Description:
TECHNOLOGY AREA(S): Information Systems
OBJECTIVE: To define threat models; develop and prototype novel, resilient architectures, tools, and techniques to mitigate threats to cyber-physical system. To develop modeling and simulation tools that consider the safety and correctness constraints of the physical systems and the interaction with the digital components.
DESCRIPTION: Cyber-physical systems integrate computational, networking, and physical resources. Popular examples include industrial control systems, medical safety systems, software defined radios, and avionics systems. The computational and networking resources provide many benefits to the control of physical systems. The computational resources allow for re-programmability, meaning that bugs in the design can be addressed on deployed systems, without the need for costly hardware replacements. Networking these devices further increases the ease of reprogrammability, since the operators are no longer required to physically visit every node that needs re-programmed. However, with the increased benefits come many additional challenges and increased threats.
While the benefits of re-programmability and networked nodes are hard to argue, the increased attack surface from these additional benefits must be carefully considered, especially for safety-critical systems. The ability for an adversary to remotely connect to, and re-program, a control device for a safety system poses a significant risk. What is needed are tools, techniques, and systems that are resilient to these remote adversaries, as well as other types of failures.
PHASE I: Perform a study to describe the tools, techniques, and/or architectures in need of development for cyberphysical systems in order to limit an adversary’s, or component failure’s, impact, and allow the cyber-physical system to continue to operate in a degraded mode, while still maintaining the safety properties of the system. The study should include plans for a Phase II prototype hardware or software module that demonstrates the enhanced resilience of the CPS.
PHASE II: Develop, implement, and validate a prototype system that utilizes the architecture, tools, and methods from Phase I. The prototypes should be sufficiently detailed to evaluate scalability, usability, and resilience to attack, or failure. Efficiency of the architecture is important, especially, in safety critical applications. Develop novel techniques and tools for modelling CPS, allowing for modeling/simulation of the system to ensure safety and correctness of the controls.
PHASE III DUAL USE APPLICATIONS: Safety-critical control systems span a wide range of industrial and military applications. Any enhancements to the security of commercial-off-the-shelf (COTS) control systems hardware and software will have benefits to both military and commercial markets. Transition of this technology would benefit DoD programs such as SPYDER, MNVR and Rifleman Radios, as well as the TACDIS Cross Domain Solution and the Hardware Convergence R&D initiative.
KEYWORDS: cyber-physical systems, high-assurance architectures, safety systems, industrial control systems, embedded systems, resilience
