LanguageTerm (authority = ISO 639-3:2007); (type = text)
English
Abstract (type = abstract)
The critical infrastructures such as electrical power systems, telecommunication, transportation systems, and safety systems in vehicles and avionics comprise some critical safety systems. Safety critical systems use real-time control, including the software used in the design of physical systems and structures, whose failure can have a life-threatening impact. Failure or malfunctioning of such systems will lead to damage to the equipment/property, cause serious injuries or death to people. Since the safety-critical systems use embedded systems running software on them, they are prone to kinetic cyber attacks. Kinetic cyber attacks are a class of cyber attacks that can cause physical damage, injury or death solely through the exploitation of vulnerabilities on the systems. Most of the safety-critical systems are cyber-physical systems. The main targets of kinetic cyber attacks are cyber-physical systems due to there tight coordination between the computational and physical systems.
This thesis provides security solutions using both the cyber as well as physical space together which are tailored for cyber-physical systems. This thesis provides cyber-physical security assessments and solutions by considering the interdependencies between cyber and physical worlds. We leverage the physical and control invariants for security assessment, control flow monitoring and verification purposes at different levels of abstraction in safety-critical systems. The physical invariants of a cyber-physical system is the laws of physics which will not change and the control invariants are the control algorithm which do not change during there operations. Some of the physical and control invariants used in this thesis for securing critical systems are electromagnetic emanation due to noise in digital circuits, flight dynamics for UAV’s and power flow equations, swing equations for the electrical power system.
First, we introduce a novel approach to vulnerability assessment in critical infrastructures by cyber-physical interdependency. We provide an attack synthesis method for power grids, which is analogous to the penetration testing in cybersecurity. Second, to prevent attacks against the control logic used in controllers, we provide a runtime verification solution by leveraging the physical and control invariants of the system. Control logic is a part of a software program that controls the operations of the program. The number of states that a system can be is represented by state variables. The system state space is the set of possible configurations of the system. The state space increases exponentially with the increase in state variables. The proposed verification technique can solve problems such as state space explosion when used on cyber-physical systems. The above-mentioned control logic verification technique has short-come in detecting firmware level malware such as physics aware rootkits. Hence, we provide a separate solution of contactless side channel control flow monitoring technique by receiving the electromagnetic emanations from the PLC. Finally, we introduce cyber-physical access control considering the cyber and physical interdependencies. Cyber-physical access control makes decisions to grant or reject access to an authenticated subject based on what he is authorized to access. Cyber-physical access control is proposed to prevent the system from entering an unsafe state. Apart from these defensive solutions, we also provide the defensive solution earlier in the pipeline, the manufacturing process of the physical system used in safety critical systems.
I hereby grant to the Rutgers University Libraries and to my school the non-exclusive right to archive, reproduce and distribute my thesis or dissertation, in whole or in part, and/or my abstract, in whole or in part, in and from an electronic format, subject to the release date subsequently stipulated in this submittal form and approved by my school. I represent and stipulate that the thesis or dissertation and its abstract are my original work, that they do not infringe or violate any rights of others, and that I make these grants as the sole owner of the rights to my thesis or dissertation and its abstract. I represent that I have obtained written permissions, when necessary, from the owner(s) of each third party copyrighted matter to be included in my thesis or dissertation and will supply copies of such upon request by my school. I acknowledge that RU ETD and my school will not distribute my thesis or dissertation or its abstract if, in their reasonable judgment, they believe all such rights have not been secured. I acknowledge that I retain ownership rights to the copyright of my work. I also retain the right to use all or part of this thesis or dissertation in future works, such as articles or books.