555 research outputs found
Hybrid Automata for Formal Modeling and Verification of Cyber-Physical Systems
The presence of a tight integration between the discrete control (the
"cyber") and the analog environment (the "physical")---via sensors and
actuators over wired or wireless communication networks---is the defining
feature of cyber-physical systems. Hence, the functional correctness of a
cyber- physical system is crucially dependent not only on the dynamics of the
analog physical environment, but also on the decisions taken by the discrete
control that alter the dynamics of the environment. The framework of Hybrid
automata---introduced by Alur, Courcoubetis, Henzinger, and Ho---provides a
formal modeling and specification environment to analyze the interaction
between the discrete and continuous parts of a cyber-physical system. Hybrid
automata can be considered as generalizations of finite state automata
augmented with a finite set of real-valued variables whose dynamics in each
state is governed by a system of ordinary differential equations. Moreover, the
discrete transitions of hybrid automata are guarded by constraints over the
values of these real-valued variables, and enable discontinuous jumps in the
evolution of these variables. Considering the richness of the dynamics in a
hybrid automaton, it is perhaps not surprising that the fundamental
verification questions, like reachability and schedulability, for the general
model are undecidable. In this article we present a review of hybrid automata
as modeling and verification framework for cyber-physical systems, and survey
some of the key results related to practical verification questions related to
hybrid automata.Comment: 17 page
Automated Synthesis of Safe and Robust PID Controllers for Stochastic Hybrid Systems
We present a new method for the automated synthesis of safe and robust
Proportional-Integral-Derivative (PID) controllers for stochastic hybrid
systems. Despite their widespread use in industry, no automated method
currently exists for deriving a PID controller (or any other type of
controller, for that matter) with safety and performance guarantees for such a
general class of systems. In particular, we consider hybrid systems with
nonlinear dynamics (Lipschitz-continuous ordinary differential equations) and
random parameters, and we synthesize PID controllers such that the resulting
closed-loop systems satisfy safety and performance constraints given as
probabilistic bounded reachability properties. Our technique leverages SMT
solvers over the reals and nonlinear differential equations to provide formal
guarantees that the synthesized controllers satisfy such properties. These
controllers are also robust by design since they minimize the probability of
reaching an unsafe state in the presence of random disturbances. We apply our
approach to the problem of insulin regulation for type 1 diabetes, synthesizing
controllers with robust responses to large random meal disturbances, thereby
enabling them to maintain blood glucose levels within healthy, safe ranges.Comment: Extended version of paper accepted at the 13th Haifa Verification
Conferenc
SReach: A Bounded Model Checker for Stochastic Hybrid Systems
In this paper we describe a new tool, SReach, which solves probabilistic
bounded reachability problems for two classes of stochastic hybrid systems. The
first one is (nonlinear) hybrid automata with parametric uncertainty. The
second one is probabilistic hybrid automata with additional randomness for both
transition probabilities and variable resets. Standard approaches to
reachability problems for linear hybrid systems require numerical solutions for
large optimization problems, and become infeasible for systems involving both
nonlinear dynamics over the reals and stochasticity. Our approach encodes
stochastic information by using random variables, and combines the randomized
sampling, a -complete decision procedure, and statistical tests. SReach
utilizes the -complete decision procedure to solve reachability
problems in a sound manner, i.e., it always decides correctly if, for a given
assignment to all random variables, the system actually reaches the unsafe
region. The statistical tests adapted guarantee arbitrary small error bounds
between probabilities estimated by SReach and real ones. Compared to standard
simulation-based methods, our approach supports non-deterministic branching,
increases the coverage of simulation, and avoids the zero-crossing problem. We
demonstrate our method's feasibility by applying SReach to three representative
biological models and to additional benchmarks for nonlinear hybrid systems
with multiple probabilistic system parameters
Verification for Machine Learning, Autonomy, and Neural Networks Survey
This survey presents an overview of verification techniques for autonomous
systems, with a focus on safety-critical autonomous cyber-physical systems
(CPS) and subcomponents thereof. Autonomy in CPS is enabling by recent advances
in artificial intelligence (AI) and machine learning (ML) through approaches
such as deep neural networks (DNNs), embedded in so-called learning enabled
components (LECs) that accomplish tasks from classification to control.
Recently, the formal methods and formal verification community has developed
methods to characterize behaviors in these LECs with eventual goals of formally
verifying specifications for LECs, and this article presents a survey of many
of these recent approaches
How to Learn a Model Checker
We show how machine-learning techniques, particularly neural networks, offer
a very effective and highly efficient solution to the approximate
model-checking problem for continuous and hybrid systems, a solution where the
general-purpose model checker is replaced by a model-specific classifier
trained by sampling model trajectories. To the best of our knowledge, we are
the first to establish this link from machine learning to model checking. Our
method comprises a pipeline of analysis techniques for estimating and obtaining
statistical guarantees on the classifier's prediction performance, as well as
tuning techniques to improve such performance. Our experimental evaluation
considers the time-bounded reachability problem for three well-established
benchmarks in the hybrid systems community. On these examples, we achieve an
accuracy of 99.82% to 100% and a false-negative rate (incorrectly predicting
that unsafe states are not reachable from a given state) of 0.0007 to 0. We
believe that this level of accuracy is acceptable in many practical
applications and we show how the approximate model checker can be made more
conservative by tuning the classifier through further training and selection of
the classification threshold.Comment: 16 pages, 13 figures, short version submitted to HSCC201
Hardware-In-The-Loop Vulnerability Analysis of a Single-Machine Infinite-Bus Power System
The dynamic performance of the generators is a critical factor for the safe
operation of the power grid. To this extent, the stability of the frequency of
generators is the target of cyber attacks since its instability may lead to
sizable cascade failures in the whole network. In this paper, we perform the
vulnerability analysis in a developed power grid Hardware-In-The-Loop (HITL)
testbed with a Wago 750-881 PLC sending control commands to the generators and
a 750 Feeder Management Relay connected to a local load. A process-aware
coordinated attack is demonstrated by spoofing control commands sent by the PLC
and the relay to the simulated power system which is modeled as a
single-machine infinite-bus (SMIB). Based on the reachability analysis, the
attacker can find the optimal attack signal to drive the system state out of
their safe set of values. Thereafter, it is experimentally demonstrated that
the attacker does not need to send attack signal continuously if he implements
a carefully designed coordinated attack on the PLC and the relay. The presented
assessments provide information about the best time to launch an attack in
order to destabilize the power system.Comment: Pages1-
Computational methods for stochastic control with metric interval temporal logic specifications
This paper studies an optimal control problem for continuous-time stochastic
systems subject to reachability objectives specified in a subclass of metric
interval temporal logic specifications, a temporal logic with real-time
constraints. We propose a probabilistic method for synthesizing an optimal
control policy that maximizes the probability of satisfying a specification
based on a discrete approximation of the underlying stochastic system. First,
we show that the original problem can be formulated as a stochastic optimal
control problem in a state space augmented with finite memory and states of
some clock variables. Second, we present a numerical method for computing an
optimal policy with which the given specification is satisfied with the maximal
probability in point-based semantics in the discrete approximation of the
underlying system. We show that the policy obtained in the discrete
approximation converges to the optimal one for satisfying the specification in
the continuous or dense-time semantics as the discretization becomes finer in
both state and time. Finally, we illustrate our approach with a robotic motion
planning example.Comment: 8 pages, 6 figures, submitted to IEEE CDC 201
Probabilistic bounded reachability for hybrid systems with continuous nondeterministic and probabilistic parameters
We develop an algorithm for computing bounded reachability probability for
hybrid systems, i.e., the probability that the system reaches an unsafe region
within a finite number of discrete transitions. In particular, we focus on
hybrid systems with continuous dynamics given by solutions of nonlinear
ordinary differential equations (with possibly nondeterministic initial
conditions and parameters), and probabilistic behaviour given by initial
parameters distributed as continuous (with possibly infinite support) and
discrete random variables. Our approach is to define an appropriate relaxation
of the (undecidable) reachability problem, so that it can be solved by
-complete decision procedures. In particular, for systems with
continuous random parameters only, we develop a validated integration procedure
which computes an arbitrarily small interval that is guaranteed to contain the
reachability probability. In the more general case of systems with both
nondeterministic and probabilistic parameters, our procedure computes a
guaranteed enclosure for the range of reachability probabilities. We have
applied our approach to a number of nonlinear hybrid models and validated the
results by comparison with Monte Carlo simulation
Dynamic Security Analysis of Power Systems by a Sampling-Based Algorithm
Dynamic security analysis is an important problem of power systems on
ensuring safe operation and stable power supply even when certain faults occur.
No matter such faults are caused by vulnerabilities of system components,
physical attacks, or cyber-attacks that are more related to cyber-security,
they eventually affect the physical stability of a power system. Examples of
the loss of physical stability include the Northeast blackout of 2003 in North
America and the 2015 system-wide blackout in Ukraine. The nonlinear hybrid
nature, that is, nonlinear continuous dynamics integrated with discrete
switching, and the high degree of freedom property of power system dynamics
make it challenging to conduct the dynamic security analysis. In this paper, we
use the hybrid automaton model to describe the dynamics of a power system and
mainly deal with the index-1 differential-algebraic equation models regarding
the continuous dynamics in different discrete states. The analysis problem is
formulated as a reachability problem of the associated hybrid model. A
sampling-based algorithm is then proposed by integrating modeling and
randomized simulation of the hybrid dynamics to search for a feasible execution
connecting an initial state of the post-fault system and a target set in the
desired operation mode. The proposed method enables the use of existing power
system simulators for the synthesis of discrete switching and control
strategies through randomized simulation. The effectiveness and performance of
the proposed approach are demonstrated with an application to the dynamic
security analysis of the New England 39-bus benchmark power system exhibiting
hybrid dynamics. In addition to evaluating the dynamic security, the proposed
method searches for a feasible strategy to ensure the dynamic security of the
system in face of disruptions.Comment: 23 pages, 12 figure
PAC Statistical Model Checking for Markov Decision Processes and Stochastic Games
Statistical model checking (SMC) is a technique for analysis of probabilistic
systems that may be (partially) unknown. We present an SMC algorithm for
(unbounded) reachability yielding probably approximately correct (PAC)
guarantees on the results. We consider both the setting (i) with no knowledge
of the transition function (with the only quantity required a bound on the
minimum transition probability) and (ii) with knowledge of the topology of the
underlying graph. On the one hand, it is the first algorithm for stochastic
games. On the other hand, it is the first practical algorithm even for Markov
decision processes. Compared to previous approaches where PAC guarantees
require running times longer than the age of universe even for systems with a
handful of states, our algorithm often yields reasonably precise results within
minutes, not requiring the knowledge of mixing time or the topology of the
whole model
- …