Showing papers by "Paulo Tabuada published in 2019"
25 Jun 2019
TL;DR: In this paper, the authors provide an introduction and overview of control barrier functions and their use to verify and enforce safety properties in the context of (optimization based) safety-critical controllers.
Abstract: This paper provides an introduction and overview of recent work on control barrier functions and their use to verify and enforce safety properties in the context of (optimization based) safety-critical controllers. We survey the main technical results and discuss applications to several domains including robotic systems.
564 citations
Posted Content•
TL;DR: This paper provides an introduction and overview of recent work on control barrier functions and their use to verify and enforce safety properties in the context of (optimization based) safety-critical controllers.
Abstract: This paper provides an introduction and overview of recent work on control barrier functions and their use to verify and enforce safety properties in the context of (optimization based) safety-critical controllers. We survey the main technical results and discuss applications to several domains including robotic systems.
393 citations
TL;DR: This work shows that testing the existence of a supervisor and building the supervisor can be done using tools developed for the classical DES supervisory control problem, by considering a family of automata with modified output maps, but without expanding the size of the state space and without incurring on exponential complexity on the number of attacks considered.
Abstract: We consider a multi-adversary version of the supervisory control problem for discrete-event systems (DES), in which an adversary corrupts the observations available to the supervisor. The supervisor’s goal is to enforce a specific language in spite of the opponent’s actions and without knowing which adversary it is playing against. This problem is motivated by applications to computer security in which a cyber defense system must make decisions based on reports from sensors that may have been tampered with by an attacker. We start by showing that the problem has a solution if and only if the desired language is controllable (in the DES classical sense) and observable in a (novel) sense that takes the adversaries into account. For the particular case of attacks that insert symbols into or remove symbols from the sequence of sensor outputs, we show that testing the existence of a supervisor and building the supervisor can be done using tools developed for the classical DES supervisory control problem, by considering a family of automata with modified output maps, but without expanding the size of the state space and without incurring on exponential complexity on the number of attacks considered.
54 citations
TL;DR: In this paper, the authors show that, for any given random set of observations, one can give probabilistic stability guarantees, and provide an explicit way of computing the best stability-like guarantee, as a function of both the number of observations and the required level of confidence.
39 citations
TL;DR: The goal of this position paper is to provide the cyber-physical systems community, and especially young researchers, a clear view on what are research directions worth pursuing motivated by the challenges posed by modern applications.
27 citations
Posted Content•
TL;DR: This article proposes several transformation-based methods for enforcing data privacy and addresses three different scenarios: the cloud has no knowledge about the system being controlled, the cloud knows what sensors and actuators the system employs but not the system dynamics, and theCloud knows the system Dynamics, its sensors, and actuator.
Abstract: Cloud computing platforms are being increasingly used for closing feedback control loops, especially when computationally expensive algorithms, such as model-predictive control, are used to optimize performance. Outsourcing of control algorithms entails an exchange of data between the control system and the cloud, and, naturally, raises concerns about the privacy of the control system's data (e.g., state trajectory, control objective). Moreover, any attempt at enforcing privacy needs to add minimal computational overhead to avoid degrading control performance. In this paper, we propose several transformation-based methods for enforcing data privacy. We also quantify the amount of provided privacy and discuss how much privacy is lost when the adversary has access to side knowledge. We address three different scenarios: a) the cloud has no knowledge about the system being controlled; b) the cloud knows what sensors and actuators the system employs but not the system dynamics; c) the cloud knows the system dynamics, its sensors, and actuators. In all of these three scenarios, the proposed methods allow for the control over the cloud without compromising private information (which information is considered private depends on the considered scenario).
18 citations
01 Dec 2019
TL;DR: A novel algorithm that does not rely on iterative computations is proposed that can be used to handle larger systems and is able to handle discrete-time linear systems.
Abstract: In this paper we revisit the problem of computing controlled invariant sets for controllable discrete-time linear systems. We propose a novel algorithm that does not rely on iterative computations. Instead, controlled invariant sets are computed in two moves: 1) we lift the problem to a higher dimensional space where a controlled invariant set is computed in closed-form; 2) we project the resulting set back to the original domain to obtain the desired controlled invariant set. One of the advantages of the proposed method is the ability to handle larger systems.
18 citations
01 Jul 2019
TL;DR: It is shown that the proposed approximation scheme has convergence range at least as large as a Taylor approximation while, at the same time, being able to account for asymptotic stability (a nonlocal behavior).
Abstract: Motivated by the mathematics literature on the algebraic properties of so-called “polynomial vector flows”, we propose a technique for approximating nonlinear differential equations by linear differential equations. Although the idea of approximating nonlinear differential equations with linear ones is not new, we propose a new approximation scheme that captures both local as well as global properties. This is achieved via a hierarchy of approximations, where the Nth degree of the hierarchy is a linear differential equation obtained by globally approximating the Nth Lie derivatives of the trajectories. We show how the proposed approximation scheme has good approximating capabilities both with theoretical results and empirical observations. In particular, we show that our approximation has convergence range at least as large as a Taylor approximation while, at the same time, being able to account for asymptotic stability (a nonlocal behavior). We also compare the proposed approach with recent and classical work in the literature. 11A full version of this “work, containing all the proofs, can be found in [1]
14 citations
Posted Content•
TL;DR: In this paper, the authors proposed a hierarchy of linear differential equations for polynomial vector flows, where the nth degree of the hierarchy is a linear differential equation obtained by globally approximating the Nth Lie derivatives of the trajectories.
Abstract: Motivated by the mathematics literature on the algebraic properties of so-called polynomial vector flows, we propose a technique for approximating nonlinear differential equations by linear differential equations. Although the idea of approximating nonlinear differential equations with linear ones is not new, we propose a new approximation scheme that captures both local as well as global properties. This is achieved via a hierarchy of approximations, where the Nth degree of the hierarchy is a linear differential equation obtained by globally approximating the Nth Lie derivatives of the trajectories.
We show how the proposed approximation scheme has good approximating capabilities both with theoretical results and empirical observations. In particular, we show that our approximation has convergence range at least as large as a Taylor approximation while, at the same time, being able to account for asymptotic stability (a nonlocal behavior). We also compare the proposed approach with recent and classical work in the literature.
11 citations
01 Dec 2019
TL;DR: This work proposes a deterministic notion of privacy for a dynamical system, and completely characterize it for linear time-invariant dynamics, and studies the proposed notions and metrics for a class of distributed averaging algorithms.
Abstract: This work is motivated by privacy concerns as a result of the growing rate of information exchange among components of complex cyber-physical systems, agents in a network, or actuators/sensors of a process. We propose a deterministic notion of privacy for a dynamical system, and completely characterize it for linear time-invariant dynamics. The proposed notion relies on a "plausible deniability" principle, which implies that a curious party will always be in doubt about the actual value of private variables of the system. In case privacy is guaranteed, we propose analytical metrics to assess the degree of privacy or privacy margin of the system. The size of the latter depends on the amount and structure of the information on the system which can be accessed by a curious party. We study the proposed notions and metrics for a class of distributed averaging algorithms.
11 citations
01 Dec 2019
TL;DR: This paper addresses the problem of reconstructing the state of a linear time-invariant system from malicious sensor measurements, and establishes that this problem is, in general, NP-hard.
Abstract: This paper addresses the problem of reconstructing the state of a linear time-invariant system from malicious sensor measurements. The first result establishes that this problem is, in general, NP-hard. We then identify classes of subproblems that can be solved in polynomial time. When there are at most s malicious sensors, the problem can be solved in polynomial time when each eigenvalue is observable by at least 2s+1 sensors. When each eigenvalue has geometric multiplicity one, this condition is equivalent to the system being 2s−sparse observable. In contrast, the situation becomes more nuanced when each eigenvalue is not observable by at least 2s+1 sensors, as we describe in detail in the paper.
16 Apr 2019
TL;DR: This paper introduces Evrostos, the first tool for model checking formulas in rLTL, and presents several empirical studies, based on models and LTL formulas reported in the literature, confirming that rLLTL model checking for the aforementioned fragment incurs in a time overhead that makes the verification of rL TL practical.
Abstract: Robust Linear Temporal Logic (rLTL) was crafted to incorporate the notion of robustness into Linear-time Temporal Logic (LTL) specifications. Technically, robustness was formalized in the logic rLTL via 5 different truth values and it led to an increase in the time complexity of the associated model checking problem. In general, model checking an rLTL formula relies on constructing a generalized Buchi automaton of size 5 | φ | where | φ | denotes the length of an rLTL formula φ. It was recently shown that the size of this automaton can be reduced to 3 | φ | (and even smaller) when the formulas to be model checked come from a fragment of rLTL. In this paper, we introduce Evrostos, the first tool for model checking formulas in this fragment. We also present several empirical studies, based on models and LTL formulas reported in the literature, confirming that rLTL model checking for the aforementioned fragment incurs in a time overhead that makes the verification of rLTL practical.
01 Dec 2019
TL;DR: By relying on a feedback linearizability assumption, this paper shows how, based on prior ideas by Fliess and co-workers on model-free control, it is possible to accomplish such objective.
Abstract: In this paper we consider the problem of controlling an unknown system without making use of prior data or training. By relying on a feedback linearizability assumption we show how, based on prior ideas by Fliess and co-workers on model-free control, it is possible to accomplish such objective. The key idea is to learn a model that is only valid at the current state and re-learn this model as time progresses. Since this requires learning two real numbers rather than functions, it results in an approach quite different from: 1) deep learning since it requires no prior data neither large amounts of data; 2) reinforcement learning since it converges much faster and does not suffer from the curse of dimensionality.
01 Dec 2019
TL;DR: This paper reviews a transformation-based method for protecting privacy, previously introduced by the authors, and quantifies the level of privacy it provides and the case of adversaries with side knowledge and how much privacy is lost as a function of the side knowledge of the adversary.
Abstract: Control algorithms, like model predictive control, can be computationally expensive and may benefit from being executed over the cloud. This is especially the case for nodes at the edge of a network since they tend to have reduced computational capabilities. However, control over the cloud requires transmission of sensitive data (e.g., system dynamics, measurements) which undermines privacy of these nodes. When choosing a method to protect the privacy of these data, efficiency must be considered to the same extent as privacy guarantees to ensure adequate control performance. In this paper, we review a transformation-based method for protecting privacy, previously introduced by the authors, and quantify the level of privacy it provides. Moreover, we also consider the case of adversaries with side knowledge and quantify how much privacy is lost as a function of the side knowledge of the adversary.
16 Apr 2019
TL;DR: Advances in tool integration are shown-case, particularly a set of verification tools, and how this integration enables reproducibility, improves accessibility, and lowers the barrier to entry in this field.
Abstract: The Cyber-Physical Systems Virtual Organization (CPS-VO)1 has been evolving from a shared repository of information into a destination for active collaboration, simulation, hands-on education, and demonstration. We would like to show-case advances in tool integration, particularly a set of verification tools, and how this integration enables reproducibility, improves accessibility, and lowers the barrier to entry in this field. We would also like to demonstrate use of our simulation and tool frameworks, have a poster showing results and progress over the last year, and invite others to host their tools on the CPS-VO infrastructure.
Posted Content•
TL;DR: The notion of sparse strong observability is introduced and it is shown that is a necessary and sufficient condition for correctly reconstructing the state despite the considered attacks and an estimator is proposed to harness the complexity of this intrinsically combinatorial problem by leveraging satisfiability modulo theory solving.
Abstract: This paper discusses the problem of estimating the state of a linear time-invariant system when some of its sensors and actuators are compromised by an adversarial agent. In the model considered in this paper, the malicious agent attacks an input (output) by manipulating its value arbitrarily, i.e., we impose no constraints (statistical or otherwise) on how control commands (sensor measurements) are changed by the adversary. In the first part of this paper, we introduce the notion of sparse strong observability and we show that is a necessary and sufficient condition for correctly reconstructing the state despite the considered attacks. In the second half of this work, we propose an estimator to harness the complexity of this intrinsically combinatorial problem, by leveraging satisfiability modulo theory solving. Numerical simulations demonstrate the effectiveness and scalability of our estimator.
Posted Content•
04 Sep 2019
TL;DR: The paper [TF19] proposes a data-driven control technique for single-input single-output feedback linearizable systems with unknown control gain by relying on a persistency of excitation assumption, and extends those results by showing that persistencyof excitation is not necessary.
Abstract: The paper [TF19] proposes a data-driven control technique for single-input single-output feedback linearizable systems with unknown control gain by relying on a persistency of excitation assumption. This note extends those results by showing that persistency of excitation is not necessary. We refer the readers to the papers [TMGA17, TF19] for more background and motivation for the technical results in this note. Conceptually, the results in this note were greatly inspired by the work of Fliess and Join on intelligent PID controllers, e.g., [FJ09]. Technically, we were inspired by the work of Nesic and co-workers on observer and controller design based on approximate models [AN04, NT04] and by the work of Astolfi and Ortega on Immersion and Invariance [AO03].