Resilient cyber physical systems
There has been significant work in understanding vulnerabilities in large-scale distributed cyber physical systems (CPS) and putting technological patches to address individual vulnerabilities, or classes of vulnerabilities. Technologists' efforts at addressing the vulnerabilities are often frustrated by the lack of understanding of the impact of any perturbation to the overall system. Arising from this understanding would be what are the elements of the system that need to be strengthened to limit the effects of the perturbation. Due to the large legacy nature of many CPS infrastructures and budgetary constraints, a complete re-architecting and wholesale strengthening of the system is often not possible; rather, rational decisions have to be made to strengthen parts of the system, including the connection points where multiple entities interact. To aid in such decision making, models of the CPS must be built that not only model the technological elements (the computing elements and the physical elements, in which there has been the most amount of prior work), but also the economic factors (who are the stakeholders and what are their economic drivers) and the policy factors (what controls can each stakeholder implement and how can they collaborate) that will guide the operational controls. These models, when instantiated with parameters from the real system, should enable rational and distributed decision making among the multiple stakeholders about which assets should protect, to what extent, and using what level of cooperation. Then, at runtime, based on inputs from sensors, the system should be able to determine if a perturbation is currently underway and if so, what is the optimal response action to put in place. The existing corpus of work today does not provide for such a pipeline of actions that is needed to secure a wide variety of CPS domains against non-deterministic perturbations.
(Dependable Embedded Wireless Network)
In our work, we seek to address this shortcoming and provide a rigorous, scientific mechanism to make CPS applications robust against a wide variety of perturbations, which will themselves be systematically characterized as part of the work. Our work applies to multiple application domains that share some characteristics: they are geographically distributed, have multiple stakeholders (providers and consumers), have the possibility of real-time interactions which in turn means that perturbations can spread in real time and have to be responded to in real time. We build probabilistic models which have three levels---technological, economic, and policy---which come together and interact at an higher level modeling plane. We apply rigorous game-theoretic principles to model perturbations, their spread and effects, and the appropriate mitigation actions. Finally, we develop situational inferencing techniques, which, at runtime, can infer the state of each CPS element or, at a higher level, which security property has been violated. This can then trigger the appropriate response and containment mechanism, with a probabilistic guarantee of optimality. We use transportation and smart and connected health as the two exemplar CPS application domains for demonstrating our techniques, though the overwhelming majority of our principles and techniques are more broadly applicable.