A Colonel Blotto Game for Interdependence-Aware Cyber-Physical Systems Security in Smart Cities

Smart cities must integrate a number of interdependent cyber-physical systems that operate in a coordinated manner to improve the well-being of the city's residents. A cyber-physical system (CPS) is a system of computational elements controlling physical entities. Large-scale CPSs are more vulnerable to attacks due to the cyber-physical interdependencies that can lead to cascading failures which can have a significant detrimental effect on a city. In this paper, a novel approach is proposed for analyzing the problem of allocating security resources, such as firewalls and anti-malware, over the various cyber components of an interdependent CPS to protect the system against imminent attacks. The problem is formulated as a Colonel Blotto game in which the attacker seeks to allocate its resources to compromise the CPS, while the defender chooses how to distribute its resources to defend against potential attacks. To evaluate the effects of defense and attack, various CPS factors are considered including human-CPS interactions as well as physical and topological characteristics of a CPS such as flow and capacity of interconnections and minimum path algorithms. Results show that, for the case in which the attacker is not aware of the CPS interdependencies, the defender can have a higher payoff, compared to the case in which the attacker has complete information. The results also show that, in the case of more symmetric nodes, due to interdependencies, the defender achieves its highest payoff at the equilibrium compared to the case with independent, asymmetric nodes

Game Theory for Secure Critical Interdependent Gas-Power-Water Infrastructure

A city's critical infrastructure such as gas, water, and power systems, are largely interdependent since they share energy, computing, and communication resources. This, in turn, makes it challenging to endow them with fool-proof security solutions. In this paper, a unified model for interdependent gas-power-water infrastructure is presented and the security of this model is studied using a novel game-theoretic framework. In particular, a zero-sum noncooperative game is formulated between a malicious attacker who seeks to simultaneously alter the states of the gas-power-water critical infrastructure to increase the power generation cost and a defender who allocates communication resources over its attack detection filters in local areas to monitor the infrastructure. At the mixed strategy Nash equilibrium of this game, numerical results show that the expected power generation cost deviation is 35\% lower than the one resulting from an equal allocation of resources over the local filters. The results also show that, at equilibrium, the interdependence of the power system on the natural gas and water systems can motivate the attacker to target the states of the water and natural gas systems to change the operational states of the power grid. Conversely, the defender allocates a portion of its resources to the water and natural gas states of the interdependent system to protect the grid from state deviations.Comment: 7 pages, in proceedings of Resilience Week 201

Cyber-Physical Security and Safety of Autonomous Connected Vehicles : Optimal Control Meets Multi-Armed Bandit Learning

AbstractAutonomous connected vehicles (ACVs) rely on intra-vehicle sensors such as camera and radar as well as inter-vehicle communication to operate effectively which exposes them to cyber and physical attacks in which an adversary can manipulate sensor readings and physically control the ACVs. In this paper, a comprehensive control and learning framework is proposed to thwart cyber and physical attacks on ACV networks. First, an optimal safe controller for ACVs is derived to maximize the street traffic flow while minimizing the risk of accidents by optimizing the ACV speed and inter-ACV spacing. It is proven that the proposed controller is robust to physical attacks which aim at making ACV systems unstable. Next, two data injection attack (DIA) detection approaches are proposed to address cyber attacks on sensors and their physical impact on the ACV system. The proposed approaches rely on leveraging the stochastic behavior of the sensor readings and on the use of a multi-armed bandit (MAB) algorithm. It is shown that, collectively, the proposed DIA detection approaches minimize the vulnerability of ACV sensors against cyber attacks while maximizing the ACV system’s physical robustness. Simulation results show that the proposed optimal safe controller outperforms the current state of the art controllers by maximizing the robustness of ACVs to physical attacks. The results also show that the proposed DIA detection approaches, compared to Kalman filtering, can improve the security of ACV sensors against cyber attacks and ultimately improve the physical robustness of an ACV system.Abstract Autonomous connected vehicles (ACVs) rely on intra-vehicle sensors such as camera and radar as well as inter-vehicle communication to operate effectively which exposes them to cyber and physical attacks in which an adversary can manipulate sensor readings and physically control the ACVs. In this paper, a comprehensive control and learning framework is proposed to thwart cyber and physical attacks on ACV networks. First, an optimal safe controller for ACVs is derived to maximize the street traffic flow while minimizing the risk of accidents by optimizing the ACV speed and inter-ACV spacing. It is proven that the proposed controller is robust to physical attacks which aim at making ACV systems unstable. Next, two data injection attack (DIA) detection approaches are proposed to address cyber attacks on sensors and their physical impact on the ACV system. The proposed approaches rely on leveraging the stochastic behavior of the sensor readings and on the use of a multi-armed bandit (MAB) algorithm. It is shown that, collectively, the proposed DIA detection approaches minimize the vulnerability of ACV sensors against cyber attacks while maximizing the ACV system’s physical robustness. Simulation results show that the proposed optimal safe controller outperforms the current state of the art controllers by maximizing the robustness of ACVs to physical attacks. The results also show that the proposed DIA detection approaches, compared to Kalman filtering, can improve the security of ACV sensors against cyber attacks and ultimately improve the physical robustness of an ACV system

Validating AI-Generated Code with Live Programming

AI-powered programming assistants are increasingly gaining popularity, with GitHub Copilot alone used by over a million developers worldwide. These tools are far from perfect, however, producing code suggestions that may be incorrect in subtle ways. As a result, developers face a new challenge: validating AI's suggestions. This paper explores whether Live Programming (LP), a continuous display of a program's runtime values, can help address this challenge. To answer this question, we built a Python editor that combines an AI-powered programming assistant with an existing LP environment. Using this environment in a between-subjects study (N=17), we found that by lowering the cost of validation by execution, LP can mitigate over- and under-reliance on AI-generated programs and reduce the cognitive load of validation for certain types of tasks.Comment: 8 pages, 4 figure

Effect of boundary vibration on the frictional behavior of a dense sheared granular layer

We report results of 3D discrete element method simulations aiming at investigating the role of the boundary vibration in inducing frictional weakening in sheared granular layers. We study the role of different vibration amplitudes applied at various shear stress levels, for a granular layer in the stick-slip regime and in the steady-sliding regime. Results are reported in terms of friction drops and kinetic energy release associated with frictional weakening events. We find that a larger vibration amplitude induces larger frictional weakening events. The results show evidence of a threshold below which no induced frictional weakening takes place. Friction drop size is found to be dependent on the shear stress at the time of vibration. A significant increase in the ratio between the number of slipping contacts to the number of sticking contacts in the granular layer is observed for large vibration amplitudes. These vibration-induced contact rearrangements enhance particle mobilization and induce a friction drop and kinetic energy release. This observation provides some insight into the grain-scale mechanisms of frictional weakening by boundary vibration in a dense sheared granular layer. In addition to characterizing the basic physics of vibration-induced shear weakening, we are attempting to understand how a fault fails in the earth under seismic wave forcing. This is the well-known phenomenon of dynamic earthquake triggering. We believe that the granular physics are key to this understanding