Constraining Attacker Capabilities Through Actuator Saturation

TL;DR

This paper introduces mathematical tools using Linear Matrix Inequalities to bound the reachability of attacks on LTI control systems and designs artificial actuator limits to prevent reaching dangerous states while minimizing performance loss.

Contribution

It provides a novel method to compute outer ellipsoidal bounds on attack-induced reachable sets and designs artificial actuator limits to exclude dangerous states with minimal impact.

Findings

Effective bounds on attack reachability are computed.

Artificial actuator limits prevent reaching dangerous states.

Simulations demonstrate the method's practical performance.

Abstract

For LTI control systems, we provide mathematical tools - in terms of Linear Matrix Inequalities - for computing outer ellipsoidal bounds on the reachable sets that attacks can induce in the system when they are subject to the physical limits of the actuators. Next, for a given set of dangerous states, states that (if reached) compromise the integrity or safe operation of the system, we provide tools for designing new artificial limits on the actuators (smaller than their physical bounds) such that the new ellipsoidal bounds (and thus the new reachable sets) are as large as possible (in terms of volume) while guaranteeing that the dangerous states are not reachable. This guarantees that the new bounds cut as little as possible from the original reachable set to minimize the loss of system performance. Computer simulations using a platoon of vehicles are presented to illustrate the performance of our tools.