The increased computational power and connectivity in modern Cyber-Physical Systems (CPS) inevitably introduce more security vulnerabilities. The concern about CPS security is growing especially because a successful attack on safety-critical CPS (e.g., avionics, automobile, smart grid, etc.) can result in the safety of such systems being compromised, leading to disastrous effects, from loss of human life to damages to the environment as well as critical infrastructure. CPS poses unique security challenges due to its stringent design and implementation requirements. This dissertation explores the structural differences of CPS compared to the general-purpose systems and utilizes the intrinsic characteristics of CPS as an asymmetric advantage to thwart and detect security attacks to safety-critical CPS. The dissertation presents analytic techniques and system design principles to enhance the security and dependability of CPS, with particular focus on (a) modeling and reasoning about the logical and physical behaviors of CPS and (b) architectural and operating-system supports for trusted, efficient run-time monitoring as well as attack-resiliency
