Design of Secure and Safe Cyber-Physical Systems

Thumbnail Image



Journal Title

Journal ISSN

Volume Title

Repository Usage Stats



Today’s safety-critical Cyber-Physical Systems (CPS) are networked with distributed sensing, control, and actuation components, and external network connectivity to accomplish high performance and utility requirements. Intelligent CPS devices are revolutionizing many application domains including vehicular and industrial systems; yet, while their vulnerabilities lead to high-profile incidents, their security has commonly been an afterthought. Standard defense mechanisms relying on crypto-techniques incur high computation/bandwidth overheads, precluding deployment on resource-constrained platforms. In this dissertation, we introduce design-time methodologies for integrating security in such CPS by exploiting physics of controlled systems to relax stringent security requirements conflicting with resource availability. To provide guarantees for control quality despite attacks, we perform security-aware deadline-driven real-time scheduling of authentication services on processors (where computation time is the bottleneck), the shared network (where bandwidth is limited), and in an end-to-end fashion (where both computation time and bandwidth are constrained).

Another challenge, achieving CPS modularity, may be addressed with distribution of control functionalities. Since challenges in control distribution are domain-specific, we focus on cyber-manufacturing, enabling higher autonomy and reconfigurability levels of manufacturing resources. We develop a method for distribution of event-driven sequential control, starting from an existing centralized design, and formally mapping it to distributed controllers guaranteeing correctness. To ensure reliable and resilient operation in the presence of communication faults and attacks, we incorporate stochastic channel and non-deterministic attack models to verify system-level safety and liveness properties of the distributed system. If properties are violated, we improve code generation for the target platforms to include patches necessary to satisfy properties. Additionally, we consider distribution of Computerized Numerical Control (CNC); we propose an architecture where functionalities of a centralized controller are mapped to a high-level planner, and low-level controllers that accompany manufacturing resources (i.e., axes). We show that maintaining sufficient synchronization among controllers guarantees insignificant accuracy loss due to motion control distribution. We define requirements for cyber-physical synchronization critical for implementing distributed CNC due to clock skews in distributed systems, and provide design-time tradeoffs by investigating real-time/bandwidth requirements for different distributed architectures.

While the presented methods are applicable in other domains, validation is based on multiple vehicular and industrial systems.





Lesi, Vuk (2019). Design of Secure and Safe Cyber-Physical Systems. Dissertation, Duke University. Retrieved from


Dukes student scholarship is made available to the public using a Creative Commons Attribution / Non-commercial / No derivative (CC-BY-NC-ND) license.