| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | September 17, 2018 |
| Latest Amendment Date: | November 4, 2021 |
| Award Number: | 1837352 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Phillip Regalia
pregalia@nsf.gov (703)292-2981 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | October 1, 2018 |
| End Date: | September 30, 2022 (Estimated) |
| Total Intended Award Amount: | $37,200.00 |
| Total Awarded Amount to Date: | $37,200.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
2550 NORTHWESTERN AVE # 1100 WEST LAFAYETTE IN US 47906-1332 (765)494-1055 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
155 South Grant Street West Lafayette IN US 47907-2114 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | CPS-Cyber-Physical Systems |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
The nation's critical infrastructures are increasingly dependent on systems that use computers to control vital physical components, including water supplies, the electric grid, airline systems, and medical devices. These are all examples of Cyber-Physical Systems (CPS) that are vulnerable to attack through their computer systems, through their physical properties such as power flow, water flow, chemistry, etc., or through both. The potential consequences of such compromised systems include financial disaster, civil disorder, even the loss of life. The proposed work significantly advances the science of protecting CPS by ensuring that the systems "do what they are supposed to do" despite an attacker trying to make them fail or do harm. In this convergent approach, the key is to tell the CPS how it is supposed to behave and build in defenses that make sure each component behaves and works well with others. The proposed work has a clear transition to industrial practice. It will also enhance education and opportunity by opening up securing society as a fascinating discipline for K-12 students to follow.
The objective of the proposed project is to produce, from untrusted components, a trusted Cyber-physical system (CPS) that is resilient to security attacks and failures. The approach will rely on information flows in both the cyber and physical subsystems, and will be validated experimentally on high fidelity water treatment and electric power CPS testbeds. The project brings together concepts from distributed computing, control theory, machine learning, and estimation theory to synthesize a complete mitigation of the security and operational threats to a CPS. The proposed method's key difference from current methods is that security holes will be identified and plugged automatically at system design time, then enforced during runtime without relying solely on secure boundaries or firewalls. The system will feature the ability to identify and isolate a malfunctioning device or cyber-physical intrusion in real-time by validating its operation against fundamental scientific/engineering principles and learned behavior. A combined mathematical/data science approach will be used to generate governing invariants that are enforced at system runtime. Invariants are a scientific approach grounded in the system's physics coupled with machine learning and real-time scheduling approaches embedded in the CPS. Robust state estimation will account for errors in measurement and automated security domain construction and optimization to reduce the cost of evaluation without sacrificing coverage. The successful outcome of this research will lead to improved national security across various CPS infrastructures which, in turn, will improve economic and population health and security. The work can be taken to industry for deployment in critical infrastructures. The project will stimulate interest in Science, Technology, Engineering and Mathematics (STEM) through the development of a water-themed tabletop exercise for K-12 and helping current college students develop an interest in outreach through the experiential learning aspects of developing the tabletop exercise.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Cyber-physical infrastructure are vulnerable to attacks through cyber, physical, and cyber-physical channels. The consequences of a compromised system range from economic loss to loss of life. Water treatment facilities, vehicle networks, aircraft networks, chemical plants, medical devices, and smart grids are all types of distributed architectures that can be compromised through many vulnerable entry points. Existing approaches for cyber-physical system (CPS) security rely heavily on secure boundaries that have been shown to be easily penetrated. Building up trust in the identity of components suffers from ensuing component compromise in the deployed system. Traditional hierarchical security models are not a good fit for cyber-physical systems due to their increasing peer-to-peer nature. As such, fundamentally new approaches are needed to create trusted CPS.
This collaborative project supported the design and evaluation of methodologies that produce a trusted CPS that is resilient to security attacks and failures from a system composed of untrusted components. Specifically, the project provided access to real, live CPS systems for both collection of real data, and the evaluation and validation of the new methodology developed by our partners at the Missouri University of Science and Technology. The new approach relies on information flows in both the cyber and physical subsystems, and was validated experimentally on two live CPS testbeds developed at iTrust in Singapore -- a high fidelity water treatment and electric power grid.
The work at MST under Professor McMillin has developed a Multiple Security Domain Nondeducibility (MSDND) model to identify the vulnerable points of attack on the system that hide critical information rather than steal it, such as in the STUXNET virus. The results demonstrate the utility of MSDND analysis, conducted on a realistic multi-stage water treatment testbed, for enhancing the security of a water treatment plant. Based on the MSDND analysis, this work offers a thorough documentation on the vulnerable points of attack, invariants used for removing the vulnerabilities, and suggested design decisions that help in developing invariants to mitigate attacks. The method was implemented and evaluated on the SWaT testbed at iTrust.
Last Modified: 01/13/2023
Modified by: Sunil K Prabhakar
Please report errors in award information by writing to: awardsearch@nsf.gov.
