Research Overview
The 4N6's Currently Active Research Projects:
Trustworthy and Efficient AI for CPS Security and Control: Real-time smart and autonomic decision making involves two major stages, sensing (of sensor data and then transformation into actionable knowledge) and planning (taking decisions using this knowledge). These two stages happen in both internal and external operations of an Intelligent Physical System (IPS). In case of internal operations, sensing refers to reading data from on-board sensors and planning refers to smart execution of the firmware running on the IPS. In case of external operations, sensing refers to sensing data from externally-mounted sensors and planning refers to executing the software that constitutes an application. In the sensing stage, an IPS should be able to cope with different forms of uncertainty, especially data and model uncertainties. The goal of this research project is to achieve the objectives of online autonomic decision making on sparsity-aware accelerated hardware via Real-Time Machine Learning (RTML) and approximation for a group of IPSs such as drones performing data collection and/or multi-object tracking/classification and operating in a highly dynamic environment that is difficult to model. Remarkably, the techniques adopted in this project generalize well as they can be applied to a variety of IPS domains including natural calamities, man-made disasters, and terrorist attacks. The drone-based distributed multi-object tracking/classification will enable stakeholders such as citizens, government bodies, rescue agencies, and industries to comprehend the extent of damage, and to develop more effective mitigation policies. The research will also train students including minority and underrepresented students in the field.
Trustworthy Additive Manfacturing: As computers and communication bandwidth become ever-faster and ever-cheaper, computing and communication capabilities will be embedded in all types of objects and structures in the physical environment. Applications with enormous societal impact and economic benefit will be created by harnessing these capabilities in time and across space. We refer to systems that bridge the cyber-world of computing and communications with the physical world as cyber-physical systems (CPS). Additive manufacturing is finding increased application in industry. Safety-critical products, such as medical prostheses and parts for aerospace and automotive industries are being printed by additive manufacturing methods, but there currently are no standard methods for verifying the integrity of the parts that are produced. Trustworthy operation of industrial additive manufacturing depends on secure embedded controllers that monitor and control the underlying physical manufacturing processes. This research will investigate a perfectly air-gapped intrusion detection solution for cyber-physical industrial additive manufacturing infrastructures in which some of the controllers may be infected by malicious code. The research provides guidelines to: i) tie together resilience solutions in software security, control system design, and signal processing, and ii) incorporate reliable and practical cyber-physical attack detection into real-world manufacturing. Educational and technology transfer activities will address the need to improve the applicability of training methods to ensuring the safety and cyber security of physical control systems.
Intrusion Response and Recovery for Critical Infrastructures (via Game-Theoretic Modeling and Decision Making): The severity, number and complexity of intrusions on our national critical cyber-physical infrastructures are rapidly increasing. Preserving the availability and integrity of networked computing systems in the face of those fast-spreading intrusions requires advances not only in detection algorithms, but also in intrusion tolerance and automated response techniques. Additionally, the rapid size and complexity growth of computer networks, and their recently increasing integrations with physical systems in critical cyber-physical infrastructures signify the quest for systems that detect their own compromises and failures and automatically repair themselves. In particular, the ultimate goal of the intrusion tolerant system design is to adaptively react against malicious attacks in real-time, given offline knowledge about the network's topology, and online alerts and measurements from system-level sensors.
Trustworthy Power Grid Critical Infrastructures: The objective of this research is to develop an integrated cyber- physical security approach, resulting in a system that can model, analyze, predict, and detect complex security incidents in computing, physical, or communication assets in a real-time manner. Successful completion of this research will result in decision support technology that will model and analyze the security of cyber-physical system holistically. It will be the first integrated security system to rigorously incorporate both cyber and physical factors and their interdependencies. We will demonstrate and evaluate our technology by developing tools to model and analyze the cyber infrastructure along with the physical system.
Embedded Security Verification: Attackers can leverage security vulnerabilities in control systems to make physical processes behave unsafely. Currently, the safe behavior of a control system relies on a Trusted Computing Base (TCB) of commodity machines, fire- walls, networks, and embedded systems. These large TCBs, often containing known vulnerabilities, expose many attack vectors which can impact process safety. In this paper, we present the Trusted Safety Verifier (TSV), a minimal TCB for the verification of safety-critical code executed on programmable controllers. No controller code is allowed to be executed before it passes physical safety checks by TSV. If a safety violation is found, TSV provides a demonstrative test case to system operators. TSV works by first translating assembly-level controller code into an intermediate language, ILIL. ILIL allows us to check code containing more instructions and features than previous controller code safety verification techniques. TSV efficiently mixes symbolic execution and model checking by transforming an ILIL program into a novel temporal execution graph that lumps together safety-equivalent controller states. We implemented TSV on a Raspberry Pi computer as a bump-in-the-wire that intercepts all controller- bound code.
Physics-Aware Malware: Trustworthy operation of industrial control systems (ICS) depends on secure code execution on the embedded programmable logic controllers (PLCs). The controllers monitor and control the underlying physical plants such as electric power grids and continuously report back the system status to human operators. We present HARVEY, a PLC rootkit that implements a physics-aware stealthy attack against cyberphysical power grid control systems. HARVEY sits within the PLC’s firmware below the control logic and modifies control commands before they are sent out by the PLC’s output modules to the physical plant’s actuators. HARVEY replaces legitimate control commands with malicious, adversary-optimal commands to maximize the damage to the physical power equipment and cause large-scale failures. To ensure system safety, the operators observe the status of the power system by fetching system parameter values from PLC devices. To conceal the maliciously caused anomalous behavior from operators, HARVEY intercepts the sensor measurement inputs to the PLC device. HARVEY simulates the power system with the legitimate control commands (which were intercepted/replaced with malicious ones), and calculates/injects the sensor measurements that operators would expect to see. We implemented HARVEY on the widely spread Allen Bradley PLC and evaluated it on a real-world electric power grid test-bed. The results empirically prove HARVEY’s deployment feasibility in practice nowadays.
Reverse Engineering of Cyber-Physical Controllers: The safety of critical cyber-physical IoT devices hinges on the security of their embedded software that implements control algorithms for monitoring and control of the associated physical processes, e.g., robotics and drones. Reverse engineering of the corresponding embedded controller software binaries enables their security analysis by extracting high-level, domain-specific, and cyber-physical execution semantic information from executables. We present MISMO, a domain-specific reverse engineering framework for embedded binary code in emerging cyber-physical IoT control application domains. The reverse engineering outcomes can be used for firmware vulnerability assessment, memory forensics analysis, targeted memory data attacks, or binary patching for dynamic selective memory protection (e.g., important control algorithm parameters). MISMO performs semantic-matching at an algorithmic level that can help with the understanding of any possible cyber-physical security flaws. MISMO compares low-level binary symbolic values and high-level algorithmic expressions to extract domain-specific semantic information for the binary's code and data. MISMO enables a finer-grained understanding of the controller by identifying the specific control and state estimation algorithms used.
