1 / 24

I Look at Physics and Predict Control Flow! Just-Ahead-Of-Time Controller Recovery

I Look at Physics and Predict Control Flow! Just-Ahead-Of-Time Controller Recovery. Sriharsha Etigowni Rutgers University. Related Work. Static verification TSV [NDSS 2014]. Do not scale up to large-scale cyber-physical systems due to state space explosion. Symbolic Execution.

costanzas
Download Presentation

I Look at Physics and Predict Control Flow! Just-Ahead-Of-Time Controller Recovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. I Look at Physics and Predict Control Flow!Just-Ahead-Of-Time Controller Recovery SriharshaEtigowni Rutgers University

  2. Related Work • Static verification • TSV [NDSS 2014] Do not scale up to large-scale cyber-physical systems due to state space explosion

  3. Symbolic Execution Code that swaps 2 integers int x,y; If(x > y){ x = x + y; y = x - y; x = x - y; if(x > y) assert false; } Symbolic execution tree [PC:true] x = X, y = Y [PC:true] X > Y ? false true [PC: X <= Y] END [PC:X>Y] x = X + Y [PC:X>Y] y = X + Y – Y = X [PC:X>Y] x = X + Y –X = Y [PC:X>Y] Y>X? false true [PC:X>Y^Y>X] END [PC:X>Y^Y<=X] END State space explosion with increase in size of the code False !

  4. Related Work • Dynamic verification • Avatar [NDSS 2014] • WeaselBoard[Sandia report 2013] Notifies operators about incidents that have just occurred or are about to occur, and do not leave enough time buffer for effective manual or automated response and recovery

  5. Software Verification Ahead of Time

  6. Software Verification Ahead of Time

  7. Crystal’s High-Level Architecture Main Processor - Just-Ahead-Of-Time Controller Recovery Executable Flight Control Unit O 0.0 I 0.0 Execution State O 0.1 I 0.1 … … Malicious controller program? O 4.7 I 4.7 Outputs Controller Executable Inputs Physical System GPS sensor Ground Control Station (HMI) propellers controller Control Commands IMU sensor Measurements … … Sensors Actuators

  8. Drone Physics Modelling - Flight Dynamics

  9. Drone Physics Modelling - EKF • Normal Operation Mode Physical Modeling • Extended Kalman filter (EKF) for sensor data prediction • ẋ(n + k|n + k − 1) = f (ẋ(n + k − 1|n + k − 1)),u(n + k − 1))

  10. Drone Physics Modelling – Data driven • Failure Mode Data-driven Modeling • convolutional neural networks for sensor data prediction • Full Flight Operation Mode • hybrid approach (EKF + data driven) Predicted Sensor Data at time tn+k Input Sensor Data at time tn 1DConv 1DConv Dense Flatten

  11. Cyber-physical Security Modeling Model Piping Flight Controller Symbolic Execution controller logic symbolic outputs controller logic symbolic inputs Flight controller-SE results linked to linked to Predictive Model Predictive model results physical system symbolic inputs (actuation points) physical system symbolic outputs (sensor measurements)

  12. Cyber-physical Security Modeling • Drone requirements  controller output constraints • drone should not fly above 50 mph -> speed of propellers should not be more than 3000 rpm • Flight controller output constraints  controller’s primary input constraints • speed of propellers should not be more than 3000 rpm -> pwm (input) to motors should not be more than 60% • Controller output constraints  secondary input constraints • speed of propellers should not be more than 3000 rpm -> front motors = 40%, rear motors = 60% (based on prediction) • Run time monitoring of the drone safety

  13. Safety Requirements

  14. JAT Verification and Recovery Flight Control Unit (Actual Execution) • Just-ahead-of-time analysis • predicting the sensor data • Drone safety recovery • to modify or read any control logic variable value on the flight control unit dynamically • to inject an instruction (e.g., call a recovery subroutine) on the running control logic • to upload a new control logic (possibly a safe controller following the Simplex paradigm) • to halt the flight controller’s dynamic maneuvers so that the drone enters the hover mode • Optimization for practical feasibility • runtime model pruning • parallel JAT Real-Time Model Generation Synchronization Generated Model So Far: Current Concrete Execution State Continue Model Generation … Terminate Further Recursion …

  15. Evaluations • Drone • 3dr solo • Extended Kalman filter • C/C++ • Neural network time series prediction • Tensorflow + Keras

  16. EKF vs Data-driven Modeling Data driven method is better for violent motions and EKF better for smooth transitions

  17. EKF vs Data-driven Modeling Data driven method is 5 times less MAE during violent motions and EKF is 10 times less MAE for smooth transitions

  18. Latency for Sensor Data Prediction Extended kalman filter is 4 times faster than neural network to predict sensor data of 10 seconds

  19. Predicting the crash before the actual crash Hovering Gradual descent Hovering Sudden descent due to malware Actual Drone crash Predicted Drone crash 5 seconds JAT was able to predict the crash 5 seconds before the actual crash

  20. False Positive Rate due to Sensor Prediction

  21. Conclusion • Crystal presents a time horizon ahead of time verification • Just ahead of time verification helps the operator to take necessary actions to prevent the system from entering into unsafe state • EKF + data driven methods were used for sensor data prediction • Crystal uses flight dynamics and time horizon software verification for ahead of time verification • Crystal successfully detected the attacks ahead of time Questions? sriharsha.etigowni@Rutgers.edu

More Related