April 16 – 18, 2024

Focus Period Symposium: Security and Fault Tolerance of Cyber-Physical Systems

Akademiska Föreningen, Lund

We want to plant the seed for a radical rethinking of the way cyber-physical systems are constructed, questioning their fundamental principles and striving for constructions that are secure, safe, controllable, and dependable from the beginning.

The ELLIIT Focus Period Symposium was the highlight of the five-week focus period, during which young international scholars, ELLIIT researchers and other well-established international academics gathered in Lund to work together in these joint research challenges.

Detailed program

April 15, 2024

}

17:00 - 19:00

Skånemotor

Kungsgatan 4, 223 50 Lund

Welcome reception

A welcome drink and some hors d’oeuvres will be served.

Day 1 – April 16, 2024

}

08:30 - 09:00

AF-Borgen

Registration

}

09:00 - 09:30

Opening

Martina Maggio and Anders Rantzer, Lund University

}

09:30 - 10:00

Formally verifying security properties of cyber-physical systems

Mikael Asplund, Linköping University (Sweden)

Abstract

Cyber-physical systems are often safety-critical and require a rigorous development process to reduce the risk of hazards to an acceptable level. Traditionally, this meant isolated components with predictable run-time behaviour, combined with redundancy to achieve fault tolerance. Today, we consider it normal to have internet-connected cars, management of critical infrastructure running in the cloud, and air-traffic control that operate remotely with digital screens instead of windows for the operators. At the same time, the cyber threats have grown drastically in frequency and sophistication putting many of these connected cyber-physical systems at risk. Unfortunately, we have not kept up with the development of rigorous and verifiable development methods to match the increased connectivity and complexity of our critical systems. In this talk I will discuss opportunities and challenges of using formal methods to verify security properties in cyber-physical systems. The focus will be on networked cyber-physical systems considering three different abstraction levels, entity coordination, cryptographic protocol design, and implementation of communication protocols. I will discuss how high-level requirements can be refined and translated to low-level properties, show some examples of what we can show, and where we are still struggling to find suitable abstractions and models.

Biography

Mikael Asplund is a Senior Associate Professor in Computer Science at Linköping University (LiU). He received his M.Sc. degree in computer science and engineering and the Ph.D.degree in computer science from LiU, in 2005 and 2011, respectively. From 2011 to 2012, he was a Research Fellow with Trinity College Dublin. He currently leads five research projects on cybersecurity and is responsible for two Master programs at LiU. His research is focused on methods for rigorous security of cyber-physical systems.
Michela Milano
}

10:00 - 10:30

Resilient Cyber-Physical Systems

Bruno Sinopoli, Washington University in St. Louis (USA)

Abstract

Cyber-Physical Systems have been instrumental in bringing together talented researchers from different domains to focus their attention on developing a paradigm capable of addressing modern real-world system design issues, as separation of concerns does not constitute a realistic assumption, due to the close interplay of sensing, communication, computing and decision making. As a result, system-level research has become more relevant and impactful. In this talk I will provide a personal view of the progress made in CPS since inception and provide a perspective on where the field is headed. In particular I will focus on the issue of guaranteeing resilience and trustworthiness while leveraging modern data driven methods in the presence of large uncertainties and adversarial actions.

Biography

Sinopoli’s research focuses on robust and resilient design of cyberphysical systems, networked and distributed control systems, distributed interference in networks, smart infrastructures, wireless sensor and actuator networks, cloud computing, adaptive video streaming applications and energy systems.

Sinopoli comes to Washington University from Carnegie Mellon University, where he was a professor in the Department of Electrical & Computer Engineering and co-director of the Smart Infrastructure Institute. He also had appointments in the Robotics Institute and in Mechanical Engineering.

In 2010, he received the George Tallman Ladd Research Award from the Carnegie Institute of Technology at Carnegie Mellon, as well as an NSF CAREER Award, which is awarded to junior faculty who model the role of teacher-scholar through outstanding research, excellent education and the integration of education and research.

He joined the faculty at Carnegie Mellon as an assistant professor in 2007. Previously, he was a postdoctoral fellow at the University of California, Berkeley and Stanford University.

Hector-Geffner
}

10:30 - 11:00

Coffee

}

11:00 - 11:30

Into the Unknown: On the Security Challenges in Space Networks

Ahmad-Reza Sadeghi, TU Darmstadt (Germany)

Abstract

The commercialization of the space sector is experiencing rapid growth, marked by an increase in satellite numbers, the advent of small, cost-effective satellites, and the establishment of space networks. These networks are increasingly vital in delivering essential services and supporting various civil and military activities. Consequently, ensuring the security of space networks has become crucial. However, Space Networks seem to be inheriting security challenges akin to those in terrestrial networks.

In this talk, we address the security and privacy challenges inherent in space networks, focusing on satellite platform security, trust establishment, and the emerging concern of safeguarding user location privacy in satellite-based services. We briefly leverage insights from terrestrial studies and experiences, recognizing their potential applicability and adaptability to the unique space environment.

Biography

Prof. Ahmad-Reza Sadeghi is a distinguished Full Professor of Computer Science at the Technical University of Darmstadt, Germany, where he also leads the System Security Lab. His academic journey includes conducting a Ph.D. in Computer Science with a specialization in Cryptography from the University of Saarland, Germany. Prior to his academic career, Prof. Sadeghi contributed significantly to the Research and Development sector of the Telecommunications industry, notably with Ericsson.

Since 2012, Prof. Sadeghi has fostered a close collaboration with Intel, leading several Collaborative Research Centers addressing diverse topics such as Secure Computing in Mobile and Embedded Systems, Autonomous and Resilient Systems, and Private AI. In 2019, he further expanded his lab by establishing the Open Lab for Sustainable Security and Safety (OpenS3 Lab) in partnership with Huawei.

His research focus spans various domains, including Trustworthy Computing Platforms, Hardware-assisted Security, IoT Security and Privacy, Applied Cryptography, and Trustworthy AI. Prof. Sadeghi has played pivotal roles in numerous national and international research and development projects, emphasizing the design and implementation of secure and trustworthy technologies.

He has served as General or Program Chair and Program Committee member of major Information Security and Privacy and Design and Automation conferences and events. Prof. Sadeghi has notably contributed as the Editor-In-Chief of IEEE Security and Privacy Magazine and served on editorial boards for respected publications such as ACM TISSEC, IEEE TCAD, ACM Books, ACM DIOT, ACM TODAES, and ACM DTRAP.

Prof. Sadeghi’s exceptional contributions to the field have earned him prestigious awards. In 2008, he was awarded the esteemed German “Karl Heinz Beckurts” prize for his influential research in Trusted and Trustworthy Computing technology, acknowledging its impactful transfer to industrial practice. In 2010, his group received the German IT Security Competition Award. In 2018, he was honored with the ACM SIGSAC Outstanding Contributions Award, recognizing his dedicated research, education, and management leadership in the security community, with pioneering contributions in content protection, mobile security, and hardware-assisted security.
The year 2021 brought further recognition with the Intel Academic Leadership Award at USENIX Security, acknowledging Prof. Sadeghi’s influential research in information and computer security, particularly in hardware-assisted security. In 2022, he was awarded with the prestigious European Research Council (ERC) Advanced Grant, solidifying his position as a leading figure in advancing cutting-edge research in computer science and security.

Luc-De-Raedt
}

11:30 - 12:00

Verification of Control Stability in the presence of Deadline Misses

Martina Maggio, Lund University (Sweden)

Abstract

Microcontrollers play a crucial role in today’s control technology, such as in smart bikes, cars, and drones. They need to perform tasks promptly with limited processing power. However, the complexity of these tasks can lead to longer processing times, increasing the risk of failing to compute control signals within the required time frame. This could potentially damage the system and endanger users. This talk summarizes several years of research focused on analyzing embedded controllers, highlighting the effect of computational delays that lead to missed deadlines. We will discuss different types of timing violations, including bursts of missed deadlines, constrained patterns, and sporadic misses. By integrating these scenarios with detailed insights into the control systems’ implementation and correlating our analysis with practical applications, we aim to provide a comprehensive view of deadline-miss tolerance for embedded controllers. Finally, we will demonstrate the validity of our findings through extensive simulations and real-world experiments, showcasing the practical implications of our research.

Biography

Martina Maggio is a Professor at the Department of Automatic Control, Lund University since 2023, and at the Computer Science Department, Saarland University since March 2020. She completed her Ph.D. at Politecnico di Milano, spending one year as a visiting graduate student at the Computer Science and Artificial Intelligence Laboratory at MIT. She joined Lund University in 2012 as a postdoctoral researcher, then became an Assistant Professor in 2014, and Docent and Associate Professor in 2017. In 2019, she spent a sabbatical year at Bosch Corporate Research in Renningen, Germany, working on the verification of control systems in presence of computational faults.
Andrea Lodi
}

12:00 - 12:30

Security-Aware Modeling and Optimization of Real-Time Embedded Software

Federico Aromolo, Scuola Superiore Sant’Anna (Italy)

Abstract

Real-time embedded systems are often employed in networked environments to realize complex cyber-physical systems including industrial, automotive, and critical infrastructure systems. When operating in such interconnected domains, a software system is vulnerable to cyber-attacks, which can compromise the correct behavior of the system. Additionally, real-time embedded software must satisfy stringent timing constraints in order to ensure safe system operation. Implementing software protection mechanisms to defend embedded software against known cyber-attacks comes at the cost of introducing significant execution time overheads, with the risk of impacting the timing behavior of the system and jeopardizing system safety. This talk presents a security-aware modeling and optimization framework for real-time software, which aims at exploring the tradeoffs between security measures and real-time schedulability. The framework utilizes a security-aware real-time task model describing the control-flow graph of each task to capture the vulnerabilities affecting each individual basic block and the cost of enabling suitable protection mechanisms. A mixed-integer linear programming method is then leveraged to maximize the security of the application by selectively activating software protections for each task while ensuring system-wide schedulability through timing analysis.

Biography

Federico Aromolo is an Assistant Professor of Computer Engineering with the Real-Time Systems (ReTiS) Laboratory of the Scuola Superiore Sant’Anna (Pisa, Italy). He received the M.Sc. degree in Embedded Computing Systems from the Scuola Superiore Sant’Anna and the University of Pisa (cum laude), and the Ph.D. degree in Emerging Digital Technologies (Embedded Systems curriculum) from the Scuola Superiore Sant’Anna (cum laude) under the supervision of Prof. Giorgio Buttazzo and Prof. Alessandro Biondi. His research interests include real-time scheduling algorithms, schedulability analysis, real-time operating systems, and cybersecurity for embedded systems.

}

12:30 - 14:00

Lunch

}

14:00 - 14:30

Secure state estimation for cyber-physical control systems

Michelle Chong, TU/e (The Netherlands)

Abstract

State estimation is ubiquitous in control systems, especially for cyber-physical systems, which are ‘physical’ systems that communicate over the ‘cyber’ domain. In today’s increasingly connected world, cyber-physical systems permeates critical infrastructure such as energy and transportation networks. The introduction of the ‘cyber’ layer has an important consequence: the transmitted data is susceptible to corruption with malicious intent. This has created a line of works that addresses state estimation when some of the sensor measurements are subject to attacks. The algorithm is called ‘secure’ when the bound on the estimation error is independent of the attacks. In this talk, I will present recent results on secure state estimation for cyber-physical systems where the physical system has nonlinear dynamics, and where the measurements are transmitted over a packet-based network in an asynchronous manner. We guarantee that our state estimation algorithm is secure for any inter-transmission intervals. I will then illustrate the application of this work in the secure monitoring of a low-voltage power distribution system, which is part of an on-going project RESili8, under the ERA-Net Smart Energy Systems scheme.

Biography

Michelle Chong is an assistant professor at the Department of Mechanical Engineering in Eindhoven University of Technology, the Netherlands. She obtained her undergraduate and PhD degrees from the University of Melbourne, Australia. She has held postdoctoral positions in KTH Royal Institute of Technology, Lund University and the University of California Santa Barbara. She is the American Australian Association’s ConocoPhillips postdoctoral fellow in 2013 and won the best paper award for ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS) in 2016. Her research interests are on nonlinear and hybrid dynamical systems (such as cyber-physical systems, networked systems, multi-agent systems and autonomous systems) with applications in power systems, neuroscience and robotics. One of her current research focus is on the security, safety and privacy of cyber-physical systems.
Neil Yorke-Smith
}

14:30 - 15:00

Towards Transparency of IoT Device Presence

Gene Tsudik, University of California, Irvine (USA)

Abstract

As many types of IoT devices worm their way into numerous settings and many aspects of our daily lives, awareness of their presence and functionality becomes a source of major concern. Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation. This prompts, respectively, privacy and security/safety issues. The dangers of hidden IoT devices have been recognized and prior research suggested some means of mitigation, mostly based on traffic analysis or using specialized hardware to uncover devices. While such approaches are partially effective, there is currently no comprehensive approach to IoT device transparency.

Prompted in part by recent privacy regulations (GDPR and CCPA), this work motivates and constructs a privacy-agile Root-of-Trust architecture for IoT devices called PAISA: Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure announcements of nearby IoT devices’ presence and capabilities. PAISA has two components: one on the IoT device that guarantees periodic announcements of its presence even if all device software is compromised, and the other on the user device, which captures and processes announcements. PAISA requires no hardware modifications; it uses a popular off-the-shelf Trusted Execution Environment (TEE) – ARM TrustZone. To demonstrate its viability, PAISA is instantiated as an open-source prototype, which includes an IoT device that makes announcements via IEEE 802.11 WiFi beacons and an Android smartphone-based app that captures and processes announcements. We also discuss the security and performance of PAISA and its prototype.

Biography

Gene Tsudik is a Distinguished Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in
Computer Science from USC. Before coming to UCI in 2000, he was at the IBM Zurich Research Laboratory (1991-1996) and
USC/ISI (1996-2000). His research interests include numerous topics in security, privacy and applied cryptography.
Gene Tsudik was a Fulbright Scholar and a Fulbright Specialist (thrice). He is a fellow of ACM, IEEE, AAAS, IFIP, and a foreign member of
Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM TOPS. He was the recipient of 2017 ACM SIGSAC
Outstanding Contribution, 2020 IFIP Jean-Claude Laprie, and 2023 ACM SIGSAC Outstanding Innovation awards.
His magnum opus is the first ever rhyming crypto-poem published as a refereed paper. Gene Tsudik is allergic to over-hype of
machine learning, blockchains/cryptocurrencies, and differential privacy. He has no social media presence.
Panos M Pardalos
}

15:30 - 17:00

Lightning talks

Day 2 – April 17, 2024

}

09:00 - 09:30

Dependability-driven formal development of cyber-physical systems

Elena Troubitsyna, KTH Royal Institute of Technology (Sweden)

Abstract

Modern safety-critical cyber-physical control systems are complex distributed systems that extensively rely on network technologies in their operation. Hence, they are susceptible not only to random hardware faults but also to malicious faults caused by cyberattacks. Both accidental and malicious faults can potentially jeopardize system safety. Therefore, to guarantee safety, we should explicitly model system behavior in the presence of both hardware faults and cyber-attacks and systematically design mechanisms protecting system safety in different non-nominal conditions. We propose a formal approach to correct-by-construction development of cyber-physical systems that facilitates systematic derivation of fault-tolerant system architectures and rigorous analysis of mutual interdependencies between safety and security. The resultant formal dependability-driven development enables the specification of robust cyber-physical systems whose safety is formally verified not only under nominal operating conditions but also in the presence of accidental and malicious faults.

Biography

From 2022 Full Professor in Computer Science, KTH – Royal Institute of Technology, Sweden, School of Electrical Engineering and Computer.

The development of autonomous, safe and reliable software-intensive systems, such as self-driving cars, drones or various robots, constitutes a major engineering challenge. Current software development methods are unable to efficiently and confidently cope with the enormous system complexity and deliver the required assurance of system trustworthiness in the presence of continuous learning and adaptation. The goal of Elena Troubitsyna’s research is to foster the development of dependable, autonomous systems that are safe and reliable. Her focus is on the design of dependability-assurance solutions for autonomous systems, including the models and algorithms for surveillance, diagnostics and adaptation.

By using rigorous mathematical modelling and verification techniques, Elena’s research contributes to the development of methods and technologies that enable autonomous systems with formally proven safety and reliability. Elena’s research also includes the design of AI algorithms that will empower systems to learn and adapt in real time.

The deployment of autonomous systems promises to bring various benefits to society, provided that powerful methods to achieve their safety and reliability are developed.

Andrea Lodi
}

09:30 - 10:00

Trustworthy Cyber-Physical Critical Infrastructures via Physics-Aware and AI-Powered Security

Saman Zounoz, Georgia Tech (USA)

Abstract

Critical cyber-physical infrastructures, such as the power grid and manufacturing, integrate networks of computational and physical processes to provide people across the globe with essential functionalities and services. Protecting these critical infrastructures’ security against adversarial parties is a vital necessity because the failure of these systems would have a debilitating impact on economic security, public health, and safety. Our research aims at the provision of real-world solutions to facilitate the secure and reliable operation of next-generation critical infrastructures. This requires interdisciplinary research efforts across adaptive systems and network security, cyber-physical systems, and trustworthy real-time detection and response mechanisms.

In this talk, I will focus on real past and potential future threats against critical infrastructures and embedded controllers, and discuss the challenges in the design, implementation, and analysis of security solutions to protect cyber-physical platforms. I will introduce novel classes of working systems that we have developed to overcome these challenges. In particular, I will present our solutions for security verification, monitoring and response capabilities in cyber-physical controllers for safe power grid, manufacturing and avionics operations. Finally, I will briefly talk about our recent efforts in security monitoring of the controller side-channel signals for online attack detection purposes.

Biography

Saman Zonouz is an Associate Professor at Georgia Tech in the Schools of Cybersecurity and Privacy (SCP) and Electrical and Computer Engineering (ECE). Saman directs the Cyber-Physical Security Laboratory (CPSec) which recently hosted a U.S. Congressional visit to demonstrate its research outcomes. His research focuses on security and privacy research problems in cyber-physical systems including attack detection and response capabilities using techniques from systems security, control theory and artificial intelligence. His research has been awarded by Presidential Early Career Awards for Scientists and Engineers (PECASE) by the United States President, the NSF CAREER Award in Cyber-Physical Systems (CPS), Significant Research in Cyber Security by the National Security Agency (NSA), Faculty Fellowship Award by the Air Force Office of Scientific Research (AFOSR), Google Hall of Fame Security Award, Provost Research Award, and Cybersecurity Fellowship by the College of Engineering. His research group has disclosed several security vulnerabilities with published CVEs in widely-used industrial controllers such as Siemens, Allen Bradley, and Wago. Saman is currently a Co-PI on President Biden’s American Rescue Plan $65M Georgia AI Manufacturing (GA-AIM) project. Saman was invited to co-chair the NSF CPS PI Meeting as well as the NSF CPS Next Big Challenges Workshop. Saman has served as the chair and/or program committee member for several conferences (e.g., IEEE S&P, USENIX, CCS, NDSS, DSN, and ICCPS). Saman obtained his Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign.
Andrea Lodi
}

10:00 - 10:30

A Tale of Stale (Data) – Sensor Deprivation Attacks

Nils Ole Tippenhauer, CISPA Helmholtz Center for Information Security (Germany)

Abstract

Realtime control systems rely on correct and fresh sensor data for critical control decisions. But what happens if such data is not available, e.g. due to malicious manipulation of sensors or their traffic? A number of different strategies to mitigate such faults or attacks could be theoretically used. In this presentation, we explore applied sensor manipulation attacks in the context of drones, and how they can be used to influence control decisions while avoiding prior work detection schemes. We show that such manipulations can be hard to detect due to system complexity, and briefly also discuss potential countermeasures.

Biography

Nils Tippenhauer is a faculty at the CISPA Helmholtz Center for Information Security in Germany. Until 2018, Nils was an Assistant Professor at the Singapore University of Technology and Design (SUTD). He earned his Dr. Sc. in Computer Science from ETH Zurich (Switzerland) in 2012.

Nils Tippenhauer is interested in information security aspects of practical systems. In particular, Nils is currently working on security of industrial control systems and the Industrial Internet of Things, for applications such as public infrastructure (e.g., public water systems and power grids). At SUTD, he was involved in the construction and operation of several practical testbeds in those areas (SWaT, WADI, EPIC). In addition, Nils worked on physical layer security aspects of wireless and embedded systems, for example secure ranging, distance measurements and communication using wireless signals

Andrea Lodi
}

10:30 - 11:00

Coffee

}

11:00 - 11:30

A tale of Two Industroyers: It was the Season of Darkness

Alvaro Cardenas, UC, Santa Cruz (USA)

Abstract

In this talk, we discuss the first two known pieces of malware that attempted to create power grid blackouts. While previous research had described the malware at a high level, in this talk, we take a deep dive into the payload targeting the operational equipment of power grid networks. Our findings include new malware behavior that was not previously documented, the software bugs of the malware, and the evolution of attacks against the power grid in Ukraine. We end our talk by discussing how similar malware may evolve in the future and the risks they pose to the power grid.

Biography

Alvaro A. Cardenas is an Associate Professor of Computer Science and Engineering at the University of California, Santa Cruz. Before joining UCSC he was the Eugene McDermott Associate Professor of Computer Science at the University of Texas at Dallas, a postdoctoral scholar at the University of California, Berkeley, and a research staff member at Fujitsu Laboratories. He holds M.S. and Ph.D. degrees from the University of Maryland, College Park, and a B.S. from Universidad de Los Andes in Colombia. His research interests focus on cyber-physical systems and IoT security and privacy, including autonomous vehicles, drones, smart home devices, and SCADA systems controlling the power grid and other critical infrastructures. He is the recipient of the NSF CAREER award, the 2018 faculty excellence in research award from the Erik Johnson School of Engineering and Computer Science, the Eugene McDermott Fellow Endowed Chair at UTD, and the Distinguished Service Award from the IEEE Computer Society Technical Committee on Security and Privacy.
Andrea Lodi
}

11:30 - 12:00

Challenges for Cyber-Physical System Security: Data-Driven Approaches Amidst System Diversity

Magnus Almgren, Chalmers University of Technology (Sweden)

Abstract

As the backbone of critical infrastructure, cyber-physical systems (CPS) are encountering a new wave of security threats, amplified by the deepening pool of knowledge attackers have about exploiting system vulnerabilities. The development of robust security measures for these systems is fraught with complexity, partly due to their diverse nature – a diversity that spans system types, capabilities, and operational frameworks.  Emphasizing data-driven approaches, this talk will explore how the diversity of cyber-physical systems influences the research and development of security mechanisms.  It will highlight challenges such as data scarcity, the need for system observability, and the specificity required in alerts for effective attack detection. Additionally, it will discuss adapting these methods for use in resource-constrained environments. In such settings, it is necessary for systems to not only analyze data but also to adapt and relearn, aligning with the local context and responding to system drift.

Biography

Magnus Almgren is an Associate Professor at Chalmers University of Technology in Gothenburg, Sweden. He earned a Ph.D. in Computer Science from Chalmers in 2008, an MSc in Computer Science with distinction in research from Stanford University in 2001, and an MSc in Engineering Physics from Uppsala University in 1999. He has worked as a Computer Scientist at SRI International and was part of a cybersecurity research team at IBM Research, Zurich.

His primary focus lies in cybersecurity, specifically within the Internet of Things and cyber-physical systems, such as the power grid, water treatment plants, paper factories, and connected vehicles. Magnus also explores the integration of machine learning and automated reasoning in security contexts.

In 2001, he was honored as a Fulbright scholar. Additionally, over the last years, Magnus has actively pursued commercialization endeavors with two startup companies.

Andrea Lodi
}

12:00 - 12:30

Setpoint attack detection in cyber-physical systems

Walter Lucia, Concordia University (Canada)

Abstract

In different Cyber-Physical System (CPS) setups, the reference signal (or setpoint) is generated by a control center remotely located with respect to a standard feedback controller. Therefore, an attacker with sufficient resources can exploit the communication channel to alter the setpoint signal, ultimately affecting the control system’s tracking performance. Although several security issues of CPSs have been extensively studied, the problem of detecting attacks against the setpoint has yet to receive adequate attention. Moreover, existing anomaly detectors capable of detecting the presence of cyber-attacks on the actuation and measurement channels are not readily adaptable to address reference attacks, primarily because the setpoint signal does not directly depend on the system’s dynamic behaviour. Concerning this problem, this talk will first present a control architecture enabling the detection of setpoint attacks for constrained linear time-invariant systems. Then, by considering a remotely manoeuvred wheeled mobile robot as a case of study, such an architecture is customized to deal with the robot’s nonlinear kinematic model. Laboratory results obtained using a Khepera IV differential-drive robot will be presented.

Biography

Dr. Walter is currently an Associate Professor at the Concordia Institute for Information Systems Engineering, Concordia University, Canada. He received the M.Sc. degree in Automation Engineering (2011) and the Ph.D. degree in Systems and Computer Engineering (2015) from the University of Calabria, Italy. Before joining Concordia University in 2016, he was a visiting research scholar in the ECE Department at Northeastern University (USA) and a visiting postdoctoral researcher in the ECE Department at Carnegie Mellon University (USA). Dr. Lucia is currently an Associate Editor for the Control System Society – Conference Editorial Board, IEEE Systems Journal and Springer Journal of Control, Automation and Electrical Systems. Moreover, Dr. Lucia is currently the Chair of the IEEE Montreal Chapters of Systems, Man and Cybernetics (SMC), and Control Systems (CS). Dr. Lucia’s research interests include constrained control of unmanned vehicles, model predictive control, and secure and resilient control of cyber-physical systems.
Andrea Lodi
}

12:30 - 14:00

Lunch

}

14:00 - 14:30

Security Proximity to Secure Positioning

Mridula Singh, CISPA Helmholtz Center for Information Security (Germany)

Abstract

A wide variety of applications, such as modern payment systems, access control for critical infrastructures, healthcare, and contact tracing, depend on location and proximity information. There are multiple ways to establish physical distance between two entities, most of which are prone to distance modification attacks and can lead to loss of property (e.g., cars with keyless entry systems) and human life (e.g., vehicle collision). The increasing need for secure distance measurement has motivated academia and industry to explore new secure designs and integrate them into the upcoming standards, including IEEE 802.15.4z (Ultra-Wideband), IEEE 802.11mc/az (WiFi), and 3GPP 5G, and OSNMA in Galileo. In this talk, I will discuss the security vulnerabilities of the ranging and positioning design proposed in these standards.

Biography

TBC
Andrea Lodi
}

14:30 - 15:00

Advancing Cyber-Physical System Security: From Anomaly Detection to Hybrid Moving Target Defense

Alessandro Papadopoulos, Mälardalens University (Sweden)

Abstract

In the rapidly evolving landscape of cyber-physical systems (CPS), ensuring security and stability is paramount. This talk delves into two cutting-edge approaches addressing distinct yet interconnected aspects of CPS security. The first part of the talk explores a novel metric, ‘transparency,’ designed to enhance Anomaly Detection Systems (ADS) in CPS. Traditional physics-based methods in ADS, such as CUSUM, face challenges of false positives and undetectable attacks, leading to potentially hazardous conditions. By focusing on sophisticated multi-alarm attacks, this research underscores the limitations of existing zero-alarm attack models and proposes an optimised framework to detect and mitigate state deviations more effectively.

The second part of the talk transitions from detection to control and introduces a hybrid moving target approach. This method builds on moving-target defense mechanisms and focuses on the design of a time-varying controller that shifts closed-loop eigenvalues along radial trajectories. The uniqueness of this approach lies in its ability to maintain system stability without the need for synchronization between the plant and control unit. By examining stability through contraction theory, this research offers a fresh perspective on ensuring robustness against potential adversarial actions in a time-varying system environment.

The talk aims to provide insights into the latest research developments, practical implications, and future directions in enhancing the resilience of cyber-physical systems against sophisticated threats and instabilities.

Biography

Alessandro V. Papadopoulos is a Full Professor of Electrical and Computer Engineering at Mälardalen University, Sweden, and a visiting professor at the University of Malaga, Spain. He received his B.Sc. and M.Sc. (summa cum laude) degrees in Computer Engineering from Politecnico di Milano, Milan, Italy. He further earned his Ph.D. degree (Hons.) in Information Technology, specializing in Systems and Control, from Politecnico di Milano in 2013. He was a Postdoctoral researcher at the Department of Automatic Control, Lund, Sweden (2014-2016), and at Politecnico di Milano, Milan, Italy (2016). Since 2016, he has been with Mälardalen University, where he was Assistant Professor (2016-2018), Associate Professor (2018-2022), and Full Professor (since 2022).

He was the Program Chair for the Mediterranean Control Conference (MED) 2022, and for the Euromicro Conference on Real-Time Systems (ECRTS) 2023. He serves on the editorial board of ACM Transactions on Autonomous and Adaptive Systems and the Leibniz Transactions on Embedded Systems.

In 2020, he was awarded a strategic mobility grant by the Swedish Foundation for Strategic Research (SSF), giving him the opportunity to collaborate with ABB (Sweden) on the design of the computing infrastructure of future-generation automation systems. His research interests include control theory, robotics, real-time systems, and distributed systems. His work is funded by a combination of prestigious personal grants, industrial collaborations, and European Union and national projects.

Andrea Lodi
}

15:00 - 15:30

Towards Compositional Secure Autonomy: From Perception to Control

Z. Berkay Celik, Purdue University (USA)

Abstract

Autonomous systems, such as self-driving cars, drones, and mobile robots, are rapidly becoming ubiquitous in our society. These systems are composed of multiple individual software components for perception, prediction, planning, and control. While these systems are now blurring the lines between traditional computing systems and human intelligence and revolutionizing markets, a significant gap exists in developing theory and practice that indicates how the behavior of each component can be unified to reason about their system-wide security. This gap is exacerbated by the increasing use of learning-enabled components with inputs from diverse sensors and actuators that operate in open and uncontrolled physical environments.  In this talk, I present the challenges in compositional secure autonomy and principles from our recent efforts on vulnerability discovery and security enforcement to address these challenges. I illustrate these challenges and principles with examples and sample results by focusing on robotic vehicles and autonomous driving. I conclude with a discussion of the open problems and opportunities, and outline areas for defensive research in the future.

Biography

Berkay Celik is an Assistant Professor of Computer Science at Purdue University, where he is the co-director of the Purdue Security (PurSec) laboratory and a member of the Center for Education and Research in Information Assurance and Security (CERIAS). His research investigates the design and evaluation of security for software and systems, specifically on emerging computing platforms and the complex physical environments in which they operate. Through systems design, program analysis, and formal methods, his research seeks to improve security and privacy guarantees in commodity computer systems. His research approach is best illustrated by his extensive work in the security and privacy of the Internet of Things and Cyber-Physical systems, including robotic vehicles, automobiles, and autonomous vehicles. He has received a National Science Foundation CAREER Award in 2022 and Google ASPIRE Research award in 2021, 2022, and 2023. More information about his research group and publication record is available at https://beerkay.github.io.
Andrea Lodi
}

15:30 - 16:00

Cybersecurity in real-time cyber-physical systems

Bryan Ward​, Vanderbilt University (USA)

Abstract

Many cyber-physical systems include sensing and control processing that have real-time processing requirements due to the nature of the interactions with the physical world. As such systems are becoming increasingly network connected, such as with the (Industrial) Internet of Things, such systems are also becoming smarter and more capable. However, such connectivity also exposes vectors for remote attackers to exploit vulnerable CPSs. To prevent such attacks, defenses are needed that prevent such attacks from succeeding, without compromising the real-time performance of the requirements of the system to begin with. This presentation will discuss several approaches to developing real-time security mechanisms that are designed for predictable performance and are amenable to real-time analysis.

Biography

Bryan Ward is an Assistant Professor of Computer Science and Electrical and Computer Engineering at Vanderbilt University. His research interests include systems security, operating systems, and real-time and embedded systems, and especially the intersection of these topics. Prior to joining Vanderbilt in Fall 2022, he was a member of the technical staff at MIT Lincoln Laboratory in the Secure and Resilient Systems and Technology Group where he worked on research projects on real-time systems and operating-system security for national security especially in the context of embedded systems such as satellites and industrial control systems. He was honored with the 2021 MIT Lincoln Laboratory Outstanding Mentor Award. He earned his Ph.D. at the University of North Carolina at Chapel Hill in 2016, where he was also a recipient of the NSF Graduate Research Fellowship. He earned a B.S. in Computer Science and Engineering and a B.A. in Mathematics at Bucknell University, where he was also the recipient of the 2009 Barry Goldwater Scholarship. He is a senior member of the IEEE.
Andrea Lodi

Symposium Dinner at Turning Torso, Malmö

Bus departs at approx 18.00

Day 3 – April 18, 2024

}

09:00 - 09:30

Fault Localization in Utility Networks

Henrik Sandberg, KTH Royal Institute of Technology (Sweden)

Abstract

Utility networks, such as those for electricity and water supply, are rapidly aging and are increasingly susceptible to malfunctions. Detecting, pinpointing, and mending these faults is typically complex, slow, and expensive, requiring substantial hands-on effort. Concurrently, there is a rise in the use of flow and potential meters to oversee these systems. In this presentation, we explore using such monitoring data to locate faults within extensive utility networks. We examine two distinct scenarios. First, we consider a 3-phase medium-voltage electrical network, and we outline the framework for a fault localization method that utilizes both data and models. In the second scenario, we address a comparable issue within a water distribution network, noting the significant contrasts like the reduced frequency of sensor readings and the network’s more complex, nonlinear flow resistance. We provide a theoretical foundation for distinguishing between various leaking pipes using limited measurement data.

Biography

Henrik Sandberg is Professor at the Division of Decision and Control Systems, KTH Royal Institute of Technology, Stockholm, Sweden. He received the M.Sc. degree in engineering physics and the Ph.D. degree in automatic control from Lund University, Lund, Sweden, in 1999 and 2004, respectively. From 2005 to 2007, he was a Post-Doctoral Scholar at the California Institute of Technology, Pasadena, USA. In 2013, he was a Visiting Scholar at the Laboratory for Information and Decision Systems (LIDS) at MIT, Cambridge, USA. He has also held visiting appointments at the Australian National University and the University of Melbourne, Australia. His current research interests include security of cyber-physical systems, power systems, model reduction, and fundamental limitations in control. Dr. Sandberg was a recipient of the Best Student Paper Award from the IEEE Conference on Decision and Control in 2004, an Ingvar Carlsson Award from the Swedish Foundation for Strategic Research in 2007, and a Consolidator Grant from the Swedish Research Council in 2016. He has served on the editorial boards of IEEE Transactions on Automatic Control and the IFAC Journal Automatica. He is Fellow of the IEEE.
Andrea Lodi
}

09:30 - 10:00

The disconnection between physical and logical identities

Tuomas Aura, Aalto University (Finland)

Abstract

Cyber-physical devices have two kinds of identities: logical and physical. We are pretty sure we can identify a physical device, at least while interacting with it directly. We also know how to establish secure communication with a logical identity in cyberspace using cryptographic authentication and attestation. However, additional complications arise when we want to interact physically and logically with the same device. How do we know that it is the same entity? I’ll discuss some examples of security failures from research and engineering projects. I’ll also explore the common solutions, but the main message of the talk is that the mismatch between physical and logical identity is a recurring security problem that will not go away.

Biography

Tuomas Aura is a professor at the Department of Computer Science. Professor Aura’s research and teaching area is information security. His
Andrea Lodi
}

10:00 - 10:30

Safe Operation of Networked Control Systems with Deterministic Guarantees

Frank Allgöwer, University of Stuttgart (Germany)​

Abstract

Control loops within cyber-physical systems with information exchange over a shared communication medium are typically referred to as networked control systems. Analyzing and designing such systems is a challenging problem in the intersecting area of control and communication theory. Our approach aims at integrating implementable communication models to facilitate networked control with deterministic guarantees with the goal to achieve a safe operation of those cyber physical systems. The implementable communication models are inspired by existing concepts from communication theory.

The talk will be centered around a recently proposed time-slotted communication model consisting of infrequent statically reserved transmission slots. Accordingly, the talk considers the design of a stabilizing controller in a scenario where a certain amount of transmissions is deterministically guaranteed to be successful. This will be modeled by using the concept of weakly hard real-time constraints. We derive rigorous guarantees for stability and l2-performance of the networked control system.

Biography

Frank Allgöwer’s research focus lies in the development of new, high-performance methods of system and control theory and non-linear, networked, predictive and data-based control. Application areas include process control from the point of view of process engineering, mechatronics, biomedical technology and nanotechnology. Another research focus is in the area of systems biology.

Frank Allgöwer is director of the Institute for Systems Theory and Automatic Control at the University of Stuttgart. He is a member of selected academic and university bodies as well as national and international organizations, as well as being the publisher and co-publisher of a range of international journals. For example he has been Vice-President of the German Research Foundation (DFG) from 2012 to 2020, Vice-President of the IEEE Control Systems Society from 2013 to 2014 and Chairman of the VDI-GMA Division for Principles and Methods since 2000. He has received various awards, including the Gottfried Wilhelm Leibniz Prize of the German Research Foundation (DFG) in 2004, the Teaching Prize of the State of Baden-Württemberg (2007) and the IFAC Outstanding Service Award of the International Federation of Automatic Control in 2011.
2022, the German Research Foundation awarded Prof. Frank Allgöwer one of the rare Reinhart Koselleck grants. The goal of his project is to develop a new, unified control theory that combines data and models without the need for mathematical system models. This would be the basis for a completely new control theory that promises simpler and more cost-effective applications, for example in manufacturing, digitization or autonomous vehicles.

Andrea Lodi
}

10:30 - 11:00

Coffee

}

11:00 - 11:30

Exploring the Interplay of Adversary Models and Uncertainty in Security Games for Control Systems

André Teixeira​, Uppsala University (Sweden)

Abstract

Game theory and risk management are essential frameworks for addressing security challenges involving adversaries and defenders. Effective application of these frameworks in security requires the development of appropriate models for both players, as well as their respective pay-off functions and information structures.

In this talk, we delve into the nuanced relationship between adversary models and uncertainty in security games within the context of control systems. By conceptualizing security as a three-player game involving an adversary, a defender, and nature, we highlight the significance of treating uncertainty as a stochastic “Nature player.” We showcase how subtle variations in information structures between nature and the adversary can lead to vastly different evaluations of security risks.

Furthermore, we explore specific security metrics that consider both the impact and detectability of attacks, and we outline techniques for calculating the risks associated with stealthy attacks and for strategically deploying protection to safeguard the system. Our approach combines scenario-based methods with convex optimization to enhance security measures. Additionally, we demonstrate how uncertainty can impede adversaries and reduce security risks, drawing parallels with moving-target defense strategies.

Biography

Dr. André Teixeira is an Associate Professor at the Department of Information Technology, Uppsala University, Sweden, where he leads the Secure Learning and Control Lab. He received the M.Sc. degree in electrical and computer engineering from the Faculdade de Engenharia da Universidade do Porto, Porto, Portugal, in 2009, and the Ph. D. degree in automatic control from the KTH Royal Institute of Technology, Stockholm, Sweden, in 2014. From 2014 to 2015, he was a Postdoctoral Researcher at the Department of Automatic Control, KTH Royal Institute of Technology, Stockholm, Sweden. From October 2015 to August 2017, André was an Assistant Professor in Cybersecurity of Critical Infrastructures at the Faculty of Technology, Policy and Management, Delft University of Technology, The Netherlands. From September 2017 to April 2021, he was an Assistant Professor at the Department of Electrical Engineering at Uppsala University.

His research focuses on secure learning and control systems, particularly developing conceptual and modeling frameworks, methods, and tools for control engineers to analyze and design secure systems that safely interact with the physical world. His current research interests include security and privacy in intelligent control systems, distributed fault detection and isolation, distributed optimization, power systems, and networked dynamical systems. Dr. Teixeira was a recipient of the Best Student-Paper Award from the IEEE Multi-Conference on Systems and Control in 2014, and an Honorable Mention for the Paul M. Frank Award at the IFAC SAFEPROCESS 2018. He was awarded a Starting Grant by the Swedish Research Council in 2018, and he is among the 20 young researchers in Sweden who received the Future Research Leaders 7 grant from the Swedish Foundation for Strategic Research in 2020. He was awarded the Lilly and Sven Thuréus prize in 2023 by The Royal Society of Sciences at Uppsala. In 2023, he was appointed as a Wallenberg Academy Fellow by the Knut and Alice Wallenberg Foundation.

Andrea Lodi
}

11:30 - 12:00

Stealthy Attacks on Autonomous Systems

Sibin Mohan, The George Washington University (USA)

Abstract

Autonomous Systems (AVs) rely on the sensing and modeling of the real-world to carry out their missions. The perception models in AVs use the observations from these sensors to reason about the vehicle’s state and correct for deviations, even attacks. In practice, even the most meticulously designed control systems always operate under a certain amount of noise because of the unavoidable observational/measurement errors involved in both, sensor measurement and the modeling of complex vehicular dynamics.

All of this inherently creates a space that can be exploited by an adversary without risk of detection. In this talk, I will present new methods that can exploit this space, use a software-only attack. Our system, Requiem, presents a blackbox attack — i.e., there is no knowledge required about the internal details of the system — the only requirement is that the state estimation function be “learnable” from observation of the inputs and outputs. The final result of a Requiem-based attack causes a deviation in the physical system’s trajectory while the system itself believes that it is following the original mission parameters — an attack that is hard to detect or defend against.

Biography

Sibin Mohan is an Associate Professor in the Department of Computer Science at The George Washington University. He also holds an adjunct faculty appointment in the Dept. of Computer Science at the University of Illinois at Urbana-Champaign.

Sibin completed his Ph.D. and M.S. in Computer Science from North Carolina State University. His undergraduate degree was in Computer Science and Engineering from Bangalore University, India. In the past, he worked at HP. His research has won multiple best paper awards and he is the recipient of the NSF CAREER award.

Sibin’s research interests are in the area of systems, security, networking and autonomous systems. Sibin has pioneered research to improve the resiliency and security of real-time, cyber-physical and autonomous systems Current research efforts include resiliency and security for CPS, autonomous and IoT-style systems, secure cloud computing, resilient safety-critical systems using software defined networking (SDN), security for V2X systems and understanding the behavior of UAV swarms.

Andrea Lodi
}

12:00 - 12:30

Understanding Learning-based Attackers in Cyber-Physical Systems

Rijad Alisic, KTH Royal Institute of Technology (Sweden)

Abstract

In this talk, we will discuss the increasing threats of cyberattacks on Cyber-Physical Systems (CPS) and their potential to devastate our economy, security, and public health. These attacks exploit vulnerabilities in the cyber components of our critical infrastructures, such as sensors and computers, which oversee and control physical processes. Our focus will be on modeling attackers from a defender’s perspective. We propose a novel approach to frame a learning attacker, considering the capabilities it can acquire from the system-generated information, as opposed to a specific attacker with an a priori assumed objective. This approach unveils various aspects of an attacker’s learning process and is agnostic about its goals, providing valuable insights for risk analysis. Among these, the privacy of the system emerges as a crucial factor. We will present several findings on how our analysis can be used to comprehend an attacker’s strategies to bypass defensive schemes, such as homomorphic encryption. These insights will shed light on the attacker’s learning process and provide guidance on how to fortify our systems against such threats.

Biography

Rijad Alisic is a Ph.D. graduate in Electrical Engineering from KTH Royal Institute of Technology in Stockholm, where he works on privacy, security, forensics, and control of cyber-physical systems. He defended his Ph.D. thesis on the Defense of Cyber-Physical Systems Against Learning-based Attackers in November 2023. He also defended his Licentiate thesis on the Privacy of Sudden Events in Cyber-Physical Systems in 2021. In 2022, he was a visiting researcher at The University of Melbourne. He received his M.Sc. degree in Engineering Physics from Lund University in 2018, with a specialization in Automatic Control. His M.Sc. thesis was on control of the next-generation district heating systems. In 2017, he participated in the Summer Undergraduate Research Fellowship (SURF) program at California Institute of Technology in Pasadena.

Andrea Lodi
}

12:30 - 14:00

Lunch

}

14:00 - 15:00

Discussions

}

15:00 - 15:30

Closing remarks

Mikael Asplund, Linköping University