Location

Coda C0915 Atlantic, or join via Zoom

Title: Physics-Aware Security for Cyber-Physical Critical Infrastructure

 

Burak Sahin

Ph.D. Candidate in Computer Science

School of Cybersecurity and Privacy

Georgia Institute of Technology

 

Date/Time: Thursday, July 9, 2026, 12:00 PM - 1:00 PM Eastern Time (US and Canada)

Location: Coda C0915 Atlantic, or join via Zoom

 

 

Committee:

Dr. Saman Zonouz (Advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Brendan Saltaformaggio, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Mustaque Ahamad, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Sukarno Mertoguno, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Fan Zhang, School of Mechanical Engineering, Georgia Institute of Technology

Dr. Amin Hass, Global Cybersecurity R&D Lead, Accenture

 

Abstract:

Cyber-physical critical infrastructure, such as power grids, water-treatment plants, and manufacturing lines, runs on programmable logic controllers whose compromise results in direct physical damage. The security tools that guard these controllers, however, are almost entirely cyber-only: they reason about code, memory, and control flow, yet carry no model of the physical process the controller governs. As a result, they cannot distinguish an actuator command that keeps a plant safe from one that drives it toward a dangerous state, and the defenses that try to close this gap fall back on brittle, hand-tuned, per-deployment heuristics.

 

Yet the physical knowledge these tools lack is not actually missing. Every cyber-physical deployment already carries a precise, written description of its own physics: the physical model and its physical security constraints, authored once during the design phase. Treating that description as a domain-specific guidance artifact that tailors defenses to each deployment, this dissertation puts it to work across the industrial control system (ICS) lifecycle. ICSFlux uses the physical model alone, without firmware access, to discover the command sequences that drive a controller into an unsafe state before deployment. ICSFit reuses the same model to harden firmware at deployment, proving which code paths the physics can never reach and redirecting them to a safe continuation. SafetyCFI then enforces safety at runtime, gating every actuator write against the deployment's safety policies on each scan cycle. Together, these systems show that one artifact, the physical model, drives discovery, hardening, and enforcement across heterogeneous industrial domains and vendors, without the hardcoded, per-deployment heuristics that earlier work relied on.