A Contract-Based Requirement Engineering Framework for the Design of Industrial Cyber-Physical Systems

This work-in-progress paper presents our current effort toward the development of compositional modeling formalisms and scalable algorithms for high-assurance design of industrial cyber-physical systems, with emphasis on smart manufacturing systems. A require-ment engineering methodology is implemented within CHASE, a software framework supporting contract-based representations of systems and components to facilitate analysis and design space exploration. We provide an overview of CHASE and discuss its application to the design of a robotic arm. This paper is accompanied by a poster describing the architecture of CHASE and a demonstration of its application to the case study

Caratterizzazione dello spazio architetturale di un amplificatore transconduttivo

Il presente lavoro di tesi affronta il problema della progettazione analogica a livello di sistema studiando un convertitore analogico/digitale di tipo pipeline ad elevate prestazioni in tecnologia CMOS a 0.13 um. Più specificamente, viene studiato l’amplificatore interstadio al fine di valutare l’ottimalità delle specifiche richieste nel progetto originale. Viene applicata una metodologia di progetto basata sulla esplorazione e caratterizzazione dello spazio architetturale di interesse, volta alla creazione di una libreria (Piattaforma Analogica) che racchiuda sia modelli di prestazioni dell’ amplificatore sia modelli comportamentali dello stesso da utilizzarsi per progettazione ad alto livello. Inizialmente, viene effettuata un’ analisi del primo stadio del convertitore pipeline volta a ricavare le specifiche del blocco amplificatore. La metodologia prevede un campionamento dello spazio delle prestazioni attraverso simulazione di configurazioni generate perturbando il progetto originale. Al fine di specificare lo spazio di campionamento, vengono ricavate delle relazioni che vincolano le dimensioni dei singoli dispositivi imponendo condizioni di polarizzazione, minimo guadagno e minima banda. Le relazioni vengono quindi manipolate al fine di ottenere uno schema valutativo, basato su MATLAB/Ocean, in grado di generare configurazioni casuali del circuito che rispettano le relazioni stesse. Un insieme di indici di prestazione viene ricavato dai dati delle simulazioni cui si ricorre dato lo scarso potere predittivo dei modelli analitici. Infatti, con le moderne tecnologie CMOS i parametri di merito sono legati alle dimensioni dei dispositivi attraverso equazioni non esprimibili in forma analitica. Gli indici di prestazione vengono utilizzati per la creazione di un modello di prestazione il cui scopo è di vincolare i parametri del modello comportamentale corrispondente a valori effettivamente ottenibili dall’architettura prescelta. Tale modello di prestazione può essere utilizzato per selezionare, tramite ottimizzazione a livello di sistema, un insieme di specifiche ottime per l’amplificatore in esame

A Sample-Efficient Algorithm for Episodic Finite-Horizon MDP with Constraints

Constrained Markov Decision Processes (CMDPs) formalize sequential decision-making problems whose objective is to minimize a cost function while satisfying constraints on various cost functions. In this paper, we consider the setting of episodic fixed-horizon CMDPs. We propose an online algorithm which leverages the linear programming formulation of finite-horizon CMDP for repeated optimistic planning to provide a probably approximately correct (PAC) guarantee on the number of episodes needed to ensure an $\epsilon$-optimal policy, i.e., with resulting objective value within $\epsilon$ of the optimal value and satisfying the constraints within $\epsilon$-tolerance, with probability at least $1-\delta$. The number of episodes needed is shown to be of the order $\tilde{\mathcal{O}}\big(\frac{|S||A|C^{2}H^{2}}{\epsilon^{2}}\log\frac{1}{\delta}\big)$, where $C$ is the upper bound on the number of possible successor states for a state-action pair. Therefore, if $C \ll |S|$, the number of episodes needed have a linear dependence on the state and action space sizes $|S|$ and $|A|$, respectively, and quadratic dependence on the time horizon $H$

A Satisfiability Modulo Theory Approach to Secure State Reconstruction in Differentially Flat Systems Under Sensor Attacks

We address the problem of estimating the state of a differentially flat system from measurements that may be corrupted by an adversarial attack. In cyber-physical systems, malicious attacks can directly compromise the system's sensors or manipulate the communication between sensors and controllers. We consider attacks that only corrupt a subset of sensor measurements. We show that the possibility of reconstructing the state under such attacks is characterized by a suitable generalization of the notion of s-sparse observability, previously introduced by some of the authors in the linear case. We also extend our previous work on the use of Satisfiability Modulo Theory solvers to estimate the state under sensor attacks to the context of differentially flat systems. The effectiveness of our approach is illustrated on the problem of controlling a quadrotor under sensor attacks.Comment: arXiv admin note: text overlap with arXiv:1412.432

SANSCrypt: A Sporadic-Authentication-Based Sequential Logic Encryption Scheme

We propose SANSCrypt, a novel sequential logic encryption scheme to protect integrated circuits against reverse engineering. Previous sequential encryption methods focus on modifying the circuit state machine such that the correct functionality can be accessed by applying the correct key sequence only once. Considering the risk associated with one-time authentication, SANSCrypt adopts a new temporal dimension to logic encryption, by requiring the user to sporadically perform multiple authentications according to a protocol based on pseudo-random number generation. Analysis and validation results on a set of benchmark circuits show that SANSCrypt offers a substantial output corruptibility if the key sequences are applied incorrectly. Moreover, it exhibits an exponential resilience to existing attacks, including SAT-based attacks, while maintaining a reasonably low overhead.Comment: This paper has been accepted at the 28th IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC

Exact and Cost-Effective Automated Transformation of Neural Network Controllers to Decision Tree Controllers

Over the past decade, neural network (NN)-based controllers have demonstrated remarkable efficacy in a variety of decision-making tasks. However, their black-box nature and the risk of unexpected behaviors and surprising results pose a challenge to their deployment in real-world systems with strong guarantees of correctness and safety. We address these limitations by investigating the transformation of NN-based controllers into equivalent soft decision tree (SDT)-based controllers and its impact on verifiability. Differently from previous approaches, we focus on discrete-output NN controllers including rectified linear unit (ReLU) activation functions as well as argmax operations. We then devise an exact but cost-effective transformation algorithm, in that it can automatically prune redundant branches. We evaluate our approach using two benchmarks from the OpenAI Gym environment. Our results indicate that the SDT transformation can benefit formal verification, showing runtime improvements of up to 21x and 2x for MountainCar-v0 and CartPole-v0, respectively