Systems offering fault-resilient, energy-efficient, soft real-time data communication have wide applications in Industrial Internet-of-Things (IIoT). While there have been extensive studies for fault resilience in real-time embedded systems, investigations from cyber-physical systems (CPS) perspective are still much needed, as CPS faults occur not just from abnormal conditions in the software/hardware of the system, but also from the physical environment in which the system operates. At the same time, in addition to conventional fault tolerance strategies embedded in the software/hardware of the target system, CPS faults could be mitigated via some strategic systems re-configuration made available by the physical environment. This paper presents a design and implementation for CPS fault-resilient data communication, in the context of IIoT networks running LoRaWAN, a low-power wide-area networking standard. The proposed design combines collaborative IIoT end devices plus a network gateway piggybacked on a third-party cruising object that is part of the environment. With the focus on data communication, the study illustrates challenges and opportunities to address CPS fault resilience while meeting the needs for energy efficiency and communication timeliness that are common to IIoT systems. The implementation of the design is based on ChirpStack, a widely used open source framework for LoRaWAN. The results from experiment and simulation both show that the proposed scheme can tolerate limited errors of data communication while saving operating energy and maintaining timeliness of data communication to some extent.
{"title":"On Cyber-Physical Fault Resilience in Data Communication: A Case From A LoRaWAN Network Systems Design","authors":"Chao Wang, Cheng-Hsun Chuang, Yu-Wei Chen, Yun-Fan Chen","doi":"10.1145/3639571","DOIUrl":"https://doi.org/10.1145/3639571","url":null,"abstract":"Systems offering fault-resilient, energy-efficient, soft real-time data communication have wide applications in Industrial Internet-of-Things (IIoT). While there have been extensive studies for fault resilience in real-time embedded systems, investigations from cyber-physical systems (CPS) perspective are still much needed, as CPS faults occur not just from abnormal conditions in the software/hardware of the system, but also from the physical environment in which the system operates. At the same time, in addition to conventional fault tolerance strategies embedded in the software/hardware of the target system, CPS faults could be mitigated via some strategic systems re-configuration made available by the physical environment. This paper presents a design and implementation for CPS fault-resilient data communication, in the context of IIoT networks running LoRaWAN, a low-power wide-area networking standard. The proposed design combines collaborative IIoT end devices plus a network gateway piggybacked on a third-party cruising object that is part of the environment. With the focus on data communication, the study illustrates challenges and opportunities to address CPS fault resilience while meeting the needs for energy efficiency and communication timeliness that are common to IIoT systems. The implementation of the design is based on ChirpStack, a widely used open source framework for LoRaWAN. The results from experiment and simulation both show that the proposed scheme can tolerate limited errors of data communication while saving operating energy and maintaining timeliness of data communication to some extent.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"54 31","pages":""},"PeriodicalIF":2.3,"publicationDate":"2024-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139384661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M.F.H. Sagor, Amran Haroon, R. Stoleru, S. Bhunia, A. Altaweel, M. Chao, Liuyi Jin, M. Maurice, R. Blalock
Mobile Edge Computing (MEC) has been gaining a major interest for use in Cyber-Physical Systems (CPS) for Disaster Response and Tactical applications. These CPS generate a very large amount of mission-critical and personal data that require resilient and secure storage and sharing. In this article, we present the design, implementation, and evaluation of a framework for resilient data storage and sharing for MEC in CPS targeting the aforementioned applications. Our framework is built on the resiliency of three main components: EdgeKeeper, which ensures resilient coordination of the framework’s components; RSock, which provides resilient communication among CPS’s nodes; and R-Drive/R-Share which, leveraging EdgeKeeper and RSock, provides resilient data storage and sharing. EdgeKeeper employs a set of replicas and a consensus protocol for storing critical meta-data and ensuring fast reorganization of the CPS; RSock decides an optimal degree for replicating data that is communicated over lossy links. R-Drive employs an adaptive erasure-coded and encrypted resilient data storage; R-Share, leveraging RSock provides resilient peer-to-peer data sharing. We implemented our proposed framework on rapidly deployable systems (e.g. manpacks, testMobile Edge Clouds) and on Android devices, and integrated it with existing MEC applications. Performance evaluation results from three real-world deployments show that our framework provides resilient data storage and sharing in MEC for CPS.
{"title":"DistressNet-NG: A Resilient Data Storage and Sharing Framework for Mobile Edge Computing in Cyber-Physical Systems","authors":"M.F.H. Sagor, Amran Haroon, R. Stoleru, S. Bhunia, A. Altaweel, M. Chao, Liuyi Jin, M. Maurice, R. Blalock","doi":"10.1145/3639057","DOIUrl":"https://doi.org/10.1145/3639057","url":null,"abstract":"Mobile Edge Computing (MEC) has been gaining a major interest for use in Cyber-Physical Systems (CPS) for Disaster Response and Tactical applications. These CPS generate a very large amount of mission-critical and personal data that require resilient and secure storage and sharing. In this article, we present the design, implementation, and evaluation of a framework for resilient data storage and sharing for MEC in CPS targeting the aforementioned applications. Our framework is built on the resiliency of three main components: EdgeKeeper, which ensures resilient coordination of the framework’s components; RSock, which provides resilient communication among CPS’s nodes; and R-Drive/R-Share which, leveraging EdgeKeeper and RSock, provides resilient data storage and sharing. EdgeKeeper employs a set of replicas and a consensus protocol for storing critical meta-data and ensuring fast reorganization of the CPS; RSock decides an optimal degree for replicating data that is communicated over lossy links. R-Drive employs an adaptive erasure-coded and encrypted resilient data storage; R-Share, leveraging RSock provides resilient peer-to-peer data sharing. We implemented our proposed framework on rapidly deployable systems (e.g. manpacks, testMobile Edge Clouds) and on Android devices, and integrated it with existing MEC applications. Performance evaluation results from three real-world deployments show that our framework provides resilient data storage and sharing in MEC for CPS.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"62 5","pages":""},"PeriodicalIF":2.3,"publicationDate":"2024-01-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139451639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Stephen Kirkman, Steven Fulton, Jeffrey Hemmes, Christopher Garcia, Justin C. Wilson
The motivation of this research (and also one of the nation’s cyber goals) is enhancing the resilience of Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems against ransomware attacks. ICS and SCADA systems run some of the most important networks in the country: our critical infrastructure (i.e. water flow, power grids, etc.). Disruption of these systems causes confusion, panic, and in some cases loss of life. We propose a SCADA architecture that uses blockchain to help protect ICS data from ransomware. We focus on the historian. In a SCADA system, the historian collects events from devices in the control network for real-time and future analysis. We choose to use Ethereum and its Proof of Stake (PoS) consensus protocol. The other goal of this research focuses on the resilience of blockchain. There is very little research in protecting the blockchain itself. By performing encryption testing on an Ethereum private network, we explore how vulnerable blockchain is and discuss potential ways to make a blockchain client more resilient.
{"title":"A Blockchain Architecture to Increase the Resilience of Industrial Control Systems from the Effects of a Ransomware Attack: A Proposal and Initial Results","authors":"Stephen Kirkman, Steven Fulton, Jeffrey Hemmes, Christopher Garcia, Justin C. Wilson","doi":"10.1145/3637553","DOIUrl":"https://doi.org/10.1145/3637553","url":null,"abstract":"The motivation of this research (and also one of the nation’s cyber goals) is enhancing the resilience of Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems against ransomware attacks. ICS and SCADA systems run some of the most important networks in the country: our critical infrastructure (i.e. water flow, power grids, etc.). Disruption of these systems causes confusion, panic, and in some cases loss of life. We propose a SCADA architecture that uses blockchain to help protect ICS data from ransomware. We focus on the historian. In a SCADA system, the historian collects events from devices in the control network for real-time and future analysis. We choose to use Ethereum and its Proof of Stake (PoS) consensus protocol. The other goal of this research focuses on the resilience of blockchain. There is very little research in protecting the blockchain itself. By performing encryption testing on an Ethereum private network, we explore how vulnerable blockchain is and discuss potential ways to make a blockchain client more resilient.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"1 4","pages":""},"PeriodicalIF":2.3,"publicationDate":"2023-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138953282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kejing Zhao, Zhiyong Zhang, K. Choo, Zhongya Zhang, Tiantian Zhang
Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting and low efficiency. A combinatorial optimization method Lagrange multiplier is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and Natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increases to 0.93, and the attack detection time reduces by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this paper, CICDDoS2019 dataset and CICIDS2018 dataset are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly data sets.
{"title":"A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors","authors":"Kejing Zhao, Zhiyong Zhang, K. Choo, Zhongya Zhang, Tiantian Zhang","doi":"10.1145/3637554","DOIUrl":"https://doi.org/10.1145/3637554","url":null,"abstract":"Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting and low efficiency. A combinatorial optimization method Lagrange multiplier is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and Natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increases to 0.93, and the attack detection time reduces by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this paper, CICDDoS2019 dataset and CICIDS2018 dataset are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly data sets.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"1 3","pages":""},"PeriodicalIF":2.3,"publicationDate":"2023-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139001339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Uncertainty in safety-critical cyber-physical systems can be modeled using a finite number of parameters or parameterized input signals. Given a system specification in Signal Temporal Logic (STL), we would like to verify that for all (infinite) values of the model parameters/input signals, the system satisfies its specification. Unfortunately, this problem is undecidable in general. Statistical model checking (SMC) offers a solution by providing guarantees on the correctness of CPS models by statistically reasoning on model simulations. We propose a new approach for statistical verification of CPS models for user-provided distribution on the model parameters. Our technique uses model simulations to learn surrogate models, and uses conformal inference to provide probabilistic guarantees on the satisfaction of a given STL property. Additionally, we can provide prediction intervals containing the quantitative satisfaction values of the given STL property for any user-specified confidence level. We compare this prediction interval with the interval we get using risk estimation procedures. We also propose a refinement procedure based on Gaussian Process (GP)-based surrogate models for obtaining fine-grained probabilistic guarantees over sub-regions in the parameter space. This in turn enables the CPS designer to choose assured validity domains in the parameter space for safety-critical applications. Finally, we demonstrate the efficacy of our technique on several CPS models.
{"title":"Statistical Verification using Surrogate Models and Conformal Inference and a Comparison with Risk-aware Verification","authors":"Xin Qin, Yuan Xia, Aditya Zutshi, Chuchu Fan, Jyotirmoy V. Deshmukh","doi":"10.1145/3635160","DOIUrl":"https://doi.org/10.1145/3635160","url":null,"abstract":"Uncertainty in safety-critical cyber-physical systems can be modeled using a finite number of parameters or parameterized input signals. Given a system specification in Signal Temporal Logic (STL), we would like to verify that for all (infinite) values of the model parameters/input signals, the system satisfies its specification. Unfortunately, this problem is undecidable in general. Statistical model checking (SMC) offers a solution by providing guarantees on the correctness of CPS models by statistically reasoning on model simulations. We propose a new approach for statistical verification of CPS models for user-provided distribution on the model parameters. Our technique uses model simulations to learn surrogate models, and uses conformal inference to provide probabilistic guarantees on the satisfaction of a given STL property. Additionally, we can provide prediction intervals containing the quantitative satisfaction values of the given STL property for any user-specified confidence level. We compare this prediction interval with the interval we get using risk estimation procedures. We also propose a refinement procedure based on Gaussian Process (GP)-based surrogate models for obtaining fine-grained probabilistic guarantees over sub-regions in the parameter space. This in turn enables the CPS designer to choose assured validity domains in the parameter space for safety-critical applications. Finally, we demonstrate the efficacy of our technique on several CPS models.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"58 7","pages":""},"PeriodicalIF":2.3,"publicationDate":"2023-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138598245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dionisio de Niz, Bjorn Andersson, Mark H. Klein, J. Lehoczky, Amit Vasudevan, Hyoseung Kim, Gabriel Moreno
Verifying complex Cyber-Physical Systems (CPS) is increasingly important given the push to deploy safety-critical autonomous features. Unfortunately, traditional verification methods do not scale to the complexity of these systems and do not provide systematic methods to protect verified properties when not all the components can be verified. To address these challenges, this article proposes a real-time mixed-trust computing framework that combines verification and protection. The framework introduces a new task model, where an application task can have both an untrusted and a trusted part. The untrusted part allows complex computations supported by a full OS with a real-time scheduler running in a VM hosted by a trusted hypervisor. The trusted part is executed by another scheduler within the hypervisor and is thus protected from the untrusted part. If the untrusted part fails to finish by a specific time, the trusted part is activated to preserve safety (e.g., prevent a crash) including its timing guarantees. This framework is the first allowing the use of untrusted components for CPS critical functions while preserving logical and timing guarantees, even in the presence of malicious attackers. We present the framework its schedulability analysis and the coordination protocol between the trusted and untrusted parts. Our implementation on a Raspberry Pi 3 is also discussed along with experiments showing the behavior of the system under failures of untrusted components, and a drone application to demonstrate its practicality.
{"title":"Mixed-Trust Computing: Safe and Secure Real-Time Systems","authors":"Dionisio de Niz, Bjorn Andersson, Mark H. Klein, J. Lehoczky, Amit Vasudevan, Hyoseung Kim, Gabriel Moreno","doi":"10.1145/3635162","DOIUrl":"https://doi.org/10.1145/3635162","url":null,"abstract":"Verifying complex Cyber-Physical Systems (CPS) is increasingly important given the push to deploy safety-critical autonomous features. Unfortunately, traditional verification methods do not scale to the complexity of these systems and do not provide systematic methods to protect verified properties when not all the components can be verified. To address these challenges, this article proposes a real-time mixed-trust computing framework that combines verification and protection. The framework introduces a new task model, where an application task can have both an untrusted and a trusted part. The untrusted part allows complex computations supported by a full OS with a real-time scheduler running in a VM hosted by a trusted hypervisor. The trusted part is executed by another scheduler within the hypervisor and is thus protected from the untrusted part. If the untrusted part fails to finish by a specific time, the trusted part is activated to preserve safety (e.g., prevent a crash) including its timing guarantees. This framework is the first allowing the use of untrusted components for CPS critical functions while preserving logical and timing guarantees, even in the presence of malicious attackers. We present the framework its schedulability analysis and the coordination protocol between the trusted and untrusted parts. Our implementation on a Raspberry Pi 3 is also discussed along with experiments showing the behavior of the system under failures of untrusted components, and a drone application to demonstrate its practicality.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"113 42","pages":""},"PeriodicalIF":2.3,"publicationDate":"2023-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138607343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kuei-Fang Hsueh, Ayleen Farnood, Isam Al-Darabsah, Mohammad Al Saaideh, Mohammad Al Janaideh, Deepa Kundur
Cooperative adaptive cruise control (CACC) is a smart transportation solution to alleviate traffic congestion and enhance road safety. The performance of CACC systems can be remarkably affected by communication time delays, and traditional control methods often compromise control performance by adjusting control gains to maintain system stability. In this paper, we present a study on the stability of a CACC system in the presence of time delays and highlight the trade-off between control performance and tuning controller gains to address increasing delays. We propose a novel approach incorporating a neural network module called the deep time delay filter (DTDF) to overcome this limitation. The DTDF leverages the assumption that time delays primarily originate from the communication layer of the CACC network, which can be subject to adversarial delays of varying magnitudes. By considering time-delayed versions of the car states and predicting the present (un-delayed) states, the DTDF compensates for the effects of communication delays. The proposed approach combines classical control techniques with machine learning, offering a hybrid control system that excels in explainability and robustness to unknown parameters. We conduct comprehensive experiments using various deep-learning architectures to train and evaluate the DTDF models. Our experiments utilize a robot platform consisting of MATLAB, Simulink, the Optitrack motion capture system, and the Qbot2e robots. Through these experiments, we demonstrate that when appropriately trained, our system can effectively mitigate the adverse effects of constant time delays and outperforms a traditional CACC baseline in control performance. This experimental comparison, to the best of the author’s knowledge, is the first of its kind in the context of a hybrid machine learning CACC system. We thoroughly explore initial conditions and range policy parameters to evaluate our system under various experimental scenarios. By providing detailed insights and experimental results, we aim to contribute to the advancement of CACC research and highlight the potential of hybrid machine learning approaches in improving the performance and reliability of CACC systems.
{"title":"A Deep Time Delay Filter for Cooperative Adaptive Cruise Control","authors":"Kuei-Fang Hsueh, Ayleen Farnood, Isam Al-Darabsah, Mohammad Al Saaideh, Mohammad Al Janaideh, Deepa Kundur","doi":"10.1145/3631613","DOIUrl":"https://doi.org/10.1145/3631613","url":null,"abstract":"Cooperative adaptive cruise control (CACC) is a smart transportation solution to alleviate traffic congestion and enhance road safety. The performance of CACC systems can be remarkably affected by communication time delays, and traditional control methods often compromise control performance by adjusting control gains to maintain system stability. In this paper, we present a study on the stability of a CACC system in the presence of time delays and highlight the trade-off between control performance and tuning controller gains to address increasing delays. We propose a novel approach incorporating a neural network module called the deep time delay filter (DTDF) to overcome this limitation. The DTDF leverages the assumption that time delays primarily originate from the communication layer of the CACC network, which can be subject to adversarial delays of varying magnitudes. By considering time-delayed versions of the car states and predicting the present (un-delayed) states, the DTDF compensates for the effects of communication delays. The proposed approach combines classical control techniques with machine learning, offering a hybrid control system that excels in explainability and robustness to unknown parameters. We conduct comprehensive experiments using various deep-learning architectures to train and evaluate the DTDF models. Our experiments utilize a robot platform consisting of MATLAB, Simulink, the Optitrack motion capture system, and the Qbot2e robots. Through these experiments, we demonstrate that when appropriately trained, our system can effectively mitigate the adverse effects of constant time delays and outperforms a traditional CACC baseline in control performance. This experimental comparison, to the best of the author’s knowledge, is the first of its kind in the context of a hybrid machine learning CACC system. We thoroughly explore initial conditions and range policy parameters to evaluate our system under various experimental scenarios. By providing detailed insights and experimental results, we aim to contribute to the advancement of CACC research and highlight the potential of hybrid machine learning approaches in improving the performance and reliability of CACC systems.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"7 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135390911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Intersection management systems, with the assistance of vehicular networks and autonomous vehicles, have potential to perform traffic control more precisely than contemporary signalized intersections. However, as infrastructural intersection management controllers do not directly activate motions of vehicles, it is possible that the vehicles fail to follow the instructions from controllers, undermining system properties such as deadlock-freeness and traffic performance. In this paper, we consider a class of robustness issues, the time violations, which stem from possible discrepancies between scheduled orders and real executions. We refine a graph-based intersection model to build our theoretical foundations and analyze potential deadlocks and their resolvability. We develop solutions that mitigate negative effects of time violations. Particularly, we propose a Robustness-Aware Greedy Scheduling (RGS) algorithm for robust scheduling and evaluate the deadlock-free robustness of different intersection models and scheduling algorithms. Experimental results show that the RGS algorithm is able to significantly improve robustness and keep a good balance with traffic performance.
{"title":"Graph-Based Deadlock Analysis and Prevention for Robust Intelligent Intersection Management","authors":"Kai-En Lin, Kuan-Chun Wang, Yu-Heng Chen, Li-Heng Lin, Ying-Hua Lee, Chung-Wei Lin, Iris Hui-Ru Jiang","doi":"10.1145/3632179","DOIUrl":"https://doi.org/10.1145/3632179","url":null,"abstract":"Intersection management systems, with the assistance of vehicular networks and autonomous vehicles, have potential to perform traffic control more precisely than contemporary signalized intersections. However, as infrastructural intersection management controllers do not directly activate motions of vehicles, it is possible that the vehicles fail to follow the instructions from controllers, undermining system properties such as deadlock-freeness and traffic performance. In this paper, we consider a class of robustness issues, the time violations, which stem from possible discrepancies between scheduled orders and real executions. We refine a graph-based intersection model to build our theoretical foundations and analyze potential deadlocks and their resolvability. We develop solutions that mitigate negative effects of time violations. Particularly, we propose a Robustness-Aware Greedy Scheduling (RGS) algorithm for robust scheduling and evaluate the deadlock-free robustness of different intersection models and scheduling algorithms. Experimental results show that the RGS algorithm is able to significantly improve robustness and keep a good balance with traffic performance.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"95 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135341889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ion Matei, Wiktor Piotrowski, Alexandre Perez, Johan de Kleer, Jorge Tierno, Wendy Mungovan, Vance Turnewitsch
We demonstrate an end-to-end framework to improve the resilience of man-made systems to unforeseen events. The framework is based on a physics-based digital twin model and three modules tasked with real-time fault diagnosis, prognostics and reconfiguration. The fault diagnosis module uses model-based diagnosis algorithms to detect and isolate faults and generates interventions in the system to disambiguate uncertain diagnosis solutions. We scale up the fault diagnosis algorithm to the required real-time performance through the use of parallelization and surrogate models of the physics-based digital twin. The prognostics module tracks fault progression and trains the online degradation models to compute remaining useful life of system components. In addition, we use the degradation models to assess the impact of the fault progression on the operational requirements. The reconfiguration module uses PDDL-based planning endowed with semantic attachments to adjust the system controls to minimize the fault impact on the system operation. We define a resilience metric and use a fuel system example to demonstrate how the metric improves with our framework.
{"title":"System Resilience through Health Monitoring and Reconfiguration","authors":"Ion Matei, Wiktor Piotrowski, Alexandre Perez, Johan de Kleer, Jorge Tierno, Wendy Mungovan, Vance Turnewitsch","doi":"10.1145/3631612","DOIUrl":"https://doi.org/10.1145/3631612","url":null,"abstract":"We demonstrate an end-to-end framework to improve the resilience of man-made systems to unforeseen events. The framework is based on a physics-based digital twin model and three modules tasked with real-time fault diagnosis, prognostics and reconfiguration. The fault diagnosis module uses model-based diagnosis algorithms to detect and isolate faults and generates interventions in the system to disambiguate uncertain diagnosis solutions. We scale up the fault diagnosis algorithm to the required real-time performance through the use of parallelization and surrogate models of the physics-based digital twin. The prognostics module tracks fault progression and trains the online degradation models to compute remaining useful life of system components. In addition, we use the degradation models to assess the impact of the fault progression on the operational requirements. The reconfiguration module uses PDDL-based planning endowed with semantic attachments to adjust the system controls to minimize the fault impact on the system operation. We define a resilience metric and use a fuel system example to demonstrate how the metric improves with our framework.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"41 18","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135818870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of IT systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nation’s security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS by achieving real time situational awareness and dynamic policy-driven decision making across the network infrastructure. In particular, CSSA can be used for establishing secure path for end-to-end communication between devices and also deal against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. We also discuss how CSSA provides reliable paths for safety critical messages in control systems. We discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.
{"title":"Techniques for Enhancing Security in Industrial Control Systems","authors":"Vijay Varadharajan, Uday Tupakula, Kallol Krishna Karmakar","doi":"10.1145/3630103","DOIUrl":"https://doi.org/10.1145/3630103","url":null,"abstract":"Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of IT systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nation’s security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS by achieving real time situational awareness and dynamic policy-driven decision making across the network infrastructure. In particular, CSSA can be used for establishing secure path for end-to-end communication between devices and also deal against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. We also discuss how CSSA provides reliable paths for safety critical messages in control systems. We discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"17 13","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136018959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}