cyber-Virtual Systems: Simulation, Validation & Visualization

We describe our ongoing work and view on simulation, validation and visualization of cyber-physical systems in industrial automation during development, operation and maintenance. System models may represent an existing physical part - for example an existing robot installation - and a software simulated part - for example a possible future extension. We call such systems cyber-virtual systems. In this paper, we present the existing VITELab infrastructure for visualization tasks in industrial automation. The new methodology for simulation and validation motivated in this paper integrates this infrastructure. We are targeting scenarios, where industrial sites which may be in remote locations are modeled and visualized from different sites anywhere in the world. Complementing the visualization work, here, we are also concentrating on software modeling challenges related to cyber-virtual systems and simulation, testing, validation and verification techniques for them. Software models of industrial sites require behavioural models of the components of the industrial sites such as models for tools, robots, workpieces and other machinery as well as communication and sensor facilities. Furthermore, collaboration between sites is an important goal of our work.Comment: Preprint, 9th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE 2014