UACFinder: Mining Syntactic Carriers of Unspecified Assumptions in Medical Cyber-Physical System Design Models
Introduction to the special issue on Transportation Cyber-Physical Systems in ACM TCPS
Recent studies have exploited moving target defense (MTD) for thwarting false data injection (FDI) attacks against state estimation (SE) in power grid by actively perturbing branch parameters (i.e., impedance or admittance). In order to hide the activation of this defense mechanism from the attacker, a newest strategy named hidden MTD has been proposed in the latest literature. A hidden MTD can increase the chance to detect FDI attacks and avoid the attacker from inferring the new branch parameters. However, by using an MTD-conrming detector like the bad data detection (BDD) checker in SE, we observe that it is still possible for an attacker to detect this hidden MTD when the power flows change with time. To uncover the essential of the hiddenness of MTD, we study the conditions required for achieving a hidable MTD. We find that the hiddenness of MTD is closely related to the branch perturbations, the system topology and the knowledge of an attacker. From the perspective of the attacker?s knowledge, we prove that an MTD can be detected by an attacker only if he/she knows the former parameters of a set of branches that forms a circle, and the current measurements corresponding to those branches after MTD. But once the attacker has full information of the branch parameters before MTD and the current measurements after MTD, we can never achieve a hidable and effective MTD. Since it is unrealistic to know the knowledge of the attacker, we cannot make sure that an MTD is hidable by purely depending on the MTDdesign. Thus, we propose that we can achieve a hidable MTD with co-design of the measurement protection strategy (MPS) and MTD. With a basic set of measurements being protected, we can always achieve a hidable MTD regardless of the changes of power flows, the attacker?s knowledge and the perturbed branches. Finally, we demonstrate our findings on an IEEE standard test power system, using the load data trace from New York State.
In this paper we are interested in mixed-criticality applications, which have functions with different timing requirements, i.e., hard real-time (HRT), soft real-time (SRT) and functions that are not time-critical (NC). The applications are implemented on distributed cyber-physical systems that use IEEE Time-Sensitive Networking (TSN). TSN is an IEEE effort to bring deterministic real-time capabilities to IEEE 802.3 Ethernet. TSN supports the convergence of multiple traffic types, i.e., critical, real-time and regular ``best-effort' traffic within a single network: Time-Triggered (TT), where messages are transmitted based on static schedule tables; Audio-Video Bridging (AVB), for dynamically scheduled messages with a guaranteed bandwidth and bounded delays; and Best Effort (BE), for which no timing guarantees are provided. HRT messages have deadlines, whereas for SRT messages we capture the quality-of-service using ``utility functions'. Given the network topology, the set of application messages, including their routing, and the set of available AVB classes we are interested to determine the traffic type of each message, such that all HRT messages are schedulable and the total utility for SRT messages is maximized. We propose a Tabu Search-based metaheuristic to solve this optimization problem. The proposed approach has been evaluated using several benchmarks, including two realistic test cases.
Markov Decision Processes (MDPs) provide important capabilities for facilitating the dynamic adaptation and self-optimizination of cyber physical systems at runtime. In recent years, this has primarily taken the form of Reinforcement Learning (RL) techniques that eliminate some MDP components for the purpose of reducing computational requirements. In this work, we show that recent advancements in Compact MDP Models (CMMs) provide sufficient cause to question this trend when designing wireless sensor network nodes. In this work, a novel CMM-based approach to designing self-aware wireless sensor nodes is presented and compared to Q-Learning, a popular RL technique. We show that a certain class of CPS nodes is not well served by RL methods, and contrast RL versus CMM methods in this context. Through both simulation and a prototype implemetation, we demonstrate that CMM methods can provide significantly better runtime adaptation performance relative to Q-Learning, with comparable resource requirements.
Process automation is embracing wireless sensor-actuator networks (WSANs) in the era of Industrial Internet. Despite the success of WSANs for monitoring applications, feedback control poses significant challenges due to data loss and stringent energy constraints in WSANs. Holistic control adopts a cyber-physical system approach to overcome the challenges by orchestrating network reconfiguration and process control at run time. Fundamentally, holistic control leverages self-awareness across control and wireless boundaries to enhance the resiliency of wireless control systems. In this article, we explore efficient holistic control designs to maintain control performance while reducing the communication cost. The contributions of this work are five-fold: (1) We introduce a holistic control architecture that integrates low-power wireless bus (LWB) and two control strategies, rate adaptation and self-triggered control, specifically proposed to reduce communication cost; (2) We present two online rate selection approaches, namely, heuristic and optimal rate selections; (3) We design novel wireless network mechanisms to support rate adaptation and self-triggered control, respectively, in a multi-hop WSAN; (4) We build a real-time network-in-the-loop simulator that integrates MATLAB/Simulink and a three-floor WSAN testbed to evaluate wireless control systems; (5) We empirically explore the tradeoff between communication cost and control performance under alternative holistic control approaches. Our case studies show that rate adaptation and self-triggered control offer advantages in control performance and energy efficiency, respectively, in normal operating conditions. The advantage in energy efficiency of self-triggered control, however, may diminish under harsh physical and wireless conditions due to the cost of recovering from data loss and physical disturbances.
In this paper, the self-aware power management framework is investigated for maintaining event detection probability of supercapacitor-powered cyber-physical systems, with a radar network system as an example. Maintaining the event detection probability of the radar network is decomposed as a problem of controlling the quality of service of each network node. Then a power management method based on model predictive control and particle swarm optimization is proposed for tracking the reference quality of service of each node while satisfying the operation constraints. The effectiveness of the proposed method is demonstrated through three simulation studies which cover both single node and network scenarios. In addition, to support the proposed power management method, an online state of charge prediction method is developed for the supercapacitor. The online prediction method adopts a supercapacitor model that describes both the ohmic leakage and charge redistribution phenomena, and uses online model updating to more accurately capture the supercapacitor behavior and estimate the stored energy.
In this paper we make the case for the new class of Self-aware Cyber-physical Systems. By bringing together the two established fields of cyber-physical systems and self-aware computing, we aim at creating systems with strongly increased yet managed autonomy, which is a main requirement for many emerging and future applications and technologies. Self-aware cyber-physical systems are situated in a physical environment and constrained in their resources, they understand their own state and environment and, based on that understanding, are able to make decisions autonomously at runtime in a self-explanatory way. In an attempt to lay out a research agenda, we bring up and elaborate on five key challenges for future self-aware cyber-physical systems: (i) How can we build resource-sensitive yet self-aware systems? (ii) How to acknowledge situatedness and subjectivity? (iii) What are effective infrastructures for implementing self-awareness processes? (iv) How can we verify self-aware cyber-physical systems and, in particular, which guarantees can we give? (v) What novel development processes will be required to engineer self-aware cyber-physical systems? We review each of these challenges in some detail and emphasize that addressing all of them requires the system to make a comprehensive assessment of the situation and a continual introspection of its own state, in order to sensibly balance diverse requirements, constraints, short-term and long-term objectives. As a main conclusion we highlight the need for research on the following topics: (a) Building resource-sensitive self-awareness, (b) Dealing with situatedness and subjectivity, (c) Infrastructure for introspection and self-awareness processes (self-awareness middleware), (d) Verifying self-aware CPSs and providing guarantees, (e) Design and Engineering processes for SA CPS.
Cyber-physical systems operate in our real world; constantly interacting with the environment and collaborating with other systems. The increasing number of devices will make it infeasible to control each one individually. It will also be infeasible to prepare each of them for every imaginable rapidly-unfolding situation. Therefore, we must increase the autonomy of future Cyber-physical Systems. Making these systems self-aware allows them to reason about their own capabilities and their immediate environment. In this position paper, we extend the idea of the self-awareness of individual systems towards networked self-awareness. This gives systems the ability to reason about how they are being affected by the actions and interactions of others within their perceived environment, as well as in the extended environment that is beyond their direct perception. We propose that different levels of networked self-awareness can develop over time in systems as they do in humans. Furthermore, we propose that this could have the same benefits for networks of systems that it has had for communities of humans; increasing performance and adaptability.
Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust ? a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies in order to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the medium-size German city of Eichstatt. Similar schemes are implemented in the same platform in order to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation on a FORD FOCUS for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy.
IIn the last months, the market of personal wearable devices is booming significantly, and, in particular, smartwatches are starting to assume a fundamental role in the Bring Your Own Device (BYOD) arena as well as in the more general Internet of Things (IoT) ecosystem, by acting both as sensitive data sources and as user identity proxies. These new roles, complementing the more traditional personal assistance and telemetry/tracking ones, open new perspectives in their integration in complex IoT-based critical infrastructures such as e-payment, healthcare monitoring and emergency systems, as well as in their usage as remote control facilities in smart services. We argue that this new scenario calls for a strengthened and more resilient authentication of users through these devices, despite their limitations in terms of dimensions and hardware constraints that may significant affect the usability of security mechanisms. In this paper we present an innovative authentication scheme targeted at smartwatches, namely CirclePIN, that provides both resilience to most common attacks and a high level of usability in tests with real users.
The Internet of Things (IoT) is becoming a backbone of sensing infrastructure to several mission critical applications such as smart health, disaster management, smart cities in distributed networks. Due to resource constrained sensing devices, IoT infrastructures use Edge datacenters (EDCs) for real-time data processing. EDCs can be either static or mobile in nature and this paper considers both these scenarios. Generally, EDCs communicate with IoT devices in emergency scenarios to evaluate the data in real-time. Protecting data communications from malicious activity becomes a key factor, as all the communication flows through insecure channels. In such infrastructures, it is a challenging task for EDC to ensure the trustworthiness of the data for emergency evaluations. The current communication security pattern of ?communication before authentication? leaves a ?black hole? for intruders to become part of communication processes without authentication. To overcome this issue and to develop security infrastructures for IoT and distributed Edge datacenters, this paper proposes a user centric security solution. The proposed security solution shifts from a network centric approach to a user centric security approach by authenticating devices before communication is established. A trusted controller is initialized to authenticate and establishes the secure channel between the devices before they start communication between themselves. The centralized controller draws a perimeter for secure communications within the boundary. Theoretical analysis and experimental evaluation of the proposed security model show that it not only secures the communication infrastructure but also improves the overall network performance.
The rapid increase in the number and type of malicious programs has made malware forensics a daunting task and caused users system to become on danger. Timely identifcation of malware characteristics including its origin and the malware sample family would signifcantly limit the potential damage of the malware. This is a more profound risk in Cyber-Physical Systems (CPS) where a malware attack may cause signifcant physical damage to the infrastructure. Due to limited on-device available memory and processing power in CPS and Internet of Things (IoT) devices, most of the e?orts for protecting CPS networks are focused on the Edge layer, where the majority of security mechanisms are deployed. In this paper, we are proposing a novel fuzzy clustering system for malware attack attribution. Our system is deployed on the edge layer to provide an insight into applicable malware threats to the CPS network. Existing binary malware classifcation techniques are only capable of identifying if a malware belongs to a given family or not. However, the majority of advanced and sophisticated malware programs are combining features from di?erent families. Accordingly, these malicious programs are not similar enough to any existing malware family and easily evade binary classifers detection. This paper proposes a multi-label fuzzy relevance classifer to detect similarities between a given malware sample and other known malware families. We leverage static analysis by utilizing Opcode frequencies as the feature space to classify malware families. We observed that a multi-label classifer does not classify a part of samples. We named this problem as instance coverage problem. To overcome this problem, we developed an ensemble-based multi-label fuzzy classifcation method to suggest the relevance of a malware instance to the stricken families. We tested our technique with three widely used datasets collected from three major malware repositories namely VirusShare, RandsomwareTracker and Microsoft Malware Classifcation Challenge (BIG2015). Our results on BIG2015 indicated an accuracy of 97.56%, a precision of 90.68%, and an f-measure of 89.21%. Also, our results on RandsomwareTracker revealed an accuracy of 94.26%, a precision of 87.21%, and an f-measure of 83.52%. Moreover, our results on samples collected from VirusShare demonstrated an accuracy of 94.66%, a precision of 86.41%, and an f-measure of 84.37%. Our system is most suitable for deployment on the edge layer of CPS or other resource-constraint networks to provide a real-time view of malware threats applicable to the underlying network.