2,177 research outputs found
SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems
The recent drive towards achieving greater autonomy and intelligence in
robotics has led to high levels of complexity. Autonomous robots increasingly
depend on third party off-the-shelf components and complex machine-learning
techniques. This trend makes it challenging to provide strong design-time
certification of correct operation.
To address these challenges, we present SOTER, a robotics programming
framework with two key components: (1) a programming language for implementing
and testing high-level reactive robotics software and (2) an integrated runtime
assurance (RTA) system that helps enable the use of uncertified components,
while still providing safety guarantees. SOTER provides language primitives to
declaratively construct a RTA module consisting of an advanced,
high-performance controller (uncertified), a safe, lower-performance controller
(certified), and the desired safety specification. The framework provides a
formal guarantee that a well-formed RTA module always satisfies the safety
specification, without completely sacrificing performance by using higher
performance uncertified components whenever safe. SOTER allows the complex
robotics software stack to be constructed as a composition of RTA modules,
where each uncertified component is protected using a RTA module.
To demonstrate the efficacy of our framework, we consider a real-world
case-study of building a safe drone surveillance system. Our experiments both
in simulation and on actual drones show that the SOTER-enabled RTA ensures the
safety of the system, including when untrusted third-party components have bugs
or deviate from the desired behavior
On-Line Monitoring for Temporal Logic Robustness
In this paper, we provide a Dynamic Programming algorithm for on-line
monitoring of the state robustness of Metric Temporal Logic specifications with
past time operators. We compute the robustness of MTL with unbounded past and
bounded future temporal operators MTL over sampled traces of Cyber-Physical
Systems. We implemented our tool in Matlab as a Simulink block that can be used
in any Simulink model. We experimentally demonstrate that the overhead of the
MTL robustness monitoring is acceptable for certain classes of practical
specifications
Model Predictive Control for Signal Temporal Logic Specification
We present a mathematical programming-based method for model predictive
control of cyber-physical systems subject to signal temporal logic (STL)
specifications. We describe the use of STL to specify a wide range of
properties of these systems, including safety, response and bounded liveness.
For synthesis, we encode STL specifications as mixed integer-linear constraints
on the system variables in the optimization problem at each step of a receding
horizon control framework. We prove correctness of our algorithms, and present
experimental results for controller synthesis for building energy and climate
control
Recommended from our members
Assessing the genuineness of events in runtime monitoring of cyber systems
Monitoring security properties of cyber systems at runtime is necessary if the preservation of such properties cannot be guaranteed by formal analysis of their specification. It is also necessary if the runtime interactions between their components that are distributed over different types of local and wide area networks cannot be fully analysed before putting the systems in operation. The effectiveness of runtime monitoring depends on the trustworthiness of the runtime system events, which are analysed by the monitor. In this paper, we describe an approach for assessing the trustworthiness of such events. Our approach is based on the generation of possible explanations of runtime events based on a diagnostic model of the system under surveillance using abductive reasoning, and the confirmation of the validity of such explanations and the runtime events using belief based reasoning. The assessment process that we have developed based on this approach has been implemented as part of the EVEREST runtime monitoring framework and has been evaluated in a series of simulations that are discussed in the paper
Towards Digital Twin-enabled DevOps for CPS providing Architecture-Based Service Adaptation & Verification at Runtime
Industrial Product-Service Systems (IPSS) denote a service-oriented (SO) way
of providing access to CPS capabilities. The design of such systems bears high
risk due to uncertainty in requirements related to service function and
behavior, operation environments, and evolving customer needs. Such risks and
uncertainties are well known in the IT sector, where DevOps principles ensure
continuous system improvement through reliable and frequent delivery processes.
A modular and SO system architecture complements these processes to facilitate
IT system adaptation and evolution. This work proposes a method to use and
extend the Digital Twins (DTs) of IPSS assets for enabling the continuous
optimization of CPS service delivery and the latter's adaptation to changing
needs and environments. This reduces uncertainty during design and operations
by assuring IPSS integrity and availability, especially for design and service
adaptations at CPS runtime. The method builds on transferring IT DevOps
principles to DT-enabled CPS IPSS. The chosen design approach integrates,
reuses, and aligns the DT processing and communication resources with DevOps
requirements derived from literature. We use these requirements to propose a
DT-enabled self-adaptive CPS model, which guides the realization of DT-enabled
DevOps in CPS IPSS. We further propose detailed design models for
operation-critical DTs that integrate CPS closed-loop control and
architecture-based CPS adaptation. This integrated approach enables the
implementation of A/B testing as a use case and central concept to enable CPS
IPSS service adaptation and reconfiguration. The self-adaptive CPS model and DT
design concept have been validated in an evaluation environment for
operation-critical CPS IPSS. The demonstrator achieved sub-millisecond cycle
times during service A/B testing at runtime without causing CPS operation
interferences and downtime.Comment: Final published version appearing in 17th Symposium on Software
Engineering for Adaptive and Self-Managing Systems (SEAMS 2022
Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -
The Internet today provides the environment for novel applications and
processes which may evolve way beyond pre-planned scope and
purpose. Security analysis is growing in complexity with the increase
in functionality, connectivity, and dynamics of current electronic
business processes. Technical processes within critical
infrastructures also have to cope with these developments. To tackle
the complexity of the security analysis, the application of models is
becoming standard practice. However, model-based support for security
analysis is not only needed in pre-operational phases but also during
process execution, in order to provide situational security awareness
at runtime.
This cumulative thesis provides three major contributions to modelling
methodology.
Firstly, this thesis provides an approach for model-based analysis and
verification of security and safety properties in order to support
fault prevention and fault removal in system design or redesign.
Furthermore, some construction principles for the design of
well-behaved scalable systems are given.
The second topic is the analysis of the exposition of vulnerabilities
in the software components of networked systems to exploitation by
internal or external threats. This kind of fault forecasting allows
the security assessment of alternative system configurations and
security policies. Validation and deployment of security policies
that minimise the attack surface can now improve fault tolerance and
mitigate the impact of successful attacks.
Thirdly, the approach is extended to runtime applicability. An
observing system monitors an event stream from the observed system
with the aim to detect faults - deviations from the specified
behaviour or security compliance violations - at runtime.
Furthermore, knowledge about the expected behaviour given by an
operational model is used to predict faults in the near
future. Building on this, a holistic security management strategy is
proposed. The architecture of the observing system is described and
the applicability of model-based security analysis at runtime is
demonstrated utilising processes from several industrial scenarios.
The results of this cumulative thesis are provided by 19 selected
peer-reviewed papers
- …