Multi-model Testbed for the Simulation-based Evaluation of Resilience 
PI(s), Co-PI(s), Researchers:
- Peter Volgyesi (PI)
- Himanshu Neema (Co-PI)
HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.
- Security Metrics Driven Evaluation, Design, Development, and Deployment
- Resilient Architectures
The goal of the Multi-model Testbed is to provide a collaborative design tool for evaluating various cyber attack/defense strategies and their effects on the physical infrastructure. The web-based, cloud-hosted environment integrates state-of-the-art simulation engines for the different CPS domains and presents interesting research challenges as ready to use scenarios. Input data, model parameters, and simulation results are archived, versioned with a strong emphasis on repeatability and provenance.
PUBLICATIONS
H. Neema, B. Potteiger, X. Koutsoukos, C. Tang and K. Stouffer, "Metrics-Driven Evaluation of Cybersecurity for Critical Railway Infrastructure," 2018 Resilience Week (RWS), Denver, CO, USA, 2018, pp. 155-161.
KEY HIGHLIGHTS
During the reporting period, we developed multiple experiments in two CPS domains. In the future, these experiments will be refined and integrated in the web-based collaborative design environment and will be provided as security research scenarios.
Transportation domain
In the Vanderbilt Emergency Vehicle Scenario, we study the incorporation of V2I technology to minimize the response-time/travel-time of Emergency Vehicles (EVs). Our main goal is to prevent EVs from waiting at a signalized intersection using preemption traffic light control. Preemption traffic light control strategies switch the traffic light state to green for the approach, through which the EV is traveling, and red for the other approaches. The main challenge for these control strategies is how to estimate the green time (i.e., when the traffic light should switch from normal operation to the preemption operation) for the EV, so that the road is clear and the traffic light is green whenever an EV reaches the signalized intersection. Estimating the green time depends on the traffic condition in the EV approach, namely the queue length of waiting vehicles at the intersection, and it also depends on the estimated arrival time of the EV to the intersection.
In this scenario, we use the V2I communication between vehicles and traffic signal to estimate the green time for EV preemption control. Basically, all vehicles send a periodic safety message that includes their speed and position. The traffic light receives these messages and use their data to estimate traffic condition at the intersection (e.g., queue length) and the arrival time of the EV. Based on the estimated values, the traffic light switches to the preemption mode so that the EV can cross the intersection safely at its normal speed. We implemented this scenario using the Vanderbilt xampus map with 25 signalized intersections. Each signalized intersection has a roadside unit (RSU) which is responsible for V2I communications and the preemption control of the traffic light. There are also two hospitals which represent the destinations for the EVs. We implemented this scenario using Veins platform (co-simulation engine of OMNeT++ and SUMO) and we randomly generated different routes for the EVs and other vehicles to simulate traffic during rush hours.
In the Washington Subway Scenario, we investigate the vulnerability aspects of V2I technologies in the context of railway transportation systems. V2I technology enables trains to broadcast their information periodically, such as location and speed. This information is used by traffic lights to turn the signal green for the coming train based on first-come, first-served basis. We implemented the scenario based on the Washington subway system. Washington subway network consists of six lines (Green, Yellow, Blue, Orange, Silver and Red) and the subway trains, during rush hours, running at every 4-8 mins. Moreover, there are six intersections with traffic signals. The scenario - simulating 2-hours of rail traffic - is implemented in Veins.
Powergrid domain
We are investigating vulnerabilities of power grids to attacks that exploit their market infrastructure. In particular, we consider false data injection attacks that alter the prices of electricity. Since appliances adjust their demand or operation schedules based on the market prices, attacks on prices can coordinate these appliances to accomplish different objectives. In particular, we are analyzing how an adversary can cause peaks in the demand and how such events would impact the power grid. Our efforts are focused on understanding the capabilities and restrictions of adversaries, which will become the base to analyze protection mechanisms.
For the security of powergrid our plan is to extend the web-based and cloud-deployed powergrid simulation framework that was previously developed at our institute in order to model a variety of attacks on price signals and local controllers. Toward that end, we have utilized GridLAB-D power distribution simulation tool to experiment with mechanisms to deploy attacks on price signals and local controllers. We already have developed tools to run a parameter sweep of such variations and generating experimental results with analysis. We have not yet integrated these attack models and experimentation tools with our existing web-based powergrid simulation platform, but plan to work on that in the future.
Courses-of-Action
As part of our framework's metrics-driven evaluation capability, we decided to implement a cyber-attack library and develop a language for their systematic incorporation in security and resilience experiments. We call this language as Courses-of-Action (COA) modeling. The cyber-attacks we have planned to implement initially include Denial-of-Service (DOS) attack, Packet Delay Attack, Data Corruption Attack, and Data Integrity Attack. These attacks will be configurable so that they can be deployed in any of the key network nodes during any time-interval in the simulation with any values for configuration of attack parameters. As of now, we have already implemented the DOS and Delay Attacks. We are continuing to implement the rest of the planned cyber-attacks as well as develop the COA modeling language to utilize these cyber-attacks in the form of security and resilience experimentation scenarios.
Testbed Infrastructure
We continued our work on the WebGME-based web-based front-end and Jupyter notebooks-based analysis environment. The current infrastructure of the testbed is available at http://lablet.isis.vanderbilt.edu. Note, that the current version does not provide developed scenario models. We also plan to integrate the testbed environment with our other WebGME-based design studio for deep neural networks (DeepForge)
COMMUNITY ENGAGEMENTS
Our research was presented and the testbed was demonstrated at the Fujitsu System Integration Laboratory in Tokyo, Japan in September 2018.
Poster presentation at the Computational Cybersecurity In Compromised Environments (C3E) Fall Workshop in Atlanta, GA, September 2018.
EDUCATIONAL ADVANCES:
Two undergraduate students participated during the summer months. The students acquired knowledge to design, build and execute test scenarios targeting the Vanderbilt campus street network using the Veins platform.