Abstract
Given the widespread deployment of cyber-physical systems and their safety-critical nature, reliability and security guarantees offered by such systems are of paramount importance. While the security of such systems against sensor attacks have garnered significant attention from researchers in recent times, improving the reliability of a control software implementation against transient environmental disturbances need to be investigated further. Scalable formal methods for verification of actual control performance guarantee offered by software implementations of control laws in the face of sensory faults have been explored in recent work [20]. However, the formal verification of the improvement of system reliability by incorporating sensor fault mitigation techniques like Kalman filtering [29] and sensor fusion [18, 52] remains to be explored. Moreover, system designers face complex tradeoff choices for deciding upon the usage of fault and attack mitigation techniques and scheduling them on available system resources as they incur extra computation load.
In the present work, our contributions are threefold. We formally analyze the actual performance guarantee of control software implementations enabled with additional fault mitigation techniques. We consider task-level models of such implementations enabled with security and fault tolerance primitives and construct a timed automata-based model which checks for schedulability on heterogeneous multi-core platforms. We leverage these methodologies in the context of a novel Design-Space-Exploration (DSE) framework that considers target reliability and security guarantees for a control system and computes schedulable design options while considering well-known platform-level security improvement and fault mitigation techniques. We validate our contributions over several case studies from the automotive domain.
- Yasmina Abdeddaim, Eugene Asarin, Oded Maler, et al. 2006. Scheduling with timed automata. Theoretical Computer Science 354, 2 (2006), 272--300.Google Scholar
Digital Library
- Rajeev Alur and David L. Dill. 1994. A theory of timed automata. Theoretical Computer Science 126, 2 (1994), 183--235.Google Scholar
Digital Library
- Christel Baier, Joost-Pieter Katoen, and Kim Guldstrand Larsen. 2008. Principles of Model Checking. MIT Press, New York, NY.Google Scholar
Digital Library
- Gerd Behrmann, Alexandre David, Kim Guldstrand Larsen, John Hakansson, Paul Petterson, Wang Yi, and Martijn Hendriks. 2006. UPPAAL 4.0. In QEST. IEEE Computer Society, Washington, DC, 125--126.Google Scholar
- Johan Bengtsson, Kim Larsen, Fredrik Larsson, Paul Pettersson, and Wang Yi. 1995. UPPAAL—A tool suite for automatic verification of real-time systems. In International Hybrid Systems Workshop. Springer, Berlin, 232--243.Google Scholar
- Cristiana Bolchini and Antonio Miele. 2012. Reliability-driven system-level synthesis for mixed-critical embedded systems. IEEE Transactions on Computers 62, 12 (2012), 2489--2502.Google Scholar
Digital Library
- Alvaro Cardenas, Saurabh Amin, Bruno Sinopoli, Annarita Giani, Adrian Perrig, and Shankar Sastry. 2009. Challenges for Securing Cyber Physical Systems. DHS.Google Scholar
- Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno, et al. 2011. Comprehensive experimental analyses of automotive attack surfaces. In USENIX Conference on Security, Vol. 4. USENIX Association, San Francisco, CA, 447--462.Google Scholar
- Bei Chen, Yugang Niu, and Yuanyuan Zou. 2013. Adaptive sliding mode control for stochastic Markovian jumping systems with actuator degradation. Automatica 49, 6 (2013), 1748--1754.Google Scholar
Digital Library
- John L. Crassidis and John L. Junkins. 2011. Optimal Estimation of Dynamic Systems. CRC Press, Boca Raton, FL.Google Scholar
- Pascal Cuoq, Florent Kirchner, Nikolai Kosmatov, Virgile Prevosto, Julien Signoles, and Boris Yakobowski. 2012. Frama-c. In Software Engineering and Formal Methods. Springer, Berlin, 233--247.Google Scholar
- Jesús A. De Loera, Raymond Hemmecke, Jeremiah Tauzer, and Ruriko Yoshida. 2004. Effective lattice point counting in rational convex polytopes. Journal of Symbolic Computation 38, 4 (2004), 1273--1302.Google Scholar
Cross Ref
- Marco Di Natale and Alberto Luigi Sangiovanni-Vincentelli. 2010. Moving from federated to integrated architectures in automotive: The role of standards, methods and tools. Proceedings of the IEEE 98, 4 (2010), 603--620.Google Scholar
Cross Ref
- Edsger W. Dijkstra. 1975. Guarded commands, nondeterminacy and formal derivation of programs. Communicationsof the ACM 18, 8 (1975), 453--457.Google Scholar
Digital Library
- John Fearnley and Marcin Jurdziński. 2015. Reachability in two-clock timed automata is PSPACE-complete. Information and Computation 243 (2015), 26--36.Google Scholar
Digital Library
- Ansgar Fehnker. 1999. Scheduling a steel plant with timed automata. In RTCSA. IEEE, New York, NY, 280--286.Google Scholar
- Elena Fersman, Leonid Mokrushin, Paul Pettersson, and Wang Yi. 2006. Schedulability analysis of fixed-priority systems using timed automata. Theoretical Computer Science. 354, 2 (2006), 301--317.Google Scholar
Digital Library
- Qiang Gan and Chris J. Harris. 2001. Comparison of two measurement fusion methods for Kalman-filter-based multisensor data fusion. IEEE Transactions on Aerospace and Electronic Systems 37, 1 (2001), 273--279.Google Scholar
Cross Ref
- Saurav Kumar Ghosh, Soumyajjit Dey, Dip Goswami, Daniel Mueller-Gritschneder, and Samarjit Chakraborty. 2018. Design and validation of fault-tolerant embedded controllers. In DATE. IEEE, New York, NY, 1283--1288.Google Scholar
- Saurav Kumar Ghosh, Debasmita Lohar, Dibyendu Das, and Soumyajit Dey. 2017. Work-in-progress: Verifying stability guarantees of control software implementations in the presence of sensor level faults. In EMSOFT. IEEE, New York, NY, 1--2.Google Scholar
- Dip Goswami, D. Muller-Gritschneder, Twan Basten, Ulf Schlichtmann, and Samarjit Chakraborty. 2014. Fault-tolerant embedded control systems for unreliable hardware. In ISIC. IEEE, New York, NY, 464--467.Google Scholar
- Dip Goswami, Reinhard Schneider, and Samarjit Chakraborty. 2014. Relaxing signal delay constraints in distributed embedded controllers. IEEE Transactions on Control Systems Technology 22, 6 (2014), 2337--2345.Google Scholar
Cross Ref
- Andy Greenberg. 2015. Hackers remotely kill a jeep on the highway—with me in it. Wired 7 (2015), 21.Google Scholar
- Nan Guan, Zonghua Gu, Qingxu Deng, Shuaihong Gao, and Ge Yu. 2007. Exact schedulability analysis for static-priority global multiprocessor scheduling using model-checking. In IFIP WG 10.2 International Workshop, SEUS. Springer, Berlin, 263--272.Google Scholar
- Yanhong Huang, Joao F. Ferreira, Guanhua He, Shengchao Qin, and Jifeng He. 2013. Deadline analysis of AUTOSAR OS periodic tasks in the presence of interrupts. In ICFEM. Springer, Berlin, 165--181.Google Scholar
- Arshad Jhumka, Stephan Klaus, and Sorin A. Huss. 2005. A dependability-driven system-level design approach for embedded systems. In DATE. IEEE, New York, NY, 372--377.Google Scholar
- Ke Jiang, Adrian Lifa, Petru Eles, Zebo Peng, and Wei Jiang. 2013. Energy-aware design of secure multi-mode real-time embedded systems with FPGA co-processors. In RTNS. ACM, New York, NY, 109--118.Google Scholar
- Ilija Jovanov and Miroslav Pajic. 2017. Sporadic data integrity for secure state estimation. In CDC. IEEE, New York, NY, 163--169.Google Scholar
- Rudolph Emil Kalman. 1960. A new approach to linear filtering and prediction problems. Journal of Basic Engineering 82, 1 (1960), 35--45.Google Scholar
Cross Ref
- Andrew J. Kerns, Daniel P. Shepard, Jahshan A. Bhatti, and Todd E. Humphreys. 2014. Unmanned aircraft capture and control via GPS spoofing. Journal of Field Robotics 31, 4 (2014), 617--636.Google Scholar
Digital Library
- Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, et al. 2010. Experimental security analysis of a modern automobile. In IEEE Symposium on Security and Privacy. IEEE, New York, NY, 447--462.Google Scholar
Digital Library
- Ralph Langner. 2011. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security and Privacy 9, 3 (2011), 49--51.Google Scholar
Digital Library
- Vuk Lesi, Ilija Jovanov, and Miroslav Pajic. 2017. Network scheduling for secure cyber-physical systems. In RTSS. IEEE, New York, NY, 45--55.Google Scholar
- Vuk Lesi, Ilija Jovanov, and Miroslav Pajic. 2017. Security-aware scheduling of embedded control tasks. ACM Transactions on Embedded Computing Systems 16, 5s (2017), 1--21.Google Scholar
Digital Library
- Chung-Wei Lin, Bowen Zheng, Qi Zhu, and Alberto Sangiovanni-Vincentelli. 2015. Security-aware design methodology and optimization for automotive systems. ACM Transactions on Design Automation of Electronic Systems 21, 1 (2015), 1--26.Google Scholar
Digital Library
- David McNeil Mayhew. 1999. Multi-rate Sensor Fusion for GPS Navigation Using Kalman Filtering. Ph.D. Dissertation. Virginia Tech.Google Scholar
- MDA. 2020. Measure Data Analyzer. Retrieved on September 10, 2019 from https://www.etas.com/en/products/mda.php.Google Scholar
- William C. Messner, Dawn M. Tilbury, and Rick Hill. 1999. Control Tutorials for MATLAB® and Simulink®.Google Scholar
- Yilin Mo and Bruno Sinopoli. 2009. Secure control against replay attacks. In Allerton. IEEE, New York, NY, 911--918.Google Scholar
- Yilin Mo and Bruno Sinopoli. 2010. False data injection attacks in cyber physical systems. In Preprints of the First Workshop on Secure Control Systems. ACM, New York, NY, 1--6.Google Scholar
- Aloysius K. Mok and Deji Chen. 1997. A multiframe model for real-time tasks. IEEE Transactions on Software Engineering 23, 10 (1997), 635--645.Google Scholar
Digital Library
- Junkil Park, Radoslav Ivanov, James Weimer, Miroslav Pajic, and Insup Lee. 2015. Sensor attack detection in the presence of transient faults. In ICCPS. ACM, New York, NY, 1--10.Google Scholar
- Fabio Pasqualetti, Florian Dorfler, and Francesco Bullo. 2015. Control-theoretic methods for cyberphysical security: Geometric principles for optimal cross-layer resilient control systems. IEEE Control Systems Magazine 35, 1 (2015), 110--127.Google Scholar
Cross Ref
- Fabio Pasqualetti and Qi Zhu. 2015. Design and operation of secure cyber-physical systems. IEEE Embedded Systems Letters 7, 1 (2015), 3--6.Google Scholar
Digital Library
- Yasser Shoukry, Paul Martin, Paulo Tabuada, and Mani Srivastava. 2013. Non-invasive spoofing attacks for anti-lock braking systems. In CHES. Springer, Berlin, 55--72.Google Scholar
- Jill Slay and Michael Miller. 2007. Lessons learned from the maroochy water breach. In IFIP WG 11.10 International Conference, CIP. Springer, Berlin, 73--82.Google Scholar
- Xidong Tang, Gang Tao, and Suresh M. Joshi. 2007. Adaptive actuator failure compensation for nonlinear MIMO systems with an aircraft control application. Automatica 43, 11 (2007), 1869--1883.Google Scholar
Digital Library
- André Teixeira, Iman Shames, Henrik Sandberg, and Karl Henrik Johansson. 2015. A secure control framework for resource-limited adversaries. Automatica 51 (2015), 135--148.Google Scholar
Digital Library
- Lothar Thiele, Samarjit Chakraborty, and Martin Naedele. 2000. Real-time calculus for scheduling hard real-time systems. In ISCAS. IEEE, New York, NY, 101--104.Google Scholar
Cross Ref
- Satya Gautam Vadlamudi and Partha Pratim Chakrabarti. 2013. Robustness analysis of embedded control systems with respect to signal perturbations: Finding minimal counterexamples using fault injection. IEEE Transactions on Dependable and Secure Computing 11, 1 (2013), 45--58.Google Scholar
Digital Library
- Tan Chee Wei, Hazlina Selamat, and Ahmad Jais Alimin. 2010. Modeling and control of an engine fuel injection system. International Journal of Simulation--Systems, Science 8 Technology 11, 5 (2010), 48--60.Google Scholar
- Lin Xiao, Stephen Boyd, and Sanjay Lall. 2005. A scheme for robust distributed sensor fusion based on average consensus. In IPSN. IEEE, New York, NY, 63--70.Google Scholar
- Bowen Zheng, Peng Deng, Rajasekhar Anguluri, Qi Zhu, and Fabio Pasqualetti. 2016. Cross-layer codesign for secure cyber-physical systems. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 35, 5 (2016), 699--711.Google Scholar
Digital Library
Index Terms
Reliable and Secure Design-Space-Exploration for Cyber-Physical Systems
Recommendations
Integrating Security in Resource-Constrained Cyber-Physical Systems
Special Issue on User-Centric Security and Safety for CPSDefense mechanisms against network-level attacks are commonly based on the use of cryptographic techniques, such as lengthy message authentication codes (MAC) that provide data integrity guarantees. However, such mechanisms require significant resources ...
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
AbstractCyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Tolerance to Multiple Transient Faults for Aperiodic Tasks in Hard Real-Time Systems
Real-time systems are being increasingly used in several applications which are time-critical in nature. Fault tolerance is an essential requirement of such systems, due to the catastrophic consequences of not tolerating faults. In this paper, we study ...






Comments