Showing papers by "Paulo Tabuada published in 2017"

Control Barrier Function Based Quadratic Programs for Safety Critical Systems

Abstract: Safety critical systems involve the tight coupling between potentially conflicting control objectives and safety constraints. As a means of creating a formal framework for controlling systems of this form, and with a view toward automotive applications, this paper develops a methodology that allows safety conditions—expressed as control barrier functions —to be unified with performance objectives—expressed as control Lyapunov functions—in the context of real-time optimization-based controllers. Safety conditions are specified in terms of forward invariance of a set, and are verified via two novel generalizations of barrier functions; in each case, the existence of a barrier function satisfying Lyapunov-like conditions implies forward invariance of the set, and the relationship between these two classes of barrier functions is characterized. In addition, each of these formulations yields a notion of control barrier function (CBF), providing inequality constraints in the control input that, when satisfied, again imply forward invariance of the set. Through these constructions, CBFs can naturally be unified with control Lyapunov functions (CLFs) in the context of a quadratic program (QP); this allows for the achievement of control objectives (represented by CLFs) subject to conditions on the admissible states of the system (represented by CBFs). The mediation of safety and performance through a QP is demonstrated on adaptive cruise control and lane keeping, two automotive control problems that present both safety and performance considerations coupled with actuator bounds.

Secure State Estimation for Cyber-Physical Systems Under Sensor Attacks: A Satisfiability Modulo Theory Approach

Abstract: Secure state estimation is the problem of estimating the state of a dynamical system from a set of noisy and adversarially corrupted measurements. Intrinsically a combinatorial problem, secure state estimation has been traditionally addressed either by brute force search, suffering from scalability issues, or via convex relaxations, using algorithms that can terminate in polynomial time but are not necessarily sound. In this paper, we present a novel algorithm that uses a satisfiability modulo theory approach to harness the complexity of secure state estimation. We leverage results from formal methods over real numbers to provide guarantees on the soundness and completeness of our algorithm. Moreover, we discuss its scalability properties, by providing upper bounds on the runtime performance. Numerical simulations support our arguments by showing an order of magnitude decrease in execution time with respect to alternative techniques. Finally, the effectiveness of the proposed algorithm is demonstrated by applying it to the problem of controlling an unmanned ground vehicle.

Computing Robust Controlled Invariant Sets of Linear Systems

Abstract: We consider controllable linear discrete-time systems with bounded perturbations and present two methods to compute robust controlled invariant sets. The first method tolerates an arbitrarily small constraint violation to compute an arbitrarily precise outer approximation of the maximal robust controlled invariant set, while the second method provides an inner approximation. The outer approximation scheme is $\delta$ -complete, given that the constraint sets are formulated as finite unions of polytopes.

Secure State Estimation Against Sensor Attacks in the Presence of Noise

Abstract: We consider the problem of estimating the state of a noisy linear dynamical system when an unknown subset of sensors is arbitrarily corrupted by an adversary. We propose a secure state estimation algorithm, and derive (optimal) bounds on the achievable state estimation error given an upper bound on the number of attacked sensors. The proposed state estimator involves Kalman filters operating over subsets of sensors to search for a sensor subset which is reliable for state estimation. To further improve the subset search time, we propose Satisfiability Modulo Theory-based techniques to exploit the combinatorial nature of searching over sensor subsets. Finally, as a result of independent interest, we give a coding theoretic view of attack detection and state estimation against sensor attacks in a noiseless dynamical system.

Linear temporal logic motion planning for teams of underactuated robots using satisfiability modulo convex programming

Abstract: We present an efficient algorithm for multi-robot motion planning from linear temporal logic (LTL) specifications. We assume that the dynamics of each robot can be described by a discrete-time, linear system together with constraints on the control inputs and state variables. Given an LTL formula specifying the multi-robot mission, our goal is to construct a set of collision-free trajectories for all robots, and the associated control strategies, to satisfy We show that the motion planning problem can be formulated as the feasibility problem for a formula p over Boolean and convex constraints, respectively capturing the LTL specification and the robot dynamics. We then adopt a satisfiability modulo convex (SMC) programming approach that exploits a monotonicity property of p to decompose the problem into smaller subproblems. Simulation results show that our algorithm is more than one order of magnitude faster than state-of-the-art sampling-based techniques for high-dimensional state spaces while supporting complex missions.

SMC: Satisfiability Modulo Convex Optimization

Abstract: We address the problem of determining the satisfiability of a Boolean combination of convex constraints over the real numbers, which is common in the context of hybrid system verification and control. We first show that a special type of logic formulas, termed monotone Satisfiability Modulo Convex (SMC) formulas, is the most general class of formulas over Boolean and nonlinear real predicates that reduce to convex programs for any satisfying assignment of the Boolean variables. For this class of formulas, we develop a new satisfiability modulo convex optimization procedure that uses a lazy combination of SAT solving and convex programming to provide a satisfying assignment or determine that the formula is unsatisfiable. Our approach can then leverage the efficiency and the formal guarantees of state-of-the-art algorithms in both the Boolean and convex analysis domains. A key step in lazy satisfiability solving is the generation of succinct infeasibility proofs that can support conflict-driven learning and decrease the number of iterations between the SAT and the theory solver. For this purpose, we propose a suite of algorithms that can trade complexity with the minimality of the generated infeasibility certificates. Remarkably, we show that a minimal infeasibility certificate can be generated by simply solving one convex program for a sub-class of SMC formulas, namely ordered positive unate SMC formulas, that have additional monotonicity properties. Perhaps surprisingly, ordered positive unate formulas appear themselves very frequently in a variety of practical applications. By exploiting the properties of monotone SMC formulas, we can then build and demonstrate effective and scalable decision procedures for problems in hybrid system verification and control, including secure state estimation and robotic motion planning.

PrOLoc: resilient localization with private observers using partial homomorphic encryption

Abstract: Aided by advances in sensors and algorithms, systems for localizing and tracking target objects or events have become ubiquitous in recent years. Most of these systems operate on the principle of fusing measurements of distance and/or direction to the target made by a set of spatially distributed observers using sensors that measure signals such as RF, acoustic, or optical. The computation of the target's location is done using multilateration and multiangulation algorithms, typically running at an aggregation node that, in addition to the distance/direction measurements, also needs to know the observers' locations. This presents a privacy risk for an observer that does not trust the aggregation node or other observers and could in turn lead to lack of participation. For example, consider a crowd-sourced sensing system where citizens are required to report security threats, or a smart car, stranded with a malfunctioning GPS, sending out localization requests to neighboring cars -- in both cases, observer (i.e., citizens and cars respectively) participation can be increased by keeping their location private. This paper presents PrOLoc, a localization system that combines partially homomorphic encryption with a new way of structuring the localization problem to enable efficient and accurate computation of a target's location without requiring observers to make public their locations or measurements. Moreover, and unlike previously proposed perturbation based techniques, PrOLoc is also resilient to malicious active false data injection attacks. We present two realizations of our approach, provide rigorous theoretical guarantees, and also compare the performance of each against traditional methods. Our experiments on real hardware demonstrate that PrOLoc yields location estimates that are accurate while being at least 500\times faster than state-of-art secure function evaluation techniques.

Supervisory Control of Discrete-event Systems under Attacks

Abstract: We consider a multi-adversary version of the supervisory control problem for discrete-event systems, in which an adversary corrupts the observations available to the supervisor. The supervisor's goal is to enforce a specific language in spite of the opponent's actions and without knowing which adversary it is playing against. This problem is motivated by applications to computer security in which a cyber defense system must make decisions based on reports from sensors that may have been tampered with by an attacker. We start by showing that the problem has a solution if and only if the desired language is controllable (in the Discrete event system classical sense) and observable in a (novel) sense that takes the adversaries into account. For the particular case of attacks that insert symbols into or remove symbols from the sequence of sensor outputs, we show that testing the existence of a supervisor and building the supervisor can be done using tools developed for the classical DES supervisory control problem, by considering a family of automata with modified output maps, but without expanding the size of the state space and without incurring on exponential complexity on the number of attacks considered., we construct observers that are robust against attacks and lead to an automaton representation of the supervisor. We also develop a test for observability under such replacement-removal attacks by using the so-called product automata.

Realizing simultaneous lane keeping and adaptive speed regulation on accessible mobile robot testbeds

Abstract: This paper presents experimental results on novel robot testbeds that allow the evaluation of the simultaneous implementation of adaptive speed regulation and lane keeping in a safe, education-centric, and inexpensive manner. The underlying algorithms are based on a control Lyapunov function for performance, a control barrier function for safety, and a realtime quadratic program for mediating the conflicting demands of performance and safety. The Robotarium used for this work allows students, as well as researchers less experienced with hardware, to experiment with advanced control concepts in a safe and standardized environment.

Data-driven control for feedback linearizable single-input systems

Abstract: More than a decade ago Fliess and co-workers [1], [2], [3] proposed model-free control as a possible answer to the inherent difficulties in controlling non-linear systems. Their key insight was that by using a sufficiently high sampling rate we can use a simple linear model for control purposes thereby trivializing controller design. In this paper, we provide a variation of model-free control for which it is possible to formally prove the existence of a sufficiently high sampling rate ensuring that controllers solving output regulation and tracking problems for the approximate linear model also solve the same problems for the true and unknown nonlinear model. This is verified experimentally on the bipedal robot AMBER-3M.

Abstracting Partially Feedback Linearizable Systems Compositionally

Abstract: Symbolic controller synthesis offers the ability to design controllers enforcing a rich class of specifications such as those expressible in temporal logic. Despite the promise of symbolic controller synthesis and correct-by-design control software, this design methodology is not yet widely applicable due to the complexity of constructing finite-state abstractions for large continuous systems. In this letter, we investigate a compositional approach to the construction of abstractions by exploiting the cascading structure of partially feedback linearizable systems. We show how the linearized part and the zero dynamics can be independently abstracted and subsequently composed to obtain an abstraction of the original continuous system. We also illustrate through examples how this compositional approach significantly reduces the time required for construction of abstractions.

An SMT-based approach to secure state estimation under sensor and actuator attacks

Abstract: This paper addresses the problem of state estimation of a linear time-invariant system when some of the sensors or/and actuators are under adversarial attack. In our set-up, the adversarial agent attacks a sensor (actuator) by manipulating its measurement (input), and we impose no constraint on how the measurements (inputs) are corrupted. We introduce the notion of “sparse strong observability” to characterize systems for which the state estimation is possible, given bounds on the number of attacked sensors and actuators. Furthermore, we develop a secure state estimator based on Satisfiability Modulo Theory (SMT) solvers.

Underminer: A Framework for Automatically Identifying Nonconverging Behaviors in Black-Box System Models

Abstract: Evaluation of industrial embedded control system designs is a time-consuming and imperfect process. While an ideal process would apply a formal verification technique such as model checking or theorem proving, these techniques do not scale to industrial design problems, and it is often difficult to use these techniques to verify performance aspects of control system designs, such as stability or convergence. For industrial designs, engineers rely on testing processes to identify critical or unexpected behaviors. We propose a novel framework called Underminer to improve the testing process; this is an automated technique to identify nonconverging behaviors in embedded control system designs. Underminer treats the system as a black box and lets the designer indicate the model parameters, inputs, and outputs that are of interest. It differentiates convergent from nonconvergent behaviors using Convergence Classifier Functions (CCFs). The tool can be applied in the context of testing models created late in the controller development stage, where it assumes that the given model displays mostly convergent behavior and learns a CCF in an unsupervised fashion from such convergent model behaviors. This CCF is then used to guide a thorough exploration of the model with the help of optimization-guided techniques or adaptive sampling techniques, with the goal of identifying rare nonconvergent model behaviors. Underminer can also be used early in the development stage, where models may have some significant nonconvergent behaviors. Here, the framework permits designers to indicate their mental model for convergence by labeling behaviors as convergent/nonconvergent and then constructs a CCF using a supervised learning technique. In this use case, the goal is to use the CCF to test an improved design for the model. Underminer supports a number of convergence-like notions, such as those based on Lyapunov analysis and temporal logic, and also CCFs learned directly from labeled output behaviors using machine-learning techniques such as support vector machines and neural networks. We demonstrate the efficacy of Underminer by evaluating its performance on several academic as well as industrial examples.

Closed-form controlled invariant sets for pedestrian avoidance

Abstract: The recent trends in the automotive industry towards autonomous vehicles bring the problem of pedestrian avoidance to the forefront of a long list of safety concerns. In this paper we propose a closed-form solution to this problem by explicitly computing closed-form expressions for subsets of the state space where an autonomous vehicle is guaranteed to avoid collisions with a pedestrian. These sets, being controlled invariant, immediately lead to control laws for pedestrian avoidance.

PrOLoc: resilient localization with private observers using partial homomorphic encryption: demo abstract

Abstract: This demo abstract presents PrOLoc, a localization system that combines partially homomorphic encryption with a new way of structuring the localization problem to enable efficient and accurate computation of a target's location while preserving the privacy of the observers.

Demo Abstract: PrOLoc: Resilient Localization with Private Observers Using Partial Homomorphic Encryption

Abstract: This demo abstract presents PrOLoc, a localization system thatcombines partially homomorphic encryption with a new way ofstructuring the localization problem to enable efficient and accurate computation of a target’s location while preserving the privacy of the observers.

Correction to “Compositional Transient Stability Analysis of Multimachine Power Networks”

Abstract: Claudio De Persis and Nima Monshizadeh have recently brought to our attention a mistake in the proof of [1, Theor. 2]. The purpose of this note is to explain this mistake and to correct the statement of [1, Theor. 2]. We refer the reader to [1] for notation and all of the symbols employed in this paper.

Improving sparsity in time and space via self-triggered sparse optimal controllers

Abstract: We consider the optimal control of linear timeinvariant (LTI) systems via self-triggered sparse optimal control (SSOC) laws. Our control objective is to design an optimal control law which stabilizes the LTI system for all initial conditions, requires less sensing, minimizes communication requirements between the subsystems, minimizes the number of active actuators, and provides guaranteed closed-loop performance bounds. To achieve such control objectives, we formulate a sequence of ?o-regularized linear-quadratic optimal control problems, wherein the objective is to optimize a cost function which involves three penalizing terms: one for maximizing the inter-execution time, another one for minimizing the number of nonzero elements of the state feedback gain, and the last one for minimizing the number of active actuators. Deriving a lower bound on inter-execution times, we propose a scheme to solve this problem. First, the relaxation is utilized to cast the problem as a semi-definite program (SDP) to compute a feedback gain while the inter-execution time is kept fixed. Second, a nonlinear equation is solved to determine the inter-execution time while the feedback gain is kept fixed. The proposed SSOC law is feasible and results in a stabilizing sequence of sparse optimal controllers. Additionally, the performance of the resulting closed-loop system does not exceed a prespecified performance bound. By numerical simulations, sparsity in time/space is improved compared to periodic time-triggered LQR design. Moreover, a tradeoff between prespecified performance bound and sparsity in time/space is observed. Finally, the paper is concluded by drawing some future directions.