Security and Fault Tolerance of Cyber-Physical Systems

信息物理系统的安全与容错

• 批准号: RGPIN-2015-04273
• 负责人: Kwong, Raymond
• 金额: $ 1.6万
• 依托单位: University of Toronto
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2016
• 资助国家: 加拿大
• 起止时间: 2016-01-01 至 2017-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=612871
• 关键词: Security; Fault; Tolerance; Cyber; Physical

Critical infrastructures such as power grids, water supply systems, and traffic networks involve networked control systems with distributed sensors and actuators. We refer to them as cyber-physical systems. One key requirement for such systems is security from malicious attacks, often in the form of cyber-attacks aimed at compromising supervisory control and data acquisition (SCADA) systems. The second key requirement is fault tolerance: the ability of the control system to continue functioning despite component failures. Component failures can occur as a consequence of malicious actions by an attacker, but can also occur as a result of hardware breakdown or unforeseen operating conditions. Most approaches to combat cyber-attacks focus on prevention through firewalls. With the advent of smart sensors and stealth technologies, preventing access and detecting intrusion are becoming increasingly difficult. There is an urgent need to develop counter-measures that can combat malicious intruders after intrusion has occurred. Traditional approaches to fault-tolerant control design are also inadequate as they often rely on first carrying out accurate fault diagnosis, followed by control reconfiguration. The system may be damaged or irrecoverable while waiting for diagnostic information. Our proposed research aims to improve the security and fault-tolerance of control systems central to cyber-physical systems. The two main objectives of our proposed research program are: (1) to develop novel methodology to detect malicious intruders and prevent them from inflicting damage to the control system; and (2) to maintain functionality and safe operation of control systems when components fail. The first objective focuses on security at the system level, typically involving SCADA systems describable using discrete event system models. Our methodology will make use of the theory of supervisory control and diagnosis for discrete event systems to perform intrusion detection and to counteract malicious behaviour. The novelty in our formulation is our focus on the control aspects after an intrusion has occurred, on how the feedback loop induces interactions between the actions of the attacker and defender. The second objective focuses on resilience of the control system at the physical level when actuators and/or sensors fail. The novelty of our approach is that we focus on decentralized fault-tolerant control design which does not depend on accurate diagnostic knowledge. We propose to study fault-tolerant control as an integrated problem of distributed diagnosis and control reconfiguration, exploiting redundancies through coupling, and investigate network effects such as cascading failures. Protecting cyber-physical systems is of great national interest. Our proposed research can provide significant improvements on the security and resilience of cyber-physical systems.

电网、供水系统和交通网络等关键基础设施涉及带有分布式传感器和执行器的网络控制系统。我们将它们称为网络物理系统。此类系统的一项关键要求是防止恶意攻击，这些攻击通常以网络攻击的形式出现，旨在损害监控和数据采集 (SCADA) 系统。第二个关键要求是容错：即使组件出现故障，控制系统仍能继续运行。组件故障可能由于攻击者的恶意行为而发生，但也可能由于硬件故障或不可预见的操作条件而发生。 大多数对抗网络攻击的方法都侧重于通过防火墙进行预防。随着智能传感器和隐形技术的出现，防止访问和检测入侵变得越来越困难。迫切需要制定能够在入侵发生后对抗恶意入侵者的对策。传统的容错控制设计方法也存在不足，因为它们通常依赖于首先进行准确的故障诊断，然后进行控制重新配置。在等待诊断信息期间，系统可能会损坏或无法恢复。 我们提出的研究旨在提高网络物理系统核心控制系统的安全性和容错性。我们提出的研究计划的两个主要目标是：（1）开发新的方法来检测恶意入侵者并防止他们对控制系统造成损害； (2) 在组件发生故障时维持控制系统的功能和安全运行。 第一个目标侧重于系统级别的安全性，通常涉及使用离散事件系统模型描述的 SCADA 系统。我们的方法将利用离散事件系统的监督控制和诊断理论来执行入侵检测并抵制恶意行为。我们的表述的新颖之处在于我们关注入侵发生后的控制方面，以及反馈循环如何引起攻击者和防御者的行为之间的交互。 第二个目标侧重于当执行器和/或传感器发生故障时控制系统在物理层面的恢复能力。我们方法的新颖之处在于我们专注于分散的容错控制设计，它不依赖于准确的诊断知识。我们建议将容错控制作为分布式诊断和控制重构的集成问题来研究，通过耦合利用冗余，并研究级联故障等网络效应。 保护网络物理系统符合国家重大利益。我们提出的研究可以显着提高网络物理系统的安全性和弹性。