Run-Time Security Assurance of Cyber Physical System Applications

We introduce a design methodology to assure run-time security of cyber physical system (CPS) applications. The methodology has two independent, but complementary, components that employ novel approaches to design run-time monitors that detect both computational and false data cyber-attacks to assure security of CPS at run-time. Based on the executable specification of a CPS application, the first component protects CPS computations through comparison of the application execution and the application-specification execution in real-time. The second component assures safety and integrity of CPS data through vulnerability analysis of the application specification for false data injection attacks based on non-linear verification techniques. We demonstrate our approach through its application to a typical CPS example application; we demonstrate that run-time monitors employing verification techniques are effective, efficient, and readily applicable to demanding real-time critical systems.