83 research outputs found
Conformance-based doping detection for cyber-physical systems
We present a novel and generalised notion of doping cleanness for cyber-physical systems that allows for perturbing the inputs and observing the perturbed outputs both in the time– and value–domains. We instantiate our definition using existing notions of conformance for cyber-physical systems. We show that our generalised definitions are essential in a data-driven method for doping detection and apply our definitions to a case study concerning diesel emission tests
Conformance relations and hyperproperties for doping detection in time and space
We present a novel and generalised notion of doping cleanness for cyber-physical systems that allows for perturbing the inputs and observing the perturbed outputs both in the time- and value-domains. We instantiate our definition using existing notions of conformance for cyber-physical systems. As a formal basis for monitoring conformance-based cleanness, we develop the temporal logic HyperSTL*, an extension of Signal Temporal Logics with trace quantifiers and a freeze operator. We show that our generalised definitions are essential in a data-driven method for doping detection and apply our definitions to a case study concerning diesel emission tests
Conformance Relations and Hyperproperties for Doping Detection in Time and Space
We present a novel and generalised notion of doping cleanness for
cyber-physical systems that allows for perturbing the inputs and observing the
perturbed outputs both in the time- and value-domains. We instantiate our
definition using existing notions of conformance for cyber-physical systems. As
a formal basis for monitoring conformance-based cleanness, we develop the
temporal logic HyperSTL*, an extension of Signal Temporal Logics with trace
quantifiers and a freeze operator. We show that our generalised definitions are
essential in a data-driven method for doping detection and apply our
definitions to a case study concerning diesel emission tests
Software doping – Theory and detection
Software is doped if it contains a hidden functionality that is intentionally included by the manufacturer and is not in the interest of the user or society. This thesis complements this informal definition by a set of formal cleanness definitions that characterise the absence of software doping. These definitions reflect common expectations on clean software behaviour and are applicable to many types of software, from printers to cars to discriminatory AI systems. We use these definitions to propose white-box and black-box analysis techniques to detect software doping. In particular, we present a provably correct, model-based testing algorithm that is intertwined with a probabilistic-falsification-based test input selection technique. We identify and explain how to overcome the challenges that are specific to real-world software doping tests and analyses. The most prominent example of software doping in recent years is the Diesel Emissions Scandal. We demonstrate the strength of our cleanness definitions and analysis techniques by applying them to emission cleaning systems of diesel cars. All our car related research is unified in a Car Data Platform. The mobile app LolaDrives is one building block of this platform; it supports conducting real-driving emissions tests and provides feedback to the user in how far a trip satisfies driving conditions that are defined by official regulations.Software ist gedopt wenn sie eine versteckte Funktionalität enthält, die vom Hersteller beabsichtigt ist und deren Existenz nicht im Interesse des Benutzers oder der Gesellschaft ist. Die vorliegende Arbeit ergänzt diese nicht formale Definition um eine Menge von Cleanness-Definitionen, die die Abwesenheit von Software Doping charakterisieren. Diese Definitionen spiegeln allgemeine Erwartungen an "sauberes" Softwareverhalten wider und sie sind auf viele Arten von Software anwendbar, vom Drucker über Autos bis hin zu diskriminierenden KI-Systemen. Wir verwenden diese Definitionen um sowohl white-box, als auch black-box Analyseverfahren zur Verfügung zu stellen, die in der Lage sind Software Doping zu erkennen. Insbesondere stellen wir einen korrekt bewiesenen Algorithmus für modellbasierte Tests vor, der eng verflochten ist mit einer Test-Input-Generierung basierend auf einer Probabilistic-Falsification-Technik. Wir identifizieren Hürden hinsichtlich Software-Doping-Tests in der echten Welt und erklären, wie diese bewältigt werden können. Das bekannteste Beispiel für Software Doping in den letzten Jahren ist der Diesel-Abgasskandal. Wir demonstrieren die Fähigkeiten unserer Cleanness-Definitionen und Analyseverfahren, indem wir diese auf Abgasreinigungssystem von Dieselfahrzeugen anwenden. Unsere gesamte auto-basierte Forschung kommt in der Car Data Platform zusammen. Die mobile App LolaDrives ist eine Kernkomponente dieser Plattform; sie unterstützt bei der Durchführung von Abgasmessungen auf der Straße und gibt dem Fahrer Feedback inwiefern eine Fahrt den offiziellen Anforderungen der EU-Norm der Real-Driving Emissions entspricht
Detection of Unknown-Unknowns in Cyber-Physical Systems using Statistical Conformance with Physics Guided Process Models
Unknown unknowns are operational scenarios in a cyber-physical system that
are not accounted for in the design and test phase. As such under
unknown-unknown scenarios, the operational behavior of the CPS is not
guaranteed to meet requirements such as safety and efficacy specified using
Signal Temporal Logic (STL) on the output trajectories. We propose a novel
framework for analyzing the stochastic conformance of operational output
characteristics of safety-critical cyber-physical systems that can discover
unknown-unknown scenarios and evaluate potential safety hazards. We propose
dynamics-induced hybrid recurrent neural networks (DiH-RNN) to mine a
physics-guided surrogate model (PGSM) which is used to check the model
conformance using STL on the model coefficients. We demonstrate the detection
of operational changes in an Artificial Pancreas(AP) due to unknown insulin
cartridge errors
Conformance Testing for Stochastic Cyber-Physical Systems
Conformance is defined as a measure of distance between the behaviors of two
dynamical systems. The notion of conformance can accelerate system design when
models of varying fidelities are available on which analysis and control design
can be done more efficiently. Ultimately, conformance can capture distance
between design models and their real implementations and thus aid in robust
system design. In this paper, we are interested in the conformance of
stochastic dynamical systems. We argue that probabilistic reasoning over the
distribution of distances between model trajectories is a good measure for
stochastic conformance. Additionally, we propose the non-conformance risk to
reason about the risk of stochastic systems not being conformant. We show that
both notions have the desirable transference property, meaning that conformant
systems satisfy similar system specifications, i.e., if the first model
satisfies a desirable specification, the second model will satisfy (nearly) the
same specification. Lastly, we propose how stochastic conformance and the
non-conformance risk can be estimated from data using statistical tools such as
conformal prediction. We present empirical evaluations of our method on an F-16
aircraft, an autonomous vehicle, a spacecraft, and Dubin's vehicle
Sistemas Autónomos Confiables (TAS): El Enfoque de la Verificabilidad
Autonomous systems are taking over the decision-making in many crucial aspects of our lives. Having the right level of trust in them will help their users benefit from such systems without harming themselves. Establishing the right level of trust involves a holistic validation and verification process, accounting for aspects such as interactions with the physical world and human users. In this talk, I present our ongoing effort in providing a holistic framework for ensuring the verifiability of autonomous systems.Los sistemas autónomos se están haciendo cargo de la toma de decisiones en muchos aspectos cruciales de nuestras vidas. Tener el nivel adecuado de confianza en ellos ayudará a sus usuarios a beneficiarse de dichos sistemas sin dañarse a sí mismos. Establecer el nivel adecuado de confianza implica un proceso holístico de validación y verificación, que tiene en cuenta aspectos como las interacciones con el mundo físico y los usuarios humanos. En esta charla, presento nuestro esfuerzo continuo para proporcionar un marco holístico para garantizar la verificabilidad de los sistemas autónomos
On the road with RTLola : Testing real driving emissions on your phone
This paper is about shipping runtime verification to the masses. It presents the crucial technology enabling everyday car
owners to monitor the behaviour of their cars in-the-wild. Concretely, we present an Android app that deploys rtlola
runtime monitors for the purpose of diagnosing automotive exhaust emissions. For this, it harvests the availability of cheap
Bluetooth adapters to the On-Board-Diagnostics (obd) ports, which are ubiquitous in cars nowadays. The app is a central
piece in a set of tools and services we have developed for black-box analysis of automotive vehicles. We detail its use in
the context of real driving emission (rde) tests and report on sample runs that helped identify violations of the regulatory
framework currently valid in the European Union
A Survey on Industrial Control System Testbeds and Datasets for Security Research
The increasing digitization and interconnection of legacy Industrial Control
Systems (ICSs) open new vulnerability surfaces, exposing such systems to
malicious attackers. Furthermore, since ICSs are often employed in critical
infrastructures (e.g., nuclear plants) and manufacturing companies (e.g.,
chemical industries), attacks can lead to devastating physical damages. In
dealing with this security requirement, the research community focuses on
developing new security mechanisms such as Intrusion Detection Systems (IDSs),
facilitated by leveraging modern machine learning techniques. However, these
algorithms require a testing platform and a considerable amount of data to be
trained and tested accurately. To satisfy this prerequisite, Academia,
Industry, and Government are increasingly proposing testbed (i.e., scaled-down
versions of ICSs or simulations) to test the performances of the IDSs.
Furthermore, to enable researchers to cross-validate security systems (e.g.,
security-by-design concepts or anomaly detectors), several datasets have been
collected from testbeds and shared with the community. In this paper, we
provide a deep and comprehensive overview of ICSs, presenting the architecture
design, the employed devices, and the security protocols implemented. We then
collect, compare, and describe testbeds and datasets in the literature,
highlighting key challenges and design guidelines to keep in mind in the design
phases. Furthermore, we enrich our work by reporting the best performing IDS
algorithms tested on every dataset to create a baseline in state of the art for
this field. Finally, driven by knowledge accumulated during this survey's
development, we report advice and good practices on the development, the
choice, and the utilization of testbeds, datasets, and IDSs
- …