VU SoS Lablet Quarterly Executive Summary - April 2020

A. Fundamental Research

The Science of Security for Cyber-Physical Systems (CPS) Lablet focuses on (1) Foundations of CPS Resilience, (2) Analytics for CPS Cybersecurity, (3) Development of a Multi-model Testbed for Simulation–based Evaluation of Resilience, and (4) Mixed Initiative and Collaborative Learning in Adversarial Environments. 

• With the increasingly connected nature of Cyber-Physical Systems (CPS), new attack vectors are emerging that were previously not considered in the design process. Specifically, autonomous vehicles are one of the most at risk CPS applications, including challenges such as a large amount of legacy software, non-trusted third party applications, and remote communication interfaces. With zero day vulnerabilities constantly being discovered, an attacker can exploit such vulnerabilities to inject malicious code or even leverage existing legitimate code to take over the cyber part of a CPS. Due to the tightly coupled nature of CPS, this can lead to altering physical behavior in an undesirable or devastating manner. Therefore, it is no longer effective to reactively harden systems, but a more proactive approach must be taken. Moving target defense (MTD) techniques such as instruction set randomization (ISR), and address space randomization (ASR) have been shown to be effective against code injection and code reuse attacks. However, these MTD techniques can result in control system crashing which is unacceptable in CPS applications since such crashing may cause catastrophic consequences. Therefore, it is crucial for MTD techniques to be complemented by control reconfiguration to maintain system availability in the event of a cyber-attack. This work addresses the problem of maintaining system and security properties of a CPS under attack by integrating moving target defense techniques, as well as detection, and recovery mechanisms to ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection as well as code reuse attacks, and reconfiguring fast enough to ensure the safety and stability of autonomous vehicle controllers are maintained. By using MTD such as ISR, and ASR, our approach provides the advantage of preventing attackers from obtaining the reconnaissance knowledge necessary to perform code injection and code reuse attacks, making sure attackers can’t find vulnerabilities in the first place. Our system implementation includes a combination of runtime MTD utilizing AES 256 ISR and fine-grained ASR, as well as control management that utilizes attack detection, and reconfiguration capabilities. We evaluate the developed security architecture in an autonomous vehicle case study, utilizing a custom developed hardware-in-the-loop testbed. 
• Consistent with our research plan, the database for Smart Grid cybersecurity has been completed. First, the research allows the enterprise to identify sub-categories of NIST Cybersecurity Framework that are applicable to a specific logical interface and actors (based on informative references between NIST CSF sub-categories and security controls of NIST SP800:53 Rev 4). Second, it enables the assessment of implementation for cybersecurity. The enterprise profile will be more quantitative as well as traceable because it can be linked to the current implementation state of select security controls of NIST SP800:53. Third, this work enhances enterprise risk management because it allows for: (a) Use of a standard-based approach (using NIST Risk Management Framework, and Cyber Vulnerability Scoring System, CVSS, Ver 3.1) for quantification of cybersecurity vulnerabilities, and (b) Determination of vulnerability impacts and their quantification as well.
• In order to provide a richer developer/analysis environment within the developed testbed, we have been working on a Jupyter Notebook integration capability in WebGME, which would allow Python-based data exploration and/or model modifications to be implemented. We completed the first working prototype of this feature. The current notebook-based workflow and the key architectural elements are as follows: (1) A (Javascript-based) WebGME plugin can programmatically generate Jupyter Notebooks, based on the contents of the model, (2) the Jupyter Notebook server (co-hosted with the WebGME server) is accessed with a simple iFrame-based visualizer inside the WebGME interface, (3) with generated notebook code developers can implement custom analysis algorithms and may send data back to WebGME (modify the model), (4) the model modification is supported by another (Javascript-based) plugin that has direct access to the model.
• Many problems in robotics involve multiple decision making agents. To operate efficiently in such settings, a robot must reason about the impact of its decisions on the behavior of other agents. Differential games offer an expressive theoretical framework for formulating these types of multi-agent problems. Unfortunately, most numerical solution techniques scale poorly with state dimension and are rarely used in real-time applications. For this reason, it is common to predict the future decisions of other agents and solve the resulting decoupled, i.e., single-agent, optimal control problem. This decoupling neglects the underlying interactive nature of the problem; however, efficient solution techniques do exist for broad classes of optimal control problems. We take inspiration from one such technique, the iterative linear-quadratic regulator (ILQR), which solves repeated approximations with linear dynamics and quadratic costs. Similarly, our proposed algorithm solves repeated linear-quadratic games. We experimentally benchmark our algorithm in several examples with a variety of initial conditions and show that the resulting strategies exhibit complex interactive behavior. Our results indicate that our algorithm converges reliably and runs in real- time. In a three-player, 14-state simulated intersection problem, our algorithm initially converges in <0.25s. Receding horizon invocations converge in <50 ms in a hardware collision-avoidance test.

B. Community Engagement(s)

• We visited the Cybersecurity Research Group at Fujitsu System Integration Laboratories Ltd. in Tokyo. During this visit, we made technical demonstrations of the WebGME/DeepForge platform and discussed our results and experiences with the development of the Lablet testbed. We also presented the Jupyter Notebook integration capability within WebGME. Our collaborators at Fujitsu are developing similar tools for cybersecurity research - based on the WebGME platform.
• Presented our research in the “Anomaly Detection of Cyber-Physical Systems (ADCPS)” team meeting, USNA, January 29-30, 2020.
• Keynote talk, Systems Science of Secure and Resilient Cyber-physical Systems, International Conference on Contemporary Computing and Applications, (IC3A 2020), Lucknow, India, February 5-7, 2020
• Claire Tomlin will run the 6th installment of Berkeley Girls in Engineering (GiE), a program held at UC Berkeley for middle school students, in Summer 2020. The week-long day camp includes modules across all types of engineering, with hands-on experiments, to teach about bioengineering, robotics, material science, computer science, water treatment, concrete design, and a range of other engineering topics. This year, we are now planning on a virtual format, in which we are preparing a kit, as well as a Chromebook and WiFi hotspot access for each participant.  

C. Educational Advances

• We are developing a new course in systems theory at Berkeley, to be taken by upper level undergraduates and first and second year graduate students, on a rapprochement between control theory and reinforcement learning.  The course will focus on a modern viewpoint on modeling, analysis, and control design, leveraging tools and successes from both systems and control theory and machine learning.  The first version of this course is being taught by Shankar Sastry in Spring 2020.