Robust Recovery and Control of Cyber-physical Discrete Event Systems under Actuator Attacks
Samuel Oliveira, Mostafa Tavakkoli Anbarani, Gregory Beal, Ilya Kovalenko, Marcelo Teixeira, André B. Leal, Rômulo Meira-Góes
TL;DR
The paper addresses cybersecurity of cyber-physical discrete event systems under actuator enablement attacks by proposing a robust-recovery framework that preserves nominal behavior in the absence of attacks and moves the system to a post-attack robust region after attack detection. It introduces AE-robust recoverability, defines a robust region $G_{robust}$ that AE-attacks cannot exploit, and formulates robust-recovery strategies that guarantee recovery to $G_{robust}$ while avoiding vulnerable and unsafe states. The authors show that synthesizing a resilient supervisor $S^R$ via a resilient control specification $H^a$ reduces verification and synthesis to the standard supervisory control problem, establishing equivalence between AE-robust recoverability and solvability of SSCP under attack-aware specifications. A manufacturing case study demonstrates the approach on a Fischertechnik factory, detailing attacked models, robust regions, and scenarios where recovery is feasible or not. The work provides a general, theory-grounded path to maintain safety, availability, and integrity in CPDES under ongoing attack presence, with potential extensions to broader attack models and sensor-security considerations.
Abstract
Critical real-world applications strongly rely on Cyber-physical systems (CPS), but their dependence on communication networks introduces significant security risks, as attackers can exploit vulnerabilities to compromise their integrity and availability. This work explores the topic of cybersecurity in the context of CPS modeled as discrete event systems (DES), focusing on recovery strategies following the detection of cyberattacks. Specifically, we address actuator enablement attacks and propose a method that preserves the system's full valid behavior under normal conditions. Upon detecting an attack, our proposed solution aims to guide the system toward a restricted yet robust behavior, ensuring operational continuity and resilience. Additionally, we introduce a property termed AE-robust recoverability, which characterizes the necessary and sufficient conditions for recovering a system from attacks while preventing further vulnerabilities. Finally, we showcase the proposed solution through a case study based on a manufacturing system.