A Stochastic Game Model for Evaluating the Impacts of Security Attacks Against Cyber-Physical Systems

A quantitative security evaluation in the domain of cyber-physical systems (CPS), which operate under intentional disturbances, is an important open problem. In this paper, we propose a stochastic game model for quantifying the security of CPS. The proposed model divides the security modeling process of these systems into two phases: (1) intrusion process modeling and (2) disruption process modeling. In each phase, the game theory paradigm predicts the behaviors of the attackers and the system. By viewing the security states of the system as the elements of a stochastic game, Nash equilibriums and best-response strategies for the players are computed. After parameterization, the proposed model is analytically solved to compute some quantitative security measures of CPS. Furthermore, the impact of some attack factors and defensive countermeasures on the system availability and mean time-to-shutdown is investigated. Finally, the proposed model is applied to a boiling water power plant as an illustrative example.     

描述CPS物理实体的时空Petri网模型

时间Petri网在经典Petri网的基础上引入了时间因素,不仅能分析逻辑层次的系统性能,还能分析时间层次的系统性能,然而包含空间因素的信息物理融合系统(cyber-physical system,CPS)的产生需要对时间Petri网进行拓展。CPS集成计算系统和物理系统,不仅能够实时感知物理环境信息,并且能够通过物理实体改变物理环境。对CPS的物理层面特点进行了深入分析,研究了CPS物理实体的属性及其位置变迁过程,提出了一种CPS物理实体的形式化建模方法。在时间Petri网的基础上引入了空间因素,构造了时空Petri网模型,使其不仅能够描述物理实体逻辑及时间层次的行为,并且能够描述物理实体位置变迁所引起的状态变化。最后以机器人控制系统为例,进一步阐述了时空Petri网模型的有效性。     

不确定环境下hCPS系统的形式化建模与动态验证

随着科技的进步,新型复杂系统例如人机物融合系统（Human Cyber-Physical Systems,HCPS）已经与人类社会生活越来越密不可分.软件系统所处的信息空间与人们日常生活所处的物理空间日渐融合.物理空间内环境的复杂多变、时空数据的爆发增长以及难以预料的人类行为等不确定因素威胁着系统安全.由于系统安全需求的增长,系统的规模和复杂度随之增加所带来的一系列问题亟待解决.因此,在不确定性环境下,构造智能、安全的人机物融合系统已经成为软件行业不可回避的挑战.环境不确定性使得人机物融合系统软件无法准确感知其所处的运行环境.感知的不确定性将导致系统的误判,从而影响系统的安全性.环境不确定性使得系统设计人员无法为人机物融合系统软件的运行环境提供准确的形式化规约.而对于安全要求较高的系统,准确的形式化规约是保证系统安全的首要条件.为了应对规约的不确定性,本文提出时空数据驱动与模型驱动相结合的建模方式,即通过使用机器学习算法,基于环境中时空数据对环境进行建模.根据安全软件的典型特征,采用动态验证的方式保证系统的安全,从而构建统一安全的理论框架.为了展示方案的可行性,本文以自动驾驶车辆与人驾驶的摩托车的交互场景为例说明了在不确定性环境下的人机物融合系统的建模与验证的具体应用.     

AADL+: a simulation-based methodology for cyber-physical systems

AADL (architecture analysis and design language) concentrates on the modeling and analysis of application system architectures. It is quite popular for its simple syntax, powerful functionality and extensibility and has been widely applied in embedded systems for its advantage. However, it is not enough for AADL to model cyber-physical systems (CPS) mainly because it cannot be used to model the continuous dynamic behaviors. This paper proposes an approach to construct a new sublanguage of AADL called AADL+, to facilitate the modeling of not only the discrete and continuous behavior of CPS, but also interaction between cyber components and physical components. The syntax and semantics of the sublanguage are provided to describe the behaviors of the systems. What’s more, we develop a plug-in to OSATE (open-source AADL tool environment) for the modeling of CPS. And the plug-in supports syntax checking and simulation of the system model through linking with modelica. Finally, the AADL+ annex is successfully applied to model a lunar rover control system.     

Big Data and virtualization for manufacturing cyber-physical systems: A survey of the current status and future outlook

The recent advances in sensor and communication technologies can provide the foundations for linking the physical manufacturing facility and machine world to the cyber world of Internet applications. The coupled manufacturing cyber-physical system is envisioned to handle the actual operations in the physical world while simultaneously monitor them in the cyber world with the help of advanced data processing and simulation models at both the manufacturing process and system operational levels. Moreover, a sensor-packed manufacturing system in which each process or piece of equipment makes available event and status information, coupled with market research for true advanced Big Data analytics, seem to be the right ingredients for event response selection and operation virtualization. As a drawback, the resulting manufacturing cyber-physical system will be vulnerable to the inevitable cyber-attacks, unfortunately, so common for the software and Internet-based systems. This reality makes cybersecurity penetration within the manufacturing domain a need that goes uncontested across researchers and practitioners. This work provides a review of the current status of virtualization and cloud-based services for manufacturing systems and of the use of Big Data analytics for planning and control of manufacturing operations. Building on already developed cloud business solutions, cloud manufacturing is expected to offer improved enterprise manufacturing and business decision support. Based on the current state-of-the-art cloud manufacturing solutions and Big Data applications, this work also proposes a framework for the development of predictive manufacturing cyber-physical systems that include capabilities for attaching to the Internet of Things, and capabilities for complex event processing and Big Data algorithmic analytics.     

基于AOP的时空Petri网的CPS建模

信息-物理融合系统(Cyber-Physical System,CPS)作为一系列物理过程和计算过程的紧密集成,体现为物理世界和信息世界的交互与融合。针对CPS的时空及非功能属性,提出一种面向方面的时空Petri网建模方法,在保证时空一致性的前提下,分离系统中的核心关注点和横切关注点,将横切关注点单独作为方面进行分析,并将构建规则方面重新织入系统。该方法在系统设计阶段可以对不同的非功能属性进行形式化分析,提高了系统的可靠性和可维护性。最后通过实例说明了该方法的可行性。     

A metamodel for cyber-physical systems

With the advent of the Internet of Things and Industry 4.0 concepts, cyber-physical systems in civil engineering experience an increasing impact on structural health monitoring (SHM) and control applications. Designing, optimizing, and documenting cyber-physical system on a formal basis require platform-independent and technology-independent metamodels. This study, with emphasis on communication in cyber-physical systems, presents a metamodel for describing cyber-physical systems. First, metamodeling concepts commonly used in computing in civil engineering are reviewed and possibilities and limitations of describing communication-related information are discussed. Next, communication-related properties and behavior of distributed cyber-physical systems applied for SHM and control are explained, and system components relevant to communication are specified. Then, the metamodel to formally describe cyber-physical systems is proposed and mapped into the Industry Foundation Classes (IFC), an open international standard for building information modeling (BIM). Finally, the IFC-based approach is verified using software of the official IFC certification program, and it is validated by BIM-based example modeling of a prototype cyber-physical system, which is physically implemented in the laboratory. As a result, cyber-physical systems applied for SHM and control are described and the information is stored, documented, and exchanged on the formal basis of IFC, facilitating design, optimization, and documentation of cyber-physical systems.     

混成时空Petri网的CPS实时事件模型

在分析网络物理系统（ CPS）特点的基础上,提出了一种新的CPS体系结构,并对事件进行形式化定义。提出了一种新的CPS物理实体的形式化建模方法。在Petri网的基础上引入时空因素和连续变量,构造了混成时空Petri网（ HSPN）模型,使其不仅能够描述物理实体逻辑和时间层次的行为,而且能够描述物理实体位置变迁所引起的状态变化。将其应用于实时事件CPS模型设计,以医疗控制系统为例,分析建模方法的可行性。     

Toward an execution system for self-healing workflows in cyber-physical systems

Cyber-physical systems (CPS) represent a new class of information system that also takes real-world data and effects into account. Software-controlled sensors, actuators and smart objects enable a close coupling of the cyber and physical worlds. Introducing processes into CPS to automate repetitive tasks promises advantages regarding resource utilization and flexibility of control systems for smart spaces. However, process execution systems face new challenges when being adapted for process execution in CPS: the automated processing of sensor events and data, the dynamic invocation of services, the integration of human interaction, and the synchronization of the cyber and physical worlds. Current workflow engines fulfill these requirements only to a certain degree. In this work, we present PROtEUS—an integrated system for process execution in CPS. PROtEUS integrates components for event processing, data routing, dynamic service selection and human interaction on the modeling and execution level. It is the basis for executing self-healing model-based workflows in CPS. We demonstrate the applicability of PROtEUS within two case studies from the Smart Home domain and discuss its feasibility for introducing workflows into cyber-physical systems.     

Implications of virtualization on Grids for high energy physics applications

The simulations used in the field of high energy physics are compute intensive and exhibit a high level of data parallelism. These features make such simulations ideal candidates for Grid computing. We are taking as an example the GEANT4 detector simulation used for physics studies within the ATLAS experiment at CERN. One key issue in Grid computing is that of network and system security, which can potentially inhibit the widespread use of such simulations. Virtualization provides a feasible solution because it allows the creation of virtual compute nodes in both local and remote compute clusters, thus providing an insulating layer which can play an important role in satisfying the security concerns of all parties involved. However, it has performance implications. This study provides quantitative estimates of the virtualization and hyper-threading overhead for GEANT on commodity clusters. Results show that virtualization has less than 15% run time overhead, and that the best run time (with the non-SMP license of ESX VMware) is achieved by using one virtual machine per CPU. We also observe that hyper-threading does not provide an advantage in this application. Finally, the effect of virtualization on run time, throughput, mean response time and utilization is estimated using simulations.     

基于因果逻辑关系的CPS分布式控因研究

针对多子系统间存在复杂因果逻辑关系的信息物理系统(cyber-physical systems,CPS),建立带有未知非线性项和不确定耦合项的CPS多因系统模型,并提出基于云控制技术的分布式控因方法.利用非线性解耦观测器对CPS多因系统进行动态前馈线性化,使得CPS多因系统分解为多个无耦合关联的CPS因系统.设计基于非线性解耦观测器的分布式模型预测控制器以及分布式优化算法,对解耦后的CPS因系统实现在线约束优化控制.最后,通过数值仿真表明所提出控制策略和优化算法的有效性.     

Secure-by-construction synthesis of cyber-physical systems

Correct-by-construction synthesis is a cornerstone of the confluence of formal methods and control theory towards designing safety-critical systems. Instead of following the time-tested, albeit laborious (re)design-verify-validate loop, correct-by-construction methodology advocates the use of continual refinements of formal requirements – connected by chains of formal proofs – to build a system that assures the correctness by design. A remarkable progress has been made in scaling the scope of applicability of correct-by-construction synthesis – with a focus on cyber-physical systems that tie discrete-event control with continuous environment – to enlarge control systems by combining symbolic approaches with principled state-space reduction techniques.Unfortunately, in the security-critical control systems, the security properties are verified ex post facto the design process in a way that undermines the correct-by-construction paradigm. We posit that, to truly realize the dream of correct-by-construction synthesis for security-critical systems, security considerations must take center-stage with the safety considerations. Moreover, catalyzed by the recent progress on the opacity sub-classes of security properties and the notion of hyperproperties capable of combining security with safety properties, we believe that the time is ripe for the research community to holistically target the challenge of secure-by-construction synthesis. This paper details our vision by highlighting the recent progress and open challenges that may serve as bricks for providing a solid foundation for secure-by-construction synthesis of cyber-physical systems.     

社会群体角色本体的构建方法研究

信息物理系统是一种自知系统,系统中存在大量具有信息物理紧密融合特征的异构资源,这给资源管理带来了巨大的挑战。能力模型是消除异构带来高复杂性的最佳资源描述模型。本文通过分析信息物理系统中的资源特征,借鉴人们处理日常事务的思维方式,给出了资源能力的概念,提出了基于哈希表的"任务类型-能力"的资源能力描述方法和基于历史信息的资源能力计算公式,并建立了资源能力组合模型。最后,通过火灾监控信息物理系统的资源能力建模案例来说明了该资源能力建模方法。     

一类具有饱和发生率的时滞恶意病毒传播模型的分岔控制策略

考虑非线性的饱和发生率,建立一种刻画信息物理融合系统(cyber-physical systems, CPS)中恶意病毒传播的SIRS(susceptible-infected-recovered-susceptible)模型.为了避免因Hopf分岔的产生致使恶意病毒传播扩散,采用参数调节法和状态反馈法相结合的混合分岔控制策略,研究信息物理融合系统的Hopf分岔控制问题,建立受控系统的稳定性条件和分岔判据,探明控制增益参数对Hopf分岔点和分岔极限环幅值的影响规律,并给出分岔阈值与增益参数间的关系图.数值仿真结果表明,所提出的混合分岔控制策略不仅能够改变Hopf分岔点的位置,而且可以有效调节极限环幅值的大小,使得信息物理融合系统产生预期的动力学行为,有效降低恶意病毒传播的危害.     

信息物理融合系统研究综述

信息物理融合系统(Cyber-physical systems, CPS)是多维异构的计算单元和物理对象在网络环境中高度集成 交互的新型智能复杂系统,具有实时、鲁棒、自治、高效和高性能等特点.本 文首先介绍了CPS的概念和特征,综述了CPS的当前发展状况与应用前景;其次, 对CPS的系统构成进行了简要分析,讨论了CPS与相关技术的区别与联系;最后, 对CPS技术发展所面临的主要挑战及可能的研究方向进行了总结与展望.     

A light-weight secure information transmission and device control scheme in integration of CPS and cloud computing

Recently, cloud computing and cyber-physical system (CPS) are definitely basic elements in real industrial field. In particular, security is a mandatory factor for communications and operations in these environments. However, the existing CPS security mechanism is not suitable to the telecommunication framework provided by the standards. In addition, random number function of high entropy must be used to enhance security with encrypted communications and must support perfect secrecy. Random number functions supported by the devices instead of servers do not have sufficient entropy. Entropy injection and seed replacement are also impractical. In this paper, we propose a security scheme which provides light-weight secure CPS information transmission and device control scheme in integration of CPS and cloud computing. In this scheme, a light-weight security scheme can multicast event information to users who have heterogeneous device information access authorities based on oneM2M standards, and also be able to manage the control devices. This paper provides performance analysis of proposed scheme and confirms its security and efficiency.     

信息物理融合系统网络安全综述

信息物理融合系统（cyber-physical systems， CPS）是集计算、通信和控制于一体的智能系统，实现网络和物理的深度协作和有机融合.目前CPS在关键的基础设施、政府机构等领域发挥着越来越重要的作用.由于物理限制，计算机和网络产生的安全漏洞会导致CPS遭受巨大的破坏，同时还会引起经济损失、社会动乱等连锁反应，所以研究CPS的安全问题对于确保系统安全运行具有重要意义.本文结合国内外的研究现状，概述了CPS安全控制和攻击检测的最新进展.首先本文总结了CPS典型的系统建模以满足对系统性能分析的需要.然后介绍了3种典型的网络攻击，即拒绝服务攻击、重放攻击和欺骗攻击.根据检测方法的类别，对CPS攻击检测的发展进行的概述.此外还讨论了系统的安全控制和状态估计.最后总结和展望了CPS网络安全面临的挑战和未来的研究方向.     

A co-simulation framework for design of time-triggered automotive cyber physical systems

Designing cyber-physical systems (CPS) is challenging due to the tight interactions between software, network/platform, and physical components. Automotive control system is a typical CPS example and often designed based on a time-triggered paradigm. In this paper, a co-simulation framework that considers interacting CPS components for assisting time-triggered automotive CPS design is proposed. Virtual prototyping of automotive vehicles is the core of this framework, which uses SystemC to model the cyber components and integrates CarSim to model the vehicle dynamics. A network/platform model in SystemC forms the backbone of the virtual prototyping. The network/platform model consists of processing elements abstracted by real-time operating systems, communication systems, sensors, and actuators. The framework is also integrated with a model-based design tool to enable rapid prototyping. The framework is validated by comparing simulation results with the results from a hardware-in-the-loop automotive simulator. The framework is also used for design space exploration (DSE).     

Robust Dataset Classification Approach Based on Neighbor Searching and Kernel Fuzzy C-Means

Dataset classification is an essential fundament of computational intelligence in cyber-physical systems (CPS). Due to the complexity of CPS dataset classification and the uncertainty of clustering number, this paper focuses on clarifying the dynamic behavior of acceleration dataset which is achieved from micro electro mechanical systems (MEMS) and complex image segmentation. To reduce the impact of parameters uncertainties with dataset classification, a novel robust dataset classification approach is proposed based on neighbor searching and kernel fuzzy c-means (NSKFCM) methods. Some optimized strategies, including neighbor searching, controlling clustering shape and adaptive distance kernel function, are employed to solve the issues of number of clusters, the stability and consistency of classification, respectively. Numerical experiments finally demonstrate the feasibility and robustness of the proposed method.      

Formalization and co-simulation of attacks on cyber-physical systems

Journal of Computer Virology and Hacking Techniques - This paper presents a methodology for the formal modeling of security attacks on cyber-physical systems, and the analysis of their effects on...