首页 > 最新文献

ACM Transactions on Cyber-Physical Systems最新文献

英文 中文
A Comprehensive Threat Modelling Analysis for Distributed Energy Resources 分布式能源的综合威胁建模分析
IF 2 Q3 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS Pub Date : 2024-07-17 DOI: 10.1145/3678260
Neel Bhaskar, Jawad Ahmed, Rahat Masood, Nadeem Ahmed, Stephen Kerr, Sanjay K. Jha
The exponential rise in popularity of Distributed Energy Resources (DERs) is attributed to their numerous benefits within the power sector. However, the risks that new DERs pose to the power grid have not yet been closely assessed, exposing a gap in the literature. This paper addresses this gap by presenting a comprehensive threat model of the DER architecture, combining the MITRE ATT&CK catalogue for Industrial Control Systems (ICS), and the IDDIL/ATC threat model, to create a hybrid approach. Our first contribution is to propose criteria derived from seven metrics to evaluate and compare the efficacy and usability of threat modelling frameworks for DER systems, allowing more informed framework selection. Our second contribution is to develop a comprehensive hybrid threat modelling approach based on IDDIL/ATC and MITRE ATT&CK and organise attack paths chronologically using the Cyber Kill Chain methodology to categorise attacker techniques. Our third contribution is to perform a comprehensive DER architecture system decomposition, elaborating assets, trust levels, entry points, data, protocols, and entity relations to identify the threat landscape. Our final contribution is to apply the proposed approach to the Distribution System Operator (DSO), mapping potential attacker techniques and illustrating a ransomware attack chain on the DSO’s Energy Management System, with proposed mitigations.
分布式能源资源(DER)的指数式增长归功于其在电力行业中的众多优势。然而,新的 DER 对电网构成的风险尚未得到仔细评估,这暴露了文献中的空白。本文结合 MITRE ATT&CK 工业控制系统 (ICS) 目录和 IDDIL/ATC 威胁模型,提出了 DER 架构的综合威胁模型,创建了一种混合方法,从而填补了这一空白。我们的第一个贡献是提出了从七个指标中衍生出来的标准,用于评估和比较 DER 系统威胁建模框架的有效性和可用性,从而可以更明智地选择框架。我们的第二个贡献是基于 IDDIL/ATC 和 MITRE ATT&CK 开发了一种全面的混合威胁建模方法,并使用网络杀伤链方法按时间顺序组织攻击路径,对攻击者的技术进行分类。我们的第三个贡献是进行全面的 DER 架构系统分解,详细说明资产、信任级别、入口点、数据、协议和实体关系,以确定威胁状况。我们的最后一个贡献是将建议的方法应用于配电系统运营商 (DSO),映射潜在的攻击者技术,并说明 DSO 能源管理系统的勒索软件攻击链,以及建议的缓解措施。
{"title":"A Comprehensive Threat Modelling Analysis for Distributed Energy Resources","authors":"Neel Bhaskar, Jawad Ahmed, Rahat Masood, Nadeem Ahmed, Stephen Kerr, Sanjay K. Jha","doi":"10.1145/3678260","DOIUrl":"https://doi.org/10.1145/3678260","url":null,"abstract":"The exponential rise in popularity of Distributed Energy Resources (DERs) is attributed to their numerous benefits within the power sector. However, the risks that new DERs pose to the power grid have not yet been closely assessed, exposing a gap in the literature. This paper addresses this gap by presenting a comprehensive threat model of the DER architecture, combining the MITRE ATT&CK catalogue for Industrial Control Systems (ICS), and the IDDIL/ATC threat model, to create a hybrid approach. Our first contribution is to propose criteria derived from seven metrics to evaluate and compare the efficacy and usability of threat modelling frameworks for DER systems, allowing more informed framework selection. Our second contribution is to develop a comprehensive hybrid threat modelling approach based on IDDIL/ATC and MITRE ATT&CK and organise attack paths chronologically using the Cyber Kill Chain methodology to categorise attacker techniques. Our third contribution is to perform a comprehensive DER architecture system decomposition, elaborating assets, trust levels, entry points, data, protocols, and entity relations to identify the threat landscape. Our final contribution is to apply the proposed approach to the Distribution System Operator (DSO), mapping potential attacker techniques and illustrating a ransomware attack chain on the DSO’s Energy Management System, with proposed mitigations.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141829680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Carving out Control Code: Automated Identification of Control Software in Autopilot Systems 刻出控制代码:自动驾驶系统中控制软件的自动识别
IF 2 Q3 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS Pub Date : 2024-07-17 DOI: 10.1145/3678259
Balaji Balasubramaniam, Iftekhar Ahmed, Hamid Bagheri, Justin Bradley
Cyber-physical systems interact with the world through software controlling physical effectors. Carefully designed controllers, implemented as safety-critical control software, also interact with other parts of the software suite, and may be difficult to separate, verify, or maintain. Moreover, some software changes, not intended to impact control system performance, do change controller response through a variety of means including interaction with external libraries or unmodeled changes only existing in the cyber system (e.g., exception handling). As a result, identifying safety-critical control software, its boundaries with other embedded software in the system, and the way in which control software evolves could help developers isolate, test, and verify control implementation, and improve control software development. In this work we present an automated technique, based on a novel application of machine learning, to detect commits related to control software, its changes, and how the control software evolves. We leverage messages from developers (e.g., commit comments), and code changes themselves to understand how control software is refined, extended, and adapted over time. We examine three distinct, popular, real-world, safety-critical autopilots – ArduPilot, Paparazzi UAV, and LibrePilot to test our method demonstrating an effective detection rate of 0.95 for control-related code changes.
网络物理系统通过控制物理效应器的软件与世界互动。精心设计的控制器作为安全关键型控制软件实施,也会与软件套件的其他部分进行交互,可能难以分离、验证或维护。此外,一些并非旨在影响控制系统性能的软件更改会通过各种方式改变控制器的响应,包括与外部库的交互或仅存在于网络系统中的未建模更改(如异常处理)。因此,识别安全关键控制软件、其与系统中其他嵌入式软件的边界以及控制软件的演变方式,可以帮助开发人员隔离、测试和验证控制实现,并改进控制软件的开发。在这项工作中,我们提出了一种基于机器学习新应用的自动化技术,用于检测与控制软件、其更改以及控制软件演变方式相关的提交。我们利用开发人员的信息(如提交注释)和代码更改本身来了解控制软件是如何随着时间的推移而不断完善、扩展和调整的。我们对 ArduPilot、Paparazzi UAV 和 LibrePilot 这三种不同的、流行的、现实世界中的安全关键型自动驾驶仪进行了测试,结果表明我们的方法对控制相关代码变更的有效检测率为 0.95。
{"title":"Carving out Control Code: Automated Identification of Control Software in Autopilot Systems","authors":"Balaji Balasubramaniam, Iftekhar Ahmed, Hamid Bagheri, Justin Bradley","doi":"10.1145/3678259","DOIUrl":"https://doi.org/10.1145/3678259","url":null,"abstract":"Cyber-physical systems interact with the world through software controlling physical effectors. Carefully designed controllers, implemented as safety-critical control software, also interact with other parts of the software suite, and may be difficult to separate, verify, or maintain. Moreover, some software changes, not intended to impact control system performance, do change controller response through a variety of means including interaction with external libraries or unmodeled changes only existing in the cyber system (e.g., exception handling). As a result, identifying safety-critical control software, its boundaries with other embedded software in the system, and the way in which control software evolves could help developers isolate, test, and verify control implementation, and improve control software development. In this work we present an automated technique, based on a novel application of machine learning, to detect commits related to control software, its changes, and how the control software evolves. We leverage messages from developers (e.g., commit comments), and code changes themselves to understand how control software is refined, extended, and adapted over time. We examine three distinct, popular, real-world, safety-critical autopilots – ArduPilot, Paparazzi UAV, and LibrePilot to test our method demonstrating an effective detection rate of 0.95 for control-related code changes.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141830558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cooperative Driving of Connected Autonomous Vehicles using Responsibility Sensitive Safety Rules: A Control Barrier Functions Approach 使用责任敏感安全规则的互联自动驾驶汽车的合作驾驶:控制障碍函数方法
IF 2.3 Q1 Mathematics Pub Date : 2024-04-18 DOI: 10.1145/3648004
M. Khayatian, Mohammadreza Mehrabian, I-Ching Tseng, Chung-Wei Lin, Calin Belta, Aviral Shrivastava
Connected Autonomous Vehicles (CAVs) are expected to enable reliable, efficient, and intelligent transportation systems. Most motion planning algorithms for multi-agent systems implicitly assume that all vehicles/agents will execute the expected plan with a small error and evaluate their safety constraints based on this fact. This assumption, however, is hard to keep for CAVs since they may have to change their plan (e.g., to yield to another vehicle) or are forced to stop (e.g., A CAV may break down). While it is desired that a CAV never gets involved in an accident, it may be hit by other vehicles and sometimes, preventing the accident is impossible (e.g., getting hit from behind while waiting behind the red light). Responsibility-Sensitive Safety (RSS) is a set of safety rules that defines the objective of CAV to blame, instead of safety. Thus, instead of developing a CAV algorithm that will avoid any accident, it ensures that the ego vehicle will not be blamed for any accident it is a part of. Original RSS rules, however, are hard to evaluate for merge, intersection, and unstructured road scenarios, plus RSS rules do not prevent deadlock situations among vehicles. In this paper, we propose a new formulation for RSS rules that can be applied to any driving scenario. We integrate the proposed RSS rules with the CAV’s motion planning algorithm to enable cooperative driving of CAVs. We use Control Barrier Functions to enforce safety constraints and compute the energy optimal trajectory for the ego CAV. Finally, to ensure liveness, our approach detects and resolves deadlocks in a decentralized manner. We have conducted different experiments to verify that the ego CAV does not cause an accident no matter when other CAVs slow down or stop. We also showcase our deadlock detection and resolution mechanism using our simulator. Finally, we compare the average velocity and fuel consumption of vehicles when they drive autonomously with the case that they are autonomous and connected.
互联自动驾驶汽车(CAV)有望实现可靠、高效和智能的交通系统。大多数多代理系统的运动规划算法都隐含地假设所有车辆/代理都将执行误差很小的预期计划,并基于这一事实评估其安全约束。然而,这一假设对于 CAV 来说很难实现,因为它们可能不得不改变计划(例如,让行另一辆车)或被迫停止(例如,CAV 可能会抛锚)。虽然人们希望无人驾驶汽车永远不会发生事故,但它可能会被其他车辆撞上,有时,防止事故发生是不可能的(例如,在等红灯时被后面的车辆撞上)。责任敏感安全(RSS)是一套安全规则,它将 CAV 的目标定义为责任,而不是安全。因此,它不是开发一种能避免任何事故的 CAV 算法,而是确保自我车辆不会因其参与的任何事故而受到指责。然而,原始的 RSS 规则很难对并线、交叉路口和非结构化道路场景进行评估,而且 RSS 规则无法防止车辆之间出现僵局。在本文中,我们提出了一种可适用于任何驾驶场景的 RSS 规则新表述。我们将提出的 RSS 规则与 CAV 的运动规划算法相结合,以实现 CAV 的合作驾驶。我们使用控制障碍函数(Control Barrier Functions)来执行安全约束,并为自我 CAV 计算能量最优轨迹。最后,为了确保有效性,我们的方法以分散的方式检测和解决死锁。我们进行了不同的实验来验证,无论其他 CAV 放缓或停止,自我 CAV 都不会造成事故。我们还利用模拟器展示了我们的死锁检测和解决机制。最后,我们比较了车辆自主行驶时与自主连接时的平均速度和油耗。
{"title":"Cooperative Driving of Connected Autonomous Vehicles using Responsibility Sensitive Safety Rules: A Control Barrier Functions Approach","authors":"M. Khayatian, Mohammadreza Mehrabian, I-Ching Tseng, Chung-Wei Lin, Calin Belta, Aviral Shrivastava","doi":"10.1145/3648004","DOIUrl":"https://doi.org/10.1145/3648004","url":null,"abstract":"Connected Autonomous Vehicles (CAVs) are expected to enable reliable, efficient, and intelligent transportation systems. Most motion planning algorithms for multi-agent systems implicitly assume that all vehicles/agents will execute the expected plan with a small error and evaluate their safety constraints based on this fact. This assumption, however, is hard to keep for CAVs since they may have to change their plan (e.g., to yield to another vehicle) or are forced to stop (e.g., A CAV may break down). While it is desired that a CAV never gets involved in an accident, it may be hit by other vehicles and sometimes, preventing the accident is impossible (e.g., getting hit from behind while waiting behind the red light). Responsibility-Sensitive Safety (RSS) is a set of safety rules that defines the objective of CAV to blame, instead of safety. Thus, instead of developing a CAV algorithm that will avoid any accident, it ensures that the ego vehicle will not be blamed for any accident it is a part of. Original RSS rules, however, are hard to evaluate for merge, intersection, and unstructured road scenarios, plus RSS rules do not prevent deadlock situations among vehicles. In this paper, we propose a new formulation for RSS rules that can be applied to any driving scenario. We integrate the proposed RSS rules with the CAV’s motion planning algorithm to enable cooperative driving of CAVs. We use Control Barrier Functions to enforce safety constraints and compute the energy optimal trajectory for the ego CAV. Finally, to ensure liveness, our approach detects and resolves deadlocks in a decentralized manner. We have conducted different experiments to verify that the ego CAV does not cause an accident no matter when other CAVs slow down or stop. We also showcase our deadlock detection and resolution mechanism using our simulator. Finally, we compare the average velocity and fuel consumption of vehicles when they drive autonomously with the case that they are autonomous and connected.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2024-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140689135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Human-Centered Power Conservation Framework based on Reverse Auction Theory and Machine Learning 基于反向拍卖理论和机器学习的以人为本的电力保护框架
IF 2.3 Q1 Mathematics Pub Date : 2024-04-05 DOI: 10.1145/3656348
Enrico Casella, Simone Silvestri, D. A. Baker, Sajal K. Das
Extreme outside temperatures resulting from heat waves, winter storms, and similar weather-related events trigger the Heating Ventilation and Air Conditioning (HVAC) systems, resulting in challenging, and potentially catastrophic, peak loads. As a consequence, such extreme outside temperatures put a strain on power grids and may thus lead to blackouts. In order to avoid the financial and personal repercussions of peak loads, demand response and power conservation represent promising solutions. Despite numerous efforts, it has been shown that the current state-of-the-art fails to consider: i) the complexity of human behavior when interacting with power conservation systems; and ii) realistic home-level power dynamics. As a consequence, this leads to approaches that are i) ineffective due to poor long-term user engagement; and ii) too abstract to be used in real-world settings. In this paper, we propose an auction-theory-based power conservation framework for HVAC designed to address such individual human component through a three-fold approach: personalized preferences of power conservation, models of realistic user behavior , and realistic home-level power dynamics . In our framework, the System Operator (SO) sends Load Serving Entities (LSEs) the required power saving to tackle peak loads at the residential distribution feeder. Each LSE then prompts its users to provide bids , i.e., personalized preferences of thermostat temperature adjustments, along with corresponding financial compensations. We employ models of realistic user behavior by means of online surveys to gather user bids and evaluate user interaction with such system. Realistic home-level power dynamics are implemented by our machine-learning-based Power Saving Predictions (PSP) algorithm, calculating the individual power savings in each user’s home resulting from such bids. A machine-learning-based Power Saving Predictions (PSP) algorithm is executed by the users’ Smart Energy Management System (SEMS). PSP translates temperature adjustments into the corresponding power savings. Then, the SEMS sends bids back to the LSE, which selects the auction winners through an optimization problem called POwer Conservation Optimization (POCO). We prove that POCO is NP-hard, and thus provide two approaches to solve this problem. One approach is an optimal pseudo-polynomial algorithm called DYnamic programming Power Saving (DYPS), while the second is a heuristic polynomial-time algorithm called Greedy Ranking Allocation (GRAN). EnergyPlus, the high-fidelity and gold-standard energy simulator funded by the U.S. Department of Energy, was used to validate our experiments, as well as to collect data to train PSP. We further evaluate the results of the auctions across several scenarios, showing that, as expected, DYPS finds the optimal solution, while GRAN outperforms recent state-of-the-art approaches.
热浪、冬季风暴和类似天气事件导致的极端室外温度会触发暖通空调(HVAC)系统,从而产生具有挑战性的、可能是灾难性的峰值负荷。因此,这种极端的室外温度会对电网造成压力,从而可能导致停电。为了避免高峰负荷对经济和个人造成的影响,需求响应和节约用电是很有前途的解决方案。尽管做出了许多努力,但事实证明,当前的先进技术未能考虑到:i) 人类与节电系统互动时行为的复杂性;ii) 现实的家庭电力动态。因此,这导致了以下问题:i) 由于用户长期参与度不高而无效;ii) 过于抽象,无法在现实环境中使用。在本文中,我们提出了一个基于拍卖理论的暖通空调节电框架,旨在通过三方面的方法来解决这种个人人为因素:个性化的节电偏好、现实的用户行为模型和现实的家庭电力动态。在我们的框架中,系统运营商(SO)向负载服务实体(LSE)发送所需的节电信息,以解决住宅配电馈线的峰值负载问题。然后,每个 LSE 提示其用户提供出价,即恒温器温度调节的个性化偏好,以及相应的经济补偿。我们通过在线调查采用现实用户行为模型来收集用户出价,并评估用户与该系统的互动情况。我们基于机器学习的节电预测(PSP)算法实现了真实的家庭级电力动态,计算出每个用户家庭因这些出价而节省的电量。基于机器学习的节电预测 (PSP) 算法由用户的智能能源管理系统 (SEMS) 执行。PSP 将温度调整转化为相应的节电效果。然后,SEMS 将出价反馈给 LSE,LSE 通过一个名为 POwer Conservation Optimization (POCO) 的优化问题选出拍卖获胜者。我们证明了 POCO 的 NP 难度,因此提供了两种解决该问题的方法。一种方法是最优伪多项式算法,称为动态编程节电(DYPS);另一种方法是启发式多项式时间算法,称为贪婪排序分配(GRAN)。EnergyPlus 是由美国能源部资助的高保真黄金标准能源模拟器,用于验证我们的实验,并收集数据以训练 PSP。我们进一步评估了几种情况下的拍卖结果,结果表明,正如预期的那样,DYPS 找到了最优解,而 GRAN 则优于最近最先进的方法。
{"title":"A Human-Centered Power Conservation Framework based on Reverse Auction Theory and Machine Learning","authors":"Enrico Casella, Simone Silvestri, D. A. Baker, Sajal K. Das","doi":"10.1145/3656348","DOIUrl":"https://doi.org/10.1145/3656348","url":null,"abstract":"\u0000 Extreme outside temperatures resulting from heat waves, winter storms, and similar weather-related events trigger the Heating Ventilation and Air Conditioning (HVAC) systems, resulting in challenging, and potentially catastrophic, peak loads. As a consequence, such extreme outside temperatures put a strain on power grids and may thus lead to blackouts. In order to avoid the financial and personal repercussions of peak loads, demand response and power conservation represent promising solutions. Despite numerous efforts, it has been shown that the current state-of-the-art fails to consider: i) the complexity of human behavior when interacting with power conservation systems; and ii) realistic home-level power dynamics. As a consequence, this leads to approaches that are i) ineffective due to poor long-term user engagement; and ii) too abstract to be used in real-world settings. In this paper, we propose an auction-theory-based power conservation framework for HVAC designed to address such individual human component through a three-fold approach:\u0000 personalized preferences\u0000 of power conservation,\u0000 models of realistic user behavior\u0000 , and\u0000 realistic home-level power dynamics\u0000 . In our framework, the System Operator (SO) sends Load Serving Entities (LSEs) the required power saving to tackle peak loads at the residential distribution feeder. Each LSE then prompts its users to provide\u0000 bids\u0000 , i.e.,\u0000 personalized preferences\u0000 of thermostat temperature adjustments, along with corresponding financial compensations. We employ\u0000 models of realistic user behavior\u0000 by means of online surveys to gather user bids and evaluate user interaction with such system.\u0000 Realistic home-level power dynamics\u0000 are implemented by our machine-learning-based Power Saving Predictions (PSP) algorithm, calculating the individual power savings in each user’s home resulting from such bids. A machine-learning-based Power Saving Predictions (PSP) algorithm is executed by the users’ Smart Energy Management System (SEMS). PSP translates temperature adjustments into the corresponding power savings. Then, the SEMS sends bids back to the LSE, which selects the auction winners through an optimization problem called POwer Conservation Optimization (POCO). We prove that POCO is NP-hard, and thus provide two approaches to solve this problem. One approach is an optimal pseudo-polynomial algorithm called DYnamic programming Power Saving (DYPS), while the second is a heuristic polynomial-time algorithm called Greedy Ranking Allocation (GRAN). EnergyPlus, the high-fidelity and gold-standard energy simulator funded by the U.S. Department of Energy, was used to validate our experiments, as well as to collect data to train PSP. We further evaluate the results of the auctions across several scenarios, showing that, as expected, DYPS finds the optimal solution, while GRAN outperforms recent state-of-the-art approaches.\u0000","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2024-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140736855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On Cyber-Physical Fault Resilience in Data Communication: A Case From A LoRaWAN Network Systems Design 论数据通信中的网络物理故障恢复能力:LoRaWAN 网络系统设计案例
IF 2.3 Q1 Mathematics Pub Date : 2024-01-04 DOI: 10.1145/3639571
Chao Wang, Cheng-Hsun Chuang, Yu-Wei Chen, Yun-Fan Chen
Systems offering fault-resilient, energy-efficient, soft real-time data communication have wide applications in Industrial Internet-of-Things (IIoT). While there have been extensive studies for fault resilience in real-time embedded systems, investigations from cyber-physical systems (CPS) perspective are still much needed, as CPS faults occur not just from abnormal conditions in the software/hardware of the system, but also from the physical environment in which the system operates. At the same time, in addition to conventional fault tolerance strategies embedded in the software/hardware of the target system, CPS faults could be mitigated via some strategic systems re-configuration made available by the physical environment. This paper presents a design and implementation for CPS fault-resilient data communication, in the context of IIoT networks running LoRaWAN, a low-power wide-area networking standard. The proposed design combines collaborative IIoT end devices plus a network gateway piggybacked on a third-party cruising object that is part of the environment. With the focus on data communication, the study illustrates challenges and opportunities to address CPS fault resilience while meeting the needs for energy efficiency and communication timeliness that are common to IIoT systems. The implementation of the design is based on ChirpStack, a widely used open source framework for LoRaWAN. The results from experiment and simulation both show that the proposed scheme can tolerate limited errors of data communication while saving operating energy and maintaining timeliness of data communication to some extent.
在工业物联网(IIoT)中,提供故障弹性、高能效、软实时数据通信的系统有着广泛的应用。虽然对实时嵌入式系统的故障恢复能力进行了大量研究,但从网络物理系统(CPS)的角度进行研究仍然十分必要,因为网络物理系统的故障不仅来自系统软件/硬件的异常情况,还来自系统运行的物理环境。同时,除了目标系统软件/硬件中嵌入的传统容错策略外,还可以通过物理环境提供的一些战略性系统重新配置来缓解 CPS 故障。本文以运行低功耗广域网络标准 LoRaWAN 的物联网网络为背景,介绍了 CPS 容错数据通信的设计与实现。所提出的设计将协作式 IIoT 终端设备与网络网关结合在一起,网关搭载在作为环境一部分的第三方巡航物体上。该研究以数据通信为重点,说明了在满足 IIoT 系统对能效和通信及时性的共同需求的同时,解决 CPS 故障恢复能力问题所面临的挑战和机遇。设计的实现基于 ChirpStack,这是一个广泛使用的 LoRaWAN 开源框架。实验和仿真结果均表明,所提出的方案可以容忍有限的数据通信错误,同时在一定程度上节约了运行能耗,并保持了数据通信的及时性。
{"title":"On Cyber-Physical Fault Resilience in Data Communication: A Case From A LoRaWAN Network Systems Design","authors":"Chao Wang, Cheng-Hsun Chuang, Yu-Wei Chen, Yun-Fan Chen","doi":"10.1145/3639571","DOIUrl":"https://doi.org/10.1145/3639571","url":null,"abstract":"Systems offering fault-resilient, energy-efficient, soft real-time data communication have wide applications in Industrial Internet-of-Things (IIoT). While there have been extensive studies for fault resilience in real-time embedded systems, investigations from cyber-physical systems (CPS) perspective are still much needed, as CPS faults occur not just from abnormal conditions in the software/hardware of the system, but also from the physical environment in which the system operates. At the same time, in addition to conventional fault tolerance strategies embedded in the software/hardware of the target system, CPS faults could be mitigated via some strategic systems re-configuration made available by the physical environment. This paper presents a design and implementation for CPS fault-resilient data communication, in the context of IIoT networks running LoRaWAN, a low-power wide-area networking standard. The proposed design combines collaborative IIoT end devices plus a network gateway piggybacked on a third-party cruising object that is part of the environment. With the focus on data communication, the study illustrates challenges and opportunities to address CPS fault resilience while meeting the needs for energy efficiency and communication timeliness that are common to IIoT systems. The implementation of the design is based on ChirpStack, a widely used open source framework for LoRaWAN. The results from experiment and simulation both show that the proposed scheme can tolerate limited errors of data communication while saving operating energy and maintaining timeliness of data communication to some extent.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2024-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139384661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DistressNet-NG: A Resilient Data Storage and Sharing Framework for Mobile Edge Computing in Cyber-Physical Systems DistressNet-NG:网络物理系统中移动边缘计算的弹性数据存储和共享框架
IF 2.3 Q1 Mathematics Pub Date : 2024-01-03 DOI: 10.1145/3639057
M.F.H. Sagor, Amran Haroon, R. Stoleru, S. Bhunia, A. Altaweel, M. Chao, Liuyi Jin, M. Maurice, R. Blalock
Mobile Edge Computing (MEC) has been gaining a major interest for use in Cyber-Physical Systems (CPS) for Disaster Response and Tactical applications. These CPS generate a very large amount of mission-critical and personal data that require resilient and secure storage and sharing. In this article, we present the design, implementation, and evaluation of a framework for resilient data storage and sharing for MEC in CPS targeting the aforementioned applications. Our framework is built on the resiliency of three main components: EdgeKeeper, which ensures resilient coordination of the framework’s components; RSock, which provides resilient communication among CPS’s nodes; and R-Drive/R-Share which, leveraging EdgeKeeper and RSock, provides resilient data storage and sharing. EdgeKeeper employs a set of replicas and a consensus protocol for storing critical meta-data and ensuring fast reorganization of the CPS; RSock decides an optimal degree for replicating data that is communicated over lossy links. R-Drive employs an adaptive erasure-coded and encrypted resilient data storage; R-Share, leveraging RSock provides resilient peer-to-peer data sharing. We implemented our proposed framework on rapidly deployable systems (e.g. manpacks, testMobile Edge Clouds) and on Android devices, and integrated it with existing MEC applications. Performance evaluation results from three real-world deployments show that our framework provides resilient data storage and sharing in MEC for CPS.
移动边缘计算(MEC)在用于灾难响应和战术应用的网络物理系统(CPS)中的应用越来越受到关注。这些 CPS 会产生大量关键任务数据和个人数据,需要弹性、安全的存储和共享。在本文中,我们介绍了针对上述应用的 CPS 中 MEC 弹性数据存储和共享框架的设计、实施和评估。我们的框架建立在三个主要组件的弹性之上:EdgeKeeper确保框架各组件的弹性协调;RSock提供CPS节点间的弹性通信;R-Drive/R-Share利用EdgeKeeper和RSock提供弹性数据存储和共享。EdgeKeeper 采用一组副本和共识协议来存储关键元数据,并确保 CPS 的快速重组;RSock 决定通过有损链路通信的数据的最佳复制度。R-Drive 采用自适应擦除编码和加密弹性数据存储;R-Share 利用 RSock 提供弹性点对点数据共享。我们在快速部署系统(如 manpacks、testMobile Edge Clouds)和安卓设备上实施了我们提出的框架,并将其与现有的 MEC 应用程序集成。三个实际部署的性能评估结果表明,我们的框架为 CPS 的 MEC 提供了弹性数据存储和共享。
{"title":"DistressNet-NG: A Resilient Data Storage and Sharing Framework for Mobile Edge Computing in Cyber-Physical Systems","authors":"M.F.H. Sagor, Amran Haroon, R. Stoleru, S. Bhunia, A. Altaweel, M. Chao, Liuyi Jin, M. Maurice, R. Blalock","doi":"10.1145/3639057","DOIUrl":"https://doi.org/10.1145/3639057","url":null,"abstract":"Mobile Edge Computing (MEC) has been gaining a major interest for use in Cyber-Physical Systems (CPS) for Disaster Response and Tactical applications. These CPS generate a very large amount of mission-critical and personal data that require resilient and secure storage and sharing. In this article, we present the design, implementation, and evaluation of a framework for resilient data storage and sharing for MEC in CPS targeting the aforementioned applications. Our framework is built on the resiliency of three main components: EdgeKeeper, which ensures resilient coordination of the framework’s components; RSock, which provides resilient communication among CPS’s nodes; and R-Drive/R-Share which, leveraging EdgeKeeper and RSock, provides resilient data storage and sharing. EdgeKeeper employs a set of replicas and a consensus protocol for storing critical meta-data and ensuring fast reorganization of the CPS; RSock decides an optimal degree for replicating data that is communicated over lossy links. R-Drive employs an adaptive erasure-coded and encrypted resilient data storage; R-Share, leveraging RSock provides resilient peer-to-peer data sharing. We implemented our proposed framework on rapidly deployable systems (e.g. manpacks, testMobile Edge Clouds) and on Android devices, and integrated it with existing MEC applications. Performance evaluation results from three real-world deployments show that our framework provides resilient data storage and sharing in MEC for CPS.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2024-01-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139451639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Blockchain Architecture to Increase the Resilience of Industrial Control Systems from the Effects of a Ransomware Attack: A Proposal and Initial Results 提高工业控制系统抵御勒索软件攻击的能力的区块链架构:建议和初步结果
IF 2.3 Q1 Mathematics Pub Date : 2023-12-21 DOI: 10.1145/3637553
Stephen Kirkman, Steven Fulton, Jeffrey Hemmes, Christopher Garcia, Justin C. Wilson
The motivation of this research (and also one of the nation’s cyber goals) is enhancing the resilience of Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems against ransomware attacks. ICS and SCADA systems run some of the most important networks in the country: our critical infrastructure (i.e. water flow, power grids, etc.). Disruption of these systems causes confusion, panic, and in some cases loss of life. We propose a SCADA architecture that uses blockchain to help protect ICS data from ransomware. We focus on the historian. In a SCADA system, the historian collects events from devices in the control network for real-time and future analysis. We choose to use Ethereum and its Proof of Stake (PoS) consensus protocol. The other goal of this research focuses on the resilience of blockchain. There is very little research in protecting the blockchain itself. By performing encryption testing on an Ethereum private network, we explore how vulnerable blockchain is and discuss potential ways to make a blockchain client more resilient.
这项研究的动机(也是国家的网络目标之一)是提高工业控制系统(ICS)/监控与数据采集(SCADA)系统抵御勒索软件攻击的能力。ICS 和 SCADA 系统运行着美国一些最重要的网络:我们的关键基础设施(如水流、电网等)。这些系统的中断会造成混乱、恐慌,有时还会导致生命损失。我们提出了一种 SCADA 架构,使用区块链来帮助保护 ICS 数据免受勒索软件的侵害。我们将重点放在历史记录程序上。在 SCADA 系统中,历史记录程序从控制网络中的设备收集事件,用于实时和未来分析。我们选择使用以太坊及其权益证明(PoS)共识协议。这项研究的另一个目标是区块链的弹性。保护区块链本身的研究很少。通过在以太坊私有网络上进行加密测试,我们探索了区块链的脆弱性,并讨论了使区块链客户端更具弹性的潜在方法。
{"title":"A Blockchain Architecture to Increase the Resilience of Industrial Control Systems from the Effects of a Ransomware Attack: A Proposal and Initial Results","authors":"Stephen Kirkman, Steven Fulton, Jeffrey Hemmes, Christopher Garcia, Justin C. Wilson","doi":"10.1145/3637553","DOIUrl":"https://doi.org/10.1145/3637553","url":null,"abstract":"The motivation of this research (and also one of the nation’s cyber goals) is enhancing the resilience of Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems against ransomware attacks. ICS and SCADA systems run some of the most important networks in the country: our critical infrastructure (i.e. water flow, power grids, etc.). Disruption of these systems causes confusion, panic, and in some cases loss of life. We propose a SCADA architecture that uses blockchain to help protect ICS data from ransomware. We focus on the historian. In a SCADA system, the historian collects events from devices in the control network for real-time and future analysis. We choose to use Ethereum and its Proof of Stake (PoS) consensus protocol. The other goal of this research focuses on the resilience of blockchain. There is very little research in protecting the blockchain itself. By performing encryption testing on an Ethereum private network, we explore how vulnerable blockchain is and discuss potential ways to make a blockchain client more resilient.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138953282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors 检测工业互联网恶意攻击行为的组合优化分析方法
IF 2.3 Q1 Mathematics Pub Date : 2023-12-15 DOI: 10.1145/3637554
Kejing Zhao, Zhiyong Zhang, K. Choo, Zhongya Zhang, Tiantian Zhang
Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting and low efficiency. A combinatorial optimization method Lagrange multiplier is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and Natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increases to 0.93, and the attack detection time reduces by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this paper, CICDDoS2019 dataset and CICIDS2018 dataset are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly data sets.
工业互联网在关键基础设施领域发挥着重要作用,是各种安全威胁和风险的目标。现有的许多攻击检测方法存在功能冗余、过度拟合和效率低等局限性。设计了一种组合优化方法拉格朗日乘法器来优化底层特征筛选算法。优化后的特征组合与随机森林和 XG-Boost 筛选特征相融合,提高了攻击特征分析的准确性和效率。我们使用 UNSW-NB15 和天然气管道数据集评估了所提方法的性能。结果表明,与攻击行为相关的不同特征的影响度可使二元分类攻击检测的准确度提高到 0.93,攻击检测时间缩短了 6.96 倍。多分类攻击检测的总体准确率也提高了 0.11。我们还观察到,攻击行为分析的九个关键特征对于分析和检测针对系统的一般攻击至关重要,通过关注这些特征,有可能提高实时关键工业系统安全的有效性和效率。本文使用 CICDDoS2019 数据集和 CICIDS2018 数据集来证明该泛化方法。实验结果表明,所提出的方法具有良好的泛化能力,可以扩展到同类型的工业异常数据集。
{"title":"A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors","authors":"Kejing Zhao, Zhiyong Zhang, K. Choo, Zhongya Zhang, Tiantian Zhang","doi":"10.1145/3637554","DOIUrl":"https://doi.org/10.1145/3637554","url":null,"abstract":"Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting and low efficiency. A combinatorial optimization method Lagrange multiplier is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and Natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increases to 0.93, and the attack detection time reduces by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this paper, CICDDoS2019 dataset and CICIDS2018 dataset are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly data sets.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139001339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Statistical Verification using Surrogate Models and Conformal Inference and a Comparison with Risk-aware Verification 使用替代模型和共形推理的统计验证以及与风险意识验证的比较
IF 2.3 Q1 Mathematics Pub Date : 2023-12-05 DOI: 10.1145/3635160
Xin Qin, Yuan Xia, Aditya Zutshi, Chuchu Fan, Jyotirmoy V. Deshmukh
Uncertainty in safety-critical cyber-physical systems can be modeled using a finite number of parameters or parameterized input signals. Given a system specification in Signal Temporal Logic (STL), we would like to verify that for all (infinite) values of the model parameters/input signals, the system satisfies its specification. Unfortunately, this problem is undecidable in general. Statistical model checking (SMC) offers a solution by providing guarantees on the correctness of CPS models by statistically reasoning on model simulations. We propose a new approach for statistical verification of CPS models for user-provided distribution on the model parameters. Our technique uses model simulations to learn surrogate models, and uses conformal inference to provide probabilistic guarantees on the satisfaction of a given STL property. Additionally, we can provide prediction intervals containing the quantitative satisfaction values of the given STL property for any user-specified confidence level. We compare this prediction interval with the interval we get using risk estimation procedures. We also propose a refinement procedure based on Gaussian Process (GP)-based surrogate models for obtaining fine-grained probabilistic guarantees over sub-regions in the parameter space. This in turn enables the CPS designer to choose assured validity domains in the parameter space for safety-critical applications. Finally, we demonstrate the efficacy of our technique on several CPS models.
安全关键型网络物理系统中的不确定性可以使用有限数量的参数或参数化输入信号进行建模。给定信号时序逻辑(STL)中的系统规范,我们希望验证对于模型参数/输入信号的所有(无限)值,系统满足其规范。不幸的是,这个问题通常是无法确定的。统计模型检验(SMC)通过对模型模拟进行统计推理来保证CPS模型的正确性,从而提供了一种解决方案。我们提出了一种新的方法来统计验证用户提供的模型参数分布的CPS模型。我们的技术使用模型模拟来学习代理模型,并使用共形推理来提供满足给定STL属性的概率保证。此外,对于任何用户指定的置信水平,我们可以提供包含给定STL属性的定量满意值的预测区间。我们将这个预测区间与使用风险估计程序得到的区间进行比较。我们还提出了一种基于高斯过程(GP)的代理模型的改进过程,用于在参数空间的子区域上获得细粒度的概率保证。这反过来又使CPS设计人员能够在参数空间中为安全关键型应用程序选择可靠的有效性域。最后,我们在几个CPS模型上展示了我们的技术的有效性。
{"title":"Statistical Verification using Surrogate Models and Conformal Inference and a Comparison with Risk-aware Verification","authors":"Xin Qin, Yuan Xia, Aditya Zutshi, Chuchu Fan, Jyotirmoy V. Deshmukh","doi":"10.1145/3635160","DOIUrl":"https://doi.org/10.1145/3635160","url":null,"abstract":"Uncertainty in safety-critical cyber-physical systems can be modeled using a finite number of parameters or parameterized input signals. Given a system specification in Signal Temporal Logic (STL), we would like to verify that for all (infinite) values of the model parameters/input signals, the system satisfies its specification. Unfortunately, this problem is undecidable in general. Statistical model checking (SMC) offers a solution by providing guarantees on the correctness of CPS models by statistically reasoning on model simulations. We propose a new approach for statistical verification of CPS models for user-provided distribution on the model parameters. Our technique uses model simulations to learn surrogate models, and uses conformal inference to provide probabilistic guarantees on the satisfaction of a given STL property. Additionally, we can provide prediction intervals containing the quantitative satisfaction values of the given STL property for any user-specified confidence level. We compare this prediction interval with the interval we get using risk estimation procedures. We also propose a refinement procedure based on Gaussian Process (GP)-based surrogate models for obtaining fine-grained probabilistic guarantees over sub-regions in the parameter space. This in turn enables the CPS designer to choose assured validity domains in the parameter space for safety-critical applications. Finally, we demonstrate the efficacy of our technique on several CPS models.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138598245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Mixed-Trust Computing: Safe and Secure Real-Time Systems 混合信任计算:安全可靠的实时系统
IF 2.3 Q1 Mathematics Pub Date : 2023-12-02 DOI: 10.1145/3635162
Dionisio de Niz, Bjorn Andersson, Mark H. Klein, J. Lehoczky, Amit Vasudevan, Hyoseung Kim, Gabriel Moreno
Verifying complex Cyber-Physical Systems (CPS) is increasingly important given the push to deploy safety-critical autonomous features. Unfortunately, traditional verification methods do not scale to the complexity of these systems and do not provide systematic methods to protect verified properties when not all the components can be verified. To address these challenges, this article proposes a real-time mixed-trust computing framework that combines verification and protection. The framework introduces a new task model, where an application task can have both an untrusted and a trusted part. The untrusted part allows complex computations supported by a full OS with a real-time scheduler running in a VM hosted by a trusted hypervisor. The trusted part is executed by another scheduler within the hypervisor and is thus protected from the untrusted part. If the untrusted part fails to finish by a specific time, the trusted part is activated to preserve safety (e.g., prevent a crash) including its timing guarantees. This framework is the first allowing the use of untrusted components for CPS critical functions while preserving logical and timing guarantees, even in the presence of malicious attackers. We present the framework its schedulability analysis and the coordination protocol between the trusted and untrusted parts. Our implementation on a Raspberry Pi 3 is also discussed along with experiments showing the behavior of the system under failures of untrusted components, and a drone application to demonstrate its practicality.
考虑到部署安全关键自主功能的推动,验证复杂的网络物理系统(CPS)变得越来越重要。不幸的是,传统的验证方法不能扩展到这些系统的复杂性,并且在并非所有组件都可以验证时,不能提供系统的方法来保护已验证的属性。为了应对这些挑战,本文提出了一种结合验证和保护的实时混合信任计算框架。该框架引入了一个新的任务模型,其中应用程序任务可以同时具有不受信任的部分和受信任的部分。不受信任的部分允许由完整的操作系统支持的复杂计算,并在由受信任的管理程序托管的VM中运行实时调度器。受信任的部分由管理程序中的另一个调度器执行,因此不受不受信任部分的影响。如果不可信部分未能在特定时间内完成,则激活可信部分以保持安全性(例如,防止崩溃),包括其时间保证。该框架是第一个允许将不受信任的组件用于CPS关键功能,同时保留逻辑和定时保证的框架,即使在存在恶意攻击者的情况下也是如此。给出了该框架的可调度性分析和可信部分与不可信部分之间的协调协议。我们在树莓派3上的实现也与实验一起讨论,显示了系统在不可信组件故障下的行为,以及无人机应用程序来展示其实用性。
{"title":"Mixed-Trust Computing: Safe and Secure Real-Time Systems","authors":"Dionisio de Niz, Bjorn Andersson, Mark H. Klein, J. Lehoczky, Amit Vasudevan, Hyoseung Kim, Gabriel Moreno","doi":"10.1145/3635162","DOIUrl":"https://doi.org/10.1145/3635162","url":null,"abstract":"Verifying complex Cyber-Physical Systems (CPS) is increasingly important given the push to deploy safety-critical autonomous features. Unfortunately, traditional verification methods do not scale to the complexity of these systems and do not provide systematic methods to protect verified properties when not all the components can be verified. To address these challenges, this article proposes a real-time mixed-trust computing framework that combines verification and protection. The framework introduces a new task model, where an application task can have both an untrusted and a trusted part. The untrusted part allows complex computations supported by a full OS with a real-time scheduler running in a VM hosted by a trusted hypervisor. The trusted part is executed by another scheduler within the hypervisor and is thus protected from the untrusted part. If the untrusted part fails to finish by a specific time, the trusted part is activated to preserve safety (e.g., prevent a crash) including its timing guarantees. This framework is the first allowing the use of untrusted components for CPS critical functions while preserving logical and timing guarantees, even in the presence of malicious attackers. We present the framework its schedulability analysis and the coordination protocol between the trusted and untrusted parts. Our implementation on a Raspberry Pi 3 is also discussed along with experiments showing the behavior of the system under failures of untrusted components, and a drone application to demonstrate its practicality.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138607343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
ACM Transactions on Cyber-Physical Systems
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1