CYBER-PHYSICAL SYSTEMS: BUILDING A SECURITY REFERENCE ARCHITECTURE FOR CARGO PORTS

Unknown Date

Cyber-Physical Systems (CPS) are physical entities whose operations are monitored, coordinated, and controlled by a computing and communication core. These systems are highly heterogeneous and complex. Their numerous components and cross domain complexity make attacks easy to propagate and security difficult to implement. Consequently, to secure these systems, they need to be built in a systematic and holistic way, where security is an integral part of the development lifecycle and not just an activity after development. These systems present a multitude of implementation details in their component units, so it is fundamental to use abstraction in the analysis and construction of their architecture. In particular, we can apply abstraction through the use of patterns. Pattern-based architectural modeling is a powerful way to describe the system and analyze its security and the other non-functional aspects. Patterns also have the potential to unify the design of their computational, communication, and control aspects. Architectural modeling can be performed through UML diagrams to show the interactions and dependencies between different components and its stakeholders. Also, it can be used to analyze security threats and describe the possible countermeasures to mitigate these threats. An important type of CPS is a maritime container terminal, a facility where cargo containers are transported between ships and land vehicles; for example, trains or trucks, for onward transportation, and vice versa. Every cargo port performs four basic functions: receiving, storing, staging and loading for both, import and export containers. We present here a set of patterns that describe the elements and functions of a cargo port system, and a Reference Architecture (RA) built using these patterns. We analyze and systematically enumerate the possible security threats to a container terminal in a cargo port using activity diagrams derived from selected use cases of the system. We describe these threats using misuse patterns, and from them select security patterns as defenses. The RA provides a framework to determine where to add these security mechanisms to stop or mitigate these threats and build a Security Reference Architecture (SRA) for CPS. An SRA is an abstract architecture describing a conceptual model of security that provides a way to specify security requirements for a wide range of concrete architectures. The analysis and design are given using a cargo port as our example, but the approach can be used in other domains as well. This is the first work we know where patterns and RAs are used to represent cargo ports and analyze their security. / Includes bibliography. / Dissertation (PhD)--Florida Atlantic University, 2021. / FAU Electronic Theses and Dissertations Collection

Cyber-physical systems

Cooperating objects (Computer systems)

Container terminals

Improving System Reliability for Cyber-Physical Systems

Wu, Leon L.

January 2015

Cyber-physical systems (CPS) are systems featuring a tight combination of, and coordination between, the system’s computational and physical elements. Cyber-physical systems include systems ranging from critical infrastructure such as a power grid and transportation system to health and biomedical devices. System reliability, i.e., the ability of a system to perform its intended function under a given set of environmental and operational conditions for a given period of time, is a fundamental requirement of cyber-physical systems. An unreliable system often leads to disruption of service, financial cost and even loss of human life. An important and prevalent type of cyber-physical system meets the following criteria: processing large amounts of data; employing software as a system component; running online continuously; having operator-in-the-loop because of human judgment and an accountability requirement for safety critical systems. This thesis aims to improve system reliability for this type of cyber-physical system. To improve system reliability for this type of cyber-physical system, I present a system evaluation approach entitled automated online evaluation (AOE), which is a data-centric runtime monitoring and reliability evaluation approach that works in parallel with the cyber-physical system to conduct automated evaluation along the workflow of the system continuously using computational intelligence and self-tuning techniques and provide operator-in-the-loop feedback on reliability improvement. For example, abnormal input and output data at or between the multiple stages of the system can be detected and flagged through data quality analysis. As a result, alerts can be sent to the operator-in-the-loop. The operator can then take actions and make changes to the system based on the alerts in order to achieve minimal system downtime and increased system reliability. One technique used by the approach is data quality analysis using computational intelligence, which applies computational intelligence in evaluating data quality in an automated and efficient way in order to make sure the running system perform reliably as expected. Another technique used by the approach is self-tuning which automatically self-manages and self-configures the evaluation system to ensure that it adapts itself based on the changes in the system and feedback from the operator. To implement the proposed approach, I further present a system architecture called autonomic reliability improvement system (ARIS). This thesis investigates three hypotheses. First, I claim that the automated online evaluation empowered by data quality analysis using computational intelligence can effectively improve system reliability for cyber-physical systems in the domain of interest as indicated above. In order to prove this hypothesis, a prototype system needs to be developed and deployed in various cyber-physical systems while certain reliability metrics are required to measure the system reliability improvement quantitatively. Second, I claim that the self-tuning can effectively self-manage and self-configure the evaluation system based on the changes in the system and feedback from the operator-in-the-loop to improve system reliability. Third, I claim that the approach is efficient. It should not have a large impact on the overall system performance and introduce only minimal extra overhead to the cyber- physical system. Some performance metrics should be used to measure the efficiency and added overhead quantitatively. Additionally, in order to conduct efficient and cost-effective automated online evaluation for data-intensive CPS, which requires large volumes of data and devotes much of its processing time to I/O and data manipulation, this thesis presents COBRA, a cloud-based reliability assurance framework. COBRA provides automated multi-stage runtime reliability evaluation along the CPS workflow using data relocation services, a cloud data store, data quality analysis and process scheduling with self-tuning to achieve scalability, elasticity and efficiency. Finally, in order to provide a generic way to compare and benchmark system reliability for CPS and to extend the approach described above, this thesis presents FARE, a reliability benchmark framework that employs a CPS reliability model, a set of methods and metrics on evaluation environment selection, failure analysis, and reliability estimation. The main contributions of this thesis include validation of the above hypotheses and empirical studies of ARIS automated online evaluation system, COBRA cloud-based reliability assurance framework for data-intensive CPS, and FARE framework for benchmarking reliability of cyber-physical systems. This work has advanced the state of the art in the CPS reliability research, expanded the body of knowledge in this field, and provided some useful studies for further research.

Cooperating objects (Computer systems)

Computer systems--Reliability

Computer systems--Evaluation

Computer science

Information science

Bespoke Security for Resource Constrained Cyber-Physical Systems

Arroyo, Miguel Angel

January 2021

Cyber-Physical Systems (CPSs) are critical to many aspects of our daily lives. Autonomous cars, life saving medical devices, drones for package delivery, and robots for manufacturing are all prime examples of CPSs. The dual cyber/physical operating nature and highly integrated feedback control loops of CPSs means that they inherit security problems from traditional computing systems (e.g., software vulnerabilities, hardware side-channels) and physical systems (e.g., theft, tampering), while additionally introducing challenges of their own. The challenges to achieving security for CPSs stem not only from the interaction of the cyber and physical domains, but from the additional pressures of resource constraints imposed due to cost, limited energy budgets, and real-time nature of workloads. Due to the tight resource constraints of CPSs, there is often little headroom to devote for security. Thus, there is a need for low overhead deployable solutions to harden resource constrained CPSs. This dissertation shows that security can be effectively integrated into resource constrained cyber-physical system devices by leveraging fundamental physical properties, & tailoring and extending age-old abstractions in computing. To provide context on the state of security for CPSs, this document begins with the development of a unifying framework that can be used to identify threats and opportunities for enforcing security policies while providing a systematic survey of the field. This dissertation characterizes the properties of CPSs and typical components (e.g., sensors, actuators, computing devices) in addition to the software commonly used. We discuss available security primitives and their limitations for both hardware and software. In particular, we focus on software security threats targeting memory safety. The rest of the thesis focuses on the design and implementation of novel, deployable approaches to combat memory safety on resource constrained devices used by CPSs (e.g., 32-bit processors and microcontrollers). We first discuss how cyber-physical system properties such as inertia and feedback can be used to harden software efficiently with minimal modification to both hardware and software. We develop the framework You Only Live Once (YOLO) that proactively resets a device and restores it from a secure verified snapshot. YOLO relies on inertia, to tolerate periods of resets, and on feedback to rebuild state when recovering from a snapshot. YOLO is built upon a theoretical model that is used to determine safe operating parameters to aid a system designer in deployment. We evaluate YOLO in simulation and two real-world CPSs, an engine and drone. Second, we explore how rethinking of core computing concepts can lead to new fundamental abstractions that can efficiently hide performance overheads usually associated with hardening software against memory safety issues. To this end, we present two techniques: (i) The Phantom Address Space (PAS) is a new architectural concept that can be used to improve N-version systems by (almost) eliminating the overheads associated with handling replicated execution. Specifically, PAS can be used to provide an efficient implementation of a diversification concept known as execution path randomization aimed at thwarting code-reuse attacks. The goal of execution path randomization is to frequently switch between two distinct program variants forcing the attacker to gamble on which code to reuse. (ii) Cache Line Formats (Califorms) introduces a novel method to efficiently store memory in caches. Califorms makes the novel insight that dead spaces in program data due to its memory layout can be used to efficiently implement the concept of memory blacklisting, which prohibits a program from accessing certain memory regions based on program semantics. Califorms not onlyconsumes less memory than prior approaches, but can provide byte-granular protection while limiting the scope of its hardware changes to caches. While both PAS and Califorms were originally designed to target resource constrained devices, it's worth noting that they are widely applicable and can efficiently scale up to mobile, desktop, and server class processors. As CPSs continue to proliferate and become integrated in more critical infrastructure, security is an increasing concern. However, security will undoubtedly always play second fiddle to financial concerns that affect business bottom lines. Thus, it is important that there be easily deployable, low-overhead solutions that can scale from the most constrained of devices to more featureful systems for future migration. This dissertation is one step towards the goal of providing inexpensive mechanisms to ensure the security of cyber-physical system software.

Computer science

Computer security

Cooperating objects (Computer systems)

Drone aircraft

Autonomous vehicles

Towards Self-Managing Networked Cyber-Physical Systems

Janak, Jan

January 2024

Networked systems integrating software with the physical world are known as cyber-physical systems (CPSs). CPSs have been used in diverse sectors, including power generation and distribution, transportation, industrial systems, and building management. The diversity of applications and interdisciplinary nature make CPSs exciting to design and build but challenging to manage once deployed. Deployed CPSs must adapt to changes in the operating environment or the system's architecture, e.g., when outdated or malfunctioning components need to be replaced. Skilled human operators have traditionally performed such adaptations using centralized management protocols. As the CPS grows, management tasks become more complex, tedious, and error-prone. This dissertation studies management challenges in deployed CPSs. It is based on practical research with CPSs of various sizes and diverse application domains, from the large geographically dispersed electrical grid to small-scale consumer Internet of Things (IoT) systems. We study the management challenges unique to each system and propose network services and protocols specifically designed to reduce the amount of management overhead, drawing inspiration from autonomic systems and networking research. We first introduce PhoenixSEN, a self-managing ad hoc network designed to restore connectivity in the electrical grid after a large-scale outage. The electrical grid is a large, heterogeneous, geographically dispersed CPS. We analyze the U.S. electrical grid network subsystem, propose an ad hoc network to temporarily replace the network subsystem during a blackout, and discuss the experimental evaluation of the network on a one-of-a-kind physical electrical grid testbed. The novel aspects of PhoenixSEN lie in a combination of existing and new network technologies and manageability by power distribution industry operators. Motivated by the challenges of running unmodified third-party applications in an ad hoc network like PhoenixSEN, we propose a geographic resource discovery and query processing service for federated CPSs called SenSQL. The service combines a resource discovery protocol inspired by the LoST protocol with a standard SQL-based query interface. SenSQL aims to simplify the development of applications for federated or administratively decoupled autonomous cyber-physical systems without a single administrative or technological point of failure. The SenSQL framework balances control over autonomous cyber-physical devices and their data with service federation, limiting the application's reliance on centralized infrastructures or services. We conclude the first part of the dissertation by presenting the design and implementation of a testbed for usability experiments with mission-critical voice, a vital communication modality in PhoenixSEN, and during emergency scenarios in general. The testbed can be used to conduct human-subject studies under emulated network conditions to assess the influence of various network parameters on the end-user's quality of experience. The second dissertation part focuses on network enrollment of IoT devices, a management process that is often complicated, frustrating, and error-prone, particularly in consumer-oriented systems. We motivate the work by reverse-engineering and analyzing Amazon Echo's network enrollment protocol. The Echo is one of the most widely deployed IoT devices and, thus, an excellent case study. We learn that the process is rather complicated and cumbersome. We then present a systematic study of IoT network enrollment with a focus on consumer IoT devices in advanced deployment scenarios, e.g., third-party installations, shared physical spaces, or evolving IoT systems. We evaluate existing frameworks and their shortcoming and propose WIDE, a network-independent enrollment framework designed to minimize user interactions to enable advanced deployment scenarios. WIDE is designed for large-scale or heterogeneous IoT systems where multiple independent entities cooperate to set the system up. We also discuss the design of a human-subject study to compare and contrast the usability of network enrollment frameworks. A secure network must authenticate a new device before it can be enrolled. The authentication step usually requires physical device access, which may be impossible in many advanced deployment scenarios, e.g., when IoT devices are installed by a specialist in physically unreachable locations. We propose Lighthouse, a visible-light authentication protocol for physically inaccessible IoT devices. We discuss the protocol's design, develop transmitter and receiver prototypes, and evaluate the system. Our measurements with off-the-shelf components over realistic distances indicate authentication times shorter or comparable with existing methods involving gaining physical access to the device. We also illustrate how the visible-light authentication protocol could be used as another authentication method in other network enrollment frameworks.

Computer science

Cooperating objects (Computer systems)

Electric utilities

Electric power failures

Internet of things

Amazon.com (Firm)