Showing papers by "Alberto Sangiovanni-Vincentelli published in 2015"

A Platform-Based Design Methodology With Contracts and Related Tools for the Design of Cyber-Physical Systems

Abstract: We introduce a platform-based design methodology that uses contracts to specify and abstract the components of a cyber-physical system (CPS), and provide formal support to the entire CPS design flow. The design is carried out as a sequence of refinement steps from a high-level specification to an implementation built out of a library of components at the lower level. We review formalisms and tools that can be used to specify, analyze, or synthesize the design at different levels of abstraction. For each level, we highlight how the contract operations can be concretely computed as well as the research challenges that should be faced to fully implement them. We illustrate our approach on the design of embedded controllers for aircraft electric power distribution systems.

Security-Aware Design Methodology and Optimization for Automotive Systems

Abstract: In this article, we address both security and safety requirements and solve security-aware design problems for the controller area network (CAN) protocol and time division multiple access (TDMA)-based protocols. To provide insights and guidelines for other similar security problems with limited resources and strict timing constraints, we propose a general security-aware design methodology to address security with other design constraints in a holistic framework and optimize design objectives. The security-aware design methodology is further applied to solve a security-aware design problem for vehicle-to-vehicle (V2V) communications with dedicated short-range communication (DSRC) technology. Experimental results demonstrate the effectiveness of our approaches in system design without violating design constraints and indicate that it is necessary to consider security together with other metrics during design stages.

Contracts for Systems Design: Theory

Abstract: Aircrafts, trains, cars, plants, distributed telecommunication military or health care systems, and more, involve systems design as a critical step. Complexity has caused system design times and costs to go severely over budget so as to threaten the health of entire industrial sectors. Heuristic methods and standard practices do not seem to scale with complexity so that novel design methods and tools based on a strong theoretical foundation are sorely needed. Model-based design as well as other methodologies such as layered and compositional design have been used recently but a unified intellectual framework with a complete design flow supported by formal tools is still lacking. Recently an “orthogonal” approach has been proposed that can be applied to all methodologies introduced thus far to provide a rigorous scaffolding for verification, analysis and abstraction/refinement: contractbased design. Several results have been obtained in this domain but a unified treatment of the topic that can help in putting contract-based design in perspective is missing. This paper intends to provide such treatment where contracts are precisely defined and characterized so that they can be used in design methodologies such as the ones mentioned above with no ambiguity. In addition, the paper provides an important link between interface and contract theories to show similarities and correspondences. This paper is complemented by a companion paper where contract based design is illustrated through use cases.

Security-Aware Modeling and Efficient Mapping for CAN-Based Real-Time Distributed Automotive Systems

Abstract: Security has become a critical issue for automotive electronic systems. To protect against attacks, security mechanisms have to be applied, but the overhead of those mechanisms may impede system performance and cause violations of design constraints. To remedy this problem, we proposed an integrated mixed integer linear programming (MILP) formulation that is the first to address both security and safety constraints during system mapping for controller area network (CAN) based systems . However, its signal-based security constraints do not fully reflect real security requirements, and its objective function is to minimize functional path latencies rather than minimize security risk. Furthermore, its MILP-based approach has high computation complexity. In this work, we present a new formulation that defines path-based security constraints and minimizes security risk directly, and propose a new heuristic algorithm to solve the formulation efficiently. Experiments on an industrial example show that our new algorithm achieves comparable solution quality as the MILP-based approach with much better efficiency.

Sound and complete state estimation for linear dynamical systems under sensor attacks using Satisfiability Modulo Theory solving

Abstract: We address the problem of detecting and mitigating the effect of malicious attacks on the sensors of a linear dynamical system. We develop a novel, efficient algorithm that uses a Satisfiability Modulo Theory approach to isolate the compromised sensors and estimate the system state despite the presence of the attack, thus harnessing the intrinsic combinatorial complexity of the problem. Simulation results show that our algorithm compares favorably with alternative techniques, with respect to both runtime and estimation error.

Secure state reconstruction in differentially flat systems under sensor attacks using satisfiability modulo theory solving

Abstract: We address the problem of reconstructing the state of a differentially flat system from measurements that may be corrupted by an adversarial attack. In cyber-physical systems, malicious attacks can directly compromise the system's sensors or manipulate the communication between sensors and controllers. We consider attacks that only corrupt a subset of sensor measurements. We show that the possibility of reconstructing the state under such attacks is characterized by a suitable generalization of the notion of s-sparse observability, previously introduced by some of the authors in the linear case. We also extend our previous work on the use of Satisfiability Modulo Theory solvers to reconstruct the state under sensor attacks to the context of differentially flat systems. The effectiveness of our approach is illustrated on the problem of controlling a quadrotor under sensor attacks.

A Mixed Discrete-Continuous Optimization Scheme for Cyber-Physical System Architecture Exploration

Abstract: We propose a methodology for architecture exploration for Cyber-Physical Systems (CPS) based on an iterative, optimization-based approach, where a discrete architecture selection engine is placed in a loop with a continuous sizing engine. The discrete optimization routine proposes a candidate architecture to the sizing engine. The sizing routine optimizes over the continuous parameters using simulation to evaluate the physical models and to monitor the requirements. To decrease the number of simulations, we show how balance equations and conservation laws can be leveraged to prune the discrete space, thus achieving significant reduction in the overall runtime. We demonstrate the effectiveness of our methodology on an industrial case study, namely an aircraft environmental control system, showing more than one order of magnitude reduction in optimization time.

Optimized selection of reliable and cost-effective cyber-physical system architectures

Abstract: We address the problem of synthesizing safety-critical cyber-physical system architectures to minimize a cost function while guaranteeing the desired reliability We cast the problem as an integer linear program on a reconfigurable graph which models the architecture Since generating symbolic probability constraints by exhaustive enumeration of failure cases on all possible graph configurations takes exponential time, we propose two algorithms to decrease the problem complexity, ie Integer-Linear Programming Modulo Reliability (ILP-MR) and Integer-Linear Programming with Approximate Reliability (ILP-AR) We compare the two approaches and demonstrate their effectiveness on the design of aircraft electric power system architectures

Routing-Aware Design of Indoor Wireless Sensor Networks Using an Interactive Tool

Abstract: In this paper, we present an interactive design tool that can assist rapid prototyping and deployment of wireless sensor networks for building automation systems. We argue that it is possible to design networks that are more resilient to failures and have longer lifetime if the behavior of routing algorithms (RAs) is taken into account at design time. Resiliency can be increased by algorithmically adding redundancy to the network at locations where it can be maximally leveraged by RAs during operation. Lifetime can be increased by placing routers where they are most needed according to the expected data traffic patterns to improve the quality of the transmission. The network synthesis problem is formulated as an optimization problem. We propose a mixed-integer linear program to solve it exactly and a polynomial-time heuristic that returns close-to-optimal results in a shorter time. We analyze the performance of the designed networks by using OPNET simulation. Results show that our tool can assist in designing sensor networks that have high throughput and consume power efficiently.

Education and training challenges in the era of Cyber-Physical Systems: beyond traditional engineering

Abstract: Education and training face several challenges as our society is evolving to become increasingly dependent on Cyber-Physical Systems (CPS). We present and discuss how education is impacted, leveraging mainly a cross-domain investigation of CPS challenges of the EU CyPhERS project. In particular, the investigation revealed challenges that go beyond engineering education and that were found to be common across domains; (i) the need to consider and to include a broader set of stakeholders including policy makers and the general public to raise awareness of CPS technology implications (opportunities, risks and challenges), (ii) emphasizing human centered perspectives including sustainability and privacy in CPS education to make sure we end up with a human centric CPS-based society, (iii) improving the status of teaching, and (iv) supporting educational platforms and life-long learning capabilities. We conclude by discussing implications for educational systems.

Smart Buildings in the Smart Grid: Contract-Based Design of an Integrated Energy Management System

Abstract: In a supply-following “smart” grid scenario, buildings can exploit remotely controllable thermostats and “smart” meters to communicate with energy providers, trade energy in real-time and offer frequency regulation services, by leveraging the flexibility in the energy consumption of their heating, ventilation and air conditioning (HVAC) systems. The realization of such a scenario is, however, strongly dependent on our ability to radically re-think the way both the grid and the building control algorithms are designed. In this work, we regard the grid as an integrated, distributed, cyber-physical system, and propose a compositional framework for the deployment of an optimal supply-following strategy. We use the concept of assume-guarantee contracts to formalize the requirements of the grid and the building subsystem as well as their interface. At the building level, such formalization leads to the development of an optimal control mechanism to determine the HVAC energy flexibility while maximizing the monetary incentive for it. At the grid level, it allows formulating a model predictive control scheme to optimally control the ancillary service power flow from buildings, while integrating constraints such as ramping rates of ancillary service providers, maximum available ancillary power, and load forecast information. Simulation results illustrate the effectiveness of the proposed design methodology and the improvements brought by the proposed control strategy with respect to the state of the art.

Methodology and Tools for Next Generation Cyber-Physical Systems: The iCyPhy Approach

Abstract: The realization of complex, cyber-physical “systems of systems” can substantially benefit from model-based hierarchical and compositional methodologies to make their design possible let alone optimal. In this paper, we introduce the methodology being developed within the industrial Cyber-Physical (iCyPhy) research consortium, which addresses the complexity and heterogeneity of cyber-physical systems by formalizing the design process in a hierarchical and compositional way, and provides a unifying framework where different modeling, analysis and synthesis tools can seamlessly interconnect. We use assume-guarantee contracts and their algebra (e.g. composition, conjunction, refinement) to provide formal support to the entire design flow. The design is carried out as a sequence of refinement steps from a high-level specification (top-down phase) to an implementation built out of a library of components at the lower level (bottom-up phase). At each step, the design is refined by combining synthesis from requirements, optimization and simulation-based design space exploration methods. We illustrate our approach on design examples of embedded controllers for aircraft power distribution and air management systems.

Efficient Wire Routing and Wire Sizing for Weight Minimization of Automotive Systems

Abstract: As the complexities of automotive systems increase, designing a system is a difficult task that cannot be done manually. In this paper, we focus on wire routing and wire sizing for weight minimization to deal with more and more connections between devices in automotive systems. The wire routing problem is formulated as a minimal Steiner tree problem with capacity constraints, and the location of a Steiner vertex is selected to add a splice which is used to connect more than two wires. We modify the Kou-Markowsky-Berman algorithm to efficiently construct Steiner trees and propose an integer linear programming (ILP) formulation to relocate Steiner vertices and satisfy capacity constraints. The ILP formulation is relaxed to a linear programming (LP) formulation which has the same optimal objective and can be solved more efficiently. Besides wire routing, wire sizing is also performed to satisfy resistance constraints and minimize the total wiring weight. To the best of our knowledge, this is the first work in the literature to formulate the automotive routing problem as a minimal Steiner tree problem with capacity constraints and perform wire routing and wire sizing for weight minimization. An industrial case study shows the effectiveness and efficiency of our algorithm which provides an efficient, flexible, and scalable approach for the design optimization of automotive systems.

Stochastic model predictive control design for load management system of aircraft electrical power distribution

Abstract: Aircraft Electric Power Systems (EPS) route power from generators to vital avionics loads by configuring a set of electronic control switches denoted as contactors. The external loads applied to an EPS, power requirement of the system, electrical component failure events, and the dynamics of the system are inherently uncertain. In this paper, we address the problem of designing a stochastic optimal control strategy for the EPS contactors. We first represent mathematical models of different components of an EPS, and formalize the performance metrics of the system as well as the constraints that should be satisfied in a stochastic modeling framework. We then formulate the optimization of the system performance as a stochastic model predictive control (SMPC) problem, and present two special cases of the proposed SMPC analysis to approximate the problem with linear mixed-integer optimization problems. Finally, we report simulation results to confirm the effectiveness of the proposed approach.

Design optimization of the control system for the powertrain of an electric vehicle: A cyber-physical system approach

Abstract: By leveraging the interaction between the physical and the computation worlds, cyber-physical systems provide the capability of augmenting the available design space in several application domains, possibly improving the quality of the final design In this paper, we propose a new, optimization-based methodology for the co-design of the gear ratio and the active damping controller of the powertrain system in an electric vehicle Our goal is to explore the trade-off between vehicle acceleration performance and drivability Using a platform-based approach, we first define the system architecture, the requirements, and quality metrics of interest Then, we formulate the design problem for the powertrain control system as an optimization problem, and propose a procedure to derive an optimal system sizing, by relying on the simulation of the vehicle performance for a set of driving scenarios Optimization results show that the driveline control performance can be substantially improved with respect to conventional solutions, using the proposed methodology This further highlights the relevance and effectiveness of a cyber-physical system approach to system design across the boundary between plant architecture and control law

Proceedings of the Second International Workshop on the Swarm at the Edge of the Cloud

Abstract: Sensor and actuator swarms, which can be wirelessly interconnected and combined with cloud-based services and applications on handheld devices, offer an unprecedented ability to monitor and act on a range of physical quantities. Sensor and actuator-based systems have been proposed and deployed for a broad range of applications, but the potential goes far beyond what has been accomplished so far. When realized in full, these technologies can integrate the cyber world (centered today in the cloud) with our physical/biological world. This evolution enables humans, machines and infrastructure that are far more aware of and adaptive to their environment. Just as today much of our data resides "in the cloud," tomorrow much of our physical world will have a presence "in the swarm." From the perspective of the information world, this revolution gives the information network eyes, ears, hands, and feet to interact with the physical world. From the perspective of the physical and biological world, this revolution enables coordination, intelligence, and efficient use of resources. This workshop will bring together world-class experts on the enabling technology and applications of swarm technologies. We are very pleased to welcome you to the second in the series of the International Workshop on the Swarm at the Edge of the Cloud, and its Proceedings. The mission of this workshop series is on providing the highest-profile academic and industrial research forum to develop and promote our new community. Central to this mission is the creation of a nurturing research forum that communicates the latest developments in the field, creates an opportunity for interdisciplinary collaboration, and provides an archival venue for the progress being achieved.

Design Automation of Electronic Systems: Past Accomplishments and Challenges Ahead

Abstract: The articles in this special issue provides an overview of and a perspective on the evolution of electronic design automation (EDA), and offers a perspective on some of the principal avenues of future development.

Contracts for Systems Design: Methodology and Application cases

Abstract: Recently, contract based design has been proposed as an ”orthogonal” approach that can be applied to all methodologies proposed so far to cope with the complexity of system design Contract based design provides a rigorous scaffolding for verification, analysis and abstraction/refinement Companion report RR-8759 proposes a unified treatment of the topic that can help in putting contract-based design in perspective This paper complements RR-8759 by further discussing methodological aspects of system design with contracts in perspective and presenting two application cases The first application case illustrates the use of contracts in requirement engineering, an area of system design where formal methods were scarcely considered, yet are stringently needed We focus in particular to the critical design step by which sub-contracts are generated for suppliers from a set of different viewpoints (specified as contracts) on the global system We also discuss important issues regarding certification in requirement engineering, such as consistency, compatibility, and completeness of requirements The second example is developed in the context of the Autosar methodology now widely advocated in the automotive sector We propose a contract framework to support schedulability analysis, a key step in Autosar methodology Our aim differs from the many proposals for compositional schedulability analysis in that we aim at defining sub-contracts for suppliers, not just performing the analysis by parts—we know from companion paper RR-8759 that sub-contracting to suppliers differs from a compositional analysis entirely performed by the OEM We observe that the methodology advocated by Autosar is in contradiction with contract based design in that some recommended design steps cannot be refinements We show how to circumvent this difficulty by precisely bounding the risk at system integration phase Another feature of this application case is the combination of manual reasoning for local properties and use of the formal contract algebra to lift a collection of local checks to a system wide analysis

A Contract-based Framework for Integrated Demand Response Management in Smart Grids

Abstract: Demand Response (DR) is considered a promising approach to cope with the increasing variability in power grids due to the penetration of renewable energy sources. However, it still remains a challenge to manage the aggregation of a large number of heterogeneous loads to achieve a desired response, especially at a fast time scale. In this paper, we present a system-level modeling and control design approach for DR management in smart grids, by following a contract-based methodology. Given a set of flexible DR loads, capable of adapting their power consumption upon external requests, we find a strategy for an aggregator to optimally track a DR requirement by combining the individual contributions of the DR components. In our framework, both the design requirements and the DR components' interfaces are specified by assume-guarantee contracts expressed using mixed-integer linear constraints. Contracts are used to formulate an optimal control problem, which is solved repeatedly over time, in a receding horizon fashion. We illustrate the effectiveness of our methodology for a set of DR components including fans and pumps, showing that it enables modular development of non-disruptive DR control schemes.

Embedded Systems Development: From Functional Models to Implementations

Abstract: This book offers readers broad coverage of techniques to model, verify and validate the behavior and performance of complex distributed embedded systems. The authors attempt to bridge the gap between the three disciplines of model-based design, real-time analysis and model-driven development, for a better understanding of the ways in which new development flows can be constructed, going from system-level modeling to the correct and predictable generation of a distributed implementation, leveraging current and future research results.

A Satisfiability Modulo Theory Approach to Secure State Reconstruction in Differentially Flat Systems Under Sensor Attacks

Abstract: Author(s): Shoukry, Yasser; Nuzzo, Pierluigi; Bezzo, Nicola; Sangiovanni-Vincentelli, Alberto L; Seshia, Sanjit A; Tabuada, Paulo | Abstract: We address the problem of estimating the state of a differentially flat system from measurements that may be corrupted by an adversarial attack. In cyber-physical systems, malicious attacks can directly compromise the system's sensors or manipulate the communication between sensors and controllers. We consider attacks that only corrupt a subset of sensor measurements. We show that the possibility of reconstructing the state under such attacks is characterized by a suitable generalization of the notion of s-sparse observability, previously introduced by some of the authors in the linear case. We also extend our previous work on the use of Satisfiability Modulo Theory solvers to estimate the state under sensor attacks to the context of differentially flat systems. The effectiveness of our approach is illustrated on the problem of controlling a quadrotor under sensor attacks.

Design Automation of Electronic Systems: Past Accomplishments and Challenges Ahead [Scanning the Issue]

Abstract: The articles in this special issue provides an overview of and a perspective on the evolution of electronic design automation (EDA), and offers a perspective on some of the principal avenues of future development.

Efficient distribution of Triggered Synchronous Block Diagrams on asynchronous platforms

Abstract: As the complexity of embedded systems rapidly increases in terms of both scale and functionality, there has been a strong interest in design languages and methodologies that facilitate the use of formal methods. These languages and methodologies are mostly based on a synchronous paradigm that, while satisfies the need for formalization, often results in an inefficient implementation requiring substantial overhead when compared to approaches that do not enforce synchronicity on the execution platform. Therefore, the interest is high for techniques that on one hand, maintain the formal properties of synchronous models, and on the other hand, enable the use of asynchronous and distributed execution platforms with little overhead. In this paper, we propose an approach for efficient distribution of Triggered Synchronous Block Diagrams (SBDs) on asynchronous platforms while preserving the correct semantics. Compared to previous work that utilizes trigger elimination, our approach aims to reduce the unnecessary communication overhead and thus improve the efficiency of the implementation. We consider both general Triggered SBDs where the values of triggers are dynamically computed, as well as Timed SBDs where triggers are statically known and usually specified by (period, initial phase) pairs.