Linh Thi Xuan Phan Builds New Defenses for Cyber-physical Infrastructure

Linh Thi Xuan Phan Builds New Defenses for Cyber-physical Infrastructure

NSF CAREER Award Project Aims for Systems to Recover Before Damage is Done

By Emily Schalk

Linh Thi Xuan Phan

Your self-driving car is being hacked.

Linh Thi Xuan Phan says that’s okay.

The assistant professor in Penn Engineering’s Computer and Information Science department has been developing new strategies to protect self-driving cars and other systems that exist in both the cyber and physical world from attack by intruders operating online. Her newest research, funded by a CAREER Award from the National Science Foundation, is showing that even if an attacker manages to “get in” and briefly gain control over these systems, it isn’t necessarily the end of the world.

“We already know these systems can tolerate brief disruptions,” Phan says, “but timing is critical when cyber and physical systems meet.”

The key, Phan explains, is to act quickly. For example, when an attacker hacks a home thermostat and turns off the heater during the winter, the temperature in the home can eventually drop below freezing, causing water pipes to burst and leading to permanent damage. But because this happens over the course of several minutes rather than instantaneously, the damage can be avoided if the thermostat is repaired quickly enough.

Many other physical systems, including self-driving cars, can similarly tolerate brief disruptions, except that the periods of forgiveness are usually much shorter. For instance, if a car is on the highway and an attacker gains control over the car’s power steering, the system must recover within a few milliseconds in order to prevent the attacker from crashing the car.

Researchers in Phan’s field of real-time systems have decades of experience in making cyber-physical systems meet their timing requirements under normal conditions. Phan’s goal is to make sure that the requirements are met even when the system is under attack by developing ways to detect attacks and fight them off quickly, even if the attacker knows every detail of the system and how to best disrupt it. Phan calls this approach “bounded-time recovery,” meaning that if the system recovers from attacks within a bounded amount of time, the user is safe.

In her work, Phan combines ideas from both cybersecurity and real-time systems. Protecting cyber-physical devices has traditionally been the domain of cybersecurity, but Phan says existing solutions only address “bits and pieces” of the problem. For instance, existing defenses often cannot guarantee a specific response time, which is crucial for cyber-physical systems, and they fail to take advantage of other aspects, such as inertia and thermal capacity, that could help with security.

“The novelty of my approach,” she says, “is looking at the problem in a different way, leveraging the characteristics of the system to fight an attacker and being able to recover before damage is done.”

The difference between the two approaches is akin to the difference between a medieval knight and a modern fencer: while one might block their opponents using heavy armor and raw strength, the other can use their speed and agility, and their opponent’s attacks, to their advantage. The idea of letting an attacker briefly take control of such a delicately balanced system may sound shocking at first, but many cyber-physical systems intentionally have very limited resources in order to conserve power or to save space, and often cannot afford the equivalent of the knight’s heavy armor.

“Rather than masking all symptoms of an attack,” Phan says, “we exploit the fact that many systems can tolerate brief disruptions and guarantee that the system quickly returns to a correct state instead. This approach is much more cost effective, and it is also able to handle more severe attacks and provides graceful degradation under attack.”

Phan hopes that her new approach to securing cyber-physical devices will ensure we move safely into an ever-connected world. “We already have many examples of attacks on critical infrastructure,” she says. “These systems are everywhere, and change all aspects of life. If they fail, the consequences can be disastrous.”

The National Science Foundation agrees. In March, Phan received a CAREER Award recognizing her work, which she will use to further her research on bounded-time recovery and to improve several different aspects of cyber-physical systems security.

“In my work, I am already collaborating far more with other fields than I did before I joined the Penn Engineering faculty,” Phan says. “For this project, I’ve combined insights from different disciplines, including real-time computing, cybersecurity, and systems/networking. Cyber-physical systems security is a complex problem, and no single area can solve it completely.”