The increasing set of functionalities, network interoperability, and system design complexity have introduced security vulnerabilities in cyber-physical systems (CPS). As demonstrated, even a remote attacker could disrupt the operation of a car to either disable the vehicle or hijack it. Additional high-profile security incidents in other CPS domains include large-scale attacks on power-grids and industrial systems. On the other hand, the safety-critical interaction with the physical world has made attacks on CPS extremely dangerous as they could result in significant physical damage and even loss of life. The tight integration of information technology and physical components causes CPS to be vulnerable to attack vectors well beyond the standard cyber-attacks, while the rise in autonomy has increased the potential impact such attacks could have. Consequently, to address these challenges, the goal of this project was to develop scientific foundations for design of secure control of CPS, resulting in a high-assurance CPS design framework in which a mix of attack-resilient control and recovery, as well as security-aware human-CPS interactions, provides safety and performance guarantees even in the presence of attacks.

This project developed fundamentally new methods for security-aware modeling, analysis, and design of safety-critical CPS, addressing the many different physical, functional and logical aspects of these heterogeneous systems in the presence of attacks. Specific research products include a library of cyber-physical security techniques that exploit the interaction between physical and cyber domains for attack-detection and resilient control. In particular, to allow for their use in CPS with varying levels of autonomy and human interaction, we developed security-aware control methods for all levels of the `control/autonomy’ stack, from low-level control, to control adaptation and high-level planning in uncertain and potentially contested environments. We demonstrated how such methods can provide strong performance guarantees even in the presence of attacks, for the range of attacks and threat models previously reported in this domain. As part of our analyses, we also discovered several critical vulnerabilities in the existing CPS, such as modern vehicles, including new types of cyber and physical attacks on perception-based sensing (e.g., LiDAR, camera and mm-Wave automotive radars), as well as countermeasures to protect the CPS.

Moreover, as the deep component embedding, and long projected system lifetime may limit the use of standard cyber security solutions that impose a significant computation and communication overhead, we introduced a design-time methodology for resource-aware integration of security in CPS. Our approach integrates requirements for Quality-of-Control (QoC) in the presence of attacks, into end-to-end timing and resource constraints for real-time control transactions that include data acquisition and authentication, real-time network messages and control tasks. Finally, we developed a framework for secure control of Human-CPS that harnesses the human power of inductive reasoning and the ability to provide context, particularly during an attack, in order to improve the overall security guarantees.

The developed high-assurance design framework was used to develop security-aware automotive and aerial controllers for connected and autonomous vehicles with varying levels of autonomy and human supervision. Overall, the papers capturing results of the project received four Best Paper and Runer-Up Awards at top CPS venues. Various components of the proposed research were directly evaluated on relevant automotive applications and architectures, facilitating their transition into practice and immediate industrial impact. For example, in collaboration with industry, national and DoD labs, we have transferred the developed cyber-physical security techniques and platforms into existing systems for autonomous driving, as well as the use of V2V and V2I communication for secure control and vehicle coordination. Similarly, some of the project results have been incorporated as recommendations for security-aware design of autonomous systems, part of the newly released report on Securing Unmanned and Autonomous Vehicles for Mission Assurance released by a NATO Science and Technology Organization (STO), Research Task Group. Some of our results have been highlighted in dozens of news articles in the US and Europe.

The project efforts were strongly motivated by industrial need to provide high-assurance for safety-critical CPS, and thus the results will directly impact the way these systems are designed as well as education of the next generation workforce necessary to support evolution of safe and secure CPS. The project had an extensive education and outreach component, including curriculum development for high-assurance CPS with a strong systems and multidisciplinary perspective, expansion of hands-on research opportunities for undergraduate and graduate students, and cooperation with industry. Five PhD students partially supported by the projects graduated from Duke, with more than three dozen of high-school, undergraduate and masters students working on the related research projects at Duke.

Last Modified: 07/15/2024
Modified by: Miroslav Pajic