The articles in this special section are based on selected papers presented at the 2021 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2021), a premier single-track conference that promotes development of fundamental principles that underpin the integration of cyber and physical elements, as well as the development of technologies, tools, architectures, and infrastructure for the design and implementation of CPS. ICCPS 2021 focused on contributions related to smart and connected cities, autonomous CPS, verification and control, security and privacy, and human health and biomedical CPS.
{"title":"Introduction to the Special Section on Selected Papers from ICCPS 2021","authors":"M. A. Al Faruque, Meeko Oishi","doi":"10.1145/3564157","DOIUrl":"https://doi.org/10.1145/3564157","url":null,"abstract":"The articles in this special section are based on selected papers presented at the 2021 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2021), a premier single-track conference that promotes development of fundamental principles that underpin the integration of cyber and physical elements, as well as the development of technologies, tools, architectures, and infrastructure for the design and implementation of CPS. ICCPS 2021 focused on contributions related to smart and connected cities, autonomous CPS, verification and control, security and privacy, and human health and biomedical CPS.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126978579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Third-party residual cyber-risk management (RCRM) services (e.g., insurance, re-insurance) are getting increasingly popular (currently, a multi-billion-dollar annual market) with C-suites managing industrial control systems (ICSs) based upon IoT-driven cyber-physical IT and OT technology. Apart from mitigating and diversifying losses from (major) cyber-threats RCRM services positively contribute to improved cyber-security as an added societal benefit. However, it is also well known that RCRM markets (RCRM for ICSs being a mere subset) are relatively nascent and sparse. There is a huge (approximately 10-fold) supply-demand gap in an environment where (a) annual cyber-losses range in trillions of USD, and (b) CRM markets (residual or otherwise) are annually worth only up to 0.25 trillion USD. The main reason for this wide gap is the age-old information asymmetry (IA) bottleneck between the demand and supply sides of the third-party RCRM market, which is significantly amplified in modern cyber-space settings. This setting primarily comprises interdependent and intra-networked ICSs (and/or traditional IT systems) from diverse application sectors inter-networked with each other in a service supply-chain environment. In this article, we are the first to prove that optimal cyber-risk diversification (integral to RCRM) under IA is computationally intractable, i.e., NP-hard, for such (systemic) inter-networked societies. Here, the term “optimal diversification” implies the best way a residual and profit-minded cyber-risk manager can form a portfolio of client coverage contracts. We follow this up with the design and analysis of a computational policy that alleviates this intractability challenge for the social good. Here, the social good can be ensured through denser RCRM markets that in principle improve cyber-security. Our work formally establishes (a) the reason why it has been very difficult in practice (without suitable policy intervention) to densify IA-affected RCRM markets despite their high demand in modern CPS/ICS/IoT societies; and (b) the efficacy of our computational policy to mitigate IA issues between the supply and demand sides of an RCRM market in such societies.
{"title":"How Hard Is Cyber-risk Management in IT/OT Systems? A Theory to Classify and Conquer Hardness of Insuring ICSs","authors":"R. Pal, Peihan Liu, Taoan Lu, Edward Y. Hua","doi":"10.1145/3568399","DOIUrl":"https://doi.org/10.1145/3568399","url":null,"abstract":"Third-party residual cyber-risk management (RCRM) services (e.g., insurance, re-insurance) are getting increasingly popular (currently, a multi-billion-dollar annual market) with C-suites managing industrial control systems (ICSs) based upon IoT-driven cyber-physical IT and OT technology. Apart from mitigating and diversifying losses from (major) cyber-threats RCRM services positively contribute to improved cyber-security as an added societal benefit. However, it is also well known that RCRM markets (RCRM for ICSs being a mere subset) are relatively nascent and sparse. There is a huge (approximately 10-fold) supply-demand gap in an environment where (a) annual cyber-losses range in trillions of USD, and (b) CRM markets (residual or otherwise) are annually worth only up to 0.25 trillion USD. The main reason for this wide gap is the age-old information asymmetry (IA) bottleneck between the demand and supply sides of the third-party RCRM market, which is significantly amplified in modern cyber-space settings. This setting primarily comprises interdependent and intra-networked ICSs (and/or traditional IT systems) from diverse application sectors inter-networked with each other in a service supply-chain environment. In this article, we are the first to prove that optimal cyber-risk diversification (integral to RCRM) under IA is computationally intractable, i.e., NP-hard, for such (systemic) inter-networked societies. Here, the term “optimal diversification” implies the best way a residual and profit-minded cyber-risk manager can form a portfolio of client coverage contracts. We follow this up with the design and analysis of a computational policy that alleviates this intractability challenge for the social good. Here, the social good can be ensured through denser RCRM markets that in principle improve cyber-security. Our work formally establishes (a) the reason why it has been very difficult in practice (without suitable policy intervention) to densify IA-affected RCRM markets despite their high demand in modern CPS/ICS/IoT societies; and (b) the efficacy of our computational policy to mitigate IA issues between the supply and demand sides of an RCRM market in such societies.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123289443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Diksha Moolchandani, Kishore Yadav, Geesara Prathap, Ilya M. Afanasyev, Anshul Kumar, M. Mazzara, S. Sarangi
Present-day path planning algorithms for UAVs rely on various parameters that need to be tuned at runtime to be able to plan the best possible route. For example, for a sampling-based algorithm, the number of samples plays a crucial role. The dimension of the space that is being searched to plan the path, the minimum distance for extending a path in a direction, and the minimum distance that the drone should maintain with respect to obstacles while traversing the planned path are all important variables. Along with this, we have a choice of vision algorithms, their parameters, and platforms. Finding a suitable configuration for all these parameters at runtime is very challenging because we need to solve a complicated optimization problem, and that too within tens of milliseconds. The area of theoretical exploration of the optimization problems that arise in such settings is dominated by traditional approaches that use regular nonlinear optimization techniques often enhanced with AI-based techniques such as genetic algorithms. These techniques are sadly rather slow, have convergence issues, and are typically not suitable for use at runtime. In this article, we leverage recent and promising research results that propose to solve complex optimization problems by converting them into approximately equivalent game-theoretic problems. The computed equilibrium strategies can then be mapped to the optimal values of the tunable parameters. With simulation studies in virtual worlds, we show that our solutions are 5-21% better than those produced by traditional methods, and our approach is 10× faster.
{"title":"Game Theory–Based Parameter Tuning for Energy-Efficient Path Planning on Modern UAVs","authors":"Diksha Moolchandani, Kishore Yadav, Geesara Prathap, Ilya M. Afanasyev, Anshul Kumar, M. Mazzara, S. Sarangi","doi":"10.1145/3565270","DOIUrl":"https://doi.org/10.1145/3565270","url":null,"abstract":"Present-day path planning algorithms for UAVs rely on various parameters that need to be tuned at runtime to be able to plan the best possible route. For example, for a sampling-based algorithm, the number of samples plays a crucial role. The dimension of the space that is being searched to plan the path, the minimum distance for extending a path in a direction, and the minimum distance that the drone should maintain with respect to obstacles while traversing the planned path are all important variables. Along with this, we have a choice of vision algorithms, their parameters, and platforms. Finding a suitable configuration for all these parameters at runtime is very challenging because we need to solve a complicated optimization problem, and that too within tens of milliseconds. The area of theoretical exploration of the optimization problems that arise in such settings is dominated by traditional approaches that use regular nonlinear optimization techniques often enhanced with AI-based techniques such as genetic algorithms. These techniques are sadly rather slow, have convergence issues, and are typically not suitable for use at runtime. In this article, we leverage recent and promising research results that propose to solve complex optimization problems by converting them into approximately equivalent game-theoretic problems. The computed equilibrium strategies can then be mapped to the optimal values of the tunable parameters. With simulation studies in virtual worlds, we show that our solutions are 5-21% better than those produced by traditional methods, and our approach is 10× faster.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124434430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Wrana, Marwa A. Elsayed, K. Lounis, Ziad Mansour, Steven H. H. Ding, Mohammad Zulkernine
MIL-STD-1553 is a communication bus that has been used by many military avionics platforms, such as the F-15 and F-35 fighter jets, for almost 50 years. Recently, it has become clear that the lack of security on MIL-STD-1553 and the requirement for internet communication between planes has revealed numerous potential attack vectors for malicious parties. Prevention of these attacks by modernizing the MIL-STD-1553 is not practical due to the military applications and existing far-reaching installations of the bus. We present a software system that can simulate bus transmissions to create easy, replicable, and large datasets of MIL-STD-1553 communications. We also propose an intrusion detection system (IDS) that can identify anomalies and the precise type of attack using recurrent neural networks with a reinforcement learning true-skip data selection algorithm. Our IDS outperforms existing algorithms designed for MIL-STD-1553 in binary anomaly detection tasks while also performing attack classification and minimizing computational resource cost. Our simulator can generate more data with higher fidelity than existing methods and integrate attack scenarios with greater detail. Furthermore, the simulator and IDS can be combined to form a web-based attack-defense game.
{"title":"OD1NF1ST: True Skip Intrusion Detection and Avionics Network Cyber-attack Simulation","authors":"M. Wrana, Marwa A. Elsayed, K. Lounis, Ziad Mansour, Steven H. H. Ding, Mohammad Zulkernine","doi":"10.1145/3551893","DOIUrl":"https://doi.org/10.1145/3551893","url":null,"abstract":"MIL-STD-1553 is a communication bus that has been used by many military avionics platforms, such as the F-15 and F-35 fighter jets, for almost 50 years. Recently, it has become clear that the lack of security on MIL-STD-1553 and the requirement for internet communication between planes has revealed numerous potential attack vectors for malicious parties. Prevention of these attacks by modernizing the MIL-STD-1553 is not practical due to the military applications and existing far-reaching installations of the bus. We present a software system that can simulate bus transmissions to create easy, replicable, and large datasets of MIL-STD-1553 communications. We also propose an intrusion detection system (IDS) that can identify anomalies and the precise type of attack using recurrent neural networks with a reinforcement learning true-skip data selection algorithm. Our IDS outperforms existing algorithms designed for MIL-STD-1553 in binary anomaly detection tasks while also performing attack classification and minimizing computational resource cost. Our simulator can generate more data with higher fidelity than existing methods and integrate attack scenarios with greater detail. Furthermore, the simulator and IDS can be combined to form a web-based attack-defense game.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"122 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113967211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mohsen Ghafouri, Ekram Kabir, Bassam Moussa, C. Assi
In this work, we investigate that the abundance of Electric Vehicles (EVs) can be exploited to target the stability of the power grid. Through a cyber attack that compromises a lot of available EVs and their charging infrastructure, we present a realistic coordinated switching attack that initiates inter-area oscillations between different areas of the power grid. The threat model as well as linearized state-space representation of the grid are formulated to illustrate possible consequences of the attack. Two variations of switching attack are considered, namely, switching of EV charging and discharging power into the grid. Moreover, two possible attack strategies are also considered (i) using an insider to reveal the accurate system parameters and (ii) using reconnaissance activities in the absence of the grid parameters. In the former strategy, the system equations are used to compute the required knowledge to launch the attack. However, a stealthy system identification technique, which is tailored based on Eigenvalue Realization Algorithm (ERA), is proposed in latter strategy to calculate the required data for attack execution. The two-area Kundur, 39-Bus New England, and the Australian 5-area power grids are used to demonstrate the attack strategies and their consequences. The collected results demonstrate that by manipulation of EV charging stations and launching a coordinated switching attack to those portions of load, inter-area oscillations can be initiated. Finally, to protect the grid from this anticipated attack, a Support Vector Machine (SVM) based framework is proposed to detect and eliminate this attack even before being executed.
{"title":"Coordinated Charging and Discharging of Electric Vehicles: A New Class of Switching Attacks","authors":"Mohsen Ghafouri, Ekram Kabir, Bassam Moussa, C. Assi","doi":"10.1145/3524454","DOIUrl":"https://doi.org/10.1145/3524454","url":null,"abstract":"In this work, we investigate that the abundance of Electric Vehicles (EVs) can be exploited to target the stability of the power grid. Through a cyber attack that compromises a lot of available EVs and their charging infrastructure, we present a realistic coordinated switching attack that initiates inter-area oscillations between different areas of the power grid. The threat model as well as linearized state-space representation of the grid are formulated to illustrate possible consequences of the attack. Two variations of switching attack are considered, namely, switching of EV charging and discharging power into the grid. Moreover, two possible attack strategies are also considered (i) using an insider to reveal the accurate system parameters and (ii) using reconnaissance activities in the absence of the grid parameters. In the former strategy, the system equations are used to compute the required knowledge to launch the attack. However, a stealthy system identification technique, which is tailored based on Eigenvalue Realization Algorithm (ERA), is proposed in latter strategy to calculate the required data for attack execution. The two-area Kundur, 39-Bus New England, and the Australian 5-area power grids are used to demonstrate the attack strategies and their consequences. The collected results demonstrate that by manipulation of EV charging stations and launching a coordinated switching attack to those portions of load, inter-area oscillations can be initiated. Finally, to protect the grid from this anticipated attack, a Support Vector Machine (SVM) based framework is proposed to detect and eliminate this attack even before being executed.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"9 10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123827332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the Internet of Things (IoT) era, various IoT devices are equipped with sensing capabilities and employed to support clinical applications. The massive electronic health records (EHRs) are expected to be stored in the cloud, where the data are usually encrypted, and the encrypted data can be used for disease diagnosis. There exist some numeric health indicators, such as blood pressure and heart rate. These numeric indicators can be classified into multiple ranges, and each range may represent an indication of normality or abnormity. Once receiving encrypted IoT data, the CS maps it to one of the ranges, achieving timely monitoring and diagnosis of health indicators. This article presents a new approach to identify the range that an encrypted numeric value corresponds to without exposing the explicit value. We establish the sufficient and necessary condition to convert a range query to matchings of encrypted binary sequences with the minimum number of matching operations. We further apply the minimization of range queries to design and implement a secure range query system, where numeric health indicators encrypted independently by multiple IoT devices can be cohesively stored and efficiently queried by using Lagrange polynomial interpolation. Comprehensive performance studies show that the proposed approach can protect both the health records and range query against untrusted cloud platforms and requires less computational and communication cost than existing techniques.
{"title":"Efficient Encrypted Range Query on Cloud Platforms","authors":"Ping Yu, Wei Ni, R. Liu, Zhaoxin Zhang, Hua Zhang, Q. Wen","doi":"10.1145/3548657","DOIUrl":"https://doi.org/10.1145/3548657","url":null,"abstract":"In the Internet of Things (IoT) era, various IoT devices are equipped with sensing capabilities and employed to support clinical applications. The massive electronic health records (EHRs) are expected to be stored in the cloud, where the data are usually encrypted, and the encrypted data can be used for disease diagnosis. There exist some numeric health indicators, such as blood pressure and heart rate. These numeric indicators can be classified into multiple ranges, and each range may represent an indication of normality or abnormity. Once receiving encrypted IoT data, the CS maps it to one of the ranges, achieving timely monitoring and diagnosis of health indicators. This article presents a new approach to identify the range that an encrypted numeric value corresponds to without exposing the explicit value. We establish the sufficient and necessary condition to convert a range query to matchings of encrypted binary sequences with the minimum number of matching operations. We further apply the minimization of range queries to design and implement a secure range query system, where numeric health indicators encrypted independently by multiple IoT devices can be cohesively stored and efficiently queried by using Lagrange polynomial interpolation. Comprehensive performance studies show that the proposed approach can protect both the health records and range query against untrusted cloud platforms and requires less computational and communication cost than existing techniques.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132082152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
low-latency monitoring, out-of-distribution detection, and preventive maintenance.In “Fog-supported Low Latency Monitoring of System Disruptions in Industry 4.0: A Federated Learning Approach” , Sahnoun et al. designed a new monitoring tool for system disruption related to the localization of mobile resources. In “Efficient Out-of-Distribution Detection Using Latent Space of β -VAE for Cyber-Physical Systems” , Ramakrishna et al. tackled the problem that the sampled observations used for training the model may never cover the entire state space of the physical environment, and as a result, the system will likely operate in conditions that do not belong to the training distribution. These conditions that do not belong to training distribution are referred to as Out-of-Distribution (OOD) . Detecting OOD conditions at runtime is critical for the safety of CPS. The authors proposed an approach to design and train a single β -Variational Autoencoder de-tector with a partially disentangled latent space sensitive to variations in image features to detect OOD images and identify the most likely feature(s) responsible for the OOD. In “A Hybrid Deep Learning Framework for Intelligent Predictive Maintenance of Cyber-Physical Systems” , Sai et al. proposed a practical and effective hybrid deep learning multi-task framework, which integrates the advantages of convolutional neural network (CNN) and long short-term memory (LSTM) neural network, to reflect the relatedness of remaining useful life prediction with health status detection process in the CPS environment. The proposed framework can provide strong support for the health management and maintenance strategy development of complex multi-object systems.
{"title":"Introduction to the Special Issue on Artificial Intelligence and Cyber-Physical Systems - Part 2","authors":"J. Hu, Qinhua Zhu, Susmit Jha","doi":"10.1145/3517045","DOIUrl":"https://doi.org/10.1145/3517045","url":null,"abstract":"low-latency monitoring, out-of-distribution detection, and preventive maintenance.In “Fog-supported Low Latency Monitoring of System Disruptions in Industry 4.0: A Federated Learning Approach” , Sahnoun et al. designed a new monitoring tool for system disruption related to the localization of mobile resources. In “Efficient Out-of-Distribution Detection Using Latent Space of β -VAE for Cyber-Physical Systems” , Ramakrishna et al. tackled the problem that the sampled observations used for training the model may never cover the entire state space of the physical environment, and as a result, the system will likely operate in conditions that do not belong to the training distribution. These conditions that do not belong to training distribution are referred to as Out-of-Distribution (OOD) . Detecting OOD conditions at runtime is critical for the safety of CPS. The authors proposed an approach to design and train a single β -Variational Autoencoder de-tector with a partially disentangled latent space sensitive to variations in image features to detect OOD images and identify the most likely feature(s) responsible for the OOD. In “A Hybrid Deep Learning Framework for Intelligent Predictive Maintenance of Cyber-Physical Systems” , Sai et al. proposed a practical and effective hybrid deep learning multi-task framework, which integrates the advantages of convolutional neural network (CNN) and long short-term memory (LSTM) neural network, to reflect the relatedness of remaining useful life prediction with health status detection process in the CPS environment. The proposed framework can provide strong support for the health management and maintenance strategy development of complex multi-object systems.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131747784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In addition to fuel/energy savings, close-distance driving or platooning allows compacting vehicle flows and, hence, increasing throughput on congested roads. The shorter the inter-vehicle separation is in such settings, the more the benefits. However, it becomes considerably harder to guarantee safety, in particular, when braking in an emergency. In this article, we are concerned with this problem and propose a cyber-physical approach that considerably reduces the stopping distance of a platoon with inter-vehicle separations shorter than one vehicle length (i.e., 5 m) without sacrificing safety and independent of the road profile, i.e., whether on a flat road or in a downhill. The basic idea is to implement a cooperative behavior where a vehicle sends a distress message if it fails to achieve an assigned deceleration when braking in a platoon. This way, other vehicles in the arrangement can adapt their decelerations to avoid collisions. We illustrate and evaluate our approach based on detailed simulations involving high-fidelity vehicle models.
{"title":"A Cyber-physical Approach for Emergency Braking in Close-Distance Driving Arrangements","authors":"Dharshan Krishna Murthy, Alejandro Masrur","doi":"10.1145/3526117","DOIUrl":"https://doi.org/10.1145/3526117","url":null,"abstract":"In addition to fuel/energy savings, close-distance driving or platooning allows compacting vehicle flows and, hence, increasing throughput on congested roads. The shorter the inter-vehicle separation is in such settings, the more the benefits. However, it becomes considerably harder to guarantee safety, in particular, when braking in an emergency. In this article, we are concerned with this problem and propose a cyber-physical approach that considerably reduces the stopping distance of a platoon with inter-vehicle separations shorter than one vehicle length (i.e., 5 m) without sacrificing safety and independent of the road profile, i.e., whether on a flat road or in a downhill. The basic idea is to implement a cooperative behavior where a vehicle sends a distress message if it fails to achieve an assigned deceleration when braking in a platoon. This way, other vehicles in the arrangement can adapt their decelerations to avoid collisions. We illustrate and evaluate our approach based on detailed simulations involving high-fidelity vehicle models.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122148824","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modern embedded real-time systems (RTS) are increasingly facing more security threats than the past. A simplistic straightforward integration of security mechanisms might not be able to guarantee the safety and predictability of such systems. In this article, we focus on integrating security mechanisms into RTS (especially legacy RTS). We introduce Contego-C, an analytical model to integrate security tasks into RTS that will allow system designers to improve the security posture without affecting temporal and control constraints of the existing real-time control tasks. We also define a metric (named tightness of periodic monitoring) to measure the effectiveness of such integration. We demonstrate our ideas using a proof-of-concept implementation on an ARM-based rover platform and show that Contego-C can improve security without degrading control performance.
{"title":"Beyond Just Safety: Delay-aware Security Monitoring for Real-time Control Systems","authors":"M. Hasan, Sibin Mohan, R. Bobba, R. Pellizzoni","doi":"10.1145/3520136","DOIUrl":"https://doi.org/10.1145/3520136","url":null,"abstract":"Modern embedded real-time systems (RTS) are increasingly facing more security threats than the past. A simplistic straightforward integration of security mechanisms might not be able to guarantee the safety and predictability of such systems. In this article, we focus on integrating security mechanisms into RTS (especially legacy RTS). We introduce Contego-C, an analytical model to integrate security tasks into RTS that will allow system designers to improve the security posture without affecting temporal and control constraints of the existing real-time control tasks. We also define a metric (named tightness of periodic monitoring) to measure the effectiveness of such integration. We demonstrate our ideas using a proof-of-concept implementation on an ARM-based rover platform and show that Contego-C can improve security without degrading control performance.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"52 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120818164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Khayatian, Mohammadreza Mehrabian, E. Andert, Reese Grimsley, Kyle Liang, Yifan Hu, Ian M. McCormack, Carlee Joe-Wong, Jonathan Aldrich, Bob Iannucci, Aviral Shrivastava
Many Cyber-Physical Systems (CPS) have timing constraints that must be met by the cyber components (software and the network) to ensure safety. It is a tedious job to check if a CPS meets its timing requirement especially when it is distributed and the software and/or the underlying computing platforms are complex. Furthermore, the system design is brittle since a timing failure can still happen (e.g., network failure, soft error bit flip). In this article, we propose a new design methodology called Plan B where timing constraints of the CPS are monitored at runtime, and a proper backup routine is executed when a timing failure happens to ensure safety. We provide a model on how to express the desired timing behavior using a set of timing constructs in a C/C++ code and how to efficiently monitor them at the runtime. We showcase the effectiveness of our approach by conducting experiments on three case studies: (1) the full software stack for autonomous driving (Apollo), (2) a multi-agent system with 1/10th-scale model robots, and (3) a quadrotor for search and rescue application. We show that the system remains safe and stable even when intentional faults are injected to cause a timing failure. We also demonstrate that the system can achieve graceful degradation when a less extreme timing failure happens.
{"title":"Plan B: Design Methodology for Cyber-Physical Systems Robust to Timing Failures","authors":"M. Khayatian, Mohammadreza Mehrabian, E. Andert, Reese Grimsley, Kyle Liang, Yifan Hu, Ian M. McCormack, Carlee Joe-Wong, Jonathan Aldrich, Bob Iannucci, Aviral Shrivastava","doi":"10.1145/3516449","DOIUrl":"https://doi.org/10.1145/3516449","url":null,"abstract":"Many Cyber-Physical Systems (CPS) have timing constraints that must be met by the cyber components (software and the network) to ensure safety. It is a tedious job to check if a CPS meets its timing requirement especially when it is distributed and the software and/or the underlying computing platforms are complex. Furthermore, the system design is brittle since a timing failure can still happen (e.g., network failure, soft error bit flip). In this article, we propose a new design methodology called Plan B where timing constraints of the CPS are monitored at runtime, and a proper backup routine is executed when a timing failure happens to ensure safety. We provide a model on how to express the desired timing behavior using a set of timing constructs in a C/C++ code and how to efficiently monitor them at the runtime. We showcase the effectiveness of our approach by conducting experiments on three case studies: (1) the full software stack for autonomous driving (Apollo), (2) a multi-agent system with 1/10th-scale model robots, and (3) a quadrotor for search and rescue application. We show that the system remains safe and stable even when intentional faults are injected to cause a timing failure. We also demonstrate that the system can achieve graceful degradation when a less extreme timing failure happens.","PeriodicalId":380257,"journal":{"name":"ACM Transactions on Cyber-Physical Systems (TCPS)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127657658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: