Many medical conditions require therapy via implantable and wearable devices, such as cardiac devices to treat arrhythmia treatment and artificial pancreas systems for glucose regulation in diabetes. Such medical cyber-physical systems (medCPSs) have experienced dramatic technological advancements, and include control algorithms for automated therapy delivery, internet connectivity for remote patient monitoring, and machine learning (ML) to aid therapy decisions. This complexity introduces broad attack surfaces that can jeopardize patient safety.
While prior work on medCPS security has mainly focused on the practical feasibility of the attacks, in this project we focus on studying sophisticated sensor spoofing attacks that are both stealthy and tailored to the target patient.
You will contribute to developing a model-based framework to provide verified defense mechanisms against stealthy attacks on medCPSs, which you will apply to ICDs (Implantable Cardioverter Defibrillators) for cardiac arrhythmia treatment and artificial pancreas control algorithms for insulin therapy. In particular, the project will explore several directions, including:
- synthesis of Pareto-optimal attacks (and corresponding defenses), i.e., attacks with optimal tradeoff between effectiveness and stealthiness;
- formal verification to certify the defenses;
- personalization of attacks and defenses using the victim's physiological characteristics; different attacker's capabilities (white-box to black-box);
- adversarial robustness of ML vs non-ML device controllers.
Students pursuing this project are expected to develop new techniques to tackle security of medCPSs, potentially using a combination of machine/deep learning, model-based control, and formal verification. Ideal applicants will have familiarity with at least one of these areas and an interest in safety and security assurance of cyber-physical systems.
The project will be carried out within the Computer Science Department and Information Security Group at Royal Holloway University of London. Researchers from these departments have extensive experience in systems security, machine learning and AI, and formal verification.
Prospective applicants are welcome to contact Dr Nicola Paoletti to discuss the project.