9,859 research outputs found
Monitoring with Trackers Based on Semi-Quantitative Models
In three years of NASA-sponsored research preceding this project, we successfully developed a technology for: (1) building qualitative and semi-quantitative models from libraries of model-fragments, (2) simulating these models to predict future behaviors with the guarantee that all possible behaviors are covered, (3) assimilating observations into behaviors, shrinking uncertainty so that incorrect models are eventually refuted and correct models make stronger predictions for the future. In our object-oriented framework, a tracker is an object which embodies the hypothesis that the available observation stream is consistent with a particular behavior of a particular model. The tracker maintains its own status (consistent, superceded, or refuted), and answers questions about its explanation for past observations and its predictions for the future. In the MIMIC approach to monitoring of continuous systems, a number of trackers are active in parallel, representing alternate hypotheses about the behavior of a system. This approach is motivated by the need to avoid 'system accidents' [Perrow, 1985] due to operator fixation on a single hypothesis, as for example at Three Mile Island. As we began to address these issues, we focused on three major research directions that we planned to pursue over a three-year project: (1) tractable qualitative simulation, (2) semiquantitative inference, and (3) tracking set management. Unfortunately, funding limitations made it impossible to continue past year one. Nonetheless, we made major progress in the first two of these areas. Progress in the third area as slower because the graduate student working on that aspect of the project decided to leave school and take a job in industry. I enclosed a set of abstract of selected papers on the work describe below. Several papers that draw on the research supported during this period appeared in print after the grant period ended
Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems
We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment
aimed at fostering the collaboration between system designers and security
experts at all methodological stages of the development of an embedded system.
A central issue in the design of an embedded system is the definition of the
hardware/software partitioning of the architecture of the system, which should
take place as early as possible. SysML-Sec aims to extend the relevance of this
analysis through the integration of security requirements and threats. In
particular, we propose an agile methodology whose aim is to assess early on the
impact of the security requirements and of the security mechanisms designed to
satisfy them over the safety of the system. Security concerns are captured in a
component-centric manner through existing SysML diagrams with only minimal
extensions. After the requirements captured are derived into security and
cryptographic mechanisms, security properties can be formally verified over
this design. To perform the latter, model transformation techniques are
implemented in the SysML-Sec toolchain in order to derive a ProVerif
specification from the SysML models. An automotive firmware flashing procedure
serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Specification Patterns for Robotic Missions
Mobile and general-purpose robots increasingly support our everyday life,
requiring dependable robotics control software. Creating such software mainly
amounts to implementing their complex behaviors known as missions. Recognizing
the need, a large number of domain-specific specification languages has been
proposed. These, in addition to traditional logical languages, allow the use of
formally specified missions for synthesis, verification, simulation, or guiding
the implementation. For instance, the logical language LTL is commonly used by
experts to specify missions, as an input for planners, which synthesize the
behavior a robot should have. Unfortunately, domain-specific languages are
usually tied to specific robot models, while logical languages such as LTL are
difficult to use by non-experts. We present a catalog of 22 mission
specification patterns for mobile robots, together with tooling for
instantiating, composing, and compiling the patterns to create mission
specifications. The patterns provide solutions for recurrent specification
problems, each of which detailing the usage intent, known uses, relationships
to other patterns, and---most importantly---a template mission specification in
temporal logic. Our tooling produces specifications expressed in the LTL and
CTL temporal logics to be used by planners, simulators, or model checkers. The
patterns originate from 245 realistic textual mission requirements extracted
from the robotics literature, and they are evaluated upon a total of 441
real-world mission requirements and 1251 mission specifications. Five of these
reflect scenarios we defined with two well-known industrial partners developing
human-size robots. We validated our patterns' correctness with simulators and
two real robots
Model checking embedded system designs
We survey the basic principles behind the application of model checking to controller verification and synthesis. A promising development is the area of guided model checking, in which the state space search strategy of the model checking algorithm can be influenced to visit more interesting sets of states first. In particular, we discuss how model checking can be combined with heuristic cost functions to guide search strategies. Finally, we list a number of current research developments, especially in the area of reachability analysis for optimal control and related issues
Self-calibrating models for dynamic monitoring and diagnosis
A method for automatically building qualitative and semi-quantitative models of dynamic systems, and using them for monitoring and fault diagnosis, is developed and demonstrated. The qualitative approach and semi-quantitative method are applied to monitoring observation streams, and to design of non-linear control systems
Design: One, but in different forms
This overview paper defends an augmented cognitively oriented generic-design
hypothesis: there are both significant similarities between the design
activities implemented in different situations and crucial differences between
these and other cognitive activities; yet, characteristics of a design
situation (related to the design process, the designers, and the artefact)
introduce specificities in the corresponding cognitive activities and
structures that are used, and in the resulting designs. We thus augment the
classical generic-design hypothesis with that of different forms of designing.
We review the data available in the cognitive design research literature and
propose a series of candidates underlying such forms of design, outlining a
number of directions requiring further elaboration
Innovation as a community-spanning process: strategies to handle path dependency.
In this paper, we further develop and apply the notions of path creation and path dependency during technological innovation processes. The process of technological innovation is portrayed as an activity of spanning boundaries between and across communities of practitioners. Communities of practice are characterised by shared beliefs, evaluation routines and artefacts. These beliefs, routines and artefacts create powerful path-dependencies that inhibit path-breaking innovations. Based on exploratory empirical research, a model on handling path-dependency during the creation of technological innovations is proposed.Processes; Strategy; Evaluation; Innovations; Model;
- …