Showing papers in "ACM Transactions on Cyber-Physical Systems in 2022"
TL;DR: A new monitoring tool for system disruption related to the localization of mobile resources and develops a dynamic rescheduling module that assigns each task to the nearest available resource while improving the execution accuracy and reducing the execution delay.
Abstract: Industry 4.0 is based on machine learning and advanced digital technologies, such as Industrial-Internet-of-Things and Cyber-Physical-Production-Systems, to collect and process data coming from manufacturing systems. Thus, several industrial issues may be further investigated including, flows disruptions, machines’ breakdowns, quality crisis, and so on. In this context, traditional machine learning techniques require the data to be stored and processed in a central entity, e.g., a cloud server. However, these techniques are not suitable for all manufacturing use cases, due to the inaccessibility of private data such as resources’ localization in real time, which cannot be shared at the cloud level as they contain personal and sensitive information. Therefore, there is a critical need to go toward decentralized learning solutions to handle efficiently distributed private sub-datasets of manufacturing systems. In this article, we design a new monitoring tool for system disruption related to the localization of mobile resources. Our tool may identify mobile resources (human operators) that are in unexpected locations, and hence has a high probability to disturb production planning. To do so, we use federated deep learning, as distributed learning technique, to build a prediction model of resources locations in manufacturing systems. Our prediction model is generated based on resources locations defined in the initial tasks schedule. Thus, system disruptions are detected, in real time, when comparing predicted locations to the real ones, that is collected through the IoT network. In addition, our monitoring tool is deployed at Fog computing level that provides local data processing support with low latency. Furthermore, once a system disruption is detected, we develop a dynamic rescheduling module that assigns each task to the nearest available resource while improving the execution accuracy and reducing the execution delay. Therefore, we formulate an optimization problem of tasks rescheduling, before solving it using the meta-heuristic Tabu search. The numerical results show the efficiency of our schemes in terms of prediction accuracy when compared to other machine learning algorithms, in addition to their ability to detect and resolve system disruption in real time.
10 citations
TL;DR: The recent emergence of Connected Autonomous Vehicles (CAVs) enables the Autonomous Intersection Management (AIM) system, replacing traffic signals and human driving operations for improved safety.
Abstract: The recent emergence of Connected Autonomous Vehicles (CAVs) enables the Autonomous Intersection Management (AIM) system, replacing traffic signals and human driving operations for improved safety ...
7 citations
TL;DR: It is found that the traffic condition improvement is not necessarily dependent on the distribution for most of the AV controllers, particularly when no cooperation among AVs is considered.
Abstract: This study focuses on the comprehensive investigation of stop-and-go waves appearing in closed-circuit ring road traffic wherein we evaluate various longitudinal dynamical models for vehicles. It is known that the behavior of human-driven vehicles, with other traffic elements such as density held constant, could stimulate stop-and-go waves, which do not dissipate on the circuit ring road. Stop-and-go waves can be dissipated by adding automated vehicles (AVs) to the ring. Thorough investigations of the performance of AV longitudinal control algorithms were carried out in Flow, which is an integrated platform for reinforcement learning on traffic control. Ten AV algorithms presented in the literature are evaluated. For each AV algorithm, experiments are carried out by varying distributions and penetration rates of AVs. Two different distributions of AVs are studied. For the first distribution scenario, AVs are placed consecutively. Penetration rates are varied from 1 AV (5%) to all AVs (100%). For the second distribution scenario, AVs are placed with even distribution of human-driven vehicles in between any two AVs. In this scenario, penetration rates are varied from 2 AVs (10%) to 11 AVs (50%). Multiple runs (10 runs) are simulated to average out the randomness in the results. From more than 3,000 simulation experiments, we investigated how AV algorithms perform differently with varying distributions and penetration rates while all AV algorithms remained fixed under all distributions and penetration rates. Time to stabilize, maximum headway, vehicle miles traveled, and fuel economy are used to evaluate their performance. Using these metrics, we find that the traffic condition improvement is not necessarily dependent on the distribution for most of the AV controllers, particularly when no cooperation among AVs is considered. Traffic condition is generally improved with a higher AV penetration rate with only one of the AV algorithms showing a contrary trend. Among all AV algorithms in this study, the reinforcement learning controller shows the most consistent improvement under all distributions and penetration rates.
7 citations
TL;DR: In this article , a single β-Variational Autoencoder detector with a partially disentangled latent space sensitive to variations in image features is proposed to detect OOD conditions at runtime.
Abstract: Deep Neural Networks are actively being used in the design of autonomous Cyber-Physical Systems (CPSs). The advantage of these models is their ability to handle high-dimensional state-space and learn compact surrogate representations of the operational state spaces. However, the problem is that the sampled observations used for training the model may never cover the entire state space of the physical environment, and as a result, the system will likely operate in conditions that do not belong to the training distribution. These conditions that do not belong to training distribution are referred to as Out-of-Distribution (OOD). Detecting OOD conditions at runtime is critical for the safety of CPS. In addition, it is also desirable to identify the context or the feature(s) that are the source of OOD to select an appropriate control action to mitigate the consequences that may arise because of the OOD condition. In this article, we study this problem as a multi-labeled time series OOD detection problem over images, where the OOD is defined both sequentially across short time windows (change points) as well as across the training data distribution. A common approach to solving this problem is the use of multi-chained one-class classifiers. However, this approach is expensive for CPSs that have limited computational resources and require short inference times. Our contribution is an approach to design and train a single β -Variational Autoencoder detector with a partially disentangled latent space sensitive to variations in image features. We use the feature sensitive latent variables in the latent space to detect OOD images and identify the most likely feature(s) responsible for the OOD. We demonstrate our approach using an Autonomous Vehicle in the CARLA simulator and a real-world automotive dataset called nuImages.
6 citations
TL;DR: A practical and effective hybrid deep learning multi-task framework integrating the advantages of convolutional neural network and long short-term memory (LSTM) neural network to reflect the relatedness of remaining useful life prediction with health status detection process for complex multi-object systems in CPS environment is developed.
Abstract: The proliferation of cyber-physical systems (CPSs) and the advancement of the Internet of Things (IoT) technologies have led to explosive digitization of the industrial sector. It offers promising perspectives for high reliability, availability, maintainability, and safety production process, but also makes the systems more complex and challenging for health assessment. To deal with these challenges, one needs to develop a robust approach to monitor and assess the system’s health state. In this article, a practical and effective hybrid deep learning multi-task framework integrating the advantages of convolutional neural network (CNN) and long short-term memory (LSTM) neural network to reflect the relatedness of remaining useful life prediction with health status detection process for complex multi-object systems in CPS environment is developed. The CNN is used as a feature extractor to compress condition monitoring data and directly extract significant spatiotemporal features from raw multi-sensory input data. The LSTM is used to capture long-term temporary dependency features. The advantages of the proposed hybrid deep learning framework have been verified on the popular NASA’s C-MAPSS dataset. The experimental study compares this approach to the existing methods using the same dataset. The results suggest that the proposed hybrid CNN-LSTM model is superior to existing methods, including traditional machine learning and deep learning-based methods. The proposed framework can provide strong support for the health management and maintenance strategy development of complex multi-object systems.
6 citations
TL;DR: The attack detection method can detect SA and CAN bus attack more accurately compared with existing methods, and the attack mitigation strategy almost eliminates the attack’s effects on a vehicle ABS.
Abstract: For a modern vehicle, if the sensor in a vehicle anti-lock braking system (ABS) or controller area network (CAN) bus is attacked during a brake process, the vehicle will lose driving direction control and the driver’s life will be highly threatened. However, current methods for detecting attacks are not sufficiently accurate, and no method can provide attack mitigation. To ensure vehicle ABS security, we propose an attack detection method to accurately detect both sensor attack (SA) and CAN bus attack in a vehicle ABS, and an attack mitigation strategy to mitigate their negative effects on the vehicle ABS. In our attack detection method, we build a vehicle state space equation that considers the real-time road friction coefficient to predict vehicle states (i.e., wheel speed and longitudinal brake force) with their previous values. Based on sets of historical measured vehicle states, we develop a search algorithm to find out attack changes (vehicle state changes because of attack) by minimizing errors between the predicted vehicle states and the measured vehicle states. In our attack mitigation strategy, attack changes are subtracted from the measured vehicle states to generate correct vehicle states for a vehicle ABS. We conducted the first real SA experiments to show how a magnet affects sensor readings. Our simulation results demonstrate that our attack detection method can detect SA and CAN bus attack more accurately compared with existing methods, and also that our attack mitigation strategy almost eliminates the attack’s effects on a vehicle ABS.
6 citations
TL;DR: This work proposes the use of semantically-rich architecture patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods, and specifies reasoning principles as logic specifications written as answer-set programs.
Abstract: During the design of safety-critical systems, safety and security engineers make use of architecture patterns, such as Watchdog and Firewall, to address identified failures and threats. Often, however, the deployment of safety architecture patterns has consequences on security; e.g., the deployment of a safety architecture pattern may lead to new threats. The other way around may also be possible; i.e., the deployment of a security architecture pattern may lead to new failures. Safety and security co-design is, therefore, required to understand such consequences and tradeoffs in order to reach appropriate system designs. Currently, architecture pattern descriptions, including their consequences, are described using natural language. Therefore, their deployment in system design is carried out manually by experts and thus is time-consuming and prone to human error, especially given the high system complexity. We propose the use of semantically rich architecture patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods. Based on our domain-specific language, we specify reasoning principles as logic specifications written as answer-set programs. KRR engines enable the automation of safety and security co-engineering activities, including the automated recommendation of which architecture patterns can address failures or threats, and consequences of deploying such patterns. We demonstrate our approach on an example taken from the ISO 21434 standard.
5 citations
TL;DR: This article develops a SAL algorithm, called K-Active-Neighbors (KAN), which jointly learns the user behavior and the appliance signatures and dynamically adjusts the querying strategy to increase accuracy by considering the user availability as well as the quality of the collected signatures.
Abstract: With the acceleration of Information and Communication Technologies and the Internet-of-Things paradigm, smart residential environments, also known as smart homes, are becoming increasingly common. These environments have significant potential for the development of intelligent energy management systems and have therefore attracted significant attention from both academia and industry. An enabling building block for these systems is the ability of obtaining energy consumption at the appliance-level. This information is usually inferred from electric signals data (e.g., current) collected by a smart meter or a smart outlet, a problem known as appliance recognition. Several previous approaches for appliance recognition have proposed load disaggregation techniques for smart meter data. However, these approaches are often very inaccurate for low consumption and multi-state appliances. Recently, Machine Learning (ML) techniques have been proposed for appliance recognition. These approaches are mainly based on passive MLs, thus requiring pre-labeled data to be trained. This makes such approaches unable to rapidly adapt to the constantly changing availability and heterogeneity of appliances on the market. In a home setting scenario, it is natural to consider the involvement of users in the labeling process, as appliances’ electric signatures are collected. This type of learning falls into the category of Stream-based Active Learning (SAL). SAL has been mainly investigated assuming the presence of an expert, always available and willing to label the collected samples. Nevertheless, a home user may lack such availability, and in general present a more erratic and user-dependent behavior. In this article, we develop a SAL algorithm, called K-Active-Neighbors (KAN), for the problem of household appliance recognition. Differently from previous approaches, KAN jointly learns the user behavior and the appliance signatures. KAN dynamically adjusts the querying strategy to increase accuracy by considering the user availability as well as the quality of the collected signatures. Such quality is defined as a combination of informativeness, representativeness, and confidence score of the signature compared to the current knowledge. To test KAN versus state-of-the-art approaches, we use real appliance data collected by a low-cost Arduino-based smart outlet as well as the ECO smart home dataset. Furthermore, we use a real dataset to model user behavior. Results show that KAN is able to achieve high accuracy with minimal data, i.e., signatures of short length and collected at low frequency.
4 citations
TL;DR: This paper proposes and evaluates a framework for inferring and validating models of deterministic hybrid systems with linear ordinary differential equations (ODEs) from input/output execution traces and demonstrates the utility of this framework by evaluating its performance in several case studies as implemented through a publicly available prototype software framework called HAutLearn.
Abstract: Automata-based modeling of hybrid and cyber-physical systems (CPS) is an important formal abstraction amenable to algorithmic analysis of its dynamic behaviors, such as in verification, fault identification, and anomaly detection. However, for realistic systems, especially industrial ones, identifying hybrid automata is challenging, due in part to inferring hybrid interactions, which involves inference of both continuous behaviors, such as through classical system identification, as well as discrete behaviors, such as through automata (e.g., L*) learning. In this paper, we propose and evaluate a framework for inferring and validating models of deterministic hybrid systems with linear ordinary differential equations (ODEs) from input/output execution traces. The framework contains algorithms for the approximation of continuous dynamics in discrete modes, estimation of transition conditions, and the inference of automata mode merging. The algorithms are capable of clustering trace segments and estimating their dynamic parameters, and meanwhile, deriving guard conditions that are represented by multiple linear inequalities. Finally, the inferred model is automatically converted to the format of the original system for the validation. We demonstrate the utility of this framework by evaluating its performance in several case studies as implemented through a publicly available prototype software framework called HAutLearn and compare it with a membership-based algorithm.
4 citations
TL;DR: This study is the first to provide a detailed analysis of attack vectors in a subsea control system, used to understand key vulnerabilities in such systems and may be used to implement efficient mitigation methods.
Abstract: There has been significant interest within the offshore oil and gas industry to utilise Industrial Internet of Things (IIoT) and Industrial Cyber-Physical Systems (ICPS). There has also been a corresponding increase in cyberattacks targeted at oil and gas companies. Offshore oil production requires remote access to and control of large and complex hardware resources. This is achieved by integrating ICPS, Supervisory, Control and Data Acquisition (SCADA) systems, and IIoT technologies. A successful cyberattack against an oil and gas (O&G) offshore asset could have a major impact on the environment, marine ecosystem and safety of personnel. Any disruption to the world’s supply of O&G can also have an effect on oil prices and the global economy. We describe the cyberattack surface within the oil and gas industry, discussing emerging trends in the offshore sub-sector and provide a historical perspective of known cyberattacks. We also present a case study of a subsea control system architecture typically used in offshore O&G operations and highlight potential vulnerabilities affecting the components of the system. This study is the first to provide a detailed analysis of attack vectors in a subsea control system. The analysis provided can be used to understand key vulnerabilities in such systems and may be used to implement efficient mitigation methods.
4 citations
TL;DR: The Wireless Control Bus (WCB) as discussed by the authors exploits carefully orchestrated network-wide floods of concurrent transmissions to minimize overhead during quiescent, steady-state periods, and ensures timely and reliable collection of sensor readings and dissemination of actuation commands when an ETC triggering condition is violated.
Abstract: Event-triggered control (ETC) holds the potential to significantly improve the efficiency of wireless networked control systems. Unfortunately, its real-world impact has hitherto been hampered by the lack of a network stack able to transfer its benefits from theory to practice specifically by supporting the latency and reliability requirements of the aperiodic communication ETC induces. This is precisely the contribution of this paper.
Our Wireless Control Bus (WCB) exploits carefully orchestrated network-wide floods of concurrent transmissions to minimize overhead during quiescent, steady-state periods, and ensures timely and reliable collection of sensor readings and dissemination of actuation commands when an ETC triggering condition is violated. Using a cyber-physical testbed emulating a water distribution system controlled over a real-world multi-hop wireless network, we show that ETC over WCB achieves the same quality of periodic control at a fraction of the energy costs, therefore unleashing and concretely demonstrating its full potential for the first time.
TL;DR: A novel cyber-physical system for cognitive assessment in smart-homes that includes a user-friendly interface that enables clinicians to inspect the data and predictions and adopt state-of-the-art machine learning algorithms for short- and long-term cognitive evaluation.
Abstract: Thanks to the seamless integration of sensing, networking, and artificial intelligence, cyber-physical systems promise to improve healthcare by increasing efficiency and reducing costs. Specifically, cyber-physical systems are being increasingly applied in smart-homes to support independent and healthy aging. Due to the growing prevalence of noncommunicable diseases in the senior population, a key application in this domain is the detection of cognitive issues based on sensor data. In this article, we propose a novel cyber-physical system for cognitive assessment in smart-homes. Cognitive evaluation relies on clinical indicators characterizing symptoms of dementia based on the individual’s movement patterns. However, recognizing these patterns in smart-homes is challenging, because movement is constrained by the home layout and obstacles. Since different abnormal patterns are characterized by undulatory-like trajectories, we conjecture that frequency-based locomotion features may more effectively capture these patterns with respect to traditional features in the spatio-temporal domain. Based on this intuition, we introduce novel feature extraction techniques and adopt state-of-the-art machine learning algorithms for short- and long-term cognitive evaluation. Our system includes a user-friendly interface that enables clinicians to inspect the data and predictions. Extensive experiments carried out with a real-world dataset acquired from both cognitively healthy seniors and people with dementia show the superiority of our frequency-based features. Moreover, further experiments with an ensemble method show that prediction accuracy can be enhanced by combining features in the frequency and time domains.
TL;DR: Li et al. as discussed by the authors proposed an extended and improved version of their previously proposed framework to profile EVs based on their charging behavior, which can extract features peculiar for each EV, hence allowing their profiling.
Abstract: Electric Vehicles (EVs) represent a green alternative to traditional fuel-powered vehicles. To enforce their widespread use, both the technical development and the security of users shall be guaranteed. Users’ privacy represents a possible threat that impairs the adoption of EVs. In particular, recent works showed the feasibility of identifying EVs based on the current exchanged during the charging phase. In fact, while the resource negotiation phase runs over secure communication protocols, the signal exchanged during the actual charging contains features peculiar to each EV. In what is commonly known as profiling, a suitable feature extractor can associate such features to each EV. In this paper, we propose EVScout2.0 , an extended and improved version of our previously proposed framework to profile EVs based on their charging behavior. By exploiting the current and pilot signals exchanged during the charging phase, our scheme can extract features peculiar for each EV, hence allowing their profiling. We implemented and tested EVScout2.0 over a set of real-world measurements considering over 7500 charging sessions from a total of 137 EVs. In particular, numerical results show the superiority of EVScout2.0 with respect to the previous version. EVScout2.0 can profile EVs, attaining a maximum of 0.88 for both recall and precision scores in the case of a balanced dataset. To the best of the authors’ knowledge, these results set a new benchmark for upcoming privacy research for large datasets of EVs.
TL;DR: In this paper , the authors present the results of a systematic mapping study, a kind of systematic literature survey, investigating the use of edge computing for collaborative Cyber-Physical Systems (CPS) with a special emphasis on trustworthiness.
Abstract: Edge computing is projected to have profound implications in the coming decades, proposed to provide solutions for applications such as augmented reality, predictive functionalities, and collaborative Cyber-Physical Systems (CPS). For such applications, edge computing addresses the new computational needs, as well as privacy, availability, and real-time constraints, by providing local high-performance computing capabilities to deal with the limitations and constraints of cloud and embedded systems. Edge computing is today driven by strong market forces stemming from IT/cloud, telecom, and networking—with corresponding multiple interpretations of “edge computing” (e.g., device edge, network edge, distributed cloud). Considering the strong drivers for edge computing and the relative novelty of the field, it becomes important to understand the specific requirements and characteristics of edge-based CPS, and to ensure that research is guided adequately, e.g., avoiding specific gaps. Our interests lie in the applications of edge computing as part of CPS, where several properties (or attributes) of trustworthiness, including safety, security, and predictability/availability, are of particular concern, each facing challenges for the introduction of edge-based CPS. We present the results of a systematic mapping study, a kind of systematic literature survey, investigating the use of edge computing for CPS with a special emphasis on trustworthiness. The main contributions of this study are a detailed description of the current research efforts in edge-based CPS and the identification and discussion of trends and research gaps. The results show that the main body of research in edge-based CPS only to a very limited extent consider key attributes of system trustworthiness, despite many efforts referring to critical CPS and applications like intelligent transportation. More research and industrial efforts will be needed on aspects of trustworthiness of future edge-based CPS including their experimental evaluation. Such research needs to consider the multiple interrelated attributes of trustworthiness including safety, security, and predictability, and new methodologies and architectures to address them. It is further important to provide bridges and collaboration between edge computing and CPS disciplines.
TL;DR: In this article, the authors proposed that building management systems should be aware about the state and environment of the building and become smart by deploying Building Management Systems (BMS) in buildings.
Abstract: Buildings, viewed as cyber-physical systems, become smart by deploying Building Management Systems (BMS). They should be aware about the state and environment of the building. This is achieved by d...
TL;DR: This work presents a software system that can simulate bus transmissions to create easy, replicable, and large datasets of MIL-STD-1553 communications and proposes an intrusion detection system (IDS) that can identify anomalies and the precise type of attack using recurrent neural networks with a reinforcement learning true-skip data selection algorithm.
Abstract: MIL-STD-1553 is a communication bus that has been used by many military avionics platforms, such as the F-15 and F-35 fighter jets, for almost 50 years. Recently, it has become clear that the lack of security on MIL-STD-1553 and the requirement for internet communication between planes has revealed numerous potential attack vectors for malicious parties. Prevention of these attacks by modernizing the MIL-STD-1553 is not practical due to the military applications and existing far-reaching installations of the bus. We present a software system that can simulate bus transmissions to create easy, replicable, and large datasets of MIL-STD-1553 communications. We also propose an intrusion detection system (IDS) that can identify anomalies and the precise type of attack using recurrent neural networks with a reinforcement learning true-skip data selection algorithm. Our IDS outperforms existing algorithms designed for MIL-STD-1553 in binary anomaly detection tasks while also performing attack classification and minimizing computational resource cost. Our simulator can generate more data with higher fidelity than existing methods and integrate attack scenarios with greater detail. Furthermore, the simulator and IDS can be combined to form a web-based attack-defense game.
TL;DR: In this paper, the authors present an approach for separating controller design and their software implementations in isolated design spaces using respective COTS design tools, which can lead to long debugging a controller.
Abstract: Controller design and their software implementations are usually done in isolated design spaces using respective COTS design tools. However, this separation of concerns can lead to long debugging a...
TL;DR: In this article, the authors proposed a smart home architecture composed of an Internet of Things (IoT), people, and physical content, which can provide digital services to optimize space use and enhance user experience.
Abstract: Smart spaces such as smart homes deliver digital services to optimize space use and enhance user experience. They are composed of an Internet of Things (IoT), people, and physical content. They dif...
TL;DR: In this paper , a cyber-physical approach is proposed to reduce the stopping distance of a platoon with inter-vehicle separations shorter than one vehicle length without sacrificing safety and independent of the road profile, i.e., whether on a flat road or in a downhill.
Abstract: In addition to fuel/energy savings, close-distance driving or platooning allows compacting vehicle flows and, hence, increasing throughput on congested roads. The shorter the inter-vehicle separation is in such settings, the more the benefits. However, it becomes considerably harder to guarantee safety, in particular, when braking in an emergency. In this article, we are concerned with this problem and propose a cyber-physical approach that considerably reduces the stopping distance of a platoon with inter-vehicle separations shorter than one vehicle length (i.e., 5 m) without sacrificing safety and independent of the road profile, i.e., whether on a flat road or in a downhill. The basic idea is to implement a cooperative behavior where a vehicle sends a distress message if it fails to achieve an assigned deceleration when braking in a platoon. This way, other vehicles in the arrangement can adapt their decelerations to avoid collisions. We illustrate and evaluate our approach based on detailed simulations involving high-fidelity vehicle models.
TL;DR: This article provides a model on how to express the desired timing behavior using a set of timing constructs in a C/C++ code and how to efficiently monitor them at the runtime and demonstrates that the system remains safe and stable even when intentional faults are injected to cause a timing failure.
Abstract: Many Cyber-Physical Systems (CPS) have timing constraints that must be met by the cyber components (software and the network) to ensure safety. It is a tedious job to check if a CPS meets its timing requirement especially when it is distributed and the software and/or the underlying computing platforms are complex. Furthermore, the system design is brittle since a timing failure can still happen (e.g., network failure, soft error bit flip). In this article, we propose a new design methodology called Plan B where timing constraints of the CPS are monitored at runtime, and a proper backup routine is executed when a timing failure happens to ensure safety. We provide a model on how to express the desired timing behavior using a set of timing constructs in a C/C++ code and how to efficiently monitor them at the runtime. We showcase the effectiveness of our approach by conducting experiments on three case studies: (1) the full software stack for autonomous driving (Apollo), (2) a multi-agent system with 1/10th-scale model robots, and (3) a quadrotor for search and rescue application. We show that the system remains safe and stable even when intentional faults are injected to cause a timing failure. We also demonstrate that the system can achieve graceful degradation when a less extreme timing failure happens.
TL;DR: In this paper , a partially observable Markov decision process (POMDP) is used to model human-vehicle interaction as a Markov Decision Process (DP) and trust as a state variable of the POMDP, representing human's hidden mental state.
Abstract: Recent work has considered personalized route planning based on user profiles, but none of it accounts for human trust. We argue that human trust is an important factor to consider when planning routes for automated vehicles. This article presents a trust-based route-planning approach for automated vehicles. We formalize the human-vehicle interaction as a partially observable Markov decision process (POMDP) and model trust as a partially observable state variable of the POMDP, representing the human’s hidden mental state. We build data-driven models of human trust dynamics and takeover decisions, which are incorporated in the POMDP framework, using data collected from an online user study with 100 participants on the Amazon Mechanical Turk platform. We compute optimal routes for automated vehicles by solving optimal policies in the POMDP planning and evaluate the resulting routes via human subject experiments with 22 participants on a driving simulator. The experimental results show that participants taking the trust-based route generally reported more positive responses in the after-driving survey than those taking the baseline (trust-free) route. In addition, we analyze the trade-offs between multiple planning objectives (e.g., trust, distance, energy consumption) via multi-objective optimization of the POMDP. We also identify a set of open issues and implications for real-world deployment of the proposed approach in automated vehicles.
TL;DR: In this article , the authors present an asset-driven approach for creating security assurance cases (SACs) in the automotive industry, which is inspired by the upcoming security standard ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs).
Abstract: Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system. SACs are gaining focus in the automotive industry, as the needs for security assurance are growing in this domain. However, the state-of-the-arts lack a mature approach able to suit the needs of the automotive industry. In this article, we present CASCADE, an asset-driven approach for creating SAC, which is inspired by the upcoming security standard ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). CASCADE also differentiates itself from the state-of-the-art by incorporating a way to reason about the quality of the constructed security assurance case. We created the approach by conducting an iterative design science research study. We illustrate the results using the example case of the road vehicle’s headlamp provided in the ISO standard. We also illustrate how our approach aligns well with the structure and content of the ISO/SAE-21434 standard, hence demonstrating the practical applicability of CASCADE in an industrial context.
TL;DR: Contego-C is introduced, an analytical model to integrate security tasks into RTS that will allow system designers to improve the security posture without affecting temporal and control constraints of the existing real-time control tasks.
Abstract: Modern embedded real-time systems (RTS) are increasingly facing more security threats than the past. A simplistic straightforward integration of security mechanisms might not be able to guarantee the safety and predictability of such systems. In this article, we focus on integrating security mechanisms into RTS (especially legacy RTS). We introduce Contego-C, an analytical model to integrate security tasks into RTS that will allow system designers to improve the security posture without affecting temporal and control constraints of the existing real-time control tasks. We also define a metric (named tightness of periodic monitoring) to measure the effectiveness of such integration. We demonstrate our ideas using a proof-of-concept implementation on an ARM-based rover platform and show that Contego-C can improve security without degrading control performance.
TL;DR: In this article , an approach for continuous operator authentication in teleoperated robotic processes based on Hidden Markov Models (HMM) is presented. But the model is only capable of detecting an impersonation attack in real-time.
Abstract: In this article, we present a novel approach for continuous operator authentication in teleoperated robotic processes based on Hidden Markov Models (HMM). While HMMs were originally developed and widely used in speech recognition, they have shown great performance in human motion and activity modeling. We make an analogy between human language and teleoperated robotic processes (i.e., words are analogous to a teleoperator’s gestures, sentences are analogous to the entire teleoperated task or process) and implement HMMs to model the teleoperated task. To test the continuous authentication performance of the proposed method, we conducted two sets of analyses. We built a virtual reality (VR) experimental environment using a commodity VR headset (HTC Vive) and haptic feedback enabled controller (Sensable PHANToM Omni) to simulate a real teleoperated task. An experimental study with 10 subjects was then conducted. We also performed simulated continuous operator authentication by using the JHU-ISI Gesture and Skill Assessment Working Set (JIGSAWS). The performance of the model was evaluated based on the continuous (real-time) operator authentication accuracy as well as resistance to a simulated impersonation attack. The results suggest that the proposed method is able to achieve 70% (VR experiment) and 81% (JIGSAWS dataset) continuous classification accuracy with as short as a 1-second sample window. It is also capable of detecting an impersonation attack in real-time.
TL;DR: A model-bounded monitoring scheme, where prior knowledge about the target system is used to prune interpolation candidates, and a novel notion of monitored language of LHAs is introduced, which reduces the monitoring problem to the membership problem of the monitored language.
Abstract: Monitoring of hybrid systems attracts both scientific and practical attention. However, monitoring algorithms suffer from the methodological difficulty of only observing sampled discrete-time signals, while real behaviors are continuous-time signals. To mitigate this problem of sampling uncertainties, we introduce a model-bounded monitoring scheme, where we use prior knowledge about the target system to prune interpolation candidates. Technically, we express such prior knowledge by linear hybrid automata (LHAs)—the LHAs are called bounding models. We introduce a novel notion of monitored language of LHAs, and we reduce the monitoring problem to the membership problem of the monitored language. We present two partial algorithms—one is via reduction to reachability in LHAs and the other is a direct one using polyhedra—and show that these methods, and thus the proposed model-bounded monitoring scheme, are efficient and practically relevant.
TL;DR: In this paper , the authors investigate that the abundance of electric vehicles (EVs) can be exploited to target the stability of the power grid and present a realistic coordinated switching attack that initiates inter-area oscillations between different areas of the grid.
Abstract: In this work, we investigate that the abundance of Electric Vehicles (EVs) can be exploited to target the stability of the power grid. Through a cyber attack that compromises a lot of available EVs and their charging infrastructure, we present a realistic coordinated switching attack that initiates inter-area oscillations between different areas of the power grid. The threat model as well as linearized state-space representation of the grid are formulated to illustrate possible consequences of the attack. Two variations of switching attack are considered, namely, switching of EV charging and discharging power into the grid. Moreover, two possible attack strategies are also considered (i) using an insider to reveal the accurate system parameters and (ii) using reconnaissance activities in the absence of the grid parameters. In the former strategy, the system equations are used to compute the required knowledge to launch the attack. However, a stealthy system identification technique, which is tailored based on Eigenvalue Realization Algorithm (ERA), is proposed in latter strategy to calculate the required data for attack execution. The two-area Kundur, 39-Bus New England, and the Australian 5-area power grids are used to demonstrate the attack strategies and their consequences. The collected results demonstrate that by manipulation of EV charging stations and launching a coordinated switching attack to those portions of load, inter-area oscillations can be initiated. Finally, to protect the grid from this anticipated attack, a Support Vector Machine (SVM) based framework is proposed to detect and eliminate this attack even before being executed.
TL;DR: Ashray as discussed by the authors is an IoT-inspired intelligent system to minimize the exposure of water to the elements thereby maintaining its temperature close to that of the groundwater, which can improve the thermal comfort and reduce energy costs for millions of households in developing countries.
Abstract: In developing countries, majority of the households use overhead water tanks to have running water. These water tanks are exposed to the elements, which usually render the tap water uncomfortable to use, given the extreme subtropical weather conditions. Externally weatherproofing these tanks to maintain the groundwater temperature is short-lived, and only results in a marginal (0.5°C–1°C) improvement in tap water temperature. We propose Ashray, an IoT-inspired, intelligent system to minimize the exposure of water to the elements thereby maintaining its temperature close to that of the groundwater. Ashray learns the water demand patterns of a household and pumps water into the overhead tank only when necessary. The predictive, machine learning based, approach of Ashray improves water comfort by up to 8°C in summers and 3°C in winters, on average. Ashray is retrofitted into existing infrastructure with a hardware prototyping cost of $27, whereas it can save up to 16% on water heating costs, through reduction in natural gas consumption, by leveraging groundwater temperature. Moreover, we also consider a transiently-powered Ashray, which uses the energy harvested from the ambient environment, and propose an intermittent data pipeline to improve its prediction accuracy. The transiently-powered Ashray is suitable for long-term deployment, requires minimal maintenance and delivers approximately the same performance. Ashray has the potential to improve the thermal comfort and reduce energy costs for millions of households in developing countries.
TL;DR: In this paper , the authors propose a scalable control performance constraint verification method for a system that works based on a feedback scheduler, which is the result of a control-aware pruning method.
Abstract: Automotive cyber-physical systems consist of multiple control subsystems working under resource limitations, and the trend is to run the corresponding control tasks on a shared platform. The resource requirements of the tasks are usually variable at runtime due to the uncertainties in the environment, necessitating some kinds of adaptation to deal with the resource limitations. Such adaptations may positively or negatively affect the control performance of several subsystems. Since there might be some thresholds on the control performances as quality constraints, this matter should be considered carefully to avoid any quality attribute constraint violation. This paper proposes a scalable control performance constraint verification method for such a system that works based on a feedback scheduler. The scalability is the result of a control-aware pruning method. In case of a constraint violation, the designer may change the system configuration and perform re-verification. Our evaluations show that the proposed method scales well while preserving the verification soundness.
TL;DR: The authors in this paper focused on contributions related to smart and connected cities, autonomous CPS, verification and control, security and privacy, and human health and biomedical CPS, as well as the development of technologies, tools, architectures and infrastructure for the design and implementation of CPS.
Abstract: The articles in this special section are based on selected papers presented at the 2021 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2021), a premier single-track conference that promotes development of fundamental principles that underpin the integration of cyber and physical elements, as well as the development of technologies, tools, architectures, and infrastructure for the design and implementation of CPS. ICCPS 2021 focused on contributions related to smart and connected cities, autonomous CPS, verification and control, security and privacy, and human health and biomedical CPS.
TL;DR: In this article , the authors proposed a cooling power attribution scheme to address the inter-room heat transfers that can be up to 9% of server load as shown in real experiments, and they used the estimates to rectify the metered power usages of the rooms' air handling units, and fairly attributing the power usage of the shared cooling infrastructure to server rooms by following the Shapley value principle.
Abstract: At present, a co-location data center often applies an identical and low temperature setpoint for its all server rooms. Although increasing the temperature setpoint is a rule-of-thumb approach to reducing the cooling energy usage, the tenants may have different mentalities and technical constraints in accepting higher temperature setpoints. Thus, supporting distinct temperature setpoints is desirable for a co-location data center in pursuing higher energy efficiency. This calls for a new cooling power attribution scheme to address the inter-room heat transfers that can be up to 9% of server load as shown in our real experiments. This article describes our approaches to estimating the inter-room heat transfers, using the estimates to rectify the metered power usages of the rooms’ air handling units, and fairly attributing the power usage of the shared cooling infrastructure (i.e., chiller and cooling tower) to server rooms by following the Shapley value principle. Extensive numeric experiments based on a widely accepted cooling system model are conducted to evaluate the effectiveness of the proposed cooling power attribution scheme. A case study suggests that the proposed scheme incentivizes rational tenants to adopt their highest acceptable temperature setpoints under a non-cooperative game setting. Further analysis considering distinct relative humidity setpoints shows that our proposed scheme also properly and inherently addresses the attribution of humidity control power.