Secure Networked Control For Decentralized Systems Via Software Rejuvenation

Decentralized control systems exist in many scenarios where agents have the ability to fully communicate with one another but do not do so for multiple reasons, including cost and the possibility of an adversary infiltrating the system through the communication network. In this paper, we present a procedure that determines when agents should communicate with one another after having been disconnected from the network for a period of time. This procedure does not depend on the type of decentralized control system being used. When agents do communicate with one another, we guarantee the safety and resilience of the system against malicious adversaries by utilizing software rejuvenation, a prevention mechanism against unanticipated and undetectable attacks on cyber-physical systems. Without implementing any detection algorithm, the system is periodically refreshed with a secure and trusted copy of the control software to eliminate any malicious modifications to the run-time code and data that may have corrupted the controller. We present an algorithm that satisfies the conditions necessary to ensure safe recovery while agents communicate with one another. A procedure for calculating parameters that achieve these conditions is presented, and our approach is illustrated via simulation.