Showing papers by "Paulo Tabuada published in 2015"

A Framework for the Event-Triggered Stabilization of Nonlinear Systems

Abstract: Event-triggered control consists of closing the feedback loop whenever a predefined state-dependent criterion is satisfied. This paradigm is especially well suited for embedded systems and networked control systems since it is able to reduce the amount of communication and computation resources needed for control, compared to the traditional periodic implementation. In this paper, we propose a framework for the event-triggered stabilization of nonlinear systems using hybrid systems tools, that is general enough to encompass most of the existing event-triggered control techniques, which we revisit and generalize. We also derive two new event-triggering conditions which may further enlarge the inter-event times compared to the available policies in the literature as illustrated by two physical examples. These novel techniques exemplify the relevance of introducing additional variables for the design of the triggering law. The proposed approach as well as the new event-triggering strategies are flexible and we believe that they can be used to address other event-based control problems.

Secure State Estimation against Sensor Attacks in the Presence of Noise

Abstract: We consider the problem of estimating the state of a noisy linear dynamical system when an unknown subset of sensors is arbitrarily corrupted by an adversary. We propose a secure state estimation algorithm, and derive (optimal) bounds on the achievable state estimation error given an upper bound on the number of attacked sensors. The proposed state estimator involves Kalman filters operating over subsets of sensors to search for a sensor subset which is reliable for state estimation. To further improve the subset search time, we propose Satisfiability Modulo Theory based techniques to exploit the combinatorial nature of searching over sensor subsets. Finally, as a result of independent interest, we give a coding theoretic view of attack detection and state estimation against sensor attacks in a noiseless dynamical system.

Attack-resilient state estimation in the presence of noise

Abstract: We consider the problem of attack-resilient state estimation in the presence of noise. We focus on the most general model for sensor attacks where any signal can be injected via the compromised sensors. An l0-based state estimator that can be formulated as a mixed-integer linear program and its convex relaxation based on the l1 norm are presented. For both l0 and l1-based state estimators, we derive rigorous analytic bounds on the state-estimation errors. We show that the worst-case error is linear with the size of the noise, meaning that the attacker cannot exploit noise and modeling errors to introduce unbounded state-estimation errors. Finally, we show how the presented attack-resilient state estimators can be used for sound attack detection and identification, and provide conditions on the size of attack vectors that will ensure correct identification of compromised sensors.

Adaptive cruise control: Experimental validation of advanced controllers on scale-model cars

Abstract: Recent advances in automotive technology, such as, sensing and onboard computation, have resulted in the development of adaptive cruise control (ACC) algorithms that improve both comfort and safety. With a view towards developing advanced controllers for ACC, this paper presents an experimental platform for validation and demonstration of an online optimization based controller. Going beyond traditional PID based controllers for ACC that lack proof of safety, we construct a control framework that gives formal guarantees of correctness. In particular, safety constraints—maintaining a valid following distance from a lead car—are represented by control barrier functions (CBFs), and control objectives— achieving a desired speed—are encoded through control Lyapunov functions (CLFs). These different objectives can be unified through a quadtraic program (QP), with constraints dictated by CBFs and CLFs, that balances safety and the control objectives in an optimal fashion. This methodology is demonstrated on scale-model cars, for which the CBF-CLF based controller is implemented online, with the end result being the experimental validation of an advanced adaptive cruise controller.

Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise

Abstract: Motivated by the need to secure cyber-physical systems against attacks, we consider the problem of estimating the state of a noisy linear dynamical system when a subset of sensors is arbitrarily corrupted by an adversary. We propose a secure state estimation algorithm and derive (optimal) bounds on the achievable state estimation error. In addition, as a result of independent interest, we give a coding theoretic interpretation for prior work on secure state estimation against sensor attacks in a noiseless dynamical system.

On compositional symbolic controller synthesis inspired by small-gain theorems

Abstract: In this paper, we present a compositional method for the synthesis of controllers enforcing persistency specifications. This method is inspired by two classes of compositional techniques: small-gain theorems from the control literature; and assume-guarantee reasoning from the formal methods literature. We show that the method presented in this paper is strictly more general than a representative existing small-gain theorem.

Event-Triggered and Self-Triggered Control.

Abstract: Recent developments in computer and communication technologies have led to a new type of large-scale resource-constrained wireless embedded control systems. It is desirable in these systems to limit the sensor and control computation and/or communication to instances when the system needs attention. However, classical sampled-data control is based on performing sensing and actuation periodically rather than when the system needs attention. This article discusses eventand self-triggered control systems where sensing and actuation is performed when needed. Event-triggered control is reactive and generates sensor sampling and control actuation when, for instance, the plant state deviates more than a certain threshold from a desired value. Self-triggered control, on the other hand, is proactive and computes the next sampling or actuation instance ahead of time. The basics of these control strategies are introduced together with references for further reading.

Sound and complete state estimation for linear dynamical systems under sensor attacks using Satisfiability Modulo Theory solving

Abstract: We address the problem of detecting and mitigating the effect of malicious attacks on the sensors of a linear dynamical system. We develop a novel, efficient algorithm that uses a Satisfiability Modulo Theory approach to isolate the compromised sensors and estimate the system state despite the presence of the attack, thus harnessing the intrinsic combinatorial complexity of the problem. Simulation results show that our algorithm compares favorably with alternative techniques, with respect to both runtime and estimation error.

Secure state reconstruction in differentially flat systems under sensor attacks using satisfiability modulo theory solving

Abstract: We address the problem of reconstructing the state of a differentially flat system from measurements that may be corrupted by an adversarial attack. In cyber-physical systems, malicious attacks can directly compromise the system's sensors or manipulate the communication between sensors and controllers. We consider attacks that only corrupt a subset of sensor measurements. We show that the possibility of reconstructing the state under such attacks is characterized by a suitable generalization of the notion of s-sparse observability, previously introduced by some of the authors in the linear case. We also extend our previous work on the use of Satisfiability Modulo Theory solvers to reconstruct the state under sensor attacks to the context of differentially flat systems. The effectiveness of our approach is illustrated on the problem of controlling a quadrotor under sensor attacks.

Uses and abuses of the swing equation model

Abstract: The swing equation model is widely used in the literature to study a large class problems, including stability analysis of power systems. We show in this paper, by comparison with a first principles model, that the swing equation model may lead to erroneous conclusions when performing stability analysis of power systems, even under small oscillations.

Periodic Event-Triggered Control

Abstract: Recent developments in computer and communication technologies are leading to an increasingly networked and wireless world. This raises new challenging questions in the context of networked control systems, especially when the computation, communication and energy resources of the system are limited. To efficiently use the available resources it is desirable to limit the control actions to instances when the system really needs attention. Unfortunately, the classical time-triggered control paradigm is based on performing sensing and actuation actions periodically in time (irrespective of the state of the system) rather than when the system needs attention. Therefore, it is of interest to consider event-triggered control as an alternative paradigm as it is more natural to trigger control actions based on the system state, output, or other available information. Event-triggered control can thus be seen as the introduction of feedback in the sensing, communication, and actuation processes. To facilitate an easy implementation of event-triggered control, we propose to combine the principles and particularly the benefits of event-triggered control and classical periodic time-triggered control. The idea is to periodically evaluate the triggering condition and to decide, at every sampling instant, whether the feedback loop needs to be closed. This leads to the so-called periodic event-triggered control (PETC) systems. In this chapter, we discuss PETC strategies, their benefits and two analysis and design frameworks for linear and nonlinear plants, respectively.

First steps toward formal controller synthesis for bipedal robots

Abstract: Bipedal robots are prime examples of complex cyber-physical systems (CPS). They exhibit many of the features that make the design and verification of CPS so difficult: hybrid dynamics, large continuous dynamics in each mode (e.g., 10 or more state variables), and nontrivial specifications involving nonlinear constraints on the state variables. In this paper, we propose a two-step approach to formally synthesize control software for bipedal robots so as to enforce specifications by design and thereby generate physically realizable stable walking. In the first step, we design outputs and classical controllers driving these outputs to zero. The resulting controlled system evolves on a lower dimensional manifold and is described by the hybrid zero dynamics governing the remaining degrees of freedom. In the second step, we construct an abstraction of the hybrid zero dynamics that is used to synthesize a controller enforcing the desired specifications to be satisfied on the full order model. Our two step approach is a systematic way to mitigate the curse of dimensionality that hampers the applicability of formal synthesis techniques to complex CPS. Our results are illustrated with simulations showing how the synthesized controller enforces all the desired specifications and offers improved performance with respect to a controller that was utilized to obtain walking experimentally on the bipedal robot AMBER 2.

Comparing asynchronous l-complete approximations and quotient based abstractions

Abstract: This paper is concerned with a detailed comparison of two different abstraction techniques for the construction of finite state symbolic models for controller synthesis of hybrid systems. Namely, we compare quotient based abstractions (QBA) with different realizations of strongest (asynchronous) l-complete approximations (SAlCA). Even though the idea behind their construction is very similar, we show that they are generally incomparable both in terms of behavioral inclusion and similarity relations. We therefore derive necessary and sufficient conditions for QBA to coincide with particular realizations of SAlCA. Depending on the original system, either QBA or SAlCA can be a tighter abstraction.

Secure State Estimation: Optimal Guarantees against Sensor Attacks in the Presence of Noise

Abstract: Motivated by the need to secure cyber-physical systems against attacks, we consider the problem of estimating the state of a noisy linear dynamical system when a subset of sensors is arbitrarily corrupted by an adversary. We propose a secure state estimation algorithm and derive (optimal) bounds on the achievable state estimation error. In addition, as a result of independent interest, we give a coding theoretic interpretation for prior work on secure state estimation against sensor attacks in a noiseless dynamical system.

Comparing Asynchronous $l$-Complete Approximations and Quotient Based Abstractions

Abstract: This paper is concerned with a detailed comparison of two different abstraction techniques for the construction of finite state symbolic models for controller synthesis of hybrid systems. Namely, we compare quotient based abstractions (QBA), with different realizations of strongest (asynchronous) $l$-complete approximations (SAlCA) Even though the idea behind their construction is very similar, we show that they are generally incomparable both in terms of behavioral inclusion and similarity relations. We therefore derive necessary and sufficient conditions for QBA to coincide with particular realizations of SAlCA. Depending on the original system, either QBA or SAlCA can be a tighter abstraction.

Mode-Target Games: Reactive Synthesis for Control Applications

Abstract: In this paper we introduce a class of Linear Temporal Logic (LTL) specifications for which the problem of synthesizing controllers can be solved in polynomial time. The new class of specifications is an LTL fragment that we term Mode-Target (MT) and is inspired by numerous control applications where there are modes and corresponding (possibly multiple) targets for each mode. We formulate the problem of synthesizing a controller enforcing an MT specification as a game and provide an algorithm that requires $O(\sum_i t_i n^2)$ symbolic steps, where $n$ is the number of states in the game graph, and $t_i$ is the number of targets corresponding to mode $i$.

A Satisfiability Modulo Theory Approach to Secure State Reconstruction in Differentially Flat Systems Under Sensor Attacks

Abstract: Author(s): Shoukry, Yasser; Nuzzo, Pierluigi; Bezzo, Nicola; Sangiovanni-Vincentelli, Alberto L; Seshia, Sanjit A; Tabuada, Paulo | Abstract: We address the problem of estimating the state of a differentially flat system from measurements that may be corrupted by an adversarial attack. In cyber-physical systems, malicious attacks can directly compromise the system's sensors or manipulate the communication between sensors and controllers. We consider attacks that only corrupt a subset of sensor measurements. We show that the possibility of reconstructing the state under such attacks is characterized by a suitable generalization of the notion of s-sparse observability, previously introduced by some of the authors in the linear case. We also extend our previous work on the use of Satisfiability Modulo Theory solvers to estimate the state under sensor attacks to the context of differentially flat systems. The effectiveness of our approach is illustrated on the problem of controlling a quadrotor under sensor attacks.

Controller Synthesis for Mode-Target Games

Abstract: Cyber-Physical Systems (CPS) are notoriously difficult to verify due to the intricate interactions between the cyber and the physical components. To address this difficulty, several researchers have argued that the synthesis paradigm is better suited to ensure the correct operation of CPS than the verification paradigm. The key insight of synthesis is that design should be constrained so that resulting systems are easily verified and, ideally, synthesis algorithms should directly provide a proof of correctness. In this paper we present a Linear Temporal Logic fragment inspired by specifications that frequently occur in control applications where we have a set of modes and corresponding targets to be reached for each mode. The synthesis problem for this fragment is formulated as a mode-target game and we show that these games can be solved in polynomial time by providing two embeddings of mode-target games into Generalized Reactivity(1) (GR(1)) games. While solving GR(1) games requires $O(mnN^2)$ symbolic steps when we have m assumptions, n guarantees, and a game graph with N states, mode-target games can be solved in $O(nN^2)$ symbolic steps when we have n modes and a game graph with N states. These embeddings, however, do not make full use of the specificity of mode-target games. For this reason we investigate in this paper a solution to mode-target games that does not rely on GR(1) embeddings. The resulting algorithm has the same worst case time complexity and we illustrate through experimental results the extent to which it improves upon the algorithms obtained via GR(1) embeddings. In doing so, we highlight the commonalities between mode-target games and GR(1) games while providing additional insight into the solution of GR(1) games.