Security-Aware Design of Cyber-Physical Systems for Control Applications

Abstract: With cyber-physical systems opening to the outside world, security can no longer be considered a secondary issue. In this work, we focus on security threats to control applications in cyber-physical systems. We provide detection, prevention, and mitigation solutions to attacks considering the stringent resource constraints and important properties of such systems. First, we highlight some important properties of control applications that are used to design an intrusion detection and mitigation mechanism. We show how the control laws, derived from the physical properties of control applications, can facilitate the intrusion detection mechanism. We also use a resource management approach to maintain the performance of the control application under attack. Second, we elaborate on the challenges derived from sharing a processor among several controller tasks. We investigate the counter-intuitive timing anomalies that result from such resource sharing and introduce the Butterfly attack which exploits these anomalies. With the Butterfly attack, the adversary interferes with a low criticality and less protected task to change the timing behavior of the other tasks sharing the same platform. We experimentally show how this attack can indirectly destabilize a high criticality and, potentially, more protected task. Then, we consider real-time communication of control applications over a Time-Triggered Ethernet network. We demonstrate the impact of varying delays on control stability and identify the route and schedule constraints that are necessary to guarantee stability. On top of that, we study the impact of encryption and decryption delays on stability and employ a design space exploration approach to maximize security while continuing to satisfy stability guarantees.