Within the domain of Cyber-Physical Systems (CPS) security research, a significant challenge has been the restricted accessibility of suitable testing platforms. Such constraints frequently confine empirical research to a select group of researchers with the necessary resources. Addressing this issue, our project aspires to design and implement an open-source platform specifically tailored for CPS security research testing. Our envisaged platform covers a wide range of CPS domains, from aerial vehicles and terrestrial vehicles to sophisticated humanoid robots, each category represents distinct characteristic in terms of control software, computing power, sensor modality, and operational scenarios.
Moreover, given the current diverse and often non-standardized metrics for evaluation in CPS security studies, an additional aim of our project is to initialize the standardization of evaluation metrics. This project introduces a cohesive evaluation framework coupled with benchmark datasets. Such an approach will pave the way for more systematic assessments of attack and defense methodologies, consequently enhancing the reproducibility of research outcomes.
Platform Components
OpenMANIPULATOR
Turtlebot
Jackal UGV
Autoware
PX4 Autopilot
ROBOTIS OP3
Unitree Quadruped Robot
Hardware-in-the-loop Simulations
Simulator
Gazebo
Carla
LG-SVL
Platform Features
Modularity for Large-scale Testing
To facilitate extensive testing across diverse control software, AI models, middleware, and operating systems, OP-CPS offers modular components designed for easy replacement with alternative implementations. This design empowers developers to switch among various testing targets without the need to rebuild the entire stack. Additionally, the system's "plug-and-play" architecture ensures seamless integration of new modules and components in the future, negating the need for a comprehensive overhaul of the existing pipeline. The actual implementation is based on Docker and ROS.
Profiling for Debuggability
To develop and test target approaches, extensive testing across diverse scenarios is essential. Therefore, OP-CPS provides developers with tools specifically designed to aid in understanding and debugging components when they manifest anomalous or unsafe behavior. The primary focus of profiling is on the kernel, since debugging at the application level can typically be managed through code instrumentation. The profiling dimensions encompass real-time scheduling statistics, various kernel events, and microarchitecture events. The actual implementation is built on top of static and dynamic system tracing infrastructures.
Instrumentation System for Fast Attack/Defense Deployability
To facilitate the deployment of attack and defense strategies, OP-CPS includes two types of instrumentation infrastructures: static and dynamic. Static instrumentation is achieved using LLVM passes. Moreover, since security research often necessitates understanding program-level semantics, such as control-flow graphs, we have integrated a state-of-the-art program analysis tool, SVF, into the instrumentation framework. For dynamic instrumentation, OP-CPS enhances the capabilities of an existing tool, namely the LTTng tracer by introducing additional tracepoints in the ROS2 middleware, such as during the invocation of callback functions.
