Integrated Reconfigurable Control and Moving Target Defense for Secure Cyber-Physical Systems

Abstract: Cyber-physical systems (CPS) are engineered systems created as networks of interacting physical and computational processes. Most modern products in major industrial sectors, such as automotive, avionics, medical devices, and power systems already are or rapidly becoming CPS driven by new requirements and competitive pressures. However, in recent years, a number of successful cyber attacks against CPS targets, some of which have even caused severe physical damage, have demonstrated that security and resilience of CPS is a very critical problem, and that new methods and technologies are required to build dependable systems. Modern automotive vehicles, for example, employ sensors such as laser range finders and cameras, GPS and inertial measurement units, on-board computing, and network connections all of which contribute to vulnerabilities that can be exploited for deploying attacks with possibly catastrophic consequences. Securing such systems requires that potential points of compromise and vehicle-related data are protected. In order to fulfill the great promise of CPS technologies such as autonomous vehicles and realize the potential technological, economic, and societal impact, it is necessary to develop principles and methods that ensure the development of CPS capable of functioning dependably, safely, and securely. In view of these challenges, the project develops an approach for integration of reconfigurable control software design and moving target defense for CPS. The main idea is to improve CPS security by making the attack surface dynamic and unpredictable while ensuring safe behavior and correct functionality of the overall system. The proposed energy-based control design approach generates multiple alternatives of the software application that are robust to performance variability and uncertainty. A runtime environment is designed to implement instruction set randomization, address space randomization, and data space randomization. The heart of the runtime environment is a configuration manager that can modify the software configuration, either proactively or reactively upon detection of attacks, while preserving the functionality and ensuring stable and safe CPS behavior. By changing the control software on-the-fly, the approach creates a cyber moving target and raises significantly the cost for a successful attack without impacting the essential behavior and functionality. Demonstration and experimental evaluation will be performed using a hardware-in-the-loop simulation testbed for automotive CPS.