Model-based design for increasing reliability and safety of autonomous systems

This thesis presents a model-based design framework to enhance the safety and security of autonomous systems against cyber attacks. As modern autonomous systems, particularly Cyber-Physical Systems (CPS), become increasingly interconnected, they face growing threats that differ significantly from conventional IT network attacks. These control theoretic attacks allow an intelligent adversary to manipulate physical processes by compromising sensors or actuators, leading, possibly, to catastrophic failures. This strategic and adversarial nature is what distinguishes these threats from conventional system faults, which are typically uncertain and non-malicious events. This research begins with a thorough analysis of such attacks, examining their theoretical models and studying real world case studies to understand the entire attack chain, from initial access to the manipulation of physical actuators. To model and understand attack impacts, an antagonistic Model Predictive Control (MPC) framework is first developed. Initially, this framework explores how an attacker can destabilize a system by reformulating the controller’s objective from cost minimization to maximization. To ensure the validity of this model in realistic environments, the framework is extended to a robust antagonistic MPC. By using the max-min optimization approach, this formulation accounts for worst-case environmental disturbances, guaranteeing a certain level of damage even under unfavorable scenarios. This concept is then further refined into a strategic constraint-violation attack model. Instead of simply maximizing a generic cost function, this formulation explicitly prioritizes the violation of system constraints, thereby generating attack vectors that are specifically designed to force system failure. To counter the strategic threats modeled by this framework, this thesis develops a proactive attack mitigation framework. SoftWare Rejuvenation (SWR), a technique that resets a compromised controller to a safe, pre-defined state, as a potent mitigation and recovery strategy. In contrast to traditional periodic rejuvenation, which can be disruptive and inefficient, this research introduces a framework where rejuvenation is triggered by dedicated monitoring tools based on attack detection and prediction. Two such triggers are developed: (1) a residue based detector, utilizing a Luenberger like observer, which initiates rejuvenation upon detecting anomalies and (2) a proactive monitor based on the antagonistic MPC concept, which calculates the Time-to-Violation T ∗. This novel metric represents the minimum time an attacker would need to violate system constraints from the current state. If T ∗ falls below a critical safety threshold, rejuvenation is preventively triggered as a crucial mitigation. Finally, this thesis integrates these contributions into a comprehensive safety framework. This framework leverages the proposed detectors to intelligently trigger software rejuvenation, thereby providing robust defense mechanism that can effectively mitigate attacks and ensure operational safety. The efficacy and practicality of the proposed methods are validated through a numerical simulations on both highly dynamic (quadrotor) and slow dynamic (four tank system) models, showing their broad applicability in safeguarding modern autonomous systems.