Skip to main content

Research areas

CERCES is organized into four reasearch areas: Embedded Software Platforms, Wireless Communication, Communication and Computation Infrastructures and Resilient Control of Cyber-Physical Systems. Read about them below.

The domains of the four research areas of CERCES (A1-A4) illustrated in a Smart Grid.

A1: Embedded Software Platforms 

Leader: Mads Dam

The first activity concerns the construction of embedded execution platforms for future field devices including PLCs, RTUs, and communication infrastructure equipment such as routers, data diodes, and wireless devices that can meet the very high requirements on security and fault tolerance demanded of future critical infrastructure applications. Virtualization is broadly recognized as a key tool to enable this, since it can be instrumented to provide the required platform integrity and confidentiality properties for highly demanding application domains such as SCADA systems. Moreover, this can be achieved at very high levels of trustworthiness, as we are currently demonstrating in other application areas. Virtualization can be used, even while running unsecure application stacks, to ensure a wealth of desirable properties such as:

  • Memory isolation: Provably preventing one application from accessing another application’s working memory.
  • Complete mediation: Provably ensuring that all security relevant events of a certain type are checked and processed by a security monitor.
  • Code integrity: Provably guaranteeing that only properly authorized code is allowed to execute on a given virtualized processing platform.

By itself, however, virtualization is far from sufficient, and more work is needed to demonstrate the capabilities of virtualization-based solutions in the area of critical infrastructure. Indeed, for very small processing platforms that lack hardware support for e.g. memory protection, virtualization by itself may be too computationally heavy, and in that case other techniques such as software fault isolation (SFI) may be more appropriate.

The aim of this activity is to explore how virtualization-based techniques can be used to meet the demands of current and future SCADA/critical infrastructure platforms, regarding security, trustworthiness, and dependability. These are the primary concerns. Secondary concerns, but equally important for industry acceptance, is to meet requirements concerning functionality, real time performance, and cost, and to transfer outputs of the project in terms of know-how, designs, requirements, and code to industry and society.

Recent related publications

[1]
C. Baumann et al., "On Compositional Information Flow Aware Refinement," in 2021 IEEE 34Th Computer Security Foundations Symposium (CSF 2021), 2021, pp. 17-32.
[2]
N. Dong, R. Guanciale and M. Dam, "Refinement-Based Verification of Device-to-Device Information Flow," in Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021, 2021.
[3]
D. Lundberg et al., "Hoare-Style Logic for Unstructured Programs," in Software Engineering and Formal Methods, 2020, pp. 193-213.
[4]
R. Guanciale, M. Balliu and M. Dam, "InSpectre : Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis," in CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications, 2020.
[5]
C. Baumann, O. Schwarz and M. Dam, "On the verification of system-level information flow properties for virtualized execution platforms," Journal of Cryptographic Engineering, vol. 9, no. 3, pp. 243-261, 2019.
[6]
H. Nemati et al., "Formal verification of integrity-Preserving countermeasures against cache storage side-channels," in 7th International Conference on Principles of Security and Trust, POST 2018 Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, 2018, pp. 109-133.
[7]
C. Baumann, O. Schwarz and M. Dam, "Compositional Verification of Security Properties for Embedded Execution Platforms," in PROOFS 2017 : 6th International Workshop on Security Proofs for Embedded Systems, 2017, pp. 1-16.
[8]
O. Schwarz and M. Dam, "Automatic Derivation of Platform Noninterference Properties," in Software Engineering and Formal Methods, Springer LNCS 9763, 2016, pp. 27-44.
[9]
R. Guanciale et al., "Cache Storage Channels : Alias-Driven Attacks and Verified Countermeasures," in Proceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016, 2016, pp. 38-55.
[10]
R. Guanciale et al., "Provably secure memory isolation for Linux on ARM," Journal of Computer Security, vol. 24, no. 6, pp. 793-837, 2016.

A2: Wireless Communication

Leader: Ragnar Thobaben

In this activity, we address the wireless security issues in critical infrastructures. We will adopt concepts from physical-layer and information-theoretic security and develop new secure wireless communication algorithms, protocols, and concepts. Even though the general concepts studied in this project are applicable to wide range of application scenarios, we will focus our studies to the demands of wireless SCADA system infrastructures. The performance of selected algorithms and concepts should be evaluated with the help of wireless testbed activities.

The purpose of this activity is to demonstrate that physical-layer security techniques are a powerful means to complement conventional security features of wireless SCADA system infrastructures in order to improve the resilience against attacks in the wireless domain (e.g., eavesdropping, jamming, impersonation), to reduce the security overhead resulting from heavy-weight encryption, and to improve the overall security performance. To reach this goal, we will focus on three aspects of physical-layer security: physical-layer authentication, wireless secret key generation and distribution, and jamming resilient wireless infrastructures.

Recent related publications

[1]
K. H. Forssell, R. Thobaben and J. Gross, "Performance Analysis of Distributed SIMO Physical Layer Authentication," in ICC 2019 - 2019 IEEE International Conference on Communications (ICC), 2019.
[2]
H. Forssell et al., "Physical Layer Authentication in Mission-Critical MTC Networks : A Security and Delay Performance Analysis," IEEE Journal on Selected Areas in Communications, vol. 37, no. 4, pp. 795-808, 2019.
[3]
H. Forssell et al., "On the Impact of Feature-Based Physical Layer Authentication on Network Delay Performance," in Globecom 2017 - 2017 IEEE Global Communications Conference, 2017.
[4]
H. Forssell et al., "Feature-Based Multi-User Authentication for Parallel Uplink Transmissions," in 2016 9TH INTERNATIONAL SYMPOSIUM ON TURBO CODES AND ITERATIVE INFORMATION PROCESSING (ISTC), 2016, pp. 355-359.
[5]

A3: Communication and Computation Infrastructures

Leader: György Dán

The purpose of this thrust of work is to develop secure and resilient algorithms and protocols for SCADA communication and computation in shared environments. The algorithms and protocols will leverage knowledge of the physical processes monitored and controlled, and the computations to be executed in order to achieve the best trade-off between performance, cost and security. We will focus on three areas: secure communication protocols emerging SCADA application scenarios, (ii) resilience to denial of service attacks, and (iii) we secure computation on untrusted computing platforms.

Recent related publications

[1]
Z. Li, G. Dán and D. Liu, "A Game Theoretic Analysis of LQG Control under Adversarial Attack," in 2020 59th IEEE Conference on Decision and Control (CDC), 2020, pp. 1632-1639.
[2]
S. Saritas et al., "Adversarial Attacks on Continuous Authentication Security: A Dynamic Game Approach," in 10th International Conference, GameSec 2019, Stockholm, Sweden, October 30 – November 1, 2019, Proceedings, 2019, pp. 439-458.
[3]
E. Shereen et al., "Next Steps in Security for Time Synchronization: Experiences from implementing IEEE 1588 v2.1," in Proceedings of 2019 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication, ISPCS, 2019.
[4]
P. Zhao and G. Dán, "Scheduling Parallel Migration of Virtualized Services under Time Constraints in Mobile Edge Clouds," in Proceedings of the 31st International Teletraffic Congress, ITC 2019, 2019, pp. 28-36.
[5]
P. Zhao and G. Dán, "A Benders Decomposition Approach for Resilient Placement of Virtual Process Control Functions in Mobile Edge Clouds," IEEE Transactions on Network and Service Management, vol. 15, no. 4, pp. 1460-1472, 2018.
[6]
E. Shereen and G. Dán, "Correlation-based Detection of PMU Time Synchronization Attacks," in 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2018, 2018.
[7]
P. Zhao and G. Dán, "Time Constrained Service-aware Migration of Virtualized Services for Mobile Edge Computing," in Proceedings of the 30th International Teletraffic Congress, ITC 2018, 2018, pp. 64-72.
[8]
S. Barreto et al., "Undetectable PMU Timing-Attack on Linear State-Estimation by UsingRank-1 Approximation," IEEE Transactions on Smart Grid, vol. 9, no. 4, pp. 3530-3542, 2018.
[9]
S. Barreto et al., "A Continuum of Undetectable Timing-Attacks on PMU-based Linear State-Estimation," in 2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017, 2017, pp. 473-479.
[10]
H. Li, G. Dán and K. Nahrstedt, "Portunes plus : Privacy-Preserving Fast Authentication for Dynamic Electric Vehicle Charging," IEEE Transactions on Smart Grid, vol. 8, no. 5, pp. 2305-2313, 2017.

A4: Resilient Control of Cyber-Physical Systems

Leader: Henrik Sandberg

In this activity, we address resilient control issues in critical infrastructures. We will adopt concepts and methods for cyber-physical systems in the study of reliability, safety, and security of critical infrastructures. For the analysis of the cyber components, this activity will heavily rely on and interact with the CERCES activities on embedded devices, wireless devices, and communication infrastructures. However, this activity has a strong focus of the physical aspect of the critical infrastructures, and will therefore take a more holistic view. Based on the vulnerability assessments and impact analysis made, we will develop detection and control algorithms that will improve the resilience of the infrastructure. The performance of selected algorithms and concepts should be evaluated with the help of the CERCES testbed. 

The main goal of this activity is to develop control and monitoring algorithms to ensure resilient operation of critical infrastructures, such as smart grids and traffic systems. To achieve these goals, we will first develop modeling tools that are able to capture the essential behavior of both the cyber and physical components. Based on these, we will be able to perform a holistic vulnerability and impact analysis that serve to identify critical areas in the infrastructure. We can then design application-layer intrusion detection systems that can be incorporated in novel resilient control architectures that are able to encapsulate and attenuate malicious actions.

Recent related publications

[1]
J. Milosevic, H. Sandberg and K. H. Johansson, "A Security Index for Actuators Based on Perfect Undetectability : Properties and Approximation," in 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018, 2019, pp. 235-241.
[2]
M. Chong, H. Sandberg and A. M. H. Teixeira, "A Tutorial Introduction to Security and Privacy for Cyber-Physical Systems," in Proceedings 2019 18th European Control Conference (ECC), 2019, pp. 968-978.
[3]
S. Saritas et al., "Adversarial Attacks on Continuous Authentication Security: A Dynamic Game Approach," in 10th International Conference, GameSec 2019, Stockholm, Sweden, October 30 – November 1, 2019, Proceedings, 2019, pp. 439-458.
[4]
F. Farokhi and H. Sandberg, "Ensuring privacy with constrained additive noise by minimizing Fisher information," Automatica, vol. 99, pp. 275-288, 2019.
[5]
D. Umsonst et al., "On the confidentiality of linear anomaly detector states," in Proceedings of the American Control Conference, 2019, pp. 397-403.
[6]
S. Fang et al., "Two-Way Coding in Control Systems Under Injection Attacks : From Attack Detection to Attack Correction," in ICCPS '19 : PROCEEDINGS OF THE 2019 10TH ACM/IEEE INTERNATIONAL CONFERENCE ON CYBER-PHYSICAL SYSTEMS, 2019, pp. 141-150.
[7]
D. Umsonst and H. Sandberg, "A game-theoretic approach for choosing a detector tuning under stealthy sensor data attacks," in 2018 IEEE CONFERENCE ON DECISION AND CONTROL (CDC), 2018, pp. 5975-5981.
[8]
M. I. Müller et al., "A Risk-Theoretical Approach to H2-Optimal Control under Covert Attacks," in 57th IEEE Conference on Decision and Control, 2018, pp. 4553-4558.
[9]
J. Giraldo et al., "A Survey of Physics-Based Attack Detection in Cyber-Physical Systems," ACM Computing Surveys, vol. 51, no. 4, 2018.
[10]
L. Lindemann and H. Sandberg, "Anomaly Detector Metrics for Sensor Data Attacks in Control Systems," in 2018 Annual American Control Conference (ACC), 2018, pp. 153-158.
Page responsible:Web editors at EECS
Belongs to: Decision and Control Systems
Last changed: May 10, 2021