Development of Control-Aware Cyber Techniques for Attack-Resilient Industrial Control & Combat Systems

Abstract

Development of Control-­?Aware Cyber Techniques for Attack-­?Resilient Industrial Control & Combat Systems PI Miroslav Pajic, Department of Electrical and Computer Engineering Co-­?PI Mary Cummings, Dept. of Mechanical Engineering and Materials Science Duke University The goal of this project is to develop cyber techniques to combat attacks on sensors, controllers, and actuators and to ensure that the Industrial Control & Combat Systems (ICCS) become resilient to these attacks. In addition to cyber-­?attacks, our techniques can deal with physical attacks on sensors and actuators as well as arbitrary failures that manifest as attacks. Furthermore, to facilitate their use on legacy systems, we will develop design methods that balance security guarantees with available computation and communication resources. The project is organized into four research themes: Theme I. Cyber-­?Physical Security Techniques. In this thrust, we will develop security techniques that exploit the physical laws governing system behavior for attack detection and identification and attack-­? resilient control. Our efforts will focus on (1) design of resilient sensor fusion and estimation algorithms, (2) use of data-­?driven and parameter invariant methods for systems where the exact system model is not available, and (3) active intrusion monitoring that use actuators to, in addition to control, actively probe systems for attacks (e.g., replay-­?attacks, timing delay attacks). Theme II. Cyber-­?Physical CheckPointing and Recovery. In this thrust we use secure logging of past history of control state, (sensor) input, and (actuator) output data. We will develop methods to utilize logged data, in real time, to restore state leveraging system control properties. We will investigate the dependency of attack detection delay on real-­?time guarantees provided by the underlying (legacy) platform. Also, we plan to quantify the tradeoffs between real-­?time recovery latency and quality of the recovered state. Theme III. Attack-­?Resilient Architectures for ICCS. In this thrust, we will develop an architecture and policies to balance available systems resources, desired control performance, and resiliency guarantees provided by developed security techniques covering a broad attack surface; this would allow for the use of our resiliency solutions both on legacy and clean-­?slate ICCS. We will also develop methods to capture platform resources in the form that will support analysis of security claims (e.g., real-­?time execution guarantees) in hierarchical ICCS. Finally, we will provide techniques for securing human-­?on-­?the-­?loop ICCS. Theme IV. Security Assurance for ICCS. To evaluate the effectiveness of our proposed techniques, we plan to develop a security assurance framework that enables understanding potential hazards/attacks, how they have sufficiently been mitigated, and organizes evidence. The Duke University team will lead the architecture development tasks in Thrust 3 and contribute to control resilience techniques of Thrust 1, cyber-­?physical checkpointing and recovery in Thrust 2, and security assurance in Thrust 4.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 04, 2017

Source ID

N000141712012

Entities

Tags