4,922 research outputs found
Quantitative Verification: Formal Guarantees for Timeliness, Reliability and Performance
Computerised systems appear in almost all aspects of our daily lives, often in safety-critical scenarios such as embedded control systems in cars and aircraft
or medical devices such as pacemakers and sensors. We are thus increasingly reliant on these systems working correctly, despite often operating in unpredictable or unreliable environments. Designers of such devices need ways to guarantee that they will operate in a reliable and efficient manner.
Quantitative verification is a technique for analysing quantitative aspects of a system's design, such as timeliness, reliability or performance. It applies formal methods, based on a rigorous analysis of a mathematical model of the system, to automatically prove certain precisely specified properties, e.g. ``the airbag will always deploy within 20 milliseconds after a crash'' or ``the probability of both sensors failing simultaneously is less than 0.001''.
The ability to formally guarantee quantitative properties of this kind is beneficial across a wide range of application domains. For example, in safety-critical systems, it may be essential to establish credible bounds on the probability with which certain failures or combinations of failures can occur. In embedded control systems, it is often important to comply with strict constraints on timing or resources. More generally, being able to derive guarantees on precisely specified levels of performance or efficiency is a valuable tool in the design of, for example, wireless networking protocols, robotic systems or power management algorithms, to name but a few.
This report gives a short introduction to quantitative verification, focusing in particular on a widely used technique called model checking, and its generalisation to the analysis of quantitative aspects of a system such as timing, probabilistic behaviour or resource usage.
The intended audience is industrial designers and developers of systems such as those highlighted above who could benefit from the application of quantitative verification,but lack expertise in formal verification or modelling
Attack-Resilient Supervisory Control of Discrete-Event Systems
In this work, we study the problem of supervisory control of discrete-event
systems (DES) in the presence of attacks that tamper with inputs and outputs of
the plant. We consider a very general system setup as we focus on both
deterministic and nondeterministic plants that we model as finite state
transducers (FSTs); this also covers the conventional approach to modeling DES
as deterministic finite automata. Furthermore, we cover a wide class of attacks
that can nondeterministically add, remove, or rewrite a sensing and/or
actuation word to any word from predefined regular languages, and show how such
attacks can be modeled by nondeterministic FSTs; we also present how the use of
FSTs facilitates modeling realistic (and very complex) attacks, as well as
provides the foundation for design of attack-resilient supervisory controllers.
Specifically, we first consider the supervisory control problem for
deterministic plants with attacks (i) only on their sensors, (ii) only on their
actuators, and (iii) both on their sensors and actuators. For each case, we
develop new conditions for controllability in the presence of attacks, as well
as synthesizing algorithms to obtain FST-based description of such
attack-resilient supervisors. A derived resilient controller provides a set of
all safe control words that can keep the plant work desirably even in the
presence of corrupted observation and/or if the control words are subjected to
actuation attacks. Then, we extend the controllability theorems and the
supervisor synthesizing algorithms to nondeterministic plants that satisfy a
nonblocking condition. Finally, we illustrate applicability of our methodology
on several examples and numerical case-studies
Discovering Physical Interaction Vulnerabilities in IoT Deployments
Internet of Things (IoT) applications drive the behavior of IoT deployments
according to installed sensors and actuators. It has recently been shown that
IoT deployments are vulnerable to physical interactions, caused by design flaws
or malicious intent, that can have severe physical consequences. Yet, extant
approaches to securing IoT do not translate the app source code into its
physical behavior to evaluate physical interactions. Thus, IoT consumers and
markets do not possess the capability to assess the safety and security risks
these interactions present. In this paper, we introduce the IoTSeer security
service for IoT deployments, which uncovers undesired states caused by physical
interactions. IoTSeer operates in four phases (1) translation of each actuation
command and sensor event in an app source code into a hybrid I/O automaton that
defines an app's physical behavior, (2) combining apps in a novel composite
automaton that represents the joint physical behavior of interacting apps, (3)
applying grid-based testing and falsification to validate whether an IoT
deployment conforms to desired physical interaction policies, and (4)
identification of the root cause of policy violations and proposing patches
that guide users to prevent them. We use IoTSeer in an actual house with 13
actuators and six sensors with 37 apps and demonstrate its effectiveness and
performance
Proving Abstractions of Dynamical Systems through Numerical Simulations
A key question that arises in rigorous analysis of cyberphysical systems
under attack involves establishing whether or not the attacked system deviates
significantly from the ideal allowed behavior. This is the problem of deciding
whether or not the ideal system is an abstraction of the attacked system. A
quantitative variation of this question can capture how much the attacked
system deviates from the ideal. Thus, algorithms for deciding abstraction
relations can help measure the effect of attacks on cyberphysical systems and
to develop attack detection strategies. In this paper, we present a decision
procedure for proving that one nonlinear dynamical system is a quantitative
abstraction of another. Directly computing the reach sets of these nonlinear
systems are undecidable in general and reach set over-approximations do not
give a direct way for proving abstraction. Our procedure uses (possibly
inaccurate) numerical simulations and a model annotation to compute tight
approximations of the observable behaviors of the system and then uses these
approximations to decide on abstraction. We show that the procedure is sound
and that it is guaranteed to terminate under reasonable robustness assumptions
A Survey on IT-Techniques for a Dynamic Emergency Management in Large Infrastructures
This deliverable is a survey on the IT techniques that are relevant to the three use cases of the project EMILI. It describes the state-of-the-art in four complementary IT areas: Data cleansing, supervisory control and data acquisition, wireless sensor networks and complex event processing. Even though the deliverableās authors have tried to avoid a too technical language and have tried to explain every concept referred to, the deliverable might seem rather technical to readers so far little familiar with the techniques it describes
- ā¦