Cyber Physical Systems Security at NSF

Transcription

1 Cyber Physical Systems Security at NSF David Corman CISE Directorate National Science Foundation Image Credit: Exploratorium.

2 National Science Foundation s mission To promote the progress of science; to advance the national health, prosperity, and welfare; to secure the national defense... Champions Research and Education Across All Fields of Science and Engineering

3 CPS Security Support across NSF CISE Core Programs Expeditions Cyber- Physical Systems (CPS) Secure and Trustworthy Computing (SaTC) Cyber-Physical Systems Smart Health & Wellbeing National Robotics Initiative (NRI) Smart and Connected Communities (SCC)

4 What are Cyber-Physical Systems Deeply integrating computation, communication, and control into physical systems Characteristics of CPS Pervasive computation, sensing and control Networked at multi- and extreme scales Dynamically reorganizing/reconfiguring High degrees of automation Dependable operation with potential requirements for high assurance of reliability, safety, security and usability With / without human in on-the-loop Conventional and unconventional substrates / platforms Ranges from the very small BioCPS (DNA and Micro-robots) to the large (Boeing 787 / Airbus 380 ) to the very large (city scale) Application Domains Transportation Faster and safer vehicles (airplanes, cars, etc) Improved use of airspace and roadways Energy efficiency Manned and un-manned Energy and Industrial Automation Homes and offices that are more energy efficient and cheaper to operate Distributed micro-generation for the grid Healthcare and Biomedical Increased use of effective in-home care More capable devices for diagnosis New internal and external prosthetics Critical Infrastructure More reliable power grid Highways that allow denser traffic with increased safety

5 NSF Cyber Physical Systems Research Model Abstract from sectors to more general principles and apply these to problems in new sectors Build a CPS community over 350+ current funded researchers Multiple agency participation (USDA, DHS, DoT, and NIH) Investment Over $300M in current awards 300+ awards Over $40M in each of FY14- FY17 Automotive Energy Aeronautics Control Autonomy Data Analytics Real-time Systems Security Smart & Connected Communities Manufacturing Safety CPS Core Medical Information Management IoT Verification Human in the Loop Privacy Materials Application Sectors Design Networking Agriculture Civil

6 Community Building - Cyber-Physical Systems Virtual Organization A source of virtually all information on CPS Agency Partners (Past / Present) National Science Foundation National Security Agency Department of Transportation / FHWA (past) DARPA META program Collaborative web-site building Membership and Group Management File sharing, Metadata search Technical Approach and Key Innovations Provides virtual organization technologies to facilitate electronic community building Connects researchers, students, educators and industry practitioners Presentations and video from past PI meetings and poster sessions Long-Term Research Vision --- Make the VO an action destination Design competitions including design of small UAV Integration with test beds Integrate research tools and artifacts for download Virtual Organization Content/Usage +140 special interest groups 14,000 web pages 21,000 versioned file artifacts uploaded 4,000 active users 2 terabytes of data served 6,000 community announcements posted On-Site Community Events Supported +80 CPS-related conferences, planning meetings, seminars, and workshops organized Annual CPS PI meetings, HCSS Conferences, Science of Security Conferences, SaTC

7 How Our can Goal: we How design, can build we design, and verify build reliable, and verify predictable, reliable, safe predictable, and secure safe cyber-physical and secure cyber-physical systems upon systems which people upon which people can - and can will - and - bet will their - bet lives? their lives?

8 Cyber-Physical Security Considerations Systems may be processor and network constrained Human operated no system admin Can the physical world be our friend? Systems not always connected Potentially enormous economic impact Law Enforcement Communications Control Systems Embedded Medical Devices Automobiles

9 Society s overwhelming reliance on this complex cyberspace has exposed its fragility and vulnerabilities A truly secure cyberspace must address both scientific and engineering problems and vulnerabilities that arise from human behaviors SaTC is NSF s flagship research program: Approaches security and privacy as a multidisciplinary subject Goal: Find fundamentally new ways to Design, build and operate cyber systems Protect existing infrastructure Motivate & educate individuals about cybersecurity 9

10 SaTC: Approximately 1000 active awards spread through 5 directorates on a broad range of topics access control authentication usability cloud cyber physical systems cryptography economics engineering Data Science forensics Formal Methods hardware security human aspects social networks mathematical sciences intrusion detection network security privacy internet of things social and behavioral sciences programming languages software security statistics system security biometrics

11 Example CPS (funded) Security Projects Award # Project Title Institution Breakthrough: CPS-Security: Towards provably correct distributed attackresilient control of unmanned-vehicleoperator networks Penn State , CPS: Synergy: Collaborative Research: Virginia Tech, Cyber-physical Approaches to Advanced Vanderbilt, VT-ARC Manufacturing Security CPS: Synergy: Information Flow Analysis Carnegie-Mellon for Cyber-Physical System Security University , , CPS: Medium: Quantitative Contract- Based Synthesis and Verification for CPS Security CPS: Synergy: Collaborative Research: Support for Security and Safety of Programmable IoT Systems CPS:Synergy:Security of Distributed Cyber-Physical Systems with Connected Vehicle Applications CPS: Medium: Collaborative Research: Security vs. Privacy in Cyber-Physical Systems CPS: Medium: Security Certification of Autonomous Cyber-Physical Systems Risk Modeling and Cyber Defense Exercise for Critical Infrastructures Security CPS: Synergy: High-Fidelity, Scalable, Open-Access Cyber Security Testbed for Accelerating Smart Grid Innovations and Deployments EAGER: Collaborative: Toward a Test Bed for Heavy Vehicle Cyber Security Experimentation CPS: Medium: Distorting the adversary's view: a CPS approach to privacy and security CPS: Medium: Collaborative Research: Security vs. Privacy in Cyber-Physical Systems CPS: Breakthrough: Collaborative Research: Securing Smart Grid by Understanding Communications Infrastructure Dependencies University of California- Berkeley University of Michigan, Univ Illinois Clemson University University of Maryland College Park University of Florida Iowa State University Iowa State University University of Tulsa, Colorado State University of California- Los Angeles University of Texas at Dallas Temple, Missouri S&T

12 CPS: Synergy: Collaborative Research: Cyber-Physical Approaches to Advanced Manufacturing Security # Award Date: 06/15/2015 Dr. Christopher B. Williams 1, Dr. Jamie Camelio 1, Dr. Jules White 2, Dr. Lee Wells 3 1 Virginia Tech, 2 Vanderbilt University, 3 Western Michigan University Challenge: Industry 4.0 is increasing attack space for manufacturing systems Product design, performance, and/or overall quality can be targeted with attack Traditional quality control not designed for attack detection Manufacturing Security Assessment Modeling Scientific Impact: Identification of cyber-physical vulnerabilities in manufacturing Modeling tool to inform decision making for interconnected MFG Novel side-channel detection in machining and AM Solution: Develop taxonomy of attacks to understand problem Build modeling tools to perform vulnerability assessment for manufacturing systems Creation of process monitoring techniques for attack detection # , Virginia Tech, Vanderbilt University, Western Michigan University cbwill@vt.edu Partin CNC G-code h CNCsetup CNCout Partout Attack Detection Normal Attack 1 Attack 2 Cyber + Physical Broader Impact: Development of industrial standards incorporating CPS Cyber-Physical Security for Aerospace Manufacturing Workshop on next-generation cyber-physical security defense and quality control considerations Dissemination of CPS for manufacturing to various industry OEMs

13 Security and Privacy-Aware Cyber Physical Systems NSF / Intel CPS Security Solicitation Lead PI: Miroslav Pajic Investigating CPS Security in ground vehicle domain with applications spanning other spaces Platform-Aware Design Framework for Attack-Resilient CPS Security-Aware Scheduling in CPS Co-design reduces security-related overhead Control-level techniques Attack detection and identification using redundant sensing and model of the system s dynamics Attack-resilient control architectures Code-level techniques Ensure that the control code is correctly implemented and integrated Preventing malicious code injection into the controller Goal: Ensure that the system maintains a degree of control even when the system is under cyber and/or physical attack Trajectory tracking with <15% of authenticated messages Pajic, Security-Aware Scheduling of Embedded Control at EMSOFT Pajic, Network Scheduling for Secure Cyber-Physical NSF #

14 STARSS: Small: Collaborative: Specification and Verification for Secure Hardware Challenge: Processors and SoCs increasingly built from untrusted components Systems software can be compromised growing need for trusted hardware platforms Solution: Security-aware hardware/ software verification Analysis and inference of specifications of hardware components and software-hardware interfaces Key innovation this year: Techniques for verifying software running on trusted hardware (e.g. Intel SGX) STARSS Awards , S. A. Seshia (UC Berkeley), R. E. Bryant (CMU). Scientific Impact: Developing a foundation for formal and semiformal specification and verification of secure hardware and softwarehardware platforms Developing theories, threat models, tools, and benchmarks for securityaware hardware design Broader Impact: Significantly improve security and privacy guarantees by enhancing trust in platforms Develop modules to teach students to design systems with formal security mindset

15 Active SaTC Frontier Projects data privacy Privacy Tools for Sharing Research Data (2012); Harvard University $4.8M for 4 years healthcare Enabling Trustworthy Cybersystems for Health and Wellness (2013) Dartmouth, UIUC, JHU, Michigan $10M for 5 years outsourced computation Modular Approach to Cloud Security (2014) BU, MIT, Northeastern, U. Connecticut $10M for 5 years trust in cloud Rethinking Security in the Era of Cloud Computing (2013) ; UNC, NCSU, Stony Brook, Duke, Wisconsin-Madison $6M for 5 years socio-economics Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives (2012); UCSD, Berkeley, GMU $10M for 5 years web privacy Towards Effective Web Privacy Notice and Choice (2013) CMU, Fordham, Stanford $3.75M for 4 years program obfuscation Center for Encrypted Functionalities (2014) UCLA, Stanford, Columbia, UT Austin, JHU $4.9M for 5 years machine learning Center for Trustworthy Machine Learning (2018) Penn State, Stanford, Berkeley, UCSD, Wisconsin- Madison, U. Virginia $10M for 5 years 15

16 Final Thoughts Multiple Venues for CPS Research CPS Program Solicitation being updated see NSF for previous year details Check cps-vo.org for lots of program info SaTC Program See NSF for current solicitation Broader than CPS security No deadlines Smart and Connected Community Solicitation being updated see NSF for previous year details Includes security and privacy within the context of SCC requires significant community engagement Check nsf.gov/cise/scc for program info We look forward to your interest in these and other NSF programs