Text

theses

The critical infrastructures such as electrical power systems, telecommunication, transportation systems, and safety systems in vehicles and avionics comprise some critical safety systems. Safety critical systems use real-time control, including the software used in the design of physical systems and structures, whose failure can have a life-threatening impact. Failure or malfunctioning of such systems will lead to damage to the equipment/property, cause serious injuries or death to people. Since the safety-critical systems use embedded systems running software on them, they are prone to kinetic cyber attacks. Kinetic cyber attacks are a class of cyber attacks that can cause physical damage, injury or death solely through the exploitation of vulnerabilities on the systems. Most of the safety-critical systems are cyber-physical systems. The main targets of kinetic cyber attacks are cyber-physical systems due to there tight coordination between the computational and physical systems.

This thesis provides security solutions using both the cyber as well as physical space together which are tailored for cyber-physical systems. This thesis provides cyber-physical security assessments and solutions by considering the interdependencies between cyber and physical worlds. We leverage the physical and control invariants for security assessment, control flow monitoring and verification purposes at different levels of abstraction in safety-critical systems. The physical invariants of a cyber-physical system is the laws of physics which will not change and the control invariants are the control algorithm which do not change during there operations. Some of the physical and control invariants used in this thesis for securing critical systems are electromagnetic emanation due to noise in digital circuits, flight dynamics for UAV’s and power flow equations, swing equations for the electrical power system.

First, we introduce a novel approach to vulnerability assessment in critical infrastructures by cyber-physical interdependency. We provide an attack synthesis method for power grids, which is analogous to the penetration testing in cybersecurity. Second, to prevent attacks against the control logic used in controllers, we provide a runtime verification solution by leveraging the physical and control invariants of the system. Control logic is a part of a software program that controls the operations of the program. The number of states that a system can be is represented by state variables. The system state space is the set of possible configurations of the system. The state space increases exponentially with the increase in state variables. The proposed verification technique can solve problems such as state space explosion when used on cyber-physical systems. The above-mentioned control logic verification technique has short-come in detecting firmware level malware such as physics aware rootkits. Hence, we provide a separate solution of contactless side channel control flow monitoring technique by receiving the electromagnetic emanations from the PLC. Finally, we introduce cyber-physical access control considering the cyber and physical interdependencies. Cyber-physical access control makes decisions to grant or reject access to an authenticated subject based on what he is authorized to access. Cyber-physical access control is proposed to prevent the system from entering an unsafe state. Apart from these defensive solutions, we also provide the defensive solution earlier in the pipeline, the manufacturing process of the physical system used in safety critical systems.

ETD_10440

Ph.D.

Includes bibliographical references

doi:10.7282/t3-ef5h-v947

ETD doctoral

The author owns the copyright to this work.