Security-Aware Scheduling of Embedded Control Tasks

Lesi, Vuk; Jovanov, Ilija; Pajić, Miroslav

doi:10.1145/3126518

Cited by 45 publications

(43 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For both studies, sensor values are transmitted over an internal vehicle's network, such as commonly used CAN bus. Note that in [14], we provide additional automotive case-studies (and the overall scheduling framework) for intermittent authentication of CANbus messages from system sensors, and in [15] we show benefits of intermittent authentication on vehicle's ECU scheduling.…”

Section: Case Studiesmentioning

confidence: 98%

“…Related results from [20], [23], focus only on the detection function g k = z T k Q −1 z k and show only sufficient conditions for stealthy attacks -i.e., that in this case from a robustness condition ∆z k Q −1 ≤ α it follows that the the stealthiness condition β a k ≤ β + ε is satisfied. However, the equivalence between conditions ∆z k Q −1 ≤ α and β a k ≤ β +ε will enable us to reduce conservativeness of our analysis as well as analyze boundness of the reachability region for the general type of detection functions from (15), by allowing us to employ both conditions interchangeably.…”

Section: Remarkmentioning

confidence: 99%

“…Lemma 2. For a system with the detector function g a k of the form from (15), the set of all stealthy attacks at time k, A k , can be overapproximated by the set…”

Section: Remarkmentioning

confidence: 99%

See 2 more Smart Citations

Relaxing Integrity Requirements for Attack-Resilient Cyber-Physical Systems

Jovanov

Pajić

2019

IEEE Trans. Automat. Contr.

Self Cite

View full text Add to dashboard Cite

The increase in network connectivity has also resulted in several high-profile attacks on cyber-physical systems. An attacker that manages to access a local network could remotely affect control performance by tampering with sensor measurements delivered to the controller. Recent results have shown that with network-based attacks, such as Man-in-the-Middle attacks, the attacker can introduce an unbounded state estimation error if measurements from a suitable subset of sensors contain false data when delivered to the controller. While these attacks can be addressed with the standard cryptographic tools that ensure data integrity, their continuous use would introduce significant communication and computation overhead. Consequently, we study effects of intermittent data integrity guarantees on system performance under stealthy attacks. We consider linear estimators equipped with a general type of residual-based intrusion detectors (including χ 2 and SPRT detectors), and show that even when integrity of sensor measurements is enforced only intermittently, the attack impact is significantly limited; specifically, the state estimation error is bounded or the attacker cannot remain stealthy. Furthermore, we present methods to:(1) evaluate the effects of any given integrity enforcement policy in terms of reachable state-estimation errors for any type of stealthy attacks, and (2) design an enforcement policy that provides the desired estimation error guarantees under attack. Finally, on three automotive case studies we show that even with less than 10% of authenticated messages we can ensure satisfiable control performance in the presence of attacks.

show abstract

Section: Case Studiesmentioning

confidence: 98%

Section: Remarkmentioning

confidence: 99%

See 1 more Smart Citation

Relaxing Integrity Requirements for Attack-Resilient Cyber-Physical Systems

Jovanov

Pajić

2019

IEEE Trans. Automat. Contr.

Self Cite

View full text Add to dashboard Cite

show abstract

“…For localization, the UAV mainly relies on a GPS sensor that can be compromised to effectively steer the UAV away from its original path. While aggressive attacks can be detected, some may remain stealthy by introducing only bounded errors at each step [20,26,22,16]. For example, Fig.…”

Section: Stochastic Gamesmentioning

confidence: 99%

Security-Aware Synthesis Using Delayed-Action Games

Elfar

Wang

Pajić

2019

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Stochastic multiplayer games (SMGs) have gained attention in the field of strategy synthesis for multi-agent reactive systems. However, standard SMGs are limited to modeling systems where all agents have full knowledge of the state of the game. In this paper, we introduce delayed-action games (DAGs) formalism that simulates hiddeninformation games (HIGs) as SMGs, where hidden information is captured by delaying a player's actions. The elimination of private variables enables the usage of SMG off-the-shelf model checkers to implement HIGs. Furthermore, we demonstrate how a DAG can be decomposed into subgames that can be independently explored, utilizing parallel computation to reduce the model checking time, while alleviating the state space explosion problem that SMGs are notorious for. In addition, we propose a DAG-based framework for strategy synthesis and analysis. Finally, we demonstrate applicability of the DAG-based synthesis framework on a case study of a human-on-the-loop unmanned-aerial vehicle system under stealthy attacks, where the proposed framework is used to formally model, analyze and synthesize security-aware strategies for the system.

show abstract

“…We only deal with eavesdropping attacks here, but other types of attacks have also been studied [2]. Those include denialof-service attacks [3] and data-integrity attacks [4]- [8].…”

Section: Introductionmentioning

confidence: 99%

An Information Matrix Approach for State Secrecy

Tsiamis

Gatsis

Pappas

2018

2018 IEEE Conference on Decision and Control (CDC)

View full text Add to dashboard Cite

This paper studies the problem of remote state estimation in the presence of a passive eavesdropper. A sensor measures a linear plant's state and transmits it to an authorized user over a packet-dropping channel, which is susceptible to eavesdropping. Our goal is to design a coding scheme such that the eavesdropper cannot infer the plant's current state, while the user successfully decodes the sent messages. We employ a novel class of codes, termed State-Secrecy Codes, which are fast and efficient for dynamical systems. They apply linear timevarying transformations to the current and past states received by the user. In this way, they force the eavesdropper's information matrix to decrease with asymptotically the same rate as in the open-loop prediction case, i.e. when the eavesdropper misses all messages. As a result, the eavesdropper's minimum mean square error (mmse) for the unstable states grows unbounded, while the respective error for the stable states converges to the open-loop prediction one. These secrecy guarantees are achieved under minimal conditions, which require that, at least once, the user receives the corresponding packet while the eavesdropper fails to intercept it. Meanwhile, the user's estimation performance remains optimal. The theoretical results are illustrated in simulations. arXiv:1809.07312v2 [cs.SY]

show abstract

Security-Aware Scheduling of Embedded Control Tasks

Cited by 45 publications

References 19 publications

Relaxing Integrity Requirements for Attack-Resilient Cyber-Physical Systems

Relaxing Integrity Requirements for Attack-Resilient Cyber-Physical Systems

Security-Aware Synthesis Using Delayed-Action Games

An Information Matrix Approach for State Secrecy

Contact Info

Product

Resources

About