A virtual actuator approach for the secure control of networked LPV systems under pulse-width modulated DoS attacks

In this paper, we formulate and analyze the problem of secure control in the context of networked linear parameter varying (LPV) systems. We consider an energy-constrained, pulse-width modulated (PWM) jammer, which corrupts the control communication channel by performing a denial-of-service (DoS) attack. In particular, the malicious attacker is able to erase the data sent to one or more actuators. In order to achieve secure control, we propose a virtual actuator technique under the assumption that the behavior of the attacker has been identified. The main advantage brought by this technique is that the existing components in the control system can be maintained without need of retuning them, since the virtual actuator will perform a reconfiguration of the plant, hiding the attack from the controller point of view. Using Lyapunov-based results that take into account the possible behavior of the attacker, design conditions for calculating the virtual actuators gains are obtained. A numerical example is used to illustrate the proposed secure control strategy.Peer ReviewedPostprint (author's final draft

Constraining Attacker Capabilities Through Actuator Saturation

For LTI control systems, we provide mathematical tools - in terms of Linear Matrix Inequalities - for computing outer ellipsoidal bounds on the reachable sets that attacks can induce in the system when they are subject to the physical limits of the actuators. Next, for a given set of dangerous states, states that (if reached) compromise the integrity or safe operation of the system, we provide tools for designing new artificial limits on the actuators (smaller than their physical bounds) such that the new ellipsoidal bounds (and thus the new reachable sets) are as large as possible (in terms of volume) while guaranteeing that the dangerous states are not reachable. This guarantees that the new bounds cut as little as possible from the original reachable set to minimize the loss of system performance. Computer simulations using a platoon of vehicles are presented to illustrate the performance of our tools

Analysis and Design of Secure Sampled-Data Control Subject to Denial-of-Service Attacks

This study addresses the issue of secure control design for cyber-physical systems (CPS) against denial of service (DoS) attacks. We take into account a continuous-time linear system with a convex quadratic performance measure and a sampled linear state feedback control. DoS attacks impose constraints on the CPS, where packets may be jammed between the sensor and controller by a malicious entity, potentially resulting in system instability and performance degradation. We assume that the attacker can perform DoS attacks with a limited time and frequency due to energy restrictions. We devise an efficient procedure using the linear matrix inequality approach to compute an upper bound on the performance degradation brought on by the DoS attack. We also propose a redesign of the controller to minimize this performance degradation. Finally, a simulation example illustrates the computation of the performance degradation under a bounded DoS attack and the design of a secure controller. Simulation results show that the designed controller effectively keeps the feedback loop’s performance and stability under attack

Information fusion architectures for security and resource management in cyber physical systems

Data acquisition through sensors is very crucial in determining the operability of the observed physical entity. Cyber Physical Systems (CPSs) are an example of distributed systems where sensors embedded into the physical system are used in sensing and data acquisition. CPSs are a collaboration between the physical and the computational cyber components. The control decisions sent back to the actuators on the physical components from the computational cyber components closes the feedback loop of the CPS. Since, this feedback is solely based on the data collected through the embedded sensors, information acquisition from the data plays an extremely vital role in determining the operational stability of the CPS. Data collection process may be hindered by disturbances such as system faults, noise and security attacks. Hence, simple data acquisition techniques will not suffice as accurate system representation cannot be obtained. Therefore, more powerful methods of inferring information from collected data such as Information Fusion have to be used. Information fusion is analogous to the cognitive process used by humans to integrate data continuously from their senses to make inferences about their environment. Data from the sensors is combined using techniques drawn from several disciplines such as Adaptive Filtering, Machine Learning and Pattern Recognition. Decisions made from such combination of data form the crux of information fusion and differentiates it from a flat structured data aggregation. In this dissertation, multi-layered information fusion models are used to develop automated decision making architectures to service security and resource management requirements in Cyber Physical Systems --Abstract, page iv

Event-triggered control of cyber-physical systems under asynchronous denial of service attacks

summary:This paper addresses event-triggered control cyber-physical systems under asynchronous denial of service attacks. First, a general attack model is given, which allows us to conveniently model the asynchronous denial of service attacks within measurement and control channels in a unified framework. Then, under a delicate event triggered communication mechanism, a refined switching control mechanism is proposed to account for various attack intervals and non-attack intervals. Furthermore, sufficient conditions are derived for guaranteing the input to state stability (ISS) of the resulting closed-loop system. Finally, a simulation example of unmanned ground vehicle (UGV) is given to demonstrate the validity of the proposed main results

Event-based security control for discrete-time stochastic systems

This study is concerned with the event-based security control problem for a class of discrete-time stochastic systems with multiplicative noises subject to both randomly occurring denial-of-service (DoS) attacks and randomly occurring deception attacks. An event-triggered mechanism is adopted with hope to reduce the communication burden, where the measurement signal is transmitted only when a certain triggering condition is violated. A novel attack model is proposed to reflect the randomly occurring behaviours of the DoS attacks as well as the deception attacks within a unified framework via two sets of Bernoulli distributed white sequences with known conditional probabilities. A new concept of mean-square security domain is put forward to quantify the security degree. The authors aim to design an output feedback controller such that the closed-loop system achieves the desired security. By using the stochastic analysis techniques, some sufficient conditions are established to guarantee the desired security requirement and the control gain is obtained by solving some linear matrix inequalities with nonlinear constraints. A simulation example is utilised to illustrate the usefulness of the proposed controller design scheme.This work was supported in part by Royal Society of the UK, the National Natural Science Foundation of China under Grants 61329301, 61573246 and 61374039, the Shanghai Rising-Star Programme of China under Grant 16QA1403000, the Program for Capability Construction of Shanghai Provincial Universities under Grant 15550502500 and the Alexander von Humboldt Foundation of Germany

Foundations of Infrastructure CPS

Infrastructures have been around as long as urban centers, supporting a society’s needs for its planning, operation, and safety. As we move deeper into the 21st century, these infrastructures are becoming smart – they monitor themselves, communicate, and most importantly self-govern, which we denote as Infrastructure CPS. Cyber-physical systems are now becoming increasingly prevalent and possibly even mainstream. With the basics of CPS in place, such as stability, robustness, and reliability properties at a systems level, and hybrid, switched, and eventtriggered properties at a network level, we believe that the time is right to go to the next step, Infrastructure CPS, which forms the focus of the proposed tutorial. We discuss three different foundations, (i) Human Empowerment, (ii) Transactive Control, and (iii) Resilience. This will be followed by two examples, one on the nexus between power and communication infrastructure, and the other between natural gas and electricity, both of which have been investigated extensively of late, and are emerging to be apt illustrations of Infrastructure CPS