Compositional analysis of networked cyber-physical systems: safety and privacy

Cyber-physical systems (CPS) are now commonplace in power grids, manufacturing, and embedded medical devices. Failures and attacks on these systems have caused significant social, environmental and financial losses. In this thesis, we develop techniques for proving invariance and privacy properties of cyber-physical systems that could aid the development of more robust and reliable systems. The thesis uses three different modeling formalisms capturing different aspects of CPS. Networked dynamical systems are used for modeling (possibly time-delayed) interaction of ordinary differential equations, such as in power system and biological networks. Labeled transition systems are used for modeling discrete communications and updates, such as in sampled data-based control systems. Finally, Markov chains are used for describing distributed cyber-physical systems that rely on randomized algorithms for communication, such as in a crowd-sourced traffic monitoring and routing system. Despite the differences in these formalisms, any model of a CPS can be viewed as a mapping from a parameter space (for example, the set of initial states) to a space of behaviors (also called trajectories or executions). In each formalism, we define a notion of sensitivity that captures the change in trajectories as a function of the change in the parameters. We develop approaches for approximating these sensitivity functions, which in turn are used for analysis of invariance and privacy. For proving invariance, we compute an over-approximation of reach set, which is the set of states visited by any trajectory. We introduce a notion of input-to-state (IS) discrepancy functions for components of large CPS, which roughly captures the sensitivity of the component to its initial state and input. We develop a method for constructing a reduced model of the entire system using the IS discrepancy functions. Then, we show that the trajectory of the reduced model over-approximates the sensitivity of the entire system with respect to the initial states. Using the above results we develop a sound and relatively complete algorithm for compositional invariant verification. In systems where distributed components take actions concurrently, there is a combinatorial explosion in the number of different action sequences (or traces). We develop a partial order reduction method for computing the reach set for these systems. Our approach uses the observation that some action pairs are approximately independent, such that executing these actions in any order results in states that are close to each other. Hence a (large) set of traces can be partitioned into a (small) set of equivalent classes, where equivalent traces are derived through swapping approximately independent action pairs. We quantify the sensitivity of the system with respect to swapping approximately independent action pairs, which upper-bounds the distance between executions with equivalent traces. Finally, we develop an algorithm for precisely over-approximating the reach set of these systems that only explore a reduced set of traces. In many modern systems that allow users to share data, there exists a tension between improving the global performance and compromising user privacy. We propose a mechanism that guarantees ε-differential privacy for the participants, where each participant adds noise to its private data before sharing. The distributions of noise are specified by the sensitivity of the trajectory of agents to the private data. We analyze the trade-off between ε-differential privacy and performance, and show that the cost of differential privacy scales quadratically to the privacy level. The thesis illustrates that quantitative bounds on sensitivity can be used for effective reachability analysis, partial order reduction, and in the design of privacy preserving distributed cyber-physical systems

Efficient Control Approaches for Guaranteed Frequency Performance in Power Systems

Due to high penetration of renewable energy, converter-interfaced sources are increasing in power systems and degrading the grid frequency response. Synthetic inertia emulation and guaranteed primary frequency response is a challenging task. Still, there is high potential for application of highly controllable converter-interfaced devices to help performance. Renewable energy sources and demand side smart devices also need to be equipped with innovative frequency control approaches that contribute to frequency regulation operations. First, the wind turbine generator is chosen to represent an example of a converter- interfaced source. An augmented system frequency response model is derived, including the system frequency response model and a reduced-order model of the wind turbine generator representing the supportive active power due to supplementary inputs. An output feedback observer-based control is designed to provide guaranteed frequency performance. System performance is analyzed for different short circuit ratio scenarios where a lower bound to guarantee the performance is obtained. Second, the load side control for frequency regulation with its challenges is introduced. 5G technology and its potential application in smart grids are analyzed. The effect of communication delays and packet losses on inertia emulation are investigated to show the need of using improved communication infrastructure. Third, a robust delay compensation for primary frequency control using fast demand response is proposed. Possible system structured uncertainties and communication delays are considered to limit frequency variations using the proposed control approach. An uncertain governor dead-band model is introduced to capture frequency response characteristics. Guaranteed inertial response is achieved and compared with a PI-based Smith predictor controller to show the effectiveness of the proposed method. Fourth, set theoretic methods for safety verification to provide guaranteed frequency response are introduced. The Barrier certificate approach using a linear programming relaxation by Handelman’s representation is proposed with its application to power systems. Finally, the Handelman’s based barrier certificate approach for adequate frequency performance is studied. The computational algorithm is provided for the proposed method and validated using power system benchmark case studies with a discussion on a safety supervisory control (SSC)

Distributed Control of Servicing Satellite Fleet Using Horizon Simulation Framework

On-orbit satellite servicing is critical to maximizing space utilization and sustainability and is of growing interest for commercial, civil, and defense applications. Reliance on astronauts or anchored robotic arms for the servicing of next-generation large, complex space structures operating beyond Low Earth Orbit is impractical. Substantial literature has investigated the mission design and analysis of robotic servicing missions that utilize a single servicing satellite to approach and service a single target satellite. This motivates the present research to investigate a fleet of servicing satellites performing several operations for a large, central space structure. This research leverages a distributed control approach, implemented using the Horizon Simulation Framework (HSF), to develop a tool capable of integrated mission modeling and task scheduling for a servicing satellite fleet. HSF is a modeling and simulation framework for verification of system level requirements with an emphasis on state representations, modularity, and event scheduling. HSF consists of two major modules: the main scheduling algorithm and the system model. The distributed control architecture allocates processing and decision making for this multi-agent cooperative control problem across multiple subsystem models and the main HSF scheduling algorithm itself. Models were implemented with a special emphasis on the dynamics, control, trajectory constraints, and trajectory optimization for the servicing satellite fleet. The integrated mission modeling and scheduling tool was applied to a sample scenario in which a fleet of 3 servicing assets is tasked with performing 12 servicing activities for a large satellite in Geostationary Orbit. The tool was able to successfully determine a schedule in which all 12 servicing activities were completed in under 32 hours, subject to the fuel and trajectory constraints of the servicing assets

Power Reductions with Energy Recovery Using Resonant Topologies

The problem of power densities in system-on-chips (SoCs) and processors has become more exacerbated recently, resulting in high cooling costs and reliability issues. One of the largest components of power consumption is the low skew clock distribution network (CDN), driving large load capacitance. This can consume as much as 70% of the total dynamic power that is lost as heat, needing elaborate sensing and cooling mechanisms. To mitigate this, resonant clocking has been utilized in several applications over the past decade. An improved energy recovering reconfigurable generalized series resonance (GSR) solution with all the critical support circuitry is developed in this work. This LC resonant clock driver is shown to save about 50% driver power (\u3e40% overall), on a 22nm process node and has 50% less skew than a non-resonant driver at 2GHz. It can operate down to 0.2GHz to support other energy savings techniques like dynamic voltage and frequency scaling (DVFS). As an example, GSR can be configured for the simpler pulse series resonance (PSR) operation to enable further power saving for double data rate (DDR) applications, by using de-skewing latches instead of flip-flop banks. A PSR based subsystem for 40% savings in clocking power with 40% driver active area reduction xii is demonstrated. This new resonant driver generates tracking pulses at each transition of clock for dual edge operation across DVFS. PSR clocking is designed to drive explicit-pulsed latches with negative setup time. Simulations using 45nm IBM/PTM device and interconnect technology models, clocking 1024 flip-flops show the reductions, compared to non-resonant clocking. DVFS range from 2GHz/1.3V to 200MHz/0.5V is obtained. The PSR frequency is set \u3e3× the clock rate, needing only 1/10th the inductance of prior-art LC resonance schemes. The skew reductions are achieved without needing to increase the interconnect widths owing to negative set-up times. Applications in data circuits are shown as well with a 90nm example. Parallel resonant and split-driver non-resonant configurations as well are derived from GSR. Tradeoffs in timing performance versus power, based on theoretical analysis, are compared for the first time and verified. This enables synthesis of an optimal topology for a given application from the GSR

Cross-Layer Automated Hardware Design for Accuracy-Configurable Approximate Computing

Approximate Computing trades off computation accuracy against performance or energy efficiency. It is a design paradigm that arose in the last decade as an answer to diminishing returns from Dennard\u27s scaling and a shift in the prominent workloads. A range of modern workloads, categorized mainly as recognition, mining, and synthesis, features an inherent tolerance to approximations. Their characteristics, such as redundancies in their input data and robust-to-noise algorithms, allow them to produce outputs of acceptable quality, despite an approximation in some of their computations. Approximate Computing leverages the application tolerance by relaxing the exactness in computation towards primary design goals of increasing performance or improving energy efficiency. Existing techniques span across the abstraction layers of computer systems where cross-layer techniques are shown to offer a larger design space and yield higher savings. Currently, the majority of the existing work aims at meeting a single accuracy. The extent of approximation tolerance, however, significantly varies with a change in input characteristics and applications. In this dissertation, methods and implementations are presented for cross-layer and automated design of accuracy-configurable Approximate Computing to maximally exploit the performance and energy benefits. In particular, this dissertation addresses the following challenges and introduces novel contributions: A main Approximate Computing category in hardware is to scale either voltage or frequency beyond the safe limits for power or performance benefits, respectively. The rationale is that timing errors would be gradual and for an initial range tolerable. This scaling enables a fine-grain accuracy-configurability by varying the timing error occurrence. However, conventional synthesis tools aim at meeting a single delay for all paths within the circuit. Subsequently, with voltage or frequency scaling, either all paths succeed, or a large number of paths fail simultaneously, with a steep increase in error rate and magnitude. This dissertation presents an automated method for minimizing path delays by individually constraining the primary outputs of combinational circuits. As a result, it reduces the number of failing paths and makes the timing errors significantly more gradual, and also rarer and smaller on average. Additionally, it reveals that delays can be significantly reduced towards the least significant bit (LSB) and allows operating at a higher frequency when small operands are computed. Precision scaling, i.e., reducing the representation of data and its accuracy is widely used in multiple abstraction layers in Approximate Computing. Reducing data precision also reduces the transistor toggles, and therefore the dynamic power consumption. Application and architecture level precision scaling results in using only LSBs of the circuit. Arithmetic circuits often have less complexity and logic depth in LSBs compared to most significant bits (MSB). To take advantage of this circuit property, a delay-altering synthesis methodology is proposed. The method finds energy-optimal delay values under configurable precision usage and assigns them to primary outputs used for different precisions. Thereby, it enables dynamic frequency-precision scalable circuits for energy efficiency. Within the hardware architecture, it is possible to instantiate multiple units with the same functionality with different fixed approximation levels, where each block benefits from having fewer transistors and also synthesis relaxations. These blocks can be selected dynamically and thus allow to configure the accuracy during runtime. Instantiating such approximate blocks can be a lower dynamic power but higher area and leakage cost alternative to the current state-of-the-art gating mechanisms which switch off a group of paths in the circuit to reduce the toggling activity. Jointly, instantiating multiple blocks and gating mechanisms produce a large design space of accuracy-configurable hardware, where energy-optimal solutions require a cross-layer search in architecture and circuit levels. To that end, an approximate hardware synthesis methodology is proposed with joint optimizations in architecture and circuit for dynamic accuracy scaling, and thereby it enables energy vs. area trade-offs

Mathematical Methods, Modelling and Applications

This volume deals with novel high-quality research results of a wide class of mathematical models with applications in engineering, nature, and social sciences. Analytical and numeric, deterministic and uncertain dimensions are treated. Complex and multidisciplinary models are treated, including novel techniques of obtaining observation data and pattern recognition. Among the examples of treated problems, we encounter problems in engineering, social sciences, physics, biology, and health sciences. The novelty arises with respect to the mathematical treatment of the problem. Mathematical models are built, some of them under a deterministic approach, and other ones taking into account the uncertainty of the data, deriving random models. Several resulting mathematical representations of the models are shown as equations and systems of equations of different types: difference equations, ordinary differential equations, partial differential equations, integral equations, and algebraic equations. Across the chapters of the book, a wide class of approaches can be found to solve the displayed mathematical models, from analytical to numeric techniques, such as finite difference schemes, finite volume methods, iteration schemes, and numerical integration methods

Causal Modelling Based on Bayesian Networks for Preliminary Design of Buildings

Bayesian networks are a very general and powerful tool that can be used for a large number of problems involving uncertainty: reasoning, learning, planning and perception. They provide a language that supports efficient algorithms for the automatic construction of expert systems in several different contexts. The range of applications of Bayesian networks currently extends over almost all fields including engineering, biology and medicine, information and communication technologies and finance. This book is a collection of original contributions to the methodology and applications of Bayesian networks. It contains recent developments in the field and illustrates, on a sample of applications, the power of Bayesian networks in dealing the modeling of complex systems. Readers that are not familiar with this tool, but have some technical background, will find in this book all necessary theoretical and practical information on how to use and implement Bayesian networks in their own work. There is no doubt that this book constitutes a valuable resource for engineers, researchers, students and all those who are interested in discovering and experiencing the potential of this major tool of the century

Intermodal Transfer Coordination in Logistic Networks

Increasing awareness that globalization and information technology affect the patterns of transport and logistic activities has increased interest in the integration of intermodal transport resources. There are many significant advantages provided by integration of multiple transport schedules, such as: (1) Eliminating direct routes connecting all origin-destinations pairs and concentrating cargos on major routes; (2) improving the utilization of existing transportation infrastructure; (3) reducing the requirements for warehouses and storage areas due to poor connections, and (4) reducing other impacts including traffic congestion, fuel consumption and emissions. This dissertation examines a series of optimization problems for transfer coordination in intermodal and intra-modal logistic networks. The first optimization model is developed for coordinating vehicle schedules and cargo transfers at freight terminals, in order to improve system operational efficiency. A mixed integer nonlinear programming problem (MINLP) within the studied multi-mode, multi-hub, and multi-commodity network is formulated and solved by using sequential quadratic programming (SQP), genetic algorithms (GA) and a hybrid GA-SQP heuristic algorithm. This is done primarily by optimizing service frequencies and slack times for system coordination, while also considering loading and unloading, storage and cargo processing operations at the transfer terminals. Through a series of case studies, the model has shown its ability to optimize service frequencies (or headways) and slack times based on given input information. The second model is developed for countering schedule disruptions within intermodal freight systems operating in time-dependent, stochastic and dynamic environments. When routine disruptions occur (e.g. traffic congestion, vehicle failures or demand fluctuations) in pre-planned intermodal timed-transfer systems, the proposed dispatching control method determines through an optimization process whether each ready outbound vehicle should be dispatched immediately or held waiting for some late incoming vehicles with connecting freight. An additional sub-model is developed to deal with the freight left over due to missed transfers. During the phases of disruption responses, alleviations and management, the proposed real-time control model may also consider the propagation of delays at further downstream terminals. For attenuating delay propagations, an integrated dispatching control model and an analysis of sensitivity to slack times are presented