NSF Award
1524940
Cyber-physical systems (CPSs) operate nearly all of society's critical infrastructures (e.g., energy, transportation and medicine). In performing mission critical functions, CPSs exhibit hybrid (both discrete and continuous) behavior as they use digital technology to control and monitor physical processes. CPS security analysis is particularly challenging because an attacker can make use of a wide variety of vulnerabilities in the digital elements of the system (e.g., the network), the physical elements of the system, or some combination. This project is developing a mathematical and computational framework for modeling and analyzing large, complex CPSs to capture their vulnerabilities and the resulting attack paths (steps an attacker might use to disrupt the system).<br/><br/>This project is developing hybrid attack graphs (HAGs) as a mathematical formalism for representing security properties and compound exposures in CPSs. HAGs reflect a functional view of exposures, capturing state transitions over CPSs due to the execution of exploits in either the cyber or physical domains. As such, they offer the potential to comprehensively document a CPS attack surface. The researchers are designing HAG generation algorithms that apply intelligent search and parallelization strategies and creating a suite of web-based tools to cope with the computational burdens of large-scale CPS attack surface modeling. The project is developing an array of analytical methods, refined based on Markov Processes, classic reachability, and other techniques. To provide an experimentation platform for evaluating the project's tools and techniques, the researchers are building a CPS test bed comprised of network-controlled robotic vehicles. The testbed will also provide a competitive learning environment in which to teach students about CPS security principles in a fun and engaging manner.
