TY - JOUR
T1 - Real-time Attack-recovery for Cyber-physical Systems Using Linear-quadratic Regulator
AU - Zhang, Lin
AU - Lu, Pengyuan
AU - Kong, Fanxin
AU - Chen, Xin
AU - Sokolsky, Oleg
AU - Lee, Insup
N1 - Funding Information:
This article appears as part of the ESWEEK-TECS special issue and was presented in the International Conference on Embedded Software (EMSOFT), 2021. This research was supported in part by NSF CCF-2028740, ONR N00014-17-1-2012, ONR N00014-20-1-2744, and AFRL under contract number FA8650-16-C-2642. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation (NSF), Office of Naval Research (ONR), U.S. Air Force Research Laboratory (AFRL), the Department of Defense, or the United States Government. Authors’ addresses: L. Zhang and F. Kong, Syracuse University, Syracuse, New York, USA, 13244; emails: {lzhan120, fkong03}@syr.edu; P. Lu, O. Sokolsky, and I. Lee, University of Pennsylvania, Philadelphia, Pennsylvania, USA, 19104; email: pelu@seas.upenn.edu, {sokolsky, lee}@cis.upenn.edu; X. Chen, University of Dayton, Dayton, Ohio, USA, 45469; email: xchen4@udayton.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2021 Association for Computing Machinery. 1539-9087/2021/09-ART79 $15.00 https://doi.org/10.1145/3477010
Publisher Copyright:
© 2021 Association for Computing Machinery.
PY - 2021/10
Y1 - 2021/10
N2 - The increasing autonomy and connectivity in cyber-physical systems (CPS) come with new security vulnerabilities that are easily exploitable by malicious attackers to spoof a system to perform dangerous actions. While the vast majority of existing works focus on attack prevention and detection, the key question is "what to do after detecting an attack?". This problem attracts fairly rare attention though its significance is emphasized by the need to mitigate or even eliminate attack impacts on a system. In this article, we study this attack response problem and propose novel real-time recovery for securing CPS. First, this work's core component is a recovery control calculator using a Linear-Quadratic Regulator (LQR) with timing and safety constraints. This component can smoothly steer back a physical system under control to a target state set before a safe deadline and maintain the system state in the set once it is driven to it. We further propose an Alternating Direction Method of Multipliers (ADMM) based algorithm that can fast solve the LQR-based recovery problem. Second, supporting components for the attack recovery computation include a checkpointer, a state reconstructor, and a deadline estimator. To realize these components respectively, we propose (i) a sliding-window-based checkpointing protocol that governs sufficient trustworthy data, (ii) a state reconstruction approach that uses the checkpointed data to estimate the current system state, and (iii) a reachability-based approach to conservatively estimate a safe deadline. Finally, we implement our approach and demonstrate its effectiveness in dealing with totally 15 experimental scenarios which are designed based on 5 CPS simulators and 3 types of sensor attacks.
AB - The increasing autonomy and connectivity in cyber-physical systems (CPS) come with new security vulnerabilities that are easily exploitable by malicious attackers to spoof a system to perform dangerous actions. While the vast majority of existing works focus on attack prevention and detection, the key question is "what to do after detecting an attack?". This problem attracts fairly rare attention though its significance is emphasized by the need to mitigate or even eliminate attack impacts on a system. In this article, we study this attack response problem and propose novel real-time recovery for securing CPS. First, this work's core component is a recovery control calculator using a Linear-Quadratic Regulator (LQR) with timing and safety constraints. This component can smoothly steer back a physical system under control to a target state set before a safe deadline and maintain the system state in the set once it is driven to it. We further propose an Alternating Direction Method of Multipliers (ADMM) based algorithm that can fast solve the LQR-based recovery problem. Second, supporting components for the attack recovery computation include a checkpointer, a state reconstructor, and a deadline estimator. To realize these components respectively, we propose (i) a sliding-window-based checkpointing protocol that governs sufficient trustworthy data, (ii) a state reconstruction approach that uses the checkpointed data to estimate the current system state, and (iii) a reachability-based approach to conservatively estimate a safe deadline. Finally, we implement our approach and demonstrate its effectiveness in dealing with totally 15 experimental scenarios which are designed based on 5 CPS simulators and 3 types of sensor attacks.
KW - Cyber-physical system
KW - linear-quadratic regulator
KW - real-time
KW - recovery
KW - security
KW - sensor attack
UR - http://www.scopus.com/inward/record.url?scp=85115831321&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85115831321&partnerID=8YFLogxK
U2 - 10.1145/3477010
DO - 10.1145/3477010
M3 - Article
AN - SCOPUS:85115831321
SN - 1539-9087
VL - 20
JO - Transactions on Embedded Computing Systems
JF - Transactions on Embedded Computing Systems
IS - 5s
M1 - 79
ER -