ACM Transactions on Cyber-Physical Systems最新文献

{"title":"A Comprehensive Threat Modelling Analysis for Distributed Energy Resources","authors":"Neel Bhaskar, Jawad Ahmed, Rahat Masood, Nadeem Ahmed, Stephen Kerr, Sanjay K. Jha","doi":"10.1145/3678260","DOIUrl":"https://doi.org/10.1145/3678260","url":null,"abstract":"The exponential rise in popularity of Distributed Energy Resources (DERs) is attributed to their numerous benefits within the power sector. However, the risks that new DERs pose to the power grid have not yet been closely assessed, exposing a gap in the literature. This paper addresses this gap by presenting a comprehensive threat model of the DER architecture, combining the MITRE ATT&CK catalogue for Industrial Control Systems (ICS), and the IDDIL/ATC threat model, to create a hybrid approach. Our first contribution is to propose criteria derived from seven metrics to evaluate and compare the efficacy and usability of threat modelling frameworks for DER systems, allowing more informed framework selection. Our second contribution is to develop a comprehensive hybrid threat modelling approach based on IDDIL/ATC and MITRE ATT&CK and organise attack paths chronologically using the Cyber Kill Chain methodology to categorise attacker techniques. Our third contribution is to perform a comprehensive DER architecture system decomposition, elaborating assets, trust levels, entry points, data, protocols, and entity relations to identify the threat landscape. Our final contribution is to apply the proposed approach to the Distribution System Operator (DSO), mapping potential attacker techniques and illustrating a ransomware attack chain on the DSO’s Energy Management System, with proposed mitigations.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141829680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Carving out Control Code: Automated Identification of Control Software in Autopilot Systems","authors":"Balaji Balasubramaniam, Iftekhar Ahmed, Hamid Bagheri, Justin Bradley","doi":"10.1145/3678259","DOIUrl":"https://doi.org/10.1145/3678259","url":null,"abstract":"Cyber-physical systems interact with the world through software controlling physical effectors. Carefully designed controllers, implemented as safety-critical control software, also interact with other parts of the software suite, and may be difficult to separate, verify, or maintain. Moreover, some software changes, not intended to impact control system performance, do change controller response through a variety of means including interaction with external libraries or unmodeled changes only existing in the cyber system (e.g., exception handling). As a result, identifying safety-critical control software, its boundaries with other embedded software in the system, and the way in which control software evolves could help developers isolate, test, and verify control implementation, and improve control software development. In this work we present an automated technique, based on a novel application of machine learning, to detect commits related to control software, its changes, and how the control software evolves. We leverage messages from developers (e.g., commit comments), and code changes themselves to understand how control software is refined, extended, and adapted over time. We examine three distinct, popular, real-world, safety-critical autopilots – ArduPilot, Paparazzi UAV, and LibrePilot to test our method demonstrating an effective detection rate of 0.95 for control-related code changes.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141830558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cooperative Driving of Connected Autonomous Vehicles using Responsibility Sensitive Safety Rules: A Control Barrier Functions Approach","authors":"M. Khayatian, Mohammadreza Mehrabian, I-Ching Tseng, Chung-Wei Lin, Calin Belta, Aviral Shrivastava","doi":"10.1145/3648004","DOIUrl":"https://doi.org/10.1145/3648004","url":null,"abstract":"Connected Autonomous Vehicles (CAVs) are expected to enable reliable, efficient, and intelligent transportation systems. Most motion planning algorithms for multi-agent systems implicitly assume that all vehicles/agents will execute the expected plan with a small error and evaluate their safety constraints based on this fact. This assumption, however, is hard to keep for CAVs since they may have to change their plan (e.g., to yield to another vehicle) or are forced to stop (e.g., A CAV may break down). While it is desired that a CAV never gets involved in an accident, it may be hit by other vehicles and sometimes, preventing the accident is impossible (e.g., getting hit from behind while waiting behind the red light). Responsibility-Sensitive Safety (RSS) is a set of safety rules that defines the objective of CAV to blame, instead of safety. Thus, instead of developing a CAV algorithm that will avoid any accident, it ensures that the ego vehicle will not be blamed for any accident it is a part of. Original RSS rules, however, are hard to evaluate for merge, intersection, and unstructured road scenarios, plus RSS rules do not prevent deadlock situations among vehicles. In this paper, we propose a new formulation for RSS rules that can be applied to any driving scenario. We integrate the proposed RSS rules with the CAV’s motion planning algorithm to enable cooperative driving of CAVs. We use Control Barrier Functions to enforce safety constraints and compute the energy optimal trajectory for the ego CAV. Finally, to ensure liveness, our approach detects and resolves deadlocks in a decentralized manner. We have conducted different experiments to verify that the ego CAV does not cause an accident no matter when other CAVs slow down or stop. We also showcase our deadlock detection and resolution mechanism using our simulator. Finally, we compare the average velocity and fuel consumption of vehicles when they drive autonomously with the case that they are autonomous and connected.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2024-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140689135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Human-Centered Power Conservation Framework based on Reverse Auction Theory and Machine Learning","authors":"Enrico Casella, Simone Silvestri, D. A. Baker, Sajal K. Das","doi":"10.1145/3656348","DOIUrl":"https://doi.org/10.1145/3656348","url":null,"abstract":"\u0000 Extreme outside temperatures resulting from heat waves, winter storms, and similar weather-related events trigger the Heating Ventilation and Air Conditioning (HVAC) systems, resulting in challenging, and potentially catastrophic, peak loads. As a consequence, such extreme outside temperatures put a strain on power grids and may thus lead to blackouts. In order to avoid the financial and personal repercussions of peak loads, demand response and power conservation represent promising solutions. Despite numerous efforts, it has been shown that the current state-of-the-art fails to consider: i) the complexity of human behavior when interacting with power conservation systems; and ii) realistic home-level power dynamics. As a consequence, this leads to approaches that are i) ineffective due to poor long-term user engagement; and ii) too abstract to be used in real-world settings. In this paper, we propose an auction-theory-based power conservation framework for HVAC designed to address such individual human component through a three-fold approach:\u0000 personalized preferences\u0000 of power conservation,\u0000 models of realistic user behavior\u0000 , and\u0000 realistic home-level power dynamics\u0000 . In our framework, the System Operator (SO) sends Load Serving Entities (LSEs) the required power saving to tackle peak loads at the residential distribution feeder. Each LSE then prompts its users to provide\u0000 bids\u0000 , i.e.,\u0000 personalized preferences\u0000 of thermostat temperature adjustments, along with corresponding financial compensations. We employ\u0000 models of realistic user behavior\u0000 by means of online surveys to gather user bids and evaluate user interaction with such system.\u0000 Realistic home-level power dynamics\u0000 are implemented by our machine-learning-based Power Saving Predictions (PSP) algorithm, calculating the individual power savings in each user’s home resulting from such bids. A machine-learning-based Power Saving Predictions (PSP) algorithm is executed by the users’ Smart Energy Management System (SEMS). PSP translates temperature adjustments into the corresponding power savings. Then, the SEMS sends bids back to the LSE, which selects the auction winners through an optimization problem called POwer Conservation Optimization (POCO). We prove that POCO is NP-hard, and thus provide two approaches to solve this problem. One approach is an optimal pseudo-polynomial algorithm called DYnamic programming Power Saving (DYPS), while the second is a heuristic polynomial-time algorithm called Greedy Ranking Allocation (GRAN). EnergyPlus, the high-fidelity and gold-standard energy simulator funded by the U.S. Department of Energy, was used to validate our experiments, as well as to collect data to train PSP. We further evaluate the results of the auctions across several scenarios, showing that, as expected, DYPS finds the optimal solution, while GRAN outperforms recent state-of-the-art approaches.\u0000","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2024-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140736855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On Cyber-Physical Fault Resilience in Data Communication: A Case From A LoRaWAN Network Systems Design","authors":"Chao Wang, Cheng-Hsun Chuang, Yu-Wei Chen, Yun-Fan Chen","doi":"10.1145/3639571","DOIUrl":"https://doi.org/10.1145/3639571","url":null,"abstract":"Systems offering fault-resilient, energy-efficient, soft real-time data communication have wide applications in Industrial Internet-of-Things (IIoT). While there have been extensive studies for fault resilience in real-time embedded systems, investigations from cyber-physical systems (CPS) perspective are still much needed, as CPS faults occur not just from abnormal conditions in the software/hardware of the system, but also from the physical environment in which the system operates. At the same time, in addition to conventional fault tolerance strategies embedded in the software/hardware of the target system, CPS faults could be mitigated via some strategic systems re-configuration made available by the physical environment. This paper presents a design and implementation for CPS fault-resilient data communication, in the context of IIoT networks running LoRaWAN, a low-power wide-area networking standard. The proposed design combines collaborative IIoT end devices plus a network gateway piggybacked on a third-party cruising object that is part of the environment. With the focus on data communication, the study illustrates challenges and opportunities to address CPS fault resilience while meeting the needs for energy efficiency and communication timeliness that are common to IIoT systems. The implementation of the design is based on ChirpStack, a widely used open source framework for LoRaWAN. The results from experiment and simulation both show that the proposed scheme can tolerate limited errors of data communication while saving operating energy and maintaining timeliness of data communication to some extent.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2024-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139384661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DistressNet-NG: A Resilient Data Storage and Sharing Framework for Mobile Edge Computing in Cyber-Physical Systems","authors":"M.F.H. Sagor, Amran Haroon, R. Stoleru, S. Bhunia, A. Altaweel, M. Chao, Liuyi Jin, M. Maurice, R. Blalock","doi":"10.1145/3639057","DOIUrl":"https://doi.org/10.1145/3639057","url":null,"abstract":"Mobile Edge Computing (MEC) has been gaining a major interest for use in Cyber-Physical Systems (CPS) for Disaster Response and Tactical applications. These CPS generate a very large amount of mission-critical and personal data that require resilient and secure storage and sharing. In this article, we present the design, implementation, and evaluation of a framework for resilient data storage and sharing for MEC in CPS targeting the aforementioned applications. Our framework is built on the resiliency of three main components: EdgeKeeper, which ensures resilient coordination of the framework’s components; RSock, which provides resilient communication among CPS’s nodes; and R-Drive/R-Share which, leveraging EdgeKeeper and RSock, provides resilient data storage and sharing. EdgeKeeper employs a set of replicas and a consensus protocol for storing critical meta-data and ensuring fast reorganization of the CPS; RSock decides an optimal degree for replicating data that is communicated over lossy links. R-Drive employs an adaptive erasure-coded and encrypted resilient data storage; R-Share, leveraging RSock provides resilient peer-to-peer data sharing. We implemented our proposed framework on rapidly deployable systems (e.g. manpacks, testMobile Edge Clouds) and on Android devices, and integrated it with existing MEC applications. Performance evaluation results from three real-world deployments show that our framework provides resilient data storage and sharing in MEC for CPS.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2024-01-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139451639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Blockchain Architecture to Increase the Resilience of Industrial Control Systems from the Effects of a Ransomware Attack: A Proposal and Initial Results","authors":"Stephen Kirkman, Steven Fulton, Jeffrey Hemmes, Christopher Garcia, Justin C. Wilson","doi":"10.1145/3637553","DOIUrl":"https://doi.org/10.1145/3637553","url":null,"abstract":"The motivation of this research (and also one of the nation’s cyber goals) is enhancing the resilience of Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems against ransomware attacks. ICS and SCADA systems run some of the most important networks in the country: our critical infrastructure (i.e. water flow, power grids, etc.). Disruption of these systems causes confusion, panic, and in some cases loss of life. We propose a SCADA architecture that uses blockchain to help protect ICS data from ransomware. We focus on the historian. In a SCADA system, the historian collects events from devices in the control network for real-time and future analysis. We choose to use Ethereum and its Proof of Stake (PoS) consensus protocol. The other goal of this research focuses on the resilience of blockchain. There is very little research in protecting the blockchain itself. By performing encryption testing on an Ethereum private network, we explore how vulnerable blockchain is and discuss potential ways to make a blockchain client more resilient.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138953282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors","authors":"Kejing Zhao, Zhiyong Zhang, K. Choo, Zhongya Zhang, Tiantian Zhang","doi":"10.1145/3637554","DOIUrl":"https://doi.org/10.1145/3637554","url":null,"abstract":"Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting and low efficiency. A combinatorial optimization method Lagrange multiplier is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and Natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increases to 0.93, and the attack detection time reduces by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this paper, CICDDoS2019 dataset and CICIDS2018 dataset are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly data sets.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139001339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Statistical Verification using Surrogate Models and Conformal Inference and a Comparison with Risk-aware Verification","authors":"Xin Qin, Yuan Xia, Aditya Zutshi, Chuchu Fan, Jyotirmoy V. Deshmukh","doi":"10.1145/3635160","DOIUrl":"https://doi.org/10.1145/3635160","url":null,"abstract":"Uncertainty in safety-critical cyber-physical systems can be modeled using a finite number of parameters or parameterized input signals. Given a system specification in Signal Temporal Logic (STL), we would like to verify that for all (infinite) values of the model parameters/input signals, the system satisfies its specification. Unfortunately, this problem is undecidable in general. Statistical model checking (SMC) offers a solution by providing guarantees on the correctness of CPS models by statistically reasoning on model simulations. We propose a new approach for statistical verification of CPS models for user-provided distribution on the model parameters. Our technique uses model simulations to learn surrogate models, and uses conformal inference to provide probabilistic guarantees on the satisfaction of a given STL property. Additionally, we can provide prediction intervals containing the quantitative satisfaction values of the given STL property for any user-specified confidence level. We compare this prediction interval with the interval we get using risk estimation procedures. We also propose a refinement procedure based on Gaussian Process (GP)-based surrogate models for obtaining fine-grained probabilistic guarantees over sub-regions in the parameter space. This in turn enables the CPS designer to choose assured validity domains in the parameter space for safety-critical applications. Finally, we demonstrate the efficacy of our technique on several CPS models.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138598245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mixed-Trust Computing: Safe and Secure Real-Time Systems","authors":"Dionisio de Niz, Bjorn Andersson, Mark H. Klein, J. Lehoczky, Amit Vasudevan, Hyoseung Kim, Gabriel Moreno","doi":"10.1145/3635162","DOIUrl":"https://doi.org/10.1145/3635162","url":null,"abstract":"Verifying complex Cyber-Physical Systems (CPS) is increasingly important given the push to deploy safety-critical autonomous features. Unfortunately, traditional verification methods do not scale to the complexity of these systems and do not provide systematic methods to protect verified properties when not all the components can be verified. To address these challenges, this article proposes a real-time mixed-trust computing framework that combines verification and protection. The framework introduces a new task model, where an application task can have both an untrusted and a trusted part. The untrusted part allows complex computations supported by a full OS with a real-time scheduler running in a VM hosted by a trusted hypervisor. The trusted part is executed by another scheduler within the hypervisor and is thus protected from the untrusted part. If the untrusted part fails to finish by a specific time, the trusted part is activated to preserve safety (e.g., prevent a crash) including its timing guarantees. This framework is the first allowing the use of untrusted components for CPS critical functions while preserving logical and timing guarantees, even in the presence of malicious attackers. We present the framework its schedulability analysis and the coordination protocol between the trusted and untrusted parts. Our implementation on a Raspberry Pi 3 is also discussed along with experiments showing the behavior of the system under failures of untrusted components, and a drone application to demonstrate its practicality.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138607343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}