Cyber-physical systems and networks form a ubiquitous computing substrate that underlies much of modern technological society. Examples include embedded systems, such as medical devices, communication peripherals, smart vehicles, and large-scale systems, such as transportation networks, power generation grids, and water distribution systems. Researchers and hackers have recently shown that cyber-physical systems are vulnerable to remote attacks targeting their physical infrastructure or their data management and communication layer. Due to the crucial role of cyber-physical systems in everyday life, the development of advanced security monitors is of utmost importance.

This thesis addresses problems concerning security of cyber-physical systems. Our contribution is threefold. First, we propose a unified modeling framework for cyber-physical systems, monitors, and attacks. For our model we define the notions of detectability and identifiability of an attack by its effect on output measurements, and we characterize fundamental monitoring limitations. Additionally, we provide algebraic and graph-theoretic tests for the existence of undetectable and unidentifiable attacks in cyber-physical systems. Second, we design centralized and distributed monitors for the detection and identification of attacks from output measurements. Our monitors leverage on tools from control theory and distributed computing, such as conditioned invariant subspaces and waveform relaxation techniques. Our monitors are provably correct, and effective against attacks targeting both the physical infrastructure and the communication layer. Third, we exploit our findings to design undetectable attack strategies. Our attack design method relies upon the control-theoretic notion of controlled invariant subspace. Our attack strategy is specific, in the sense that the attack signal is cast to alter the system functionality in a pre-specified manner. Finally, we present several illustrative examples. Besides showing the effectiveness of our methods for the analysis of systems vulnerabilities, the design of security monitors, and the synthesis of attack strategies, our numerical examples confirm that our methods are effective also in the presence of system noise and unmodeled dynamics.