Towards safe and secure communication in Cyber-Physical Systems

In the past few years, modern application domains, ranging from automotive and avionics to interconnected systems, have undergone a significant transformation driven by the need to provide enhanced functionalities, real-time communication, and seamless integration with the digital world. To meet such requirements, traditional architectures are moving towards an integrated approach that involves multiple applications with varying levels of criticality coexisting on the same hardware platform. Moreover, the traditional architectures, formerly characterized by simplicity and isolation, are also shifting towards an increased interconnectivity with the external world. While this evolution promises increased convenience and efficiency, it also brings with it a growing array of cybersecurity risks. Modern cars, for example, are no longer isolated from the external world. Today, cars evolved to carry no more passengers, but users. People require an increasing number of entertainment and safety functionalities that require modern vehicles to be always connected to the internet. Today, to update the firmware of a vehicle it is no longer needed to go to assistance, owners can simply download the update from the vendor's website and install it on their own. This reduces the costs of maintenance while raising lots of security issues. In this context, cybersecurity risks extend well beyond the conventional realms of data breaches and network intrusions. Vulnerabilities have the potential to compromise the safety and integrity of these systems, leading to catastrophic consequences, encompassing both physical harm and economic damage. This Ph.D thesis aims to contribute to increasing the security of the next generation of cyber-physical systems by addressing some of such cybersecurity threats and suggesting some strategies to identify and mitigate them. In particular, we address these challenges by first providing a secure and predictable I/O virtualization mechanism to share a physical device among multiple domains on top of the same platform. We analyzed the performance of such a mechanism under different scenarios and compared it with the state of the art showing remarkable advantages. We also introduced an innovative mechanism to deal with memory contention using ARM QoS-400 regulators. Later on, we explored the multifacet world of Intrusion Detection Systems (IDSs) proposing a novel deep-learning IDS. One of the main novelty introduced in this context is an all-around approach to the design of the IDS. The proposed architecture not only blasts the limits of existing approaches being able to detect novel attacks but it is also optimized to run in real-time on edge devices. Moreover, we also demonstrated that our solution is robust against dataset poisoning, which is a rising threat to modern machine learning solutions, commonly ignored by state-of-the-art.