A systems and control perspective of CPS security

The comprehensive integration of instrumentation, communication, and control into physical systems has led to the study of Cyber-Physical Systems (CPSs), a field that has recently garnered increased attention. A key concern that is ubiquitous in CPS is a need to ensure security in the face of cyber attacks. In this paper, we carry out a survey of systems and control methods that have been proposed for the security of CPS. We classify these methods into three categories based on the type of defense proposed against the cyberattacks: prevention, resilience, and detection & isolation. A unified threat assessment metric is proposed in order to evaluate how CPS security is achieved in each of these three cases. Also surveyed are the risk assessment tools and the effect of network topology on CPS security. Furthermore, an emphasis has been placed on power and transportation applications in the overall survey.     

Deep Learning Based Attack Detection for Cyber-Physical System Cybersecurity: A Survey

With the booming of cyber attacks and cyber criminals against cyber-physical systems(CPSs),detecting these attacks remains challenging.It might be the worst of times,but it might be the best of times because of opportunities brought by machine learning(ML),in particular deep learning(DL).In general,DL delivers superior performance to ML because of its layered setting and its effective algorithm for extract useful information from training data.DL models are adopted quickly to cyber attacks against CPS systems.In this survey,a holistic view of recently proposed DL solutions is provided to cyber attack detection in the CPS context.A six-step DL driven methodology is provided to summarize and analyze the surveyed literature for applying DL methods to detect cyber attacks against CPS systems.The methodology includes CPS scenario analysis,cyber attack identification,ML problem formulation,DL model customization,data acquisition for training,and performance evaluation.The reviewed works indicate great potential to detect cyber attacks against CPS through DL modules.Moreover,excellent performance is achieved partly because of several highquality datasets that are readily available for public use.Furthermore,challenges,opportunities,and research trends are pointed out for future research.     

基于攻击图的信息物理系统信息安全风险评估方法

震网病毒等事件实证了信息攻击能对信息物理系统(CPS)带来严重的物理影响。针对这类跨域攻击问题,提出了基于攻击图的风险评估方法。首先,对信息物理系统中的信息攻击行为进行了分析,指出可编程逻辑控制器(PLC)等物理设备中存在的漏洞是信息攻击实现跨域攻击的关键,并给出了信息物理系统中漏洞的利用模式及影响后果;其次,建立风险评估模型,提出攻击成功概率和攻击后果度量指标。综合考虑漏洞固有特性和攻击者能力计算攻击成功概率,根据主机重要程度和漏洞利用模式计算攻击后果。该方法能够将信息域与物理域作为一个整体进行建模,综合考虑多个跨域攻击对系统风险的影响。数值案例表明,多个跨域攻击组合下的风险值是单一攻击下的5倍,计算得到的风险值更为准确。     

DoS干扰攻击下的信息物理系统状态反馈稳定

基于网络的工业控制系统作为信息物理系统(CPSs)的一种重要应用正迅猛发展.然而,近年来针对工业控制系统的恶意网络攻击引起了人们对CPS安全问题的广泛关注.拒绝服务(DoS)干扰攻击作为CPS中最容易发生的攻击方式得到了深入研究.对此,提出一种能量受限的、周期的DoS干扰攻击模型,攻击的目的是增大无线信道发生数据包随机丢包的概率.基于一类CPS简化模型,考虑CPS中传感器与控制器(S-C)之间无线信道同时存在DoS干扰攻击和固有随机数据包丢失的情况,采用状态反馈,基于随机Lyapunov函数和线性矩阵不等式方法得到可以保证系统稳定的充分条件,并利用系统稳定的充分条件和锥补线性化算法设计控制器.最后,通过两个数值仿真例子验证所提出控制策略的有效性.     

基于动态故障树的信息物理融合系统风险分析

针对信息物理融合系统（CPS）中的网络安全攻击会导致系统失效的问题，提出一种基于动态故障树的CPS风险建模及分析方法。首先，对动态故障树和攻击树集成建模，构建攻击-动态故障树（Attack-DFTs）模型；然后，分别采用二元决策图和输入输出马尔可夫链给出攻击-动态故障树中的静态子树和动态子树的形式化模型，并在此基础上给出攻击-动态故障树的定性分析方法，即分析网络安全攻击导致系统失效的基本事件路径；最后，通过一个典型的排污系统应用实例对方法的有效性进行验证。案例分析结果表明，所提方法能够分析CPS中由于网络安全攻击导致系统失效的事件序列，有效实现了CPS的综合安全评估。     

信息物理融合系统网络安全综述

信息物理融合系统（cyber-physical systems， CPS）是集计算、通信和控制于一体的智能系统，实现网络和物理的深度协作和有机融合.目前CPS在关键的基础设施、政府机构等领域发挥着越来越重要的作用.由于物理限制，计算机和网络产生的安全漏洞会导致CPS遭受巨大的破坏，同时还会引起经济损失、社会动乱等连锁反应，所以研究CPS的安全问题对于确保系统安全运行具有重要意义.本文结合国内外的研究现状，概述了CPS安全控制和攻击检测的最新进展.首先本文总结了CPS典型的系统建模以满足对系统性能分析的需要.然后介绍了3种典型的网络攻击，即拒绝服务攻击、重放攻击和欺骗攻击.根据检测方法的类别，对CPS攻击检测的发展进行的概述.此外还讨论了系统的安全控制和状态估计.最后总结和展望了CPS网络安全面临的挑战和未来的研究方向.     

Guaranteed cost control of cyber‐physical systems with packet dropouts under dos jamming attacks

Cyber‐Physical Systems (CPSs) are vulnerable to malicious network attacks due to tight combination of cyber‐system and physical system through a more open network communication. In this paper, a guaranteed cost control problem for a CPS under DoS jamming attacks is solved via both state feedback and output feedback methods. Specifically, an energy constraint DoS jammer with clear periodic attack strategy is proposed to attack wireless channel and to degrade the system performance. Without knowing the DoS jammer's attack strategy, a passive attack‐tolerant mechanism is established, and the corresponding state feedback and output feedback controllers are designed to achieve guaranteed cost control for the CPS with inherent packet dropouts under DoS jamming attacks. Finally, numerical examples are presented to demonstrate the effectiveness of the guaranteed cost controllers.     

Cyber-physical systems security: Limitations,issues and future trends

Typically, Cyber-Physical Systems (CPS) involve various interconnected systems, which can monitor and manipulate real objects and processes. They are closely related to Internet of Things (IoT) systems, except that CPS focuses on the interaction between physical, networking and computation processes. Their integration with IoT led to a new CPS aspect, the Internet of Cyber-Physical Things (IoCPT). The fast and significant evolution of CPS affects various aspects in people’s way of life and enables a wider range of services and applications including e-Health, smart homes, e-Commerce, etc. However, interconnecting the cyber and physical worlds gives rise to new dangerous security challenges. Consequently, CPS security has attracted the attention of both researchers and industries. This paper surveys the main aspects of CPS and the corresponding applications, technologies, and standards. Moreover, CPS security vulnerabilities, threats and attacks are reviewed, while the key issues and challenges are identified. Additionally, the existing security measures are presented and analyzed while identifying their main limitations. Finally, several suggestions and recommendations are proposed benefiting from the lessons learned throughout this comprehensive review.     

Cross‐layer security design for encrypted CPS based on modified security signalling game

Recent years have witnessed increasing cyber and physical attacks against encrypted cyber‐physical system (CPS) and the ensuing catastrophic consequences. A modified security signaling game (MSSG) model is proposed for capturing attack‐defense interactions and analyzing the cross‐layer security of encrypted CPS. Cyber real‐time performance and physical control performance are both considered in cross‐layer utility function. Theorems concerning the existence of pure‐strategy and mixed‐strategy perfect Bayesian Nash equilibrium (PBNE) are provided, based on which a cross‐layer security design algorithm is proposed for defender's optimal strategy against potential attacks. A numerical case is studied with the effectiveness of our method being proved.     

Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth

Recent innovations in the smart city domain have led to the proposition of a new mode of transportation utilizing Autonomous Passenger Ships (APS) or ferries in inland waterways. The novelty of the APS concept influenced the cyber risk paradigm and led to different considerations regarding attack objectives, techniques as well as risk management approaches. The main factor that has led to this is the autoremote operational mode, which refers to autonomous operations and remote supervision and control in case of emergency. The autoremote operational mode influences the risk of cyber attacks due to the increased connectivity and reliance on technology for automating navigational functions. On the other hand, the presence of passengers without crew members imposes a safety risk factor in cyber attacks. In this paper, we propose a new cyber risk management approach for managing the cyber risks against cyber physical systems in general and Autonomous Passenger Ships in particular. Our proposed approach aims to improve the Defense-in-Depth risk management strategy with additional components from the Threat-Informed Defense strategy allowing for more evolved cyber risk management capabilities. Moreover, we have utilized the proposed cyber risk management approach for the proposition of a cybersecurity architecture for managing the cyber risks against an APS use case named milliAmpere2. Additionally, we present our results after conducting a Systematic Literature Review (SLR) in cybersecurity evaluation in the maritime domain. Then, the findings of the SLR were utilized for a suitable evaluation of the proposed risk management approach. Our findings suggest that our proposed risk management approach named Threat-Informed Defense-in-Depth is capable of enriching several risk management activities across different stages in the system development life cycle. Additionally, a comprehensive evaluation of the cybersecurity posture of milliAmpere2 has been conducted using several approaches including risk evaluation, simulation, checklist, and adversary emulation. Our evaluation has uncovered several limitations in the current cybersecurity posture and proposed actions for improvement.

     

Bibliographical review on cyber attacks from a control oriented perspective

This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.     

高速采样下含网络攻击的信息物理系统$H_/H_infty$故障检测

研究高速采样情况下,含有网络攻击的信息物理系统多目标故障检测问题.考虑系统同时存在时变时延、执行器网络攻击和传感器网络攻击,基于Delta算子对上述系统进行离散化处理,建立在高速采样的条件下,故障与攻击并存的离散时间模型.构造H＿/H_∞故障检测滤波器,使系统具有对随机扰动的鲁棒性,且具有对检测信号的高灵敏性.采用Lyapunov-Krasovskii泛函和线性矩阵不等式的方法,提出系统具有渐近稳定性以及H＿/H_∞性能的充分条件.仿真结果验证了所提方法的可行性和有效性.     

Large scale wireless sensor networks with multi-level dynamic key management scheme

Cyber-Physical Systems (CPSs) have emerged as a promising approach to facilitate the integration of the cyber and physical worlds in highly interconnected and complex ways. CPSs consist of several components, such as sensors, actuators, controllers, etc., and their structures are being complicated, and their scales are increasing day by day. Therefore, the data reliability and security have emerged as critical challenges between physical and virtual components of these systems. Wireless Sensor Networks (WSNs) are accepted as one of the most crucial technologies for building future CPSs. Because of their wireless and dynamic nature, WSNs are more vulnerable to security attacks than wired networks. The main solution for this problem is the usage of signed messages with symmetric or asymmetric key cryptography. Although, asymmetric key cryptography increases network security, it also causes severe computational, memory, and energy overhead for sensor nodes. On the other hand, symmetric key cryptography has the difficulty of providing high-level security and efficient key management scheme; however, it is better in terms of speed and low energy cost. In this paper, it is aimed to build a multi-level dynamic key management system for WSNs with the aid of an Unmanned Aerial Vehicle (UAV), which is a key distribution and coordination center for asymmetric keys. After that, each sensor node constructs different symmetric keys with its neighbors, and communication security is achieved by data encryption and mutual authentication with these keys. Evaluation results show the proposed system is scalable, and its performance is significantly better than asymmetric key management systems.     

Systematization and security assessment of cyber-physical systems

In this paper, the features of cyber-physical systems (CPSs) from the point of view of information security have been considered and CPSs have been classified. The authors have analyzed approaches to security assessments and identified the requirements to indicators of CPS information security. A system of specific assessment indicators based on the system stability criterion and homeostatic approach is proposed.     

基于Petri网的CPS系统安全量化分析模型

随着信息物理融合系统（CPS）的广泛应用,安全性已成为其研究的核心问题。由于CPS离散计算过程和连续物理世界交织的特性,传统的安全分析方式不能直接适用。通过将博弈理论和Petri网建模方法进行结合,提出一种GHPN方法对CPS系统建立量化的安全分析模型,该模型既能适用CPS离散连续混合结构的模型刻画,又可合理模拟系统攻防双方行为,基于最终生成的模型从系统可靠性、脆弱性、风险后果等方面进行安全分析。通过对飞机空中避撞系统的实例研究,表明该模型和分析方法的有效性。     

假数据注入攻击下信息物理融合系统的稳定性研究

假数据注入（False data injection，FDI）攻击由于其隐蔽性特点，严重威胁着信息物理融合系统（Cyber-physical systems，CPS）的安全.从攻击者角度，本文主要研究了FDI攻击对CPS稳定性的影响.首先，给出了FDI攻击模型，从前向通道和反馈通道分别注入控制假数据和测量假数据.接着，提出了FDI攻击效力模型来量化FDI攻击对CPS状态估计值和测量残差的影响.在此基础上，设计了一个攻击向量协同策略，并从理论上分析出操纵CPS稳定性的攻击条件:攻击矩阵H和系统矩阵A的稳定性及时间参数k_a的选取时机.数值仿真结果表明FDI攻击协同策略能够有效操纵两类（含有稳定和不稳定受控对象）系统的稳定性.该研究进一步揭示了FDI攻击的协同性，对保护CPS安全和防御网络攻击提供了重要参考.     

Integrated moving target defense and control reconfiguration for securing Cyber-Physical systems

With the increasingly connected nature of Cyber-Physical Systems (CPS), new attack vectors are emerging that were previously not considered in the design process. Specifically, autonomous vehicles are one of the most at risk CPS applications, including challenges such as a large amount of legacy software, non-trusted third party applications, and remote communication interfaces. With zero day vulnerabilities constantly being discovered, an attacker can exploit such vulnerabilities to inject malicious code or even leverage existing legitimate code to take over the cyber part of a CPS. Due to the tightly coupled nature of CPS, this can lead to altering physical behavior in an undesirable or devastating manner. Therefore, it is no longer effective to reactively harden systems, but a more proactive approach must be taken. Moving target defense (MTD) techniques such as instruction set randomization (ISR), and address space randomization (ASR) have been shown to be effective against code injection and code reuse attacks. However, these MTD techniques can result in control system crashing which is unacceptable in CPS applications since such crashing may cause catastrophic consequences. Therefore, it is crucial for MTD techniques to be complemented by control reconfiguration to maintain system availability in the event of a cyber-attack. This paper addresses the problem of maintaining system and security properties of a CPS under attack by integrating moving target defense techniques, as well as detection, and recovery mechanisms to ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection as well as code reuse attacks, and reconfiguring fast enough to ensure the safety and stability of autonomous vehicle controllers are maintained. By using MTD such as ISR, and ASR, our approach provides the advantage of preventing attackers from obtaining the reconnaissance knowledge necessary to perform code injection and code reuse attacks, making sure attackers can’t find vulnerabilities in the first place. Our system implementation includes a combination of runtime MTD utilizing AES 256 ISR and fine grained ASR, as well as control management that utilizes attack detection, and reconfiguration capabilities. We evaluate the developed security architecture in an autonomous vehicle case study, utilizing a custom developed hardware-in-the-loop testbed.     

In-process machine vision monitoring of tool wear for Cyber-Physical Production Systems

The monitoring of tool wear in machining process is becoming a crucial element in the modern production systems to predict the tool lifespan, and consequently the ideal point to replace it, still remains a challenge up to now. On the other hand, Cyber-Physical Systems (CPSs) have attracted researchers in many areas, especially in manufacturing, and they are playing a key role in the integration of heterogeneous software and hardware components. In this paper, an in-process machine vision monitoring of tool wear is integrated into a production system based on the CPS approach. Thereby, a methodology of four phases is proposed, whose goal basically is to raise the requirements, validate the integration, develop the decentralized architecture and finally prove the efficiency, robustness, and capabilities that only cyber-physical systems can bring to a production system. The feasibility and effectiveness of the proposed monitoring system for in-process tool wear is validated in a CNC drilling machining process.     

面向智慧城市的数据驱动信息物理系统安全威胁分析模型与方法

信息物理系统（CPS）是一个集成计算、通信和物理过程的混成系统,在智慧城市中占据至关重要的地位,其安全问题面临许多挑战.本文首先建立信息物理系统安全威胁分析模型,给出CPS各个组成部件的安全威胁,然后提出了信息物理系统的威胁关联分析方法,并以智能电网为例给出实验测试结果.结果表明,该方法能实现快速大规模安全威胁建模和自动化分析,为智慧城市中的关键信息基础设施提供技术支撑.最后,本文总结了智慧城市中信息物理系统的安全威胁研究进展和未来研究方向.