Control Barrier Function based Attack-Recovery with Provable Guarantees
Kunal Garg, Ricardo G. Sanfelice, Alvaro A. Cardenas
TL;DR
The paper addresses safety guarantees for CPS under actuator attacks by marrying a reactive defense built on zeroing control barrier functions with an adaptive attack-detection mechanism and a recovery policy. It introduces a switching/hybrid control framework to maintain forward invariance of a safe set despite attacks, supported by a computationally tractable, sampling-based method to certify viability domains under adversarial input manipulation. A QP-based online synthesis for nominal and safe control further ensures feasibility and real-time implementation, demonstrated via a quadrotor case study where safety is preserved and performance is maintained. The work delivers provable safety guarantees, reduced conservatism through adaptivity, and scalable viability verification, contributing to secure-by-design CPS design under actuator attacks.
Abstract
This paper studies provable security guarantees for cyber-physical systems (CPS) under actuator attacks. In particular, we consider CPS safety and propose a new attack detection mechanism based on zeroing control barrier function (ZCBF) conditions. In addition, we design an adaptive recovery mechanism based on how close the system is to violating safety. We show that under certain conditions, the attack-detection mechanism is sound, i.e., there are no false negatives for adversarial attacks. We propose sufficient conditions for the initial conditions and input constraints so that the resulting CPS is secure by design. We also propose a novel hybrid control to account for attack detection delays and avoid Zeno behavior. Next, to efficiently compute the set of initial conditions, we propose a sampling-based method to verify whether a set is a viability domain. Specifically, we devise a method for checking a modified barrier function condition on a finite set of points to assess whether a set can be rendered forward invariant. Then, we propose an iterative algorithm to compute the set of initial conditions and input constraints set to limit the effect of an adversary if it compromises vulnerable inputs. Finally, we use a Quadratic Programming (QP) approach for online recovery (as well as nominal) control synthesis. We demonstrate the effectiveness of the proposed method in a simulation case study involving a quadrotor with an attack on its motors.
