An Iterative Abstraction Algorithm for Reactive Correct-by-Construction Controller Synthesis

In this paper, we consider the problem of synthesizing correct-by-construction controllers for discrete-time dynamical systems. A commonly adopted approach in the literature is to abstract the dynamical system into a Finite Transition System (FTS) and thus convert the problem into a two player game between the environment and the system on the FTS. The controller design problem can then be solved using synthesis tools for general linear temporal logic or generalized reactivity(1) specifications. In this article, we propose a new abstraction algorithm. Instead of generating a single FTS to represent the system, we generate two FTSs, which are under- and over-approximations of the original dynamical system. We further develop an iterative abstraction scheme by exploiting the concept of winning sets, i.e., the sets of states for which there exists a winning strategy for the system. Finally, the efficiency of the new abstraction algorithm is illustrated by numerical examples.Comment: A shorter version has been accepted for publication in the 54th IEEE Conference on Decision and Control (held Tuesday through Friday, December 15-18, 2015 at the Osaka International Convention Center, Osaka, Japan

Synthesis of Distributed Longitudinal Control Protocols for a Platoon of Autonomous Vehicles

We develop a framework for control protocol synthesis for a platoon of autonomous vehicles subject to temporal logic specifications. We describe the desired behavior of the platoon in a set of linear temporal logic formulas, such as collision avoidance, close spacing or comfortability. The problem of decomposing a global specification for the platoon into distributed specification for each pair of adjacent vehicles is hard to solve. We use the invariant specifications to tackle this problem and the decomposition is proved to be scalable.. Based on the specifications in Assumption/Guarantee form, we can construct a two-player game (between the vehicle and its closest leader) locally to automatically synthesize a controller protocol for each vehicle. Simulation example for a distributed vehicles control problem is also shown

Secure control against replay attacks

This paper analyzes the effect of replay attacks on a control system. We assume an attacker wishes to disrupt the operation of a control system in steady state. In order to inject an exogenous control input without being detected the attacker will hijack the sensors, observe and record their readings for a certain amount of time and repeat them afterwards while carrying out his attack. This is a very common and natural attack (we have seen numerous times intruders recording and replaying security videos while performing their attack undisturbed) for an attacker who does not know the dynamics of the system but is aware of the fact that the system itself is expected to be in steady state for the duration of the attack. We assume the control system to be a discrete time linear time invariant gaussian system applying an infinite horizon Linear Quadratic Gaussian (LQG) controller. We also assume that the system is equipped with a χ 2 failure detector. The main contributions of the paper, beyond the novelty of the problem formulation, consist in 1) providing conditions on the feasibility of the replay attack on the aforementioned system and 2) proposing a countermeasure that guarantees a desired probability of detection (with a fixed false alarm rate) by trading off either detection delay or LQG performance, either by decreasing control accuracy or increasing control effort. 1

Safe and Efficient Switching Controller Design for Partially Observed Linear-Gaussian Systems

Switching control strategies that unite a potentially high-performance but uncertified controller and a stabilizing albeit conservative controller are shown to be able to balance safety with efficiency, but have been less studied under partial observation of state. To address this gap, we propose a switching control strategy for partially observed linear-Gaussian systems with provable performance guarantees. We show that the proposed switching strategy is both safe and efficient, in the sense that: (1) the linear-quadratic cost of the system is always bounded even if the original uncertified controller is destabilizing; (2) in the case when the uncertified controller is stabilizing, the performance loss induced by the conservativeness of switching converges super-exponentially to zero. The effectiveness of the switching strategy is also demonstrated via numerical simulation on the Tennessee Eastman Process