Sie sind auf Seite 1von 2

Midterm

Take-Home Exam


Submission Due: Nov. 24 2014

Name: _______________________


Please keep your answers very concise: (NO MORE THAN HALF A PAGE for each question;
except for Q7 that could be 1 page).

You are free to use online sources but you should not consult with other classmates who are
taking the course this semester.


1. On Avatars paper, under what conditions in real-world settings would the proposed
framework not produce correct results? How would you resolve those issues?

2. On H2H paper, why would an attacker not be able to fake the biological signal to get
an unauthorized access to the implanted medical device? What is the main premise
and threat model for the solution?

3. What type of attacks may occur in a power automated generation control setting? In
what sense are they different from typical cyber security problems? In your opinion,
in what sense should the solutions be different?

4. For cyber-physical system safety protection, formal modeling and offline exhaustive
verification of the infrastructure takes a long time (if not forever). On the other
hand, runtime monitoring of the systems result in too-late response actions (for
instance, letting a car with 80 mph speed know that it is about to hit a pedestrian is
too late as the brakes cannot support such high deceleration). What alternative
solution would you propose to address the safety problem in a scalable and timely
fashion?

5. In all cyber-physical systems analysis methods that we have been investigating in
the class, we assume that we have the system model to analyze. In robotics, in places
where the environment is not known (no prior model access), simultaneous
localization and mapping SLAM techniques are often used. How would you extend
ideas from SLAM in security monitoring a power grid cyber physical infrastructure
where you do not the system model initially? What hazards your idea may introduce
in such settings?

6. Describe an imaginary (but realistic) scenario where you need an embedded board
for a cyber-physical application. Pick a specific cyber-physical application, and
explain what you need to board for. Then, please discuss how would you go with
picking the right choice to purchase? What aspects of the computer architecture
would you be careful about and what exact choices would you make regarding
various architectural aspects for your need specifically? Please be as
concrete/specific as possible.

7. Please watch the video on https://www.youtube.com/watch?v=Csiiv6WGzKM and
answer the following questions.

a. What do you think is the main difficulty in solving a real-world problem


using MDP models?

b. Are MDPs suitable for cyber-physical applications? In what sense do they fall
short? What would you suggest to address the problem?

c. How would you compare value iteration with policy iteration algorithms?
Which one would you use in practical real-time aircraft navigation control
scenarios? Why?

d. Imagine we have a four-host computer network within Rutgers; we are
trying to protect the networks security against malicious attackers. Name
the computers A (a webserver), B (proxy), C (an application server), D (a
students sensitive financial database, e.g., CC-Numbers), and E (a host
outside of the network in Internet that is assumed to be compromised by
attackers initially). The computers can access each other through the
following firewall rules (any other legitimate/malicious connection requests
are denied by the firewalls):

A B; E A; A E; A C; B D; C D

Assuming all the computers have various software vulnerabilities that could
be compromised; however, the attackers success probability differs
depending on which computer he/she tries to compromise: A (0.7); B (0.9);
C (0.2); D (0.5). The D host is worth $10K of credit cards.

Please design the corresponding Markov decision process and determine the
attackers optimal strategy (attack path, i.e., sequence of hosts to
compromise).

8. Given an autonomous control system model (LTI differential equations), you have
been asked to determine what type of actuators and sensors to implement in the
system. How would you proceed with what types of sensors/actuators to deploy?
Where to deploy them in the system? How many of them are sufficient?
a. Now assume each sensor/actuator has a $ price, accuracy level and
probability of failure. How would this information affect your choices?
b. You are also given an embedded controller to monitor sensor measurements
and control the actuators. How would you implement the sensor/actuator
interface with the controller if interrupts were not allowed for safety
reasons (often the case in real-world settings)? What sample rate would you
need to receive sensor measurements at? How would you design your
theoretical controller to avoid actuator saturation?