INTERNET CONGESTION CONTROL: COMPLETE STABILITY REGION FOR PI AQM AND BANDWIDTH ALLOCATION IN NETWORKED CONTROL

Al-Hammouri, Ahmad Tawfiq

January 2008

No description available.

Computer Science

Sensor-Actuator networks

SANETs

Active Queue Management

Time-delay systems

Steady-state backlogs

Utility functions

Cyber-Physical Systems

Networked control systems

Queue controller

TOWARDS SECURE AND RELIABLE ROBOTIC VEHICLES WITH HOLISTIC MODELING AND PROGRAM ANALYSIS

Hong Jun Choi (13045434)

08 August 2022

<p>Cyber-Physical Systems (CPS) are integrated systems that consist of the computational and physical components with network communication to support operation in the physical world. My PhD dissertation focuses on the security and reliability of autonomous cyber-physical systems, such as self-driving cars, drones, and underwater robots, that are safety-critical systems based on the seamless integration of cyber and physical components. Autonomous CPS are becoming an integral part of our life. The market for autonomous driving systems is expected to be more than $65 billion by 2026. The security of such CPS is hence critical. Beyond traditional cyber-only computing systems, these complex and integrated CPS have unique characteristics. From the security perspective, they open unique research opportunities since they introduce additional attack vectors and post new challenges that existing cyber-oriented approaches cannot address well. <em>The goal of my research is to build secure and reliable autonomous CPS by bridging the gap between the cyber and physical domains.</em> To this end, my work focuses on fundamental research questions associated with cyber-physical attack and defense, vulnerability discovery and elimination, and post-attack investigation. My approach to solving the problems involves various techniques and interdis- ciplinary knowledge, including program analysis, search-based software engineering, control theory, robotics, and AI/machine learning.</p>

System and network security

Cyber-Physical Systems

CPS

Robotic Vehicle

Security

Reliability

Software Testing

Software Engineering

Attack Detection

Attack Resilience

Vulnerability Analysis

Attack Investigation

Forensics

Covert Cognizance: Embedded Intelligence for Industrial Systems

Arvind Sundaram (13883201)

07 October 2022

<p>Can a critical industrial system, such as a nuclear reactor, be made self-aware and cognizant of its operational history? Can it alert authorities covertly to malicious intrusion without exposing its  defense  mechanisms?  What  if  the  intruders  are  highly  knowledgeable  adversaries,  or  even  insiders that may have designed the system? This thesis addresses these research questions through a novel physical process defense called Covert Cognizance (C2). </p> <p>C2  serves  as  a  last  line  of  defense  to  industrial  systems  when  existing  information  and  operational technology defenses have been breached by advanced persistent threat (APT) actors or insiders. It is an active form of defense that may be embedded in an existing system to induce intelligence,  i.e.,  self-awareness,  and  make  various subsystems  aware  of  each  other.  It  interacts with the system at the process level and provides an additional layer of security to the process data therein without the need of a human in the loop. </p> <p>The C2 paradigm is  founded on two core requirements – zero-impact and zero-observability. Departing from contemporary active defenses, zero-impact requires a successful implementationto leave no footprint on the system ensuring identical operation while zero-observability requires that the embedding is immune to pattern-discovery algorithms.  In other words, a third-party such as  a  malicious  intruder  must  be  unable  to  detect  the  presence  of  the  C2  defense  based  on  observation of the process data, even when augmented by machine learning tools that are adept at pattern discovery. </p> <p>In the present work, nuclear reactor simulations are embedded with the C2 defense to induce awareness across subsystems and defend them against highly knowledgeable adversaries that have bypassed existing safeguards such as model-based defenses.  Specifically, the subsystems are made aware  of  each  other  by  embedding  critical information from  the  process  variables  of  one sub-module  along  the  noise of  the  process  variables  of  another,  thus  rendering  the  implementation  covert and  immune  to  pattern  discovery.   The  implementation  is  validated  using  generative adversarial  nets,  representing  a  state-of-the-art  machine  learning  tool,  and  statistical  analysis  of  the  reactor  states,  control  inputs,  outputs  etc. The  work  is  also  extended  to  data  masking  applications  via  the  deceptive  infusion  of  data  (DIOD)  paradigm.  Future  work  focuses  on  the  development of automated C2 modules for “plug ‘n’ play” deployment onto critical infrastructure and/or their digital twins.</p>

Covert Cognizance

Operational Technology

Cyber-physical Systems

Cybersecurity

Artificial Intelligence

Embedded Systems

Autonomous Control in Advanced Life Support Systems : Air Revitalisation within the Micro-Ecological Life Support System Alternative / Autonom styrning i avancerade livsuppehållande system : Återupplivning av luft inom det Micro-Ecological Life Support System Alternative

Demey, Lukas

January 2023

In recent years international space agencies have become more and more explicit about long term lunar and Martian space missions. With the space program Terrae Novae, the European Space Agency puts forward a focus on the development of Human &amp; Robotic Exploration technologies essential in enabling such long term missions. An integral component of this program is the focus on Advanced Life Support Systems. Life support systems are operated to provide astronauts with life necessities like oxygen, water and food. Currently, conventional Life Support System often have a linear supply design, relying on resources shipped from Earth, with limited onboard re-usage. However, for extended space missions, this linear supply model becomes impractical due to the constraints of dry mass during space travel. Given this need, the European Space Agency initiated the MELiSSA (Micro-Ecological Life Support System Alternative) project aimed at the development of a bioregenerative life support systems. In previous works, the MELiSSA Loop has been proposed: a system design inspired by terrestial ecosystems, that consists of multiple compartments that perform specific biological functions like nitrification and biosynthesis. Due to the complex interdependence of the individual compartments and general space system requirements, the control of such this cyber-physical system forms a significant challenge. This thesis proposes a previously undescribed architecture for the MELiSSA Loop controller design that coordinates the resource distribution between the compartments and establishes atmosphere revitalisation. The architecture meets control objectives specified at high level, and at the same time satisfies the physical and operational constraints. / Under de senaste åren har internationella rymdorganisationer blivit mer och mer tydliga om långsiktiga mån- och rymduppdrag på mars. Med rymdprogrammet Terrae Novae lägger Europeiska rymdorganisationen fram ett fokus på utvecklingen av Human &amp; Robotic Exploration-teknik som är nödvändig för att möjliggöra sådana långsiktiga uppdrag. En integrerad del av detta program är fokus på Advanced Life Support Systems. Livsuppehållande system används för att förse astronauter med livsnödvändigheter som syre, vatten och mat. För närvarande har konventionella livsuppehållande system ofta en linjär försörjningsdesign som förlitar sig på resurser som skickas från jorden, med begränsad återanvändning ombord. Men för utökade rymduppdrag blir denna linjära försörjningsmodell opraktisk på grund av begränsningarna av torr massa under rymdresor. Med tanke på detta behov initierade Europeiska rymdorganisationen MELiSSA-projektet (MicroEcological Life Support System Alternative) som syftade till att utveckla ett bioregenerativt livsuppehållande system. I tidigare arbeten har MELiSSA Loop föreslagits: en systemdesign inspirerad av terrestiska ekosystem, som består av flera fack som utför specifika biologiska funktioner som nitrifikation och biosyntes. På grund av det komplexa ömsesidiga beroendet mellan de enskilda avdelningarna och allmänna krav på rymdsystem, utgör kontrollen av sådana detta cyberfysiska system en betydande utmaning. Denna avhandling föreslår en tidigare obeskriven arkitektur för MELiSSA Loopkontrollerdesignen som koordinerar resursfördelningen mellan avdelningarna och etablerar återupplivning av atmosfären. Arkitekturen uppfyller styrmål som anges på hög nivå, och uppfyller samtidigt de fysiska och operativa begränsningarna.

Advanced Life Support Systems

Cyber-Physical Systems

Control Architecture

Distributed Software Architecture

Space Exploration

Avancerade livsuppehållande system

cyberfysiska system

kontrollarkitektur

distribuerad mjukvaruarkitektur

rymdutforskning

Computer and Information Sciences

Data- och informationsvetenskap

AI-based Detection Against Cyberattacks in Cyber-Physical Distribution Systems

Sahani, Nitasha

05 June 2024

Integration of a cyber system and communication systems with the traditional power grid has enabled better monitoring and control of the smart grid making it more reliable and resilient. This empowers the system operators to make informed decisions as a result of better system visibility. The grid has moved from a completely air-gapped structure to a well-connected network. However, this remote-control capability to control distributed physical components in a distribution system can be exploited by adversaries with malicious intent to disrupt the power supply to the customers. Therefore, while taking advantage of the cyber-physical posture in the smart grid for improved controllability, there is a critical need for cybersecurity research to protect the critical power infrastructure from cyberattacks. While the literature regarding cybersecurity in distribution systems has focused on detecting and mitigating the cyberattack impact on the physical system, there has been limited effort towards a preventive approach for detecting cyberattacks. With this in mind, this dissertation focuses on developing intelligent solutions to detect cyberattacks in the cyber layer of the distribution grid and prevent the attack from impacting the physical grid. There has been a particular emphasis on the impact of coordinated attacks and the design of proactive defense to detect the attacker's intent to predict the attack trajectory. The vulnerability assessment of the cyber-physical system in this work identifies the key areas in the system that are prone to cyberattacks and failure to detect attacks timely can lead to cascading outages. A comprehensive cyber-physical system is developed to deploy different intrusion detection solutions and quantify the effect of proactive detection in the cyber layer. The attack detection approach is driven by artificial intelligence to learn attack patterns for effective attack path prediction in both a fully observable and partially observable distribution system. The role of effective communication technology in attack detection is also realized through detailed modeling of 5G and latency requirements are validated. / Doctor of Philosophy / The traditional power grid was designed to supply electricity from the utility side to the customers. This grid model has shifted from a one-directional supply of power to a bi-directional one where customers with generation capacity can provide power to the grid. This is possible through bi-directional data flow which ensures the complete power system observability and allows the utility to monitor and control distributed power components remotely. This connectivity depends on the cyber system and efficient communication for ensuring stable and reliable system operations. However, this also makes the grid vulnerable to cyberattacks as the traditional air-gapped grid has evolved into a highly connected network, thus increasing the attack surface for attackers. They might pose the capability to intrude on the network by exploiting network vulnerability, move laterally through different aspects of the network, and cause operational disruption. The type of disruption can be minor voltage fluctuations or even widespread power outages depending on the ultimate malicious attack goal of such adversaries. Therefore, cybersecurity measures for protecting critical power infrastructure are extremely important to ensure smooth system operations. There has been recent research effort for detecting such attacks, isolating the attacked parts in the grid, and mitigating the impact of the attack, however, instead of a passive response there is a need for a preventive or proactive detection mechanism. This can ensure capturing the attack at the cyber layer before intruders can impact the physical grid. This is the primary motivation to design an intrusion detection system that can detect different coordinated attacks (where different attacks are related and directed towards a specific goal) and can predict the attack path. This dissertation focuses on first identifying the vulnerabilities in the distribution system and a comprehensive cyber-physical system is developed. Different detection algorithms are developed to detect cyberattacks in the distribution grid and have the intelligence to learn the attack patterns to successfully predict the attack path. Additionally, the effectiveness of advanced communication such as 5G is also tested for different system operations in the distribution system.

Abductive Reasoning

Artificial Intelligence

Cause-effect Correlation

Coordinated Cyberattacks

Cyber-physical Systems

Cybersecurity

Distribution Systems

Intrusion Detection

Machine Learning

Model-based Reinforcement Learning

A Risk Based Approach to Intelligent Transportation Systems Security

Bakhsh Kelarestaghi, Kaveh

11 July 2019

Security threats to cyber-physical systems are targeting institutions and infrastructure around the world, and the frequency and severity of attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Wireless Sensors Networks, Vehicle-to-everything communication (V2X), Dynamic Message Signs (DMS), and Traffic Signal Controllers are among major Intelligent Transportation Systems (ITS) infrastructure that has already been attacked or remain vulnerable to hacking. ITS has been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in travel demand. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices such as DMS are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is due to their location. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. There may be room for improvement by policymakers and program managers when considering critical infrastructure vulnerabilities. With cybersecurity issues escalating every day, road users' safety has been neglected. This dissertation overcomes these challenges and contributes to the nascent but growing literature of Intelligent Transportation System (ITS) security impact-oriented risk assessment in threefold. • First, I employ a risk-based approach to conduct a threat assessment. This threat assessment performs a qualitative vulnerability-oriented threat analysis. The objective is to scrutinize safety, security, reliability, and operation issues that are prompted by a compromised Dynamic Message Signs (DMS). • Second, I examine the impact of drivers' attitudes and behaviors on compliance, route diversion behavior, and speed change behavior, under a compromised DMS. We aim to assess the determinants that are likely to contribute to drivers' compliance with forged information. To this extent, this dissertation evaluates drivers' behavior under different unauthentic messages to assess in-depth the impact of an adversarial attack on the transportation network. • Third, I evaluate distracted driving under different scenarios to assess the in-depth impact of an adversarial attack on the transportation network. To this extent, this dissertation examines factors that are contributing to the manual, visual, and cognitive distractions when drivers encountering fabricated advisory information at a compromised DMS. The results of this dissertation support the original hypothesis and indicate that with respect to the forged information drivers tend to (1) change their planned route, (2) become involved in distracting activities, and (3) change their choice speed at the presence of a compromised DMS. The main findings of this dissertation are outlined below: 1. The DMS security vulnerabilities and predisposing conditions allow adversaries to compromise ITS functionality. The risk-based approach of this study delivers the impact-likelihood matrix, which maps the adverse impacts of the threat events onto a meaningful, visual, matrix. DMS hacking adverse impacts can be categorized mainly as high-risk and medium-risk clusters. The safety, operational (i.e., monetary losses) and behavioral impacts are associated with a high-risk cluster. While the security, reliability, efficiency, and operational (i.e., congestion) impacts are associated with the medium-risk cluster. 2. Tech friendly drivers are more likely to change their route under a compromised DMS. At the same time, while they are acquiring new information, they need to lowering their speed to respond to the higher information load. Under realistic-fabricated information, about 65% of the subjects would depart from their current route. The results indicate that females and subjects with a higher driving experience are more likely to change their route. In addition, those subjects who are more sensitive to the DMS's traffic-related messages and those who use DMS under congested traffic condition are more likely to divert. Interestingly, individuals with lower education level, Asians, those who live in urban areas, and those with trouble finding their direction in new routes are less likely to pick another route rather the one they planned for. 3. Regardless of the DMS hacking scenarios, drivers would engage in at least one of the distractive activities. Among the distractive activities, cognitive distraction has the highest impact on the distracted driving likelihood. Meaning, there is a high chance that drivers think of something other than driving, look at surrounding traffic and scenery, or talk to other passengers regarding the forged information they saw on the DMS. Drivers who rely and trust in technology, and those who check traffic condition before starting their trips tend to become distracted. In addition, the result identified that at the presence of bogus information, drivers tend to slow down or stop in order to react to the DMS. That is, they would either (1) become involved in activities through the means of their phone, (2) they would mind wander, look around, and talk to a passenger about the sign, and (3) search for extra information by means of their vehicle's radio or internet. 4. Females, black individuals, subjects with a disability, older, and those with high trust in DMS are less likely to ignore the fabricated messages. In contrary, white, those who drive long hours, and those who see driving as a tedious task are more likely to ignore the bogus messages. Drivers who comply with traffic regulations and have a good driving record are likely to slow down under the tampered messages. Furthermore, female drivers and those who live in rural areas are more likely to slow down under fabricated advisory information. Furthermore, this dissertation identifies that planning for alternative route and involvement in distractive activities cause speed variation behaviors under the compromised DMS. This dissertation is the first to investigate the adverse impact of a compromised DMS on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities. Broader impacts of this study include (1) to systematically raising awareness among policy-makers and engineers, (2) motivating further simulations and real-world experiments to investigate this matter further, (3) to systematically assessing the adverse impact of a security breach on transportation reliability and safety, and drivers' behavior, and (4) providing insights for system operators and decision-makers to prioritize the risk of a compromised DMS. Additionally, the outcome can be integrated with the nationwide connected vehicle and V2X implementations and security design. / Doctor of Philosophy / Security threats are targeting institutions and infrastructure around the world, and the frequency and severity of security attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Intelligent Transportation Systems have been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in traffic volume. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices, such as dynamic message signs, are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is that of their location in public. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. This study is the first to investigate the adversarial impact of a compromised message sign on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities.

Intelligent Transportation Systems

Cyber Security

Cyber-Physical Systems

Vulnerability Assessment

Attack Tree

Dynamic Message Sign

Risk Assessment

Impact Assessment

Travelers Behavior

Distracted Driving

Speed Variation

Route Divergence

Systems Health Management for Resilient Extraterrestrial Habitation

Murali Krishnan Rajasekharan Pillai (18390546)

17 April 2024

<p dir="ltr">Deep-space extraterrestrial missions require operating, supporting, and maintaining complex habitat systems at light minutes from Earth.</p><p dir="ltr">These habitation systems operate in harsh, unforgiving environments, will be sparsely crewed, and must be more autonomous than current space habitats, as communication delays will severely constrain Earth-based support.</p><p dir="ltr">Long-duration missions, limited knowledge of the extraterrestrial environment, and the need for self-sufficiency make these habitats vulnerable to a wide range of risks and failures, many of which are impossible to premeditate.</p><p dir="ltr">Therefore, it is necessary to design these systems to be resilient to faults and failures, thoughtfully designed to be situationally aware of their operational state and engage control mechanisms that maintain safe operations when migrating towards unsafe regions of operation.</p><p dir="ltr">Resilience-oriented design of such systems requires a holistic systems approach that represents the system's dynamic behavior, its control-oriented behaviors, and the interactions between them as it navigates through regions of safe and unsafe operations.</p><p dir="ltr">Only through this integrated approach can we fully understand how the system will behave under various conditions and design controls to prevent performance loss and ensure resilient operations.</p><p dir="ltr">Systems health management (SHM) is a key component for the resilience-oriented design of extraterrestrial habitats.</p><p dir="ltr">SHM capabilities enable intelligent autonomous control capabilities that can:</p><p dir="ltr">a) sense, diagnose, and isolate the root causes of anomalies,</p><p dir="ltr">b) predict how the system's behavior may evolve, and</p><p dir="ltr">c) select and execute recovery actions to restore system performance when appropriate.</p><p dir="ltr">Modern SHM technologies increasingly rely on intelligent autonomous control capabilities to manage system health and adapt behavior to maintain system performance.</p><p dir="ltr">This is achieved through complex nonlinear informational dependencies and control feedback loops that are difficult to design and verify using traditional risk assessment and resilience engineering methods.</p><p dir="ltr">This research contributes to enhancing the conceptual and preliminary design phases for developing resilient complex systems with embedded intelligent control-oriented behaviors.</p><p dir="ltr">It presents the required systems engineering tools and frameworks, enabling us to study the dynamic behavior of systems as they approach and recover from unsafe operations.</p><p dir="ltr">Further, it demonstrates how these tools and frameworks can quantify and gain insights into system resilience and support engineering decisions.</p><p dir="ltr">The work is contextualized within the broader systems engineering approach for designing complex, resilient extraterrestrial habitation systems.</p>

Systems engineering

Health management

Deep Space Missions

Habitation

Health Management system

Cyber Physical Systems (CPS)

Complex systems engineering

SOSLite: Soporte para Sistemas Ciber-Físicos y Computación en la Nube

Pradilla Ceron, Juan Vicente

16 January 2017

Cyber-Physical Systems (CPS) have become one of the greatest research topics today; because they pose a new complex discipline, which addresses big existing and future systems as the Internet, the Internet of Things, sensors networks and smart grids. As a recent discipline, there are many possibilities to improve the state of the art, interoperability being one of the most relevant. Thus, this thesis has been created within the framework of interoperability for CPS, by using the SOS (Sensor Observation Service) standard, which belongs to the SWE (Sensor Web Enablement) framework of the OGC (Open Geospatial Consortium). It has been developed to give rise to a new line of research within the Distributed Real-Time Systems and Applications group (SATRD for its acronym in Spanish) from the Communications Department of the Polytechnic University of Valencia (UPV for its acronym in Valencian). The approach, with which the interoperability in the CPS has been addressed, is of synthetic type (from parts to whole), starting from a verifiable and workable solution for interoperability in sensor networks, one of the most significant CPSs because it is integrated in many other CPSs, next adapting and testing the solution in more complex CPS, such as the Internet of Things. In this way, an interoperability solution in sensor networks is proposed based on the SOS, but adapted to some requirements that makes of this mechanism a lighter version of the standard, which facilitates the deployment of future implementations due to the possibility of using limited devices for this purpose. This theoretical solution is brought to a first implementation, called SOSLite, which is tested to determine its characteristic behavior and to verify the fulfillment of its purpose. Analogously, and starting from the same theoretical solution, a second implementation is projected called SOSFul, which proposes an update to the SOS standard so that it is lighter, more efficient and easier to use. The SOSFul, has a more ambitious projection by addressing the Internet of Things, a more complex CPS than sensors networks. As in the case of the SOSLite, tests are performed and validation is made through a use case. So, both the SOSLite and the SOSFul are projected as interoperability solutions in the CPS. Both implementations are based on the theoretical proposal of a light SOS and are available for free and under open source licensing so that it can be used by the research community to continue its development and increase its use. / Los Sistemas Ciber-Físicos (CPS) se han convertido en uno de los temas de investigación con mayor proyección en la actualidad; debido a que plantean una nueva disciplina compleja, que aborda sistemas existentes y futuros de gran auge como: la Internet, la Internet de las Cosas, las redes de sensores y las redes eléctricas inteligentes. Como disciplina en gestación, existen muchas posibilidades para aportar al estado del arte, siendo la interoperabilidad uno de los más relevantes. Así, esta tesis se ha creado en el marco de la interoperabilidad para los CPS, mediante la utilización del estándar SOS (Sensor Observation Service) perteneciente al marco de trabajo SWE (Sensor Web Enablement) del OGC (Open Geospatial Consortium). Se ha desarrollado para dar surgimiento a una nueva línea de investigación dentro del grupo SATRD (Sistemas y Aplicaciones de Tiempo Real Distribuidos) del Departamento de Comunicaciones de la UPV (Universitat Politècnica de València). La aproximación con la cual se ha abordado la interoperabilidad en los CPS es de tipo sintética (pasar de las partes al todo), iniciando desde una solución, verificable y realizable, para la interoperabilidad en las redes de sensores, uno de los CPS más significativos debido a que se integra en muchos otros CPS, y pasando a adaptar y comprobar dicha solución en CPS de mayor complejidad, como la Internet de las Cosas. De esta forma, se propone una solución de interoperabilidad en las redes de sensores fundamentada en el SOS, pero adaptada a unos requerimientos que hacen de este mecanismo una versión más ligera del estándar, con lo que se facilita el despliegue de futuras implementaciones debido a la posibilidad de emplear dispositivos limitados para tal fin. Dicha solución teórica, se lleva a una primera implementación, denominada SOSLite, la cual se prueba para determinar su comportamiento característico y verificar el cumplimiento de su propósito. De forma análoga y partiendo de la misma solución teórica, se proyecta una segunda implementación, llamada SOSFul, la cual propone una actualización del estándar SOS de forma que sea más ligero, eficiente y fácil de emplear. El SOSFul, tiene una proyección más ambiciosa al abordar la Internet de las Cosas, un CPS más complejo que las redes de sensores. Como en el caso del SOSLite, se realizan pruebas y se valida mediante un caso de uso. Así, tanto el SOSLite como el SOSFul se proyectan como soluciones de interoperabilidad en los CPS. Ambas implementaciones parten de la propuesta teórica de SOS ligero y se encuentran disponibles de forma gratuita y bajo código libre, para ser empleados por la comunidad investigativa para continuar su desarrollo y aumentar su uso. / Els sistemes ciberfísics (CPS, Cyber-Physical Systems) s'han convertit en un dels temes de recerca amb major projecció en l'actualitat, a causa del fet que plantegen una nova disciplina complexa que aborda sistemes existents i futurs de gran auge, com ara: la Internet, la Internet de les Coses, les xarxes de sensors i les xarxes elèctriques intel·ligents. Com a disciplina en gestació, hi ha moltes possibilitats per a aportar a l'estat de la qüestió, sent la interoperabilitat una de les més rellevants. Així, aquesta tesi s'ha creat en el marc de la interoperabilitat per als CPS, mitjançant la utilització de l'estàndard SOS (Sensor Observation Service) pertanyent al marc de treball SWE (Sensor Web Enablement) de l'OGC (Open Geospatial Consortium). S'ha desenvolupat per a iniciar una nova línia de recerca dins del Grup de SATRD (Sistemes i Aplicacions de Temps Real Distribuïts) del Departament de Comunicacions de la UPV (Universitat Politècnica de València). L'aproximació amb la qual s'ha abordat la interoperabilitat en els CPS és de tipus sintètic (passar de les parts al tot), iniciant des d'una solució, verificable i realitzable, per a la interoperabilitat en les xarxes de sensors, un dels CPS més significatius pel fet que s'integra en molts altres CPS, i passant a adaptar i comprovar aquesta solució en CPS de major complexitat, com la Internet de les Coses. D'aquesta forma, es proposa una solució d'interoperabilitat en les xarxes de sensors fonamentada en el SOS, però adaptada a uns requeriments que fan d'aquest mecanisme una versió més lleugera de l'estàndard, amb la qual cosa es facilita el desplegament de futures implementacions per la possibilitat d'emprar dispositius limitats a aquest fi. Aquesta solució teòrica es porta a una primera implementació, denominada SOSLite, que es prova per a determinar el seu comportament característic i verificar el compliment del seu propòsit. De forma anàloga i partint de la mateixa solució teòrica, es projecta una segona implementació, anomenada SOSFul, que proposa una actualització de l'estàndard SOS de manera que siga més lleuger, eficient i fàcil d'emprar. El SOSFul té una projecció més ambiciosa quan aborda la Internet de les Coses, un CPS més complex que les xarxes de sensors. Com en el cas del SOSLite, es realitzen proves i es valida mitjançant un cas d'ús. Així, tant el SOSLite com el SOSFul, es projecten com a solucions d'interoperabilitat en els CPS. Ambdues implementacions parteixen de la proposta teòrica de SOS lleuger, i es troben disponibles de forma gratuïta i en codi lliure per a ser emprades per la comunitat investigadora a fi de continuar el seu desenvolupament i augmentar-ne l'ús. / Pradilla Ceron, JV. (2016). SOSLite: Soporte para Sistemas Ciber-Físicos y Computación en la Nube [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/76808

Sensor Observation Service (SOS)

Cyber Physical Systems (CPS)

Fog Computing (FC)

Internet of Things (IoT)

Cloud Computing (CC)

Sensor Web Enablement (SWE)

INGENIERIA TELEMATICA

Achieving Compositional Security and Privacy in IoT Environments

Muslum Ozgur Ozmen (18870154)

11 September 2024

<p dir="ltr">The Internet of Things (IoT) systems include sensors that measure the physical world, actuators that influence it, and IoT apps that automate these sensors and actuators. Although IoT environments have revolutionized our lives by integrating digital connectivity into physical processes, they also introduce unique security and privacy concerns. Particularly, these systems include multiple components that are unified through the cyber and physical domains. For instance, smart homes include various devices and multiple IoT apps that control these devices. Thus, attacks against any single component can have rippling effects, amplifying due to the composite behavior of sensors, actuators, apps, and the physical environment.</p><p dir="ltr">In this dissertation, I explore the emerging security and privacy issues that arise from the complex physical interactions in IoT environments. To discover and mitigate these emerging issues, there is a need for composite reasoning techniques that consider the interplay between digital and physical domains. This dissertation addresses these challenges to build secure IoT environments and enhance user privacy with new formal techniques and systems.</p><p dir="ltr">To this end, I first describe my efforts in ensuring the safety and security of IoT en- vironments. Particularly, I introduced IoTSeer, a security service that discovers physical interaction vulnerabilities among IoT apps. I then proposed attacks that evade prior event verification systems by exploiting the complex physical interactions between IoT sensors and actuators. To address them, I developed two defenses, software patching and sensor placement, to make event verification systems robust against evasion attacks. These works provide a suite of tools to achieve compositional safety and security in IoT environments. </p><p dir="ltr">Second, I discuss my work that identifies the privacy risks of emerging IoT devices. I designed DMC-Xplorer to find vulnerabilities in voice assistant platforms and showed that an adversary can eavesdrop on privacy-sensitive device states and prevent users from controlling devices. I then developed a remote side-channel attack against intermittent devices to infer privacy-sensitive information about the environment in which they are deployed. These works highlight new privacy issues in emerging commodity devices used in IoT environments.</p>

Data and information privacy

System and network security

IoT Security

Cyber-physical systems security

Internet of Things

Privacy

Formal Methods

Design, Implementation and Validation of Resource-Aware and Resilient Wireless Networked Control Systems

Araújo, José

January 2014

Networked control over wireless networks is of growing importance in many application domains such as industrial control, building automation and transportation systems. Wide deployment however, requires systematic design tools to enable efficient resource usage while guaranteeing close-loop control performance. The control system may be greatly affected by the inherent imperfections and limitations of the wireless medium and malfunction of system components. In this thesis, we make five important contributions that address these issues.  In the first contribution, we consider event- and self-triggered control and investigate how to efficiently tune and execute these paradigms for appropriate control performance. Communication strategies for aperiodic control are devised, where we jointly address the selection of medium-access control and scheduling policies. Experimental results show that the best trade-off is obtained by a hybrid scheme, combining event- and self-triggered control together with contention-based and contention-free medium access control. The second contribution proposes an event-based method to select between fast and slow periodic sampling rates. The approach is based on linear quadratic control and the event condition is a quadratic function of the system state. Numerical and experimental results show that this hybrid controller is able to reduce the average sampling rate in comparison to a traditional periodic controller, while achieving the same closed-loop control performance. In the third contribution, we develop compensation methods for out-of-order communications and time-varying delays using a game-theoretic minimax control framework. We devise a linear temporal coding strategy where the sensor combines the current and previous measurements into a single packet to be transmitted. An experimental evaluation is performed in a multi-hop networked control scenario with a routing layer vulnerability exploited by a malicious application. The experimental and numerical results show the advantages of the proposed compensation schemes. The fourth contribution proposes a distributed reconfiguration method for sensor and actuator networks. We consider systems where sensors and actuators cooperate to recover from faults. Reconfiguration is performed to achieve model-matching, while minimizing the steady-state estimation error covariance and a linear quadratic control cost. The reconfiguration scheme is implemented in a room heating testbed, and experimental results demonstrate the method's ability to automatically reconfigure the faulty system in a distributed and fast manner. The final contribution is a co-simulator, which combines the control system simulator Simulink with the wireless network simulator COOJA. The co-simulator integrates physical plant dynamics with realistic wireless network models and the actual embedded software running on the networked devices. Hence, it allows for the validation of the complete wireless networked control system, including the study of the interactions between software and hardware components. / <p>QC 20140929</p>

wireless networked control systems

NCS

wireless communications

control

distributed reconfiguration

resilient

fault-tolerant control

IEEE 802.15.4

resource-aware

WNCS

aperiodic control

event-triggered

self-triggered

event-based

co-simulator

estimation

GISOO

MAC

scheduling

routing

RPL

delay

out-of-order communications

CPS

Cyber Physical Systems

Wireless Cyber Physical Systems

Wireless Cyber Physical Control Systems