Security-critical cyber-physical systems (CPS) are vulnerable to logic-based attacks such as sensor spoofing and actuator hijacking. To address this, we propose CyFence—a novel architecture that embeds CPS physical dynamic semantics into the closed-loop controller for online, real-time compliance verification of control actions. By leveraging ARM TrustZone as a trusted execution environment (TEE), CyFence ensures the integrity and immutability of the verification logic itself, thereby enabling simultaneous attack detection and behavioral validation. Our approach comprises three key components: (1) physics-informed semantic modeling of CPS dynamics, (2) a lightweight, real-time verification mechanism, and (3) hardware-in-the-loop (HIL) validation. Evaluated on a production-grade active braking digital controller, CyFence demonstrates robust resilience against diverse logic attacks while incurring an average computational overhead of less than 0.8%, significantly enhancing the depth and reliability of CPS defense.

In the last decades, Cyber-physical Systems (CPSs) have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks. Since many CPS are used in safety-critical systems, such attacks entail high risks and potential safety harms. Although several defense strategies have been proposed, they rarely exploit the cyber-physical nature of the system. In this work, we exploit the nature of CPS by proposing CyFence, a novel architecture that improves the resilience of closed-loop control systems against cyber-attacks by adding a semantic check, used to confirm that the system is behaving as expected. To ensure the security of the semantic check code, we use the Trusted Execution Environment implemented by modern processors. We evaluate CyFence considering a real-world application, consisting of an active braking digital controller, demonstrating that it can mitigate different types of attacks with a negligible computation overhead.