In recent years, cyber-physical systems (CPSs) have received much attention from both the academic world and the industrial world, which refer to a deep integration and coordination of physical and computational resources [1,2]. Typical examples of CPSs can be found in smart grids, smart transportation systems, industrial control systems, water supply systems, and so on. Furthermore, many military systems are also CPSs. The key characteristic of CPSs is the integration of computing, control and communication. The increased in-terconnection between the cyber and physical spaces make CPSs vulnerable to various malicious attacks. A well-known example of an attack of CPSs is the Stuxnet which infected the control system of nuclear-fuel centrifuges of Bushehr nuclear power plant in Iran. Stuxnet makes people beware of the grave consequences of a cyber-attack on a CPS. Since many national critical infrastructures are applications of CPS, ensuring security and safety of such systems is of great importance. In traditional information technology (IT) systems, three security objectives are confidentiality, integrity and availability , where confidentiality is in the first place. While in CPSs, availability ranks the first. Besides, there are some differences between IT systems and CPSs. For examples, in CPSs, a long-term safe and reliable operation is necessary. In CPSs, components are rarely replaced and difficult to upgrade. In CPSs, the control performance of the system should be taken into account. The traditional IT security methods such as data encryption and authentication can protect the confidentiality of data and keep from unauthorized access to some extent