Vulnerability Analysis of Feedback Systems

Similar documents
Vulnerability Analysis of Feedback Systems. Nathan Woodbury Advisor: Dr. Sean Warnick

Vulnerability Analysis of Closed-Loop Systems. Nathan Woodbury. of graduation requirements for University Honors. Department of Computer Science

Control Systems Engineering ( Chapter 6. Stability ) Prof. Kwang-Chun Ho Tel: Fax:

Signal Structure for a Class of Nonlinear Dynamic Systems

ECE317 : Feedback and Control

SECTION 5: ROOT LOCUS ANALYSIS

Outline. Control systems. Lecture-4 Stability. V. Sankaranarayanan. V. Sankaranarayanan Control system

Mathematical Relationships Between Representations of Structure in Linear Interconnected Dynamical Systems

ECE317 : Feedback and Control

Network Structure Preserving Model Reduction with Weak A Priori Structural Information

(b) A unity feedback system is characterized by the transfer function. Design a suitable compensator to meet the following specifications:

Software Engineering/Mechatronics 3DX4. Slides 6: Stability

ECEN 605 LINEAR SYSTEMS. Lecture 20 Characteristics of Feedback Control Systems II Feedback and Stability 1/27

Control Systems. Root Locus & Pole Assignment. L. Lanari

Some special cases

EEE 184: Introduction to feedback systems

The Nyquist criterion relates the stability of a closed system to the open-loop frequency response and open loop pole location.

Lecture 4 Classical Control Overview II. Dr. Radhakant Padhi Asst. Professor Dept. of Aerospace Engineering Indian Institute of Science - Bangalore

Lecture 1 Root Locus

3.1 Overview 3.2 Process and control-loop interactions

Alireza Mousavi Brunel University

STABILITY ANALYSIS. Asystemmaybe stable, neutrallyormarginallystable, or unstable. This can be illustrated using cones: Stable Neutral Unstable

I What is root locus. I System analysis via root locus. I How to plot root locus. Root locus (RL) I Uses the poles and zeros of the OL TF

CHAPTER 7 STEADY-STATE RESPONSE ANALYSES

Control Systems Engineering ( Chapter 8. Root Locus Techniques ) Prof. Kwang-Chun Ho Tel: Fax:

Radar Dish. Armature controlled dc motor. Inside. θ r input. Outside. θ D output. θ m. Gearbox. Control Transmitter. Control. θ D.

ECE 345 / ME 380 Introduction to Control Systems Lecture Notes 8

Chemical Process Dynamics and Control. Aisha Osman Mohamed Ahmed Department of Chemical Engineering Faculty of Engineering, Red Sea University

SECTION 8: ROOT-LOCUS ANALYSIS. ESE 499 Feedback Control Systems

Control Systems I. Lecture 7: Feedback and the Root Locus method. Readings: Jacopo Tani. Institute for Dynamic Systems and Control D-MAVT ETH Zürich

CHAPTER 1 Basic Concepts of Control System. CHAPTER 6 Hydraulic Control System

Lecture 7 (Weeks 13-14)

Representing Structure in Linear Interconnected Dynamical Systems

CDS Solutions to Final Exam

Systems Analysis and Control

6.245: MULTIVARIABLE CONTROL SYSTEMS by A. Megretski. Solutions to Problem Set 1 1. Massachusetts Institute of Technology

Uncertainty and Robustness for SISO Systems

Linear Control Systems Lecture #3 - Frequency Domain Analysis. Guillaume Drion Academic year

Chapter Robust Performance and Introduction to the Structured Singular Value Function Introduction As discussed in Lecture 0, a process is better desc

Remember that : Definition :

Control Systems. EC / EE / IN. For

100 (s + 10) (s + 100) e 0.5s. s 100 (s + 10) (s + 100). G(s) =

a. Closed-loop system; b. equivalent transfer function Then the CLTF () T is s the poles of () T are s from a contribution of a

I Stable, marginally stable, & unstable linear systems. I Relationship between pole locations and stability. I Routh-Hurwitz criterion

ECE 3793 Matlab Project 3

VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

Chapter 5. Standard LTI Feedback Optimization Setup. 5.1 The Canonical Setup

Systems Analysis and Control

Professor Fearing EE C128 / ME C134 Problem Set 7 Solution Fall 2010 Jansen Sheng and Wenjie Chen, UC Berkeley

Chapter 7 : Root Locus Technique

The stability of linear time-invariant feedback systems

Test 2 SOLUTIONS. ENGI 5821: Control Systems I. March 15, 2010

FEL3210 Multivariable Feedback Control

CHAPTER # 9 ROOT LOCUS ANALYSES

9. Two-Degrees-of-Freedom Design

FEL3210 Multivariable Feedback Control

Lecture 6. Chapter 8: Robust Stability and Performance Analysis for MIMO Systems. Eugenio Schuster.

L2 gains and system approximation quality 1

Network Reconstruction from Intrinsic Noise: Non-Minimum-Phase Systems

Outline. Classical Control. Lecture 5

ECE 3793 Matlab Project 3 Solution

Didier HENRION henrion

ME 304 CONTROL SYSTEMS Spring 2016 MIDTERM EXAMINATION II

Data Based Design of 3Term Controllers. Data Based Design of 3 Term Controllers p. 1/10

EC CONTROL SYSTEM UNIT I- CONTROL SYSTEM MODELING

Introduction to Process Control

Sub-Optimal Scheduling of a Flexible Batch Manufacturing System using an Integer Programming Solution

Chapter Stability Robustness Introduction Last chapter showed how the Nyquist stability criterion provides conditions for the stability robustness of

Module 07 Control Systems Design & Analysis via Root-Locus Method

AUTOMATIC CONTROL. Andrea M. Zanchettin, PhD Spring Semester, Introduction to Automatic Control & Linear systems (time domain)

Linear State Feedback Controller Design

Stability of Feedback Control Systems: Absolute and Relative

STABILITY ANALYSIS TECHNIQUES

Control Systems Design

EE Control Systems LECTURE 9

Robust fixed-order H Controller Design for Spectral Models by Convex Optimization

STABILITY OF CLOSED-LOOP CONTOL SYSTEMS

Chapter 3: Block Diagrams and Signal Flow Graphs

Problem set 5 solutions 1

ECE317 : Feedback and Control

Final: Signal, Systems and Control (BME )

7.4 STEP BY STEP PROCEDURE TO DRAW THE ROOT LOCUS DIAGRAM

Control Systems Design

Review: transient and steady-state response; DC gain and the FVT Today s topic: system-modeling diagrams; prototype 2nd-order system

Math 1314 Lesson 4 Limits

INSTITUTE OF AERONAUTICAL ENGINEERING Dundigal, Hyderabad ELECTRICAL AND ELECTRONICS ENGINEERING TUTORIAL QUESTION BANK

Dr Ian R. Manchester Dr Ian R. Manchester AMME 3500 : Review

Exam in Systems Engineering/Process Control

Massachusetts Institute of Technology Department of Mechanical Engineering Dynamics and Control II Design Project

IC6501 CONTROL SYSTEMS

Design Methods for Control Systems

Root Locus Methods. The root locus procedure

CSL361 Problem set 4: Basic linear algebra

Control Systems I. Lecture 9: The Nyquist condition

Problem Set 3: Solution Due on Mon. 7 th Oct. in class. Fall 2013

Structural Resilience of Cyberphysical Systems Under Attack

Laplace Transform Analysis of Signals and Systems

MIMO analysis: loop-at-a-time

II.3. POLYNOMIAL ANALYSIS. Didier HENRION

10 Transfer Matrix Models

Transcription:

Vulnerability Analysis of Feedback Systems Nathan Woodbury Advisor: Dr. Sean Warnick Honors Thesis Defense 11/14/2013

Acknowledgements Advisor Dr. Sean Warnick Honors Committee Dr. Scott Steffensen Dr. Sandip Roy IDeA Labs Anurag Rai Vasu Chetty Phil Paré My Family 1/16/2014 2

Outline : Vulnerability Mathematical Preliminaries Three System Representations & Their Structures Open-Loop Results: Secure Structures (DAGs) Closed-Loop Results: Can Fight Fire with Fire 1/16/2014 3

: Vulnerability Lesson: Vulnerability is a Property of Links Lesson: Definition of Link Depends on Structure, which depends on Implementation Lesson: Links in cycles are vulnerable To remove vulnerability, remove cycles Lesson: Can use cycles to minimize vulnerability caused by feedback INTRODUCTION: VULNERABILITY

Attack Models Denial of Service Removal of Link Deception Interception and Modification of a Link 1/16/2014 5

Attack Models Denial of Service Removal of Link Deception Interception and Modification of a Link Underlying Perspective: Both models involve a distributed system where an enemy does bad things on a link. 1/16/2014 6

Attack Models Denial of Service Removal of Link Deception Interception and Modification of a Link Underlying Perspective: Both models involve a distributed system where an enemy does bad things on a link. Destabilization Attack Attack a Single Link Destabilize Entire System Link Failure Malicious Attack Vulnerability Sensitivity of stability to link perturbations Depends on Structure 1/16/2014 7

Definition of Vulnerability Define e: (attacker) effort smallest signal attacker can place on a particular link to destabilize system. (Perturbation of size e) Link Vulnerability: 1 e More effort to destabilize less vulnerable Less effort to destabilize more vulnerable System Vulnerability: Max vulnerability over all links System Representation defines notion of link 1/16/2014 8

: Vulnerability Lesson: Vulnerability is a Property of Links Lesson: Definition of Link Depends on Structure, which depends on Implementation Lesson: Links in cycles are vulnerable To remove vulnerability, remove cycles Lesson: Can use cycles to minimize vulnerability caused by feedback SYSTEMS AND STRUCTURE

What is Structure System structure is represented by a graph Shows flow of information One system can be represented by many structures We will discuss three (State Space Representations, Transfer Functions, and Dynamical Structure Functions) 1/16/2014 10

State Representations Inputs, outputs, and internal states 1 0 1 1 0 0 x = 2 3 0 x + 0 1 0 u 0 1 2 0 0 3 0 0 1 y = 0 1 0 x 0 0 1 The internal wiring of the system. 1/16/2014 11

Transfer Functions Input-output behavior Black Box G = 1 f(s) s + 3 2 2 (s + 3) 2(s + 3) (s + 1)(s + 3) 2 4 2(s + 1) (s + 1)(s + 3) f s = s 3 + 7s 2 + 15s + 13. The design of the system doesn t worry about implementation, only its inputoutput behavior 1/16/2014 12

Dynamical Structure Functions (DSFs) Factorization of the Transfer Function G = I Q 1 P P = 1 s + 1 0 0 0 1 s + 3 0 0 0 1 s + 3, Q = 0 0 2 s + 3 0 1 s + 1 0 0 2 s + 1 0 An implementation of a system. 1/16/2014 13

: Vulnerability Lesson: Vulnerability is a Property of Links Lesson: Definition of Link Depends on Structure, which depends on Implementation Lesson: Links in cycles are vulnerable To remove vulnerability, remove cycles Lesson: Can use cycles to minimize vulnerability caused by feedback VULNERABILITY IN OPEN-LOOP SYSTEMS

Open-Loop Problem Formulation English: Given a system design, design its structured implementation to minimize system vulnerability Fact: Links in P don t matter Math: Given a fixed TF G, Choose DSF Q (with P = I Q G) such that the system vulnerability is minimized: min Q I Q 1 1 1 : Size of matrix element (i, j) with largest norm Generally, this is a hard problem to solve (non-convex) 1/16/2014 15

Conditions of Vulnerability Theorem 1: A link is vulnerable if and only if it is part of a cycle. Theorem 2: It is always possible to implement a completely secure openloop system. Same system Different Implementation Different Vulnerabilities Vulnerable Architecture Q has internal feedback P = I Q G One Secure Architecture Q = 0 (No Blue Links) P = I Q G = G 1/16/2014 16

: Vulnerability Lesson: Vulnerability is a Property of Links Lesson: Definition of Link Depends on Structure, which depends on Implementation Lesson: Links in cycles are vulnerable To remove vulnerability, remove cycles Lesson: Can use cycles to minimize vulnerability caused by feedback VULNERABILITY IN CLOSED-LOOP SYSTEMS

Motivation Sometimes, feedback is necessary Given system G, design second system K so that G and K are connected in feedback The combined system behaves well Our Goal Decide best structure, or implementation, of K to minimize vulnerability 1/16/2014 18

Closed-Loop Problem Formulation English: Given two systems in feedback, design the structure of one to minimize the vulnerability of the combined system. Math: Given fixed TFs G and K, design structure P, Q of K such that the system vulnerability is minimized. min Q G I KG 1 I KG 1 I Q 1 1 1/16/2014 19

Result 1: Decoupling of Vulnerability Theorem 3: Vulnerabilities on links in one system do not depend on the structure of the other system. Only on other system s black box behavior Does depend on its own structure 1/16/2014 20

Result 2: We can Fight Fire with Fire We know that cycles create vulnerability When feedback is necessary, it is possible to use cycles within systems to reduce the vulnerability of the combined system There may be a universal structure of Q that uses cycles to minimize vulnerability, independent of G and K. 1/16/2014 21

Examples Let G = Let K = 2 1 s 1 s 1 1 2 s 1 s 1 1 (s+1)(s+3), 3s 4 2s 1 2s 1 3s 4 1/16/2014 22

Example 1: Fight Fire with Fire Empty Q Q = 0, P = K. Max Vulnerability = 2.27 A Q with Internal Feedback Q = 1 s+1 P = 1 f(s) 0 32 32 0 3s 2 + 57s + 28 2s 2 + 93s + 127 2s 2 + 93s + 127 3s 2 + 57s + 28, f s = s + 1 2 (s + 3) Max Vulnerability = 2.27 Max Vulnerability = 1.85 1/16/2014 23

Example 2: A Word of Caution Empty Q Q = 0, P = K. Max Vulnerability = 2.27 A Q with Internal Feedback Q = 1 s+2 P = 1 s+2 0 1 1 0 3 2 2 3 Max Vulnerability = 2.27 Max Vulnerability = 2.70 1/16/2014 24

The High-Gain Heuristic (Universal Structure) We don t yet know how to choose Q to minimize the vulnerability of the combined system. But we have a good idea Let Q = 0 n p(s) n p(s) n p(s) 0 n p(s) n p(s) n 0 p(s) In all of our tests, when n R grows large: The vulnerabilities on the links in P approach 0 The vulnerabilities on the links in Q approach Internal stability may be an issue 1 rows(q) 1/16/2014 25

Example 3: High Gain Heuristic 1 0 10000 Q = s+1 10000 0 P = 1 g(s) h(s) f(s) h(s) g(s) f s = s + 1 2 s + 3 g s = 3s 2 + 19993s + 9996 h s = 2s 2 + 29997s + 39999 1 0 10000 Q = s 1 10000 0 P = 1 g(s) h(s) f(s) h(s) g(s) f s = s + 1 2 s + 3 g s = 2s 2 10000s + 9998 h s = s 2 20002s + 19999 1/16/2014 26

: Vulnerability Lesson: Vulnerability is a Property of Links Lesson: Definition of Link Depends on Structure, which depends on Implementation Lesson: Links in cycles are vulnerable To remove vulnerability, remove cycles Lesson: Can use cycles to minimize vulnerability caused by feedback CONCLUSIONS

Next Steps Is there a universal structure? If there is a universal structure, is it the highgain heuristic? If not, how do we design Q to minimize vulnerability? What other characteristics of systems should we explore (maintainability, adaptability, cost)? 1/16/2014 28

QUESTIONS?

APPENDICES

Derivation of a DSF Consider a state-space LTI system z1 z 2 = A 11 A12 A 21 A 22 y = C1 C2 z 1 z 2, z 1 z 2 + B 1 B 2 where C1 C2 has full row rank. The system can be transformed to y x = A 11 A 12 A 21 A 22 y x + B 1 B 2 y = I 0 y x, where y are the states that are measured. Taking the Laplace transform, we get sy sx = A 11 A 12 Y A 21 A 22 X + B 1 U B 2 u u Solving for X we get X = si A 1 22 A 21 Y + si A 1 22 B 2 U, which yields sy = WY + VU W = A 11 + A 12 si A 1 22 A 21 V = A 12 si A 1 22 B 2 + B 1. Let D be a diagonal matrix with the diagonal entries of W. Then si D Y = W D Y + VU. Therefore, Y = QY + PU where Q = P = si D 1 (W D) si D 1 V It can be checked that G = I Q 1 P = C si A 1 B. 1/16/2014 31

Vulnerability of Links in a DSF Given a DSF (P, Q) and H = I Q 1, the vulnerability of a link i, j in Q is v q ij = h ji The vulnerability of the system is V = max i,j Q v q ij = h ji 1 1/16/2014 32

Proof of Theorem 1 A system with a stable additive transformation on the link from node i to j can be represented as the linear fractional transformation shown to the right in Figure 1.1 T is the associated closed-loop transfer function w i and w j represent signals at nodes i and j Figure 1.1 1/16/2014 33

Proof of Theorem 1 Let T ij be the closedloop transfer function from j to i Then the system represented in figure 1.1. is stable if and only if the system represented by the figure 1.2 to the right is stable Figure 1.2 1/16/2014 34

Proof of Theorem 1 Assume T ij s = 0 Then the system in Figure 1.2 is comprised only of the feed-forward term Δ(s) and is stable for all stable perturbations Δ(s). Hence the link from i to j is not vulnerable. 1/16/2014 35

Proof of Theorem 1 Assume T ij s 0 Then the system in Figure 1.2 is unstable if any of the transfer functions d j We have w j = 1 1 T ij s Δ(s) T ij s Δ(s) Δ(s) d j d i d i w j w i are unstable. Let T ij s = t n(s) and Δ s = t d (s) δ n(s) (each being polynomials in s) δ d (s) Then w j = t d s δ d (s) t d s δ d s t n s δ n (s) t n s δ n (s) t d s δ d (s) δ n (s) δ d (s) d j d i According to the Routh-Hurwitz Stability Criterion, t d s δ d s t n s δ n (s) is stable if all coefficients are of the same sign. A properly designed Δ can zero out at least one of these terms; hence the Routh-Hurwitz Stability Criterion fails. Therefore there exists a stable Δ on the link from i to j that destabilizes the system and the link is vulnerable. 1/16/2014 36

Proof of Theorem 2 It is sufficient to let Q s = 0 and P s = G(s). All links are in P(s), and by design, no link in P(s) is in a cycle; therefore by Theorem 1, all links are completely secure. 1/16/2014 37

Proof of Theorem 3 The inverse of H is defined such that I Q P P I Q A B C D = I 0 0 I. I Q B PD = 0, therefore B = I Q 1 PD = GD I Q C PA = 0, therefore C = I Q 1 PA = KA I Q A PC = I Q A PKA = I, therefore A = I Q PK 1 I Q D PB = I Q D PGD = I, therefore D = I Q PG 1 Thus I Q 1 = I Q PK 1 K I Q PK 1 G I Q PG 1 I Q PG 1 Note that all links in the controller are represented in the bottom rows of Q. Since the vulnerability any link (i, j) in the combined system are defined by the h norm of entry (j, i) in H = I Q 1, the vulnerability of the links in the controller are contained entirely in the equations in the right column of H given above and are expressed only in terms of P, Q, and G. Therefore, the vulnerability of the links in the controller are independent of the structure P, Q of the links in the plant. Note that similarly, the vulnerability of the links in the plant are independent of the structure (P, Q) of the links in the controller. 1/16/2014 38

Gain G iω The One-Infinity Norm The problem formulation of both open-loop and closed-loop systems involve min Q X 1, where X is a matrix of rational functions of form p(s) q(s). The infinity norm computes the maximum gain seen by each entry of X (see figure to the right) Corresponds to the size minimum signal required to destabilize the system. The one norm chooses the largest of the computed infinity norms. Therefore the one-infinity norm computes the vulnerability of the system, which we wish to minimize by choosing a good Q. Maximum Gain Frequency ω [rad/sec] 1/16/2014 39

References A. Rai, D. Ward, S. Roy and S. Warnick, "Vulnerable Links and Secure Architectures in the Stabilization of Networks of Controlled Dynamical Systems," American Control Conference, Montreal, Canada, accepted for publication, 2012. A. Rai, "Analysis and Design Tools for Structured Feedback Systems," M.S. Thesis, Brigham Young Univ., Provo, UT, 2012. 1/16/2014 40

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback