Design of Software Rejuvenation for CPS Security Using Invariant Sets

TL;DR

This paper introduces a control-theoretic approach to software rejuvenation in cyber-physical systems, using invariant sets to ensure safety and mission success under cyber attacks, demonstrated through quadrotor simulations.

Contribution

It develops a control-based framework using invariant sets for designing software rejuvenation strategies to maintain CPS safety during cyber attacks.

Findings

Invariant sets provide bounds on operation time before refresh.

Safety controller guarantees safe state recovery within bounded time.

Simulation confirms effectiveness on nonlinear quadrotor dynamics.

Abstract

Software rejuvenation has been proposed as a strategy to protect cyber-physical systems (CSPs) against unanticipated and undetectable cyber attacks. The basic idea is to refresh the system periodically with a secure and trusted copy of the online software so as to eliminate all effects of malicious modifications to the run-time code and data. Following each software refresh a safety controller assures the CPS is driven to a safe state before returning to the mission control mode when the CPS is again vulnerable attacks. This paper considers software rejuvenation design from a control-theoretic perspective. Invariant sets for the Lyapunov function for the safety controller are used to derive bounds on the time that the CPS can operate in mission control mode before the software must be refreshed and the maximum time the safety controller will require to bring the CPS to a safe operating state. With these results it can be guaranteed that the CPS will remain safe under cyber attacks against the run-time system and will be able to execute missions successfully if the attacks are not persistent. The general approach is illustrated using simulation of the nonlinear dynamics of a quadrotor system. The concluding section discusses directions for further research.