Science of Security Lablet

According to one of the widely accepted definitions, cyber-physical systems (CPS) are engineered systems where functionality emerges from the networked interaction of computational and physical processes. Complex CPS abound in modern society and it is not surprising that many of these systems are safety and mission critical that makes them a target for attacks. Even under normal conditions, CPS face complex issues crosscutting many disciplines with significant implications on essential system functions. Adding cyber-attacks in all their insidious variety creates a massive challenge that cannot be neglected due to the potential consequences.

Because of its significance, security and resilience have attracted considerable attention in many CPS application domains. Because of the heterogeneity and complexity, methodologies that improve CPS security are very diverse with different objectives, specifications, and constraints resulting in a broad body of knowledge. Research efforts are starting to use scientific methods and results to shape technology, practice, and policy in protecting systems from attackers, detecting intrusions, and recovering from compromises. However, scientific methods remain underutilized and they do not adequately address the involved interdisciplinary socio-technical aspects. Beyond the complex structure and interactions, security and resilience properties emerge from complex interrelationships between engineered systems and humans, they are not explained by understanding the individual elements of the system, and are highly dynamic in response to changing environment and circumstances. What is needed is a Systems Science of Secure and Resilient CPS which brings together interdisciplinary research with the goal of identifying, exploring, and understanding patterns of complexity which cross disciplines and application domains.

The lablet aims at developing the principles governing secure and resilient CPS in adversarial environments and using these principles for system design and management. Systems approaches require a mix of methods and tools. The proposed projects build upon our strengths on system and game theory, formal methods, data science, incentive engineering, social science, and cognitive psychology. The project is committed to developing integrated solutions that increase our understanding of complex interrelationships, anticipate future conditions, and support decision and policy making. In particular, the project is seeking intellectual advances in which underlying theories are integrated and abstracted to develop explanatory models. These explanatory models derived from the underlying theoretical foundations lead to testable hypotheses. Hypotheses are tested using simulation and experimentation testbeds to gain greater understanding of CPS attacks and defenses. Based on collected evidence supporting or falsifying the hypotheses, new insights are obtained allowing the explanatory models to be refined or updated.