Skip to main content
Till KTH:s startsida Till KTH:s startsida



I am currently involved in CERCES project, which is focused on cyber-security of Industrial Control Systems (ICS). These systems operate important physical processes such as power production, transportation, and oil refining. Hence, if successful, cyber-attacks against these systems can have serious consequences for our society. 

My research is focused on building mathematical models that can be used for analyzing vulnerability of ICS, and protecting these systems in a cost efficient way. More detailed description of the projects I am currently working on can be found bellow.



In this line of work, we use a physical model of an ICS to estimate impact of cyber-attacks. Particularly, we are interested to determine if the attacker that exploits a security vulnerability and gains control over a group of sensors and actuators can conduct an attack with the high impact. Motivating application behind studying this problem is risk assessment, where we use attack impact and some other factors to find the most dangerous security vulnerabilities within the system.


[1] J. Milošević, H. Sandberg, and K. H. Johansson, ”Estimating the Impact of Cyber-Attack Strategies for Stochastic Control Systems,” IEEE Transactions on Control of Network Systems. To appear.

[2] J. Milošević, D. Umsonst, H. Sandberg, and K. H. Johansson, ”Quantifying the impact of cyber-attack strategies for control systems equipped with an anomaly detector,” in Proceedings of the European Control Conference (ECC), 2018.

[3] J. Milošević, T. Tanaka, H. Sandberg, and K. H. Johansson, ”Analysis and mitigation of bias injection attacks against Kalman filter,” in Proceedings of the 20th IFAC World Congress, 2017.



It is known that many security vulnerabilities can be found in ICSs. Moreover, deployment of security measures in ICSs can be complicated and costly. Thus, it is expected that we would not be able to deploy security measures to prevent all the security vulnerabilities. Therefore, we should first prioritize among security vulnerabilities to find the most dangerous ones. Once these are selected, we can focus our security budget to prevent them.However, the problem arises once the number of security measures and vulnerabilities is large. Firstly, finding the critical vulnerabilities is problematic. Secondly, even if we find the critical vulnerabilities, the security measure allocation is difficult to solve. In our work, we propose a possible way to overcome these difficulties.


[1] J. Milošević, A. Teixeira, T. Tanaka, H. Sandberg, and K. H. Johansson, ”Security measure allocation for industrial control systems: exploiting systematic search techniques and submodularity,” International Journal of Robust and Nonlinear Control. To appear.

[2] J. Milošević, T. Tanaka, H. Sandberg, and K. H. Johansson, ”Exploiting submodularity in security measure allocation for industrial control systems,” in Proceedings of the 1st ACM Workshop on the Internet of Safe Things (SafeThings’17), 2017.



Actuators are crucial for establishing control over a large scale systems such as power grids. So far, considerable effort has been dedicated to the problem of placing minimal number of actuators such as to achieve cost efficient control over a network. However, are these cost efficient placements also secure? In this line of work, we propose a security index that can help a control system operator to characterize how vulnerable actuators are. More precisely, the security index of actuator i represents the minimal number of sensors and actuators that needs to be compromised in addition to i, such that a stealthy attack can be conducted.

Although the security index can be a useful tool for finding the most vulnerable actuators in the network, the difficulties with the index arise once the system is of large scale: the index is in general NP hard to calculate, and may be sensitive to system variations. To overcome these difficulties, we use structural models of the networks, and introduce the structural security index based on them. The structural security index can be calculated in polynomial time and proves to be more robust in respect to system variations.


[1] J. Milošević, A. Teixeira, K. H. Johansson, and H. Sandberg, ”Actuator Security Indices Based on Perfect Undetectability: Computation, Robustness, and Sensor Placement,” Submitted.

[2] J. Milošević, H. Sandberg, and K. H. Johansson, ”A security index for actuators based on perfect undetectability: properties and approximation”, 56th Annual Allerton Conference on Communication, Control, and Computing, 2018.

Profile picture of Jezdimir Milosevic