We propose to develop and evaluate a novel system for improving the trust and resiliency of cyber physical systems. We focus on resilient systems that avoid or recover from attacks, trust violations or environmental changes to complete missions. Since such resiliency is often achieved by adapting to new circumstances or repairing weaknesses, we also focus on providing trust to the human operator that the changed system operates correctly. We will evaluate our work via a preliminary Red Team exercise involving the locomotion and control software for autonomous vehicles.

We will use a combination of static and dynamic methods to create such a trusted, resilient system. Before deployment we will use hardening and rewriting techniques, as well as diversity metrics, to create, select and deploy defensive variants of existing control software. In addition, we will analyze and model the correct behavior of the system and its invariants, establishing a formal notion of trusted execution. We propose a dual controller deployment architecture containing additional hardware dedicated to detecting trust violations and effecting resiliency actions | repairs constructed with respect to learned invariants. Automated software repairs increase system resiliency, allowing missions to continue in the face of software defects. During deployment, including after any repairs, the system is continuously monitored.

These activities also produce artifacts to increase operator trust in the correct operation of the resilient system. Invariants and formal models with respect to high- and low-level execution signals communicate an understanding of desired system behavior. Proofs of certain diversity transformations and the dual controller architecture rule out certain classes of attacks and formally guarantee certain properties. Repair construction with respect to learned invariants and post-repair continuous monitoring give confidence in the repaired system's execution.

We propose the following program of contributions, supported by world-class expertise from five industrial and academic institutions.

• We will improve and target established best-of-breed techniques to the domain of autonomous vehicles. These include automated binary hardening, to secure systems against important classes of attacks; program repair, to recover from certain attacks and defects; and execution modeling, to distill trusted system behavior.
• We will integrate and evaluate these techniques into a unified dual controller system and participate in a preliminary Red Team activity. This will assess the resiliency afforded by our architecture as well as its overhead.
• Finally, we will conduct scientific research related to aspects of trust and resiliency. In addition to improving the existing techniques noted above, we will develop new diversity metrics (to improve resiliency) and new proofs (to improve trust).