SafeDrones: Real-Time Reliability Evaluation of UAVs using Executable Digital Dependable Identities

The use of Unmanned Arial Vehicles (UAVs) offers many advantages across a variety of applications. However, safety assurance is a key barrier to widespread usage, especially given the unpredictable operational and environmental factors experienced by UAVs, which are hard to capture solely at design-time. This paper proposes a new reliability modeling approach called SafeDrones to help address this issue by enabling runtime reliability and risk assessment of UAVs. It is a prototype instantiation of the Executable Digital Dependable Identity (EDDI) concept, which aims to create a model-based solution for real-time, data-driven dependability assurance for multi-robot systems. By providing real-time reliability estimates, SafeDrones allows UAVs to update their missions accordingly in an adaptive manner

Achieving Reliability Through Distributed Data Flows and Recursive Delegation

Strong reliability properties, such as state machine replication or virtual synchrony, are hard to implement in a scalable manner. They are typically expressed in terms of global membership views. As we argue, global membership is non-scalable. We propose a way of modeling protocols that does not rely on global membership. Our approach is based on the concept of a distributed data flow, a set of messages distributed in space and time. We model protocols as networks of such flows, constructed through recursive delegation. The resulting system uses multiple small membership services instead of a single global one while still supporting stronger properties. Our work was inspired by the functional approach to modeling distributed systems pioneered by I/O automata. This paper focuses on the basic model. Internal details of our system architecture and a compiler that translates protocols from our data flow language to real executable code will be discussed elsewhere.This work was supported in part by grants from AFOSR, AFRL, NSF, and Intel Corporatio

Quantifying the Resiliency of Fail-Operational Real-Time Networked Control Systems

In time-sensitive, safety-critical systems that must be fail-operational, active replication is commonly used to mitigate transient faults that arise due to electromagnetic interference (EMI). However, designing an effective and well-performing active replication scheme is challenging since replication conflicts with the size, weight, power, and cost constraints of embedded applications. To enable a systematic and rigorous exploration of the resulting tradeoffs, we present an analysis to quantify the resiliency of fail-operational networked control systems against EMI-induced memory corruption, host crashes, and retransmission delays. Since control systems are typically robust to a few failed iterations, e.g., one missed actuation does not crash an inverted pendulum, traditional solutions based on hard real-time assumptions are often too pessimistic. Our analysis reduces this pessimism by modeling a control system\u27s inherent robustness as an (m,k)-firm specification. A case study with an active suspension workload indicates that the analytical bounds closely predict the failure rate estimates obtained through simulation, thereby enabling a meaningful design-space exploration, and also demonstrates the utility of the analysis in identifying non-trivial and non-obvious reliability tradeoffs

Investigating Performance and Reliability of Process Bus Networks for Digital Protective Relaying

To reduce the cost of complex and long copper wiring, as well as to achieve flexibility in signal communications, IEC 61850 part 9-2 proposes a process bus communication network between process level switchyard equipments, and bay level protection and control (P&C) Intelligent Electronic Devices (IEDs). After successful implementation of Ethernet networks for IEC 61850 standard part 8-1 (station bus) at several substations worldwide, major manufacturers are currently working on the development of interoperable products for the IEC 61850-9-2 based process bus. The major technical challenges for applying Ethernet networks at process level include: 1) the performance of time critical messages for protection applications; 2) impacts of process bus Ethernet networks on the reliability of substation protection systems. This work starts with the performance analysis in terms of time critical Sampled Value (SV) messages loss and/or delay over the IEC 61850-9-2 process bus networks of a typical substation. Unlike GOOSE, the SV message is not repeated several times, and therefore, there is no assurance that each SV message will be received from the process bus network at protection IEDs. Therefore, the detailed modeling of IEC 61850 based substation protection devices, communication protocols, and packet format is carried out using an industry-trusted simulation tool OPNET, to study and quantify number of SV loss and delay over the process bus. The impact of SV loss/delay on digital substation protection systems is evident, and recognized by several manufacturers. Therefore, a sample value estimation algorithm is developed in order to enhance the performance of digital substation protection functions by estimating the lost and delayed sampled values. The error of estimation is evaluated in detail considering several scenarios of power system relaying. The work is further carried out to investigate the possible impact of SV loss/delay on protection functions, and test the proposed SV estimation algorithm using the hardware setup. Therefore, a state-of-the-art process bus laboratory with the protection IEDs and merging unit playback simulator using industrial computers on the QNX hard-real-time platform, is developed for a typical IEC 61850-9-2 based process bus network. Moreover, the proposed SV estimation algorithm is implemented as a part of bus differential and transmission line distance protection IEDs, and it is tested using the developed experimental setup for various SV loss/delay scenarios and power system fault conditions. In addition to the performance analysis, this work also focuses on the reliability aspects of protection systems with process bus communication network. To study the impact of process bus communication on reliability indices of a substation protection function, the detailed reliability modeling and analysis is carried out for a typical substation layout. First of all, reliability analysis is done using Reliability Block Diagrams (RBD) considering various practical process bus architectures, as well as, time synchronization techniques. After obtaining important failure rates from the RBD, an extended Markov model is proposed to analyze the reliability indices of protection systems, such as, protection unavailability, abnormal unavailability, and loss of security. It is shown with the proposed Markov model that the implementation of sampled value estimation improves the reliability indices of a protection system

Feedback and time are essential for the optimal control of computing systems

The performance, reliability, cost, size and energy usage of computing systems can be improved by one or more orders of magnitude by the systematic use of modern control and optimization methods. Computing systems rely on the use of feedback algorithms to schedule tasks, data and resources, but the models that are used to design these algorithms are validated using open-loop metrics. By using closed-loop metrics instead, such as the gap metric developed in the control community, it should be possible to develop improved scheduling algorithms and computing systems that have not been over-engineered. Furthermore, scheduling problems are most naturally formulated as constraint satisfaction or mathematical optimization problems, but these are seldom implemented using state of the art numerical methods, nor do they explicitly take into account the fact that the scheduling problem itself takes time to solve. This paper makes the case that recent results in real-time model predictive control, where optimization problems are solved in order to control a process that evolves in time, are likely to form the basis of scheduling algorithms of the future. We therefore outline some of the research problems and opportunities that could arise by explicitly considering feedback and time when designing optimal scheduling algorithms for computing systems

Modeling and Recognition of Smart Grid Faults by a Combined Approach of Dissimilarity Learning and One-Class Classification

Detecting faults in electrical power grids is of paramount importance, either from the electricity operator and consumer viewpoints. Modern electric power grids (smart grids) are equipped with smart sensors that allow to gather real-time information regarding the physical status of all the component elements belonging to the whole infrastructure (e.g., cables and related insulation, transformers, breakers and so on). In real-world smart grid systems, usually, additional information that are related to the operational status of the grid itself are collected such as meteorological information. Designing a suitable recognition (discrimination) model of faults in a real-world smart grid system is hence a challenging task. This follows from the heterogeneity of the information that actually determine a typical fault condition. The second point is that, for synthesizing a recognition model, in practice only the conditions of observed faults are usually meaningful. Therefore, a suitable recognition model should be synthesized by making use of the observed fault conditions only. In this paper, we deal with the problem of modeling and recognizing faults in a real-world smart grid system, which supplies the entire city of Rome, Italy. Recognition of faults is addressed by following a combined approach of multiple dissimilarity measures customization and one-class classification techniques. We provide here an in-depth study related to the available data and to the models synthesized by the proposed one-class classifier. We offer also a comprehensive analysis of the fault recognition results by exploiting a fuzzy set based reliability decision rule