{"title":"Can Replay Attacks Designed to Steal Water from Water Distribution Systems Remain Undetected?","authors":"Venkata Reddy Palleti, Vishrut Kumar Mishra, Chuadhry Mujeeb Ahmed, A. Mathur","doi":"10.1145/3406764","DOIUrl":"https://doi.org/10.1145/3406764","url":null,"abstract":"Industrial Control Systems (ICS) monitor and control physical processes. ICS are found in, among others, critical infrastructures such as water treatment plants, water distribution systems, and the electric power grid. While the existence of cyber-components in an ICS leads to ease of operations and maintenance, it renders the system under control vulnerable to cyber and physical attacks. An experimental study was conducted with replay attacks launched on an operational water distribution (WADI) plant to understand under what conditions an attacker/attack can remain undetected while stealing water. A detection method, based on an input-output Linear Time-invariant system model of the physical process, was developed and implemented in WADI to detect such attacks. The experiments reveal the strengths and limitations of the detection method and challenges faced by an attacker while attempting to steal water from a water distribution system.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 19"},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3406764","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43612505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abhimanyu Rawat, Mohammad Khodari, Mikael Asplund, A. Gurtov
{"title":"Decentralized Firmware Attestation for In-Vehicle Networks","authors":"Abhimanyu Rawat, Mohammad Khodari, Mikael Asplund, A. Gurtov","doi":"10.1145/3418685","DOIUrl":"https://doi.org/10.1145/3418685","url":null,"abstract":"Today’s vehicles are examples of Cyber-Physical Systems (CPS) controlled by a large number of electronic control units (ECUs), which manage everything from heating to steering and braking. Due to the increasing complexity and inter-dependency of these units, it has become essential for an ECU to be able to ensure the integrity of the firmware running on other ECU’s to guarantee its own correct operation. Existing solutions for firmware attestation use a centralized approach, which means a single point of failure. In this article, we propose and investigate a decentralized firmware attestation scheme for the automotive domain. The basic idea of this scheme is that each ECU can attest to the state of those ECU’s on which it depends. Two flavors of ECU attestation, i.e., parallel and serial solution, were designed, implemented, and evaluated. The two variants were compared in terms of both detection performance (i.e., the ability to identify unauthorized firmware modifications) and timing performance. Our results show that the proposed scheme is feasible to implement and that the parallel solution showed a significant improvement in timing performance over the serial solution.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 23"},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3418685","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47148621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Georgios Bakirtzis, C. Fleming, Christina N. Vasilakopoulou
{"title":"Categorical Semantics of Cyber-Physical Systems Theory","authors":"Georgios Bakirtzis, C. Fleming, Christina N. Vasilakopoulou","doi":"10.1145/3461669","DOIUrl":"https://doi.org/10.1145/3461669","url":null,"abstract":"Cyber-physical systems require the construction and management of various models to assure their correct, safe, and secure operation. These various models are necessary because of the coupled physical and computational dynamics present in cyber-physical systems. However, to date the different model views of cyber-physical systems are largely related informally, which raises issues with the degree of formal consistency between those various models of requirements, system behavior, and system architecture. We present a category-theoretic framework to make different types of composition explicit in the modeling and analysis of cyber-physical systems, which could assist in verifying the system as a whole. This compositional framework for cyber-physical systems gives rise to unified system models, where system behavior is hierarchically decomposed and related to a system architecture using the systems-as-algebras paradigm. As part of this paradigm, we show that an algebra of (safety) contracts generalizes over the state of the art, providing more uniform mathematical tools for constraining the behavior over a richer set of composite cyber-physical system models, which has the potential of minimizing or eliminating hazardous behavior.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 32"},"PeriodicalIF":2.3,"publicationDate":"2020-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3461669","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49268318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Laksh Bhatia, Ivana Tomić, A. Fu, Michael J. Breza, J. Mccann
{"title":"Control Communication Co-Design for Wide Area Cyber-Physical Systems","authors":"Laksh Bhatia, Ivana Tomić, A. Fu, Michael J. Breza, J. Mccann","doi":"10.1145/3418528","DOIUrl":"https://doi.org/10.1145/3418528","url":null,"abstract":"Wide Area Cyber-Physical Systems (WA-CPSs) are a class of control systems that integrate low-powered sensors, heterogeneous actuators, and computer controllers into large infrastructure that span multi-kilometre distances. Current wireless communication technologies are incapable of meeting the communication requirements of range and bounded delays needed for the control of WA-CPSs. To solve this problem, we use a Control Communication Co-design approach for WA-CPSs, that we refer to as the C3 approach, to design a novel Low-Power Wide Area (LPWA) MAC protocol called Ctrl-MAC and its associated event-triggered controller that can guarantee the closed-loop stability of a WA-CPS. This is the first article to show that LPWA wireless communication technologies can support the control of WA-CPSs. LPWA technologies are designed to support one-way communication for monitoring and are not appropriate for control. We present this work using an example of a water distribution network application, which we evaluate both through a co-simulator (modeling both physical and cyber subsystems) and testbed deployments. Our evaluation demonstrates full control stability, with up to 50% better packet delivery ratios and 80% less average end-to-end delays when compared to a state-of-the-art LPWA technology. We also evaluate our scheme against an idealised, wired, centralised, control architecture, and show that the controller maintains stability and the overshoots remain within bounds.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 27"},"PeriodicalIF":2.3,"publicationDate":"2020-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3418528","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42929957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Y. Mao, Yuliang Gu, N. Hovakimyan, L. Sha, P. Voulgaris
{"title":"Sℒ1-Simplex: Safe Velocity Regulation of Self-Driving Vehicles in Dynamic and Unforeseen Environments","authors":"Y. Mao, Yuliang Gu, N. Hovakimyan, L. Sha, P. Voulgaris","doi":"10.1145/3564273","DOIUrl":"https://doi.org/10.1145/3564273","url":null,"abstract":"This article proposes a novel extension of the Simplex architecture with model switching and model learning to achieve safe velocity regulation of self-driving vehicles in dynamic and unforeseen environments. To guarantee the reliability of autonomous vehicles, an ℒ1 adaptive controller that compensates for uncertainties and disturbances is employed by the Simplex architecture as a verified high-assurance controller (HAC) to tolerate concurrent software and physical failures. Meanwhile, the safe switching controller is incorporated into the HAC for safe velocity regulation in the dynamic (prepared) environments, through the integration of the traction control system and anti-lock braking system. Due to the high dependence of vehicle dynamics on the driving environments, the HAC leverages the finite-time model learning to timely learn and update the vehicle model for ℒ1 adaptive controller, when any deviation from the safety envelope or the uncertainty measurement threshold occurs in the unforeseen driving environments. With the integration of ℒ1 adaptive controller, safe switching controller and finite-time model learning, the vehicle’s angular and longitudinal velocities can asymptotically track the provided references in the dynamic and unforeseen driving environments, while the wheel slips are restricted to safety envelopes to prevent slipping and sliding. Finally, the effectiveness of the proposed Simplex architecture for safe velocity regulation is validated by the AutoRally platform.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"7 1","pages":"1 - 24"},"PeriodicalIF":2.3,"publicationDate":"2020-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43897861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Khayatian, Mohammadreza Mehrabian, E. Andert, Rachel Dedinsky, S. Choudhary, Y. Lou, Aviral Shirvastava
{"title":"A Survey on Intersection Management of Connected Autonomous Vehicles","authors":"M. Khayatian, Mohammadreza Mehrabian, E. Andert, Rachel Dedinsky, S. Choudhary, Y. Lou, Aviral Shirvastava","doi":"10.1145/3407903","DOIUrl":"https://doi.org/10.1145/3407903","url":null,"abstract":"Intersection management of Connected Autonomous Vehicles (CAVs) has the potential to improve safety and mobility. CAVs approaching an intersection can exchange information with the infrastructure or each other to schedule their cross times. By avoiding unnecessary stops, scheduling CAVs can increase traffic throughput, reduce energy consumption, and most importantly, minimize the number of accidents that happen in intersection areas due to human errors. We study existing intersection management approaches from following key perspectives: (1) intersection management interface, (2) scheduling policy, (3) existing wireless technologies, (4) existing vehicle models used by researchers and their impact, (5) conflict detection, (6) extension to multi-intersection management, (7) challenges of supporting human-driven vehicles, (8) safety and robustness required for real-life deployment, (9) graceful degradation and recovery for emergency scenarios, (10) security concerns and attack models, and (11) evaluation methods. We then discuss the effectiveness and limitations of each approach with respect to the aforementioned aspects and conclude with a discussion on tradeoffs and further research directions.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":" ","pages":"1 - 27"},"PeriodicalIF":2.3,"publicationDate":"2020-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3407903","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47268533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Self-aware Power Management for Maintaining Event Detection Probability of Supercapacitor-powered Cyber-physical Systems","authors":"Ruizhi Chai, Ying Zhang, Geng Sun, Hongsheng Li","doi":"10.1145/3375407","DOIUrl":"https://doi.org/10.1145/3375407","url":null,"abstract":"In this article, the self-aware power management framework is investigated for maintaining event detection probability of supercapacitor-powered cyber-physical systems, with a radar network system as an example. Maintaining the event detection probability of the radar network is decomposed as a problem of controlling the quality of service of each network node. Then a power management method based on model predictive control and particle swarm optimization is proposed for tracking the reference quality of service of each node while satisfying the operation constraints. The effectiveness of the proposed method is demonstrated through three simulation studies that cover both single node and network scenarios. In addition, to support the proposed power management method, an online state of charge prediction method is developed for the supercapacitor. The online prediction method adopts a supercapacitor model that describes both the ohmic leakage and charge redistribution phenomena and uses online model updating to more accurately capture the supercapacitor behavior and estimate the stored energy.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":" ","pages":"1 - 19"},"PeriodicalIF":2.3,"publicationDate":"2020-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3375407","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48650667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Bellman, C. Landauer, N. Dutt, L. Esterle, A. Herkersdorf, A. Jantsch, N. Taherinejad, P. R. Lewis, M. Platzner, K. Tammemäe
{"title":"Self-aware Cyber-Physical Systems","authors":"K. Bellman, C. Landauer, N. Dutt, L. Esterle, A. Herkersdorf, A. Jantsch, N. Taherinejad, P. R. Lewis, M. Platzner, K. Tammemäe","doi":"10.1145/3375716","DOIUrl":"https://doi.org/10.1145/3375716","url":null,"abstract":"In this article, we make the case for the new class of Self-aware Cyber-physical Systems. By bringing together the two established fields of cyber-physical systems and self-aware computing, we aim at creating systems with strongly increased yet managed autonomy, which is a main requirement for many emerging and future applications and technologies. Self-aware cyber-physical systems are situated in a physical environment and constrained in their resources, and they understand their own state and environment and, based on that understanding, are able to make decisions autonomously at runtime in a self-explanatory way. In an attempt to lay out a research agenda, we bring up and elaborate on five key challenges for future self-aware cyber-physical systems: (i) How can we build resource-sensitive yet self-aware systems? (ii) How to acknowledge situatedness and subjectivity? (iii) What are effective infrastructures for implementing self-awareness processes? (iv) How can we verify self-aware cyber-physical systems and, in particular, which guarantees can we give? (v) What novel development processes will be required to engineer self-aware cyber-physical systems? We review each of these challenges in some detail and emphasize that addressing all of them requires the system to make a comprehensive assessment of the situation and a continual introspection of its own state to sensibly balance diverse requirements, constraints, short-term and long-term objectives. Throughout, we draw on three examples of cyber-physical systems that may benefit from self-awareness: a multi-processor system-on-chip, a Mars rover, and an implanted insulin pump. These three very different systems nevertheless have similar characteristics: limited resources, complex unforeseeable environmental dynamics, high expectations on their reliability, and substantial levels of risk associated with malfunctioning. Using these examples, we discuss the potential role of self-awareness in both highly complex and rather more simple systems, and as a main conclusion we highlight the need for research on above listed topics.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":" ","pages":"1 - 26"},"PeriodicalIF":2.3,"publicationDate":"2020-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3375716","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49548519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Efficient Holistic Control","authors":"Yehan Ma, Chenyang Lu, Yebin Wang","doi":"10.1145/3371500","DOIUrl":"https://doi.org/10.1145/3371500","url":null,"abstract":"Industrial automation is embracing wireless sensor-actuator networks (WSANs). Despite the success of WSANs for monitoring applications, feedback control poses significant challenges due to data loss and stringent energy constraints in WSANs. Holistic control adopts a cyber-physical system approach to overcome the challenges by orchestrating network reconfiguration and process control at run time. Fundamentally, it leverages self-awareness across control and wireless boundaries to enhance the resiliency of wireless control systems. In this article, we explore efficient holistic control designs to maintain control performance while reducing the communication cost. The contributions of this work are five-fold: (1) We introduce a holistic control architecture that integrates Low-power Wireless Bus (LWB) and two control strategies, rate adaptation and self-triggered control; (2) We present heuristics-based and optimal rate selection algorithms for rate adaptation; (3) We design novel network adaptation mechanisms to support rate adaptation and self-triggered control in a multi-hop WSAN; (4) We build WCPS-RT, a real-time network-in-the-loop simulator that integrates MATLAB/Simulink and a physical WSAN testbed to evaluate wireless control systems; (5) We empirically explore the tradeoff between communication cost and control performance in holistic control approaches. Our studies show that rate adaptation and self-triggered control offer advantages in control performance and energy efficiency, respectively, in normal operating conditions. The advantage in energy efficiency of self-triggered control, however, may diminish under harsh physical and wireless conditions due to the cost of recovering from data loss and physical disturbances.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"4 1","pages":"1 - 27"},"PeriodicalIF":2.3,"publicationDate":"2020-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3371500","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43597504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Pattern-based Interactive Configuration Derivation for Cyber-physical System Product Lines","authors":"Hong Lu, T. Yue, Shaukat Ali","doi":"10.1145/3389397","DOIUrl":"https://doi.org/10.1145/3389397","url":null,"abstract":"Deriving a Cyber-Physical System (CPS) product from a product line requires configuring hundreds to thousands of configurable parameters of components and devices from multiple domains, e.g., computing, control, and communication. A fully automated configuration process for a CPS product line is seldom possible in practice, and a dynamic and interactive process is expected. Therefore, some configurable parameters are to be configured manually, and the rest can be configured either automatically or manually, depending on pre-defined constraints, the order of configuration steps, and previous configuration data in such a dynamic and interactive configuration process. In this article, we propose a pattern-based, interactive configuration derivation methodology (named as Pi-CD) to maximize opportunities of automatically deriving correct configurations of CPSs by benefiting from pre-defined constraints and configuration data of previous configuration steps. Pi-CD requires architectures of CPS product lines modeled with Unified Modeling Language extended with four types of variabilities, along with constraints specified in Object Constraint Language (OCL). Pi-CD is equipped with 324 configuration derivation patterns that we defined by systematically analyzing the OCL constructs and semantics. We evaluated Pi-CD by configuring 20 CPS products of varying complexity from two real-world CPS product lines. Results show that Pi-CD can achieve up to 72% automation degree with a negligible time cost. Moreover, its time performance remains stable with the increase in the number of configuration parameters as well as constraints.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"4 1","pages":"1 - 24"},"PeriodicalIF":2.3,"publicationDate":"2020-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3389397","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49057076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}