Carlos Barreto

Design of mechanisms for demand response programs

We prove the inefficiency (in the sense of Pareto) of the electricity system, as well as its resemblance with the tragedy of the commons. Also, we present a mechanism intended to achieve efficiency in the electricity consumption by means of economic incentives. The proposed incentives might be seen as an indirect revelation mechanism, in which users do not have to reveal private information about their preferences. Instead, a particular incentive is calculated for each user, based solely on its relative consumption. We conclude that the success of the proposed mechanism requires subsidies from external institutions, at least during the transition between an inefficient outcome and the efficient equilibrium.

Population Games Methods for Distributed Control of Microgrids

We illustrate the potential of applying population games in two key related problems in microgrids management: 1) economic dispatch of active and reactive power; and 2) demand response. For the dynamic economic dispatch problem, we present a hierarchical microgrid energy management algorithm able to dispatch active and reactive power dynamically. In the second case, we use an opinion dynamics model, including the market in which the network agents interact. Opinion dynamics considers individuals who shape their beliefs based on information they receive from a subset of the society and offers tools to analyze the outcome of collective decision processes, which apparently can be considered arbitrary. We propose an opinion dynamics model including some desired characteristics, such as prominent agents and environmental incentives.

Controllability of Dynamical Systems: Threat Models and Reactive Security

We study controllability and stability properties of dynamical systems when actuator or sensor signals are under attack. We formulate a detailed adversary model that considers different levels of privilege for the attacker such as read and write access to information flows. We then study the impact of these attacks and propose reactive countermeasures based on game theory. In one case-study we use a basic differential game, and in the other case study we introduce a heuristic game for stability.

Cyber-Physical Systems Attestation

Cyber-Physical Systems (CPS) are monitored and controlled by a wide variety of sensors and controllers. However, it has been repeatedly demonstrated that most of the devices interacting with the physical world (sensors and controllers) are extremely fragile to security incidents. One particular technology that can help us improve the trustworthiness of these devices is software attestation. While software attestation can help a verifier check the integrity of devices, it still has several drawbacks that have limited their application in the field, like establishing an authenticated channel, the inability to provide continuous attestation, and the need to modify devices to implement the attestation procedure. To overcome these limitations, we propose CPS-attestation as an attestation technique for control systems to attest their state to an external verifier. CPS-attestation enables a verifier to continuously monitor the dynamics of the control system over time and detect whether a component is not behaving as expected or if it is driving the system to an unsafe state. Our goal in this position paper is to initiate the discussion on the suitability of applying attestation techniques to control systems and the associated research challenges.

CPS: market analysis of attacks against demand response in the smart grid

Demand response systems assume an electricity retail-market with strategic electricity consuming agents. The goal in these systems is to design load shaping mechanisms to achieve efficiency of resources and customer satisfaction. Recent research efforts have studied the impact of integrity attacks in simplified versions of the demand response problem, where neither the load consuming agents nor the adversary are strategic. In this paper, we study the impact of integrity attacks considering strategic players (a social planner or a consumer) and a strategic attacker. We identify two types of attackers: (1) a malicious attacker who wants to damage the equipment in the power grid by producing sudden overloads, and (2) a selfish attacker that wants to defraud the system by compromising and then manipulating control (load shaping) signals. We then explore the resiliency of two different demand response systems to these fraudsters and malicious attackers. Our results provide guidelines for system operators deciding which type of demand-response system they want to implement, how to secure them, and directions for detecting these attacks.

Detecting fraud in demand response programs

In this paper we study the security of demand response programs under false load control signals. We show how an attacker can defraud demand response programs by sending false load control signals and how it can make difficult the precise identification of the culprit. We analyze ways to detect attacks, and propose ideas to design the market in a way that attackers will not have an incentive to defraud the system.

Control Systems for the Power Grid and Their Resiliency to Attacks

Most government, industry, and academic efforts to protect the power grid have focused on information security mechanisms for preventing and detecting attacks. In addition to these mechanisms, control engineering can help improve power grid security.

A population dynamics model for opinion dynamics with prominent agents and incentives

In this paper, the design of a population dynamics model based on both opinion and imitator dynamics is presented. This approach is focused on the analysis of some population behaviors such as the emergence of either consensus or disagreement, information aggregation, and spread of misinformation. The analysis of these properties is made in the context of network populations with or without the presence of prominent agents and environmental incentives. Some simulation results illustrate the ideas presented in this paper.

Optimal Security Investments in a Prevention and Detection Game

Most security defenses can be breached by motivated adversaries, therefore in addition to attack-prevention technologies, firms investing in cyber-security for their information technology infrastructure need to consider attack-detection and restoration tools to detect intruders, and restore their system to a safe condition. Attackers face similar investment alternatives; they need to invest resources to finding vulnerabilities in a protected system, and once the protection has been broken, they need to invest in the infrastructure necessary to exploit these attacks and maintain stealthy persistence in the compromised infrastructure. We model this dual considerations as a dynamic programming problem between attackers and defenders and then study the Nash equilibrium of this game. Our goal is to find models and alternatives that can help us understand optimal security investments in prevention and detection against advanced rational adversaries.

Optimal risk management in critical infrastructures against cyber-adversaries

One of the biggest cyber-security problems that our critical infrastructures face is the underinvestment in cyber-security solutions by private firms operating these systems. A healthy market insurance may incentivize asset owners to invest more in cyber-security protections in order to pay lower premiums to manage their residual risk. In this paper we model the problem of optimal risk management in critical infrastructures and show conditions where insurance motivates asset owners to invest more in security, and other conditions where even government incentives for the adoption of insurance may have the opposite effect of reducing cyber-security investments.