Collaborative Research: CPS: Medium: Timeliness vs. Trustworthiness: Balancing Predictability and Security in Time-Sensitive CPS Design

协作研究：CPS：中：及时性与可信度：在时间敏感的 CPS 设计中平衡可预测性和安全性

• 批准号: 2038995
• 负责人: Ning Zhang
• 金额: $ 23.97万
• 依托单位: Washington University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-02-01 至 2025-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2038995&HistoricalAwards=false
• 关键词: Collaborative; Research; CPS; Medium; Timeliness

Many cyber-physical systems (CPS) have real-time (RT) requirements. For these RT-CPS, such as a network of unmanned aerial vehicles that deliver packages to customers’ homes or a robot that performs/aides in cardiac surgery, deadline misses may result in economic losses or even fatal consequences. At the same time, as these RT-CPS interact with, and are depended on by, humans, they must also be trustworthy. The goal of this research is to design secure RT-CPS that are less complex, easier to analyze, and reliable for critical application domains such as defense, medicine, transportation, manufacturing, and agriculture, to name just a few. Since RT-CPS now permeate most aspects of our daily lives, especially in the smart city and internet-of-things (IoT) context, this research will improve confidence in automated systems by users. Research results will be disseminated to both academia and industry, and permit timely adoption since the hardware required in this research is already publicly available. This project will result in a pipeline of engineers and computer scientists who are well-versed in the interdisciplinary nature of securing RT-CPS, as well as course modules and red-teaming exercises for undergraduate students in all engineering disciplines and interactive learning modules and internship experience for K-12 students in D.C., Detroit, Dallas, and St. Louis.The goal of this research is to design secure RT-CPS from the ground up while explicitly accounting for physical dynamics of said RT-CPS at runtime to achieve resilience via prevention and detection of, and recovery from, attacks. This will be accomplished by (i) securing the scheduling infrastructure from the ground up, (ii) using a formal framework for trading off security against timeliness while accounting for system dynamics, and for the cost of security to be explicitly quantified, and (iii) performing state- and function-dependent on-demand recovery. Said RT-CPS will be able to proactively prevent attacks using moving target defenses, as well as detect and recover from attacks that cannot be avoided. This research will pave the way for RT-CPS and internet-of-things (IoT) to be implemented with confidence: their timely and correct operation guaranteed. Specific contributions of this research are: (i) a trusted scheduling infrastructure that can protect the integrity of the real-time tasks, the scheduler, its task queues, and I/O, and which can recover from (intentional) errors, (ii) a probabilistic real-time/security co-design framework that exploits trusted execution to protect the security of the real-time tasks, (iii) novel schedulability analysis techniques, (iv) an incremental recovery mechanism for continuous operation, and (v) validation on automated ground vehicles, drones, and robot arms. Contributions expanding the knowledge base will be made to the fields of CPS, IoT, real-time systems, security, and control systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

许多网络物理系统 (CPS) 都有实时 (RT) 要求，例如将包裹运送到客户家中的无人机网络或执行/辅助心脏手术的机器人、截止日期。同时，由于这些 RT-CPS 与人类相互作用并依赖于人类，因此它们也必须是值得信赖的。不太复杂、更容易RT-CPS 现已渗透到我们日常生活的方方面面，尤其是在智慧城市和互联网领域。在物联网（IoT）背景下，这项研究将提高用户对自动化系统的信心。研究结果将传播给学术界和工业界，并允许及时采用，因为该研究所需的硬件已经公开。工程师和计算机科学家的管道精通确保 RT-CPS 的跨学科性质，以及针对所有工程学科本科生的课程模块和红队练习，以及针对华盛顿特区、底特律、达拉斯、这项研究的目标是从头开始设计安全的 RT-CPS，同时明确考虑所述 RT-CPS 在运行时的物理动态，以通过预防、检测和恢复攻击来实现弹性。将通过以下方式完成(i) 从头开始​​保护调度基础设施，(ii) 使用正式框架在安全性与及时性之间进行权衡，同时考虑系统动态，并明确量化安全成本，以及 (iii) 执行状态和该RT-CPS将能够利用移动目标防御主动阻止攻击，并检测无法避免的攻击并从中恢复，这项研究将为RT-CPS和互联网铺平道路。物联网 (IoT)放心实施：保证其及时和正确的操作。这项研究的具体贡献是：（i）一个可信的调度基础设施，可以保护实时任务、调度程序、其任务队列和 I/O 的完整性。它可以从（故意的）错误中恢复，（ii）概率实时/安全协同设计框架，利用可信执行来保护实时任务的安全性，（iii）新颖的可调度性分析技术，（iv）持续增量恢复机制操作，以及（v）对自动地面车辆、无人机和机器人手臂的验证，将为 CPS、物联网、实时系统、安全和控制系统领域做出扩大知识库的贡献。该奖项反映了 NSF 的法定规定。使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

A Procrastinating Control-Flow Integrity Framework for Periodic Real-Time Systems

周期性实时系统的延迟控制流完整性框架

• DOI: 10.1145/3575757.3575762
• 发表时间: 2023-06-07
• 期刊: Proceedings of the 31st International Conference on Real-Time Networks and Systems
• 作者: Tanmaya Mishra;Jinwen Wang;Thidapat Chantem;Ryan M. Gerdes;Ning Zhang
• 通讯作者: Ning Zhang

RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone

RT-TEE：使用 ARM TrustZone 的网络物理系统的实时系统可用性

• DOI: 10.1109/sp46214.2022.9833604
• 发表时间: 2022-05
• 期刊: 2022 IEEE Symposium on Security and Privacy (SP
• 作者: Wang, Jinwen;Li, Ao;Li, Haoran;Lu, Chenyang;Zhang, Ning
• 通讯作者: Zhang, Ning