This project focuses on tackling the security and privacy of Cyber-Physical Systems (CPS) by integrating the theory and best practices from the information security community as well as practical approaches from the control theory community. The first part of the project focuses on security and protection of cyber-physical critical infrastructures such as the power grid, water distribution networks, and transportation networks against computer attacks in order to prevent disruptions that may cause loss of service, infrastructure damage or even loss of life. The second part of the project focuses on privacy of CPS and proposes new algorithms to deal with the unprecedented levels of data collection granularity of physical human activity. The work in these two parts focuses on the integration of practical control theory concepts into computer security solutions. In particular, in the last decade, the control theory community has proposed fundamental advances in CPS security; in parallel, the computer security community has also achieved significant advances in practical implementation aspects for CPS security and privacy. While both of these fields have made significant progress independently, there is still a large language and conceptual barrier between the two fields, and as a result, computer security experts have developed a parallel and independent research agenda from control theory researchers. In order to design future CPS security and privacy mechanisms, the two communities need to come closer together and leverage the insights that each has developed. This project attempts to facilitate the integration of these two communities by leveraging the physical properties of the system under control in two research problems: (1) Physics-based CPS security; and (2) Physics-based CPS privacy.

Physics-based CPS security leverages the time series from sensor and control signals to detect deviations from expected operation. This is a growing area of research in both security and control theory venues, although there are several open problems in this space. This proposal tackles some of these open problems including the definition of new evaluation metrics that capture the unique operational properties of control systems, the consistent evaluation of different proposals for models and anomaly detection tests, and the development of new industrial control protocol parsers. Physics-based CPS privacy focuses on how to guide the implementation of general privacy recommendations like the Fair Information Practice principles into cyber-physical systems, leveraging the fact that these physical systems often have an objective to achieve, and this objective depends on the data-handling policies of the operator. The project focuses on investigating the trade-off between privacy and control performance and developing tools to guide how data minimization, data delays, and data retention should be implemented.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Application #
1931573
Program Officer
Nina Amla
Project Start
Project End
Budget Start
2019-01-01
Budget End
2021-06-30
Support Year
Fiscal Year
2019
Total Cost
$453,326
Indirect Cost
Name
University of California Santa Cruz
Department
Type
DUNS #
City
Santa Cruz
State
CA
Country
United States
Zip Code
95064