Safety-critical embedded systems are vulnerable to combinations of cyber and physical attacks. Examples include Stuxnet attacks on power grids and GPS spoofing. We use program analysis and synthesis techniques to analyze security vulnerability and develop defense mechanisms.