Introduction to Special Issue on Security and Privacy in Safety-Critical Cyber-Physical Systems – Part 3

Cyber Physical Systems (CPSs) are systems that are developed by seamlessly integrating computational algorithms and physical components, and they are a result of the technological advancement in the embedded systems and distributed systems domains, as well as the availability of sophisticated networking technology. Many industrial CPSs are subject to timing predictability, security and functional safety requirements, due to which the developers of these systems are required to verify these requirements during the their development. This position paper starts by exploring the state of the art with respect to developing timing predictable and secure embedded systems. Thereafter, the paper extends the discussion to time-critical and secure CPSs and highlights the key issues that are faced when verifying the timing predictability requirements during the development of these systems. In this context, the paper takes the position to advocate paramount importance of security as a prerequisite for timing predictability, as well as both security and timing predictability as prerequisites for functional safety. Moreover, the paper identifies the gaps in the existing frameworks and techniques for the development of time- and safety-critical CPSs and describes our viewpoint on ensuring timing predictability and security in these systems. Finally, the paper emphasises the opportunities that artificial intelligence can provide in the development of these systems.

Introduction to Special Issue on Security and Privacy in Safety-Critical Cyber-Physical Systems – Part 2

Safety-Critical Cyber-Physical System (SCCPS) refers to the system that if the system fails or its key functions fail, it will cause casualties, property damage, environmental damage, and other catastrophic consequences. Therefore, it is vital to verify the safety of safety critical systems. In the community, the SCCPS safety verification mainly relies on the statistical model checking methodology, but for SCCPS with extremely high safety requirements, the statistical model checking method is difficult/infeasible to sample the extremely small probability event since the probability of the system violating the safety is very low (rare property). In response to this problem, we propose a new method of statistical model checking for high-safety SCCPS. Firstly, with the CTMC-approximated SCCPS path probability space model, it leverages the maximum likelihood estimation method to learn the parameters of CTMC. Then, the embedded DTMC can be derived from CTMC, and a cross-entropy optimization model based on DTMC can be constructed. Finally, we propose an algorithm of iteratively learning the optimal importance sampling distribution on the discrete path space and an algorithm to check the statistical model of verifying the rare attribute. Eventually, experimental results show that the method proposed in this paper can effectively verify the rare attributes of SCCPS. Under the same sample size, comparing with the heuristic importance sampling methods, the estimated value of this method can be better distributed around the mean value, and the related standard deviation and relative error are reduced by more than an order of magnitude.

One of the key requirements for designing safety critical cyber physical systems (CPS) is to ensure resiliency. Typically, the cyber sub-system in a CPS is empowered with protection devices that quickly detect and isolate faulty components to avoid failures. However, these protection devices can have internal faults that can cause cascading failures, leading to system collapse. Thus, to guarantee the resiliency of the system, it is necessary to identify the root cause(s) of a given system disturbance to take appropriate control actions. Correct failure diagnosis in such systems depends upon an integrated fault model of the system that captures the effect of faults in CPS as well as nominal and faulty operation of protection devices, sensors, and actuators.

No abstract available.

Purpose: This paper proposes a Secure Unified Data Model (UDM) Approach that enhances data security, trust, and reliability in Cyber-Physical Systems (CPS) by addressing data security risks such as breaches and unauthorized access. Methodology: The methodology involved several steps. Reviewing existing literature to understand the current state of data modeling in Cyber-Physical Systems (CPS) and identify potential vulnerabilities. Supported by threat modeling and risk assessment frameworks, it analyzed data security risks for the Unified Data Model (UDM) in CPS. The focus was on protecting the UDM through strong encryption, access controls, security training, and regular assessments, safeguarding data at rest and in transit. Findings: The findings show that a Secure Unified Data Model (UDM) approach improves data security in Cyber-Physical Systems (CPS) by strengthening access controls, encryption, and anomaly detection, thereby increasing CPS resilience against cyber threats. This promotes adoption in healthcare, smart cities, and governance. The secure UDM in CPS lowers breach risks, protects vendors and organizations, and offers scalable solutions that enhance productivity and reduce analytics costs. It supports safe data visualization, Business Intelligence (BI), and Artificial Intelligence (AI) tools, with potential applications in law enforcement for secure information sharing. The Secure UDM boosts trust, reliability, and compliance with data protection laws, encouraging adoption and innovation in critical sectors. Unique Contribution to Theory, Practice and Policy: involves developing a conceptual Secure UDM framework that combines access controls, encryption, and anomaly detection for CPS. It also enhances understanding of UDM security in CPS contexts. Practically, this study provides actionable strategies for implementing secure UDMs across sectors such as healthcare, smart cities, and governance, thereby improving data security and trust in CPS through practical mitigation measures. Policy-wise, the study informs data protection regulations and standards for CPS and UDMs and encourages the adoption of secure UDM practices in critical sectors.

Purpose: This paper proposes a Secure Unified Data Model (UDM) Approach that enhances data security, trust, and reliability in Cyber-Physical Systems (CPS) by addressing data security risks such as breaches and unauthorized access. Methodology: The methodology involved several steps. Reviewing existing literature to understand the current state of data modeling in Cyber-Physical Systems (CPS) and identify potential vulnerabilities. Supported by threat modeling and risk assessment frameworks, it analyzed data security risks for the Unified Data Model (UDM) in CPS. The focus was on protecting the UDM through strong encryption, access controls, security training, and regular assessments, safeguarding data at rest and in transit. Findings: The findings show that a Secure Unified Data Model (UDM) approach improves data security in Cyber-Physical Systems (CPS) by strengthening access controls, encryption, and anomaly detection, thereby increasing CPS resilience against cyber threats. This promotes adoption in healthcare, smart cities, and governance. The secure UDM in CPS lowers breach risks, protects vendors and organizations, and offers scalable solutions that enhance productivity and reduce analytics costs. It supports safe data visualization, Business Intelligence (BI), and Artificial Intelligence (AI) tools, with potential applications in law enforcement for secure information sharing. The Secure UDM boosts trust, reliability, and compliance with data protection laws, encouraging adoption and innovation in critical sectors. Unique Contribution to Theory, Practice and Policy: involves developing a conceptual Secure UDM framework that combines access controls, encryption, and anomaly detection for CPS. It also enhances understanding of UDM security in CPS contexts. Practically, this study provides actionable strategies for implementing secure UDMs across sectors such as healthcare, smart cities, and governance, thereby improving data security and trust in CPS through practical mitigation measures. Policy-wise, the study informs data protection regulations and standards for CPS and UDMs and encourages the adoption of secure UDM practices in critical sectors.

Quantum key distribution (QKD), a cryptographic method grounded in the laws of quantum mechanics rather than computational hardness, promises provably secure communications. Its integration into critical infrastructure offers a pathway to secure resilient operation of next-generation control systems, from power-intensive data centers to remotely operated microreactors located in energy-deprived remote communities. While QKD has been demonstrated in laboratory and network settings, its use in safety-critical control systems remains unexplored where requirements on latency, key availability, and operational stability pose unique challenges. Here, we introduce a QKD-secured data acquisition and control framework for embedding quantum cybersecurity directly into safety-critical cyber-physical systems and report the first end-to-end experimental demonstration in a nuclear reactor. The framework establishes the conditions necessary to achieve secure, low-latency, real-time operation in safety-critical environments. Using a phase-encoding decoy-state BB84 system deployed on Purdue's 10 kWth fully digital research reactor (PUR-1) we validate the model and achieve real-time encryption and decryption of 2,000 reactor signals. Experiments demonstrated a stable secret-key rate of 320 kbps with a quantum bit error rate of 3.8% at 54km, and maximum optical-fiber distances of 82km with One-Time Pad (OTP) encryption and 140km with AES-256. We further evaluated compliance with latency and key availability conditions using three cryptographic schemes (OTP, AES-256, ASCON), finding that all variants supported real-time operation at typical data reporting rates. Our results establish a universal framework for quantum-cybersecurity in safety-critical systems, demonstrating that quantum communication technologies can enable secure, low-latency, real-time operation of nuclear reactors and other critical infrastructure.

Protecting safety-critical Cyber-Physical Systems (CPS) against security threats is becoming a growing necessity. Due to the high level of network integration, CPS pose new targets to remote code-reuse attacks, such as Return-Oriented Programming (ROP). An effective mechanism to detect code-reuse attacks is Control-Flow Integrity (CFI). However, because of the intrusiveness of most current CFI solutions, i.e., their requirement for program instrumentation and run-time interference, we cannot directly apply them to safety-critical CPS. To the best of our knowledge, there is no CFI solution designed for CPS; and more specifically, we are not aware of any solution that fully monitors the forward-edges and backward-edges of an application’s control-flow, while providing independence and freedom from interference guarantees. Hence, for the first time, we propose a safety certifiable, separation kernel-based partitioning architecture to integrate CFI monitoring in a safety-critical system to protect applications with real-time constraints. Our solution leverages ARM CoreSight to transparently enforce both forward-edge and backward-edge CFI for an application at run-time. Despite imposing a significant overhead on the overall system, our approach reliably protects the control-flow of the monitored application, while guaranteeing its real-time constraints. We evaluate our solution by analyzing its timing impact and discussing the resulting considerations for the integration and practical deployment in a safety-critical CPS.

Cyber Physical Systems (CPS) security testbeds serve as a platform for evaluating and validating novel CPS security tools and technologies, accelerating the transition of state-of-the-art research to industrial practice. The engineering of CPS security testbeds requires significant investments in money, time and modeling efforts to provide a scalable, high-fidelity, real-time attack-defense platform. Therefore, there is a strong need in academia and industry to create remotely accessible testbeds that support a range of use-cases pertaining to CPS security of the grid, including vulnerability assessments, impact analysis, product testing, attack-defense exercises, and operator training. This paper describes the implementation architecture, and capabilities of a remote access and experimental orchestration framework developed for the PowerCyber CPS security testbed at Iowa State University (ISU). The paper then describes several engineering challenges in the development of such remotely accessible testbeds for Smart Grid CPS security experimentation. Finally, the paper provides a brief case study with some screenshots showing a particular use case scenario on the remote access framework.

Safety critical Industrial Cyber Physical Systems (CPS) have stringent safety and security requirements and need assurance of deterministic behavior during system operation. In many safety critical application domains, runtime monitors (or runtime verification) are used to enforce operational safety and security. One of the challenges in runtime verification is to identify the critical safety properties that we want to monitor at runtime. In this paper, we explore how structural verification activities in a Model Based Design and Engineering (MBDE) context help formulate more effective monitoring specifications to cover vulnerable areas in a system. We assert that leveraging synergy between design and runtime verification produces more informed runtime safety monitors. This approach of integrating design assurance and runtime safety and security is an important aspect of the dependable DevOps continuum process. To demonstrate this, we perform verification of an Emergency Diesel Generator Startup Sequencer (EDGSS) implemented on an FPGA overlay architecture using model-based verification techniques. We present our key findings on synergy between runtime verification and design processes to support a more inclusive safety case.

The rapid development of advanced information technologies, for example, the Internet of Things and Big Data techniques, has made the energy internet achieve a deep integration of physical systems and cyber systems and realize an effective combination of energy flow and information flow among various networks. However, with increasing automation of the energy internet, the scale of physical networks, the size of cyber networks and the numbers of smart sensors and decision-making units have greatly increased, resulting in complex external or internal factors directly or indirectly impacting the control and decisions of networks through various approaches. The interaction mechanisms between cyber networks and physical networks are becoming increasingly complex in the energy internet, resulting in the security and reliability analysis of cyber-physical systems becoming more complicated. In this chapter, the security of components in cyber-physical systems is first introduced. Multiple uncertainties in cyber-physical system operation are also developed, including different types of cyber attacks and corresponding mitigation strategies as well as the volatility of energy sources and stochastic energy consumption. Moreover, the correlation and cascading failures in cyber-physical systems are analysed to demonstrate the coupling between cyber systems and physical systems. Furthermore, challenges in the security of cyber-physical systems are provided. This chapter mainly analyses cyber-physical system security in the energy internet considering various uncertainties, which can provide technical support for the planning and operation of the energy internet.

This paper introduces aspect-oriented modeling (AOM) as a powerful, model-based design technique to assess the security of Cyber-Physical Systems (CPS). Particularly in safety-critical CPS such as automotive control systems, the protection against malicious design and interaction faults is paramount to guaranteeing correctness and reliable operation. Essentially, attack models are associated with the CPS in an aspect-oriented manner to evaluate the system under attack. This modeling technique requires minimal changes to the model of the CPS. Using application-specific metrics, the designer can gain insights into the behavior of the CPS under attack.

Today, cyber physical systems (CPS) are becoming popular in power networks, healthcare devices, transportation networks, industrial process and infrastructures. As cyber physical systems are used more and more extensively and thoroughly, security of cyber physical systems has become the utmost important concern in system design, implementation and research. Many kinds of attacks arise (e.g. the Stuxnet worm), causing heavy losses and serious potential security risks. For the past few years, researchers are focusing their researches on different aspects of security of cyber physical systems. In this paper, we propose a security framework assuring the security of cyber physical systems and analyze main universities and institutes studying CPS security and their relations in three levels: CPS security objectives, CPS security approaches and security in specific CPS applications. Finally, a conclusion of this article is given.

Security and Privacy Aspects in Cyber Physical Systems