Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Modular Safety Filter for Safety-Certified Cyber-Physical Systems

Mohammad Bajelani, Mehran Attar, Walter Lucia, Klaske van Heusden

TL;DR

The paper addresses safety of cyber-physical systems under cyber-attacks by introducing a Modular Safety Filter (MSF) that operates as a plant-side safety layer independent of the tracking controller and anomaly detector. The MSF solves a short-horizon predictive optimization to steer potentially unsafe inputs toward a backup trajectory that reaches a terminal safe invariant set, ensuring recursive feasibility and safety for nonlinear, high-order systems without altering existing controllers. It demonstrates effectiveness on a nonlinear, multi-agent formation of 20 mobile robots, including scenarios with intelligent, undetectable attacks and false data injection, showing safety even when networked detectors fail. The work highlights a practical, modular approach to CPS safety that preserves performance via separation of concerns and discusses extensions to distributed implementations and the impact of conservatism on anomaly detection. Overall, MSF provides a practical, attack-agnostic safety layer for complex CPS, with clear pathways to integration and scalability.

Abstract

Nowadays, many control systems are networked and embed communication and computation capabilities. Such control architectures are prone to cyber attacks on the cyberinfrastructure. Consequently, there is an impellent need to develop solutions to preserve the plant's safety against potential attacks. To ensure safety, this paper introduces a modular safety filter approach that is effective for various cyber-attack types. This solution can be implemented in combination with existing control and detection algorithms, effectively separating safety from performance. The safety filter does not require information on the received command's reliability or the anomaly detector's feature. It can be implemented in conjunction with high-performance, resilient controllers to achieve both high performance during normal operation and safety during an attack. As an illustrative example, we have shown the effectiveness of the proposed design considering a multi-agent formation task involving 20 mobile robots. The simulation results testify that the safety filter operates effectively during undetectable, intelligent attacks.

A Modular Safety Filter for Safety-Certified Cyber-Physical Systems

TL;DR

The paper addresses safety of cyber-physical systems under cyber-attacks by introducing a Modular Safety Filter (MSF) that operates as a plant-side safety layer independent of the tracking controller and anomaly detector. The MSF solves a short-horizon predictive optimization to steer potentially unsafe inputs toward a backup trajectory that reaches a terminal safe invariant set, ensuring recursive feasibility and safety for nonlinear, high-order systems without altering existing controllers. It demonstrates effectiveness on a nonlinear, multi-agent formation of 20 mobile robots, including scenarios with intelligent, undetectable attacks and false data injection, showing safety even when networked detectors fail. The work highlights a practical, modular approach to CPS safety that preserves performance via separation of concerns and discusses extensions to distributed implementations and the impact of conservatism on anomaly detection. Overall, MSF provides a practical, attack-agnostic safety layer for complex CPS, with clear pathways to integration and scalability.

Abstract

Nowadays, many control systems are networked and embed communication and computation capabilities. Such control architectures are prone to cyber attacks on the cyberinfrastructure. Consequently, there is an impellent need to develop solutions to preserve the plant's safety against potential attacks. To ensure safety, this paper introduces a modular safety filter approach that is effective for various cyber-attack types. This solution can be implemented in combination with existing control and detection algorithms, effectively separating safety from performance. The safety filter does not require information on the received command's reliability or the anomaly detector's feature. It can be implemented in conjunction with high-performance, resilient controllers to achieve both high performance during normal operation and safety during an attack. As an illustrative example, we have shown the effectiveness of the proposed design considering a multi-agent formation task involving 20 mobile robots. The simulation results testify that the safety filter operates effectively during undetectable, intelligent attacks.
Paper Structure (13 sections, 1 theorem, 30 equations, 9 figures, 1 table, 1 algorithm)

This paper contains 13 sections, 1 theorem, 30 equations, 9 figures, 1 table, 1 algorithm.

Table of Contents

  1. INTRODUCTION
  2. Preliminary Material and Problem Statement
  3. Plant's Dynamics
  4. Adversarial Capabilities
  5. Attack-Free Scenario
  6. Intelligent Attack
  7. Networked Controller
  8. Modular Safety Filter
  9. Modular Predictive Safety Filter for a Multi-Agent Mobile Robot System
  10. Numerical Results
  11. First scenario: Intelligent attack
  12. False Data Injection Attack
  13. Conclusions and Future Works

Key Result

Lemma 1

Let Assumptions Assumption: Initial Feasibility-Assumption: terminal safe control invariant set hold. Then, the system (equ: nonlinear) is safe in the sense of Definition Def: Safety.

Figures (9)

  • Figure 1: Proposed safety-certified architecture for cyber-physical systems. The green dashed lines () represent the communication between the modular safety filter and the plant, assumed to be unaffected by network attacks. The attacker can target communication channels between the plant and the networked controller, represented by gray solid lines (), and injects malicious signals through red dotted lines (). As an illustrative example, this architecture can be applied to a robotic scenario, where the networked controller communicates with the robot via Wi-Fi, with the onboard modular safety filter operating, leaving the Wi-Fi connection vulnerable to potential threats. See the following color box for a detailed discussion of the proposed architecture.
  • Figure 2: At the time $k$, an unsafe control input, $u_a(k)$, is received by the safety filter. Since applying this input may result in an unsafe trajectory (I) in the next steps, MSF will find a backup trajectory (III) towards the terminal safe control invariant set, $\mathcal{S}_f$, by applying the safe input, $u_s(k)$. Applying this safe input results in the modified trajectory (II).
  • Figure 3: Schematic of mobile robots: linear and angular velocities $(v,\omega)$, and Cartesian coordinates $(x,y)$. The pre-defined safety constraints for the multi-agent system are the distance between two arbitrary robots $d_{i,j}$ and the distance between an arbitrary robot and a wall $d_{w_{i,j}}$.
  • Figure 4: The multi-agent mobile robot system assigned to a formation task: following a circular trajectory at $t= 0.1 \, \mathrm{sec}$. (Before the intelligent attack)
  • Figure 5: The multi-agent mobile robot system assigned to a formation task: following a circular trajectory at $t= 8 \, \mathrm{sec}$. (During the intelligent attack)
  • ...and 4 more figures

Theorems & Definitions (3)

  • Definition 1: Safety
  • Definition 2: Safe Control Invariant Set
  • Lemma 1: Proof of Safety