Resilient Cyber-Physical Systems

Cyber-physical systems (CPSs), engineered systems which include sensing, processing, control, and communication in physical spaces, are ubiquitous in modern critical infrastructures including manufacturing, transportation systems, energy delivery, health care, water management, and the smart grid. The presence of heterogeneous components and devices creates numerous attack surfaces in these large scale, highly connected systems. Consequently, these systems are attractive targets for adversaries and are essential to protect in today’s society. 

In this dissertation, we provide a set of mechanisms and tools that can be used to achieve resilient CPSs, where safety is preserved while functionality is restored in the presence of attacks. More specifically, we focus on two necessary components in designing resilient CPSs: detection and response. The recognition and detection of attacks is the first and foremost step in achieving resilience. Once an attack is detected, a number of forms of active response can be implemented to ensure system resilience. 

We first present a number of tools which leverage both cyber theory and system theory to detect powerful stealthy attacks. Specifically, we set forth the moving target defense as an active detection mechanism for detecting what would otherwise be stealthy covert attacks. We then introduce a number of response mechanisms which leverage both cyber theory and system theory to ensure safety and security against these attacks. Specifically, we set forth software rejuvenation and overlay networks as response mechanisms that provide resilience against attacks on the CPS control software and communication network, respectively. We then set forth some general design and analysis tools for achieving resilient CPSs, providing a framework that minimizes an adversary’s window of opportunity when attacking decentralized systems. We conclude by providing a general tool that analyzes the resilience of any response mechanism against stealthy attacks.