Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479068
M. A. Faruque, Sujit Rokka Chhetri, A. Canedo, Jiang Wan
Additive manufacturing systems, such as 3D printers, emit sounds while creating objects. Our work demonstrates that these sounds carry process information that can be used to indirectly reconstruct the objects being printed, without requiring access to the original design. This is an example of a physical-to-cyber domain attack, where information gathered from the physical domain, such as acoustic side-channel, can be used to reveal information about the cyber domain. Our novel attack model consists of a pipeline of audio signal processing, machine learning algorithms, and context-based post-processing to improve the accuracy of the object reconstruction. In our experiments, we have successfully reconstructed the test objects (designed to test the attack model under various benchmark parameters) and their corresponding G-codes with an average accuracy for axis prediction of 78.35% and an average length prediction error of 17.82% on a Fused Deposition Modeling (FDM) based additive manufacturing system. Our work exposes a serious vulnerability in FDM based additive manufacturing systems exploitable by physical-to-cyber attacks that may lead to theft of Intellectual Property (IP) and trade secrets. To the best of our knowledge this kind of attack has not yet been explored in additive manufacturing systems.
{"title":"Acoustic Side-Channel Attacks on Additive Manufacturing Systems","authors":"M. A. Faruque, Sujit Rokka Chhetri, A. Canedo, Jiang Wan","doi":"10.1109/ICCPS.2016.7479068","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479068","url":null,"abstract":"Additive manufacturing systems, such as 3D printers, emit sounds while creating objects. Our work demonstrates that these sounds carry process information that can be used to indirectly reconstruct the objects being printed, without requiring access to the original design. This is an example of a physical-to-cyber domain attack, where information gathered from the physical domain, such as acoustic side-channel, can be used to reveal information about the cyber domain. Our novel attack model consists of a pipeline of audio signal processing, machine learning algorithms, and context-based post-processing to improve the accuracy of the object reconstruction. In our experiments, we have successfully reconstructed the test objects (designed to test the attack model under various benchmark parameters) and their corresponding G-codes with an average accuracy for axis prediction of 78.35% and an average length prediction error of 17.82% on a Fused Deposition Modeling (FDM) based additive manufacturing system. Our work exposes a serious vulnerability in FDM based additive manufacturing systems exploitable by physical-to-cyber attacks that may lead to theft of Intellectual Property (IP) and trade secrets. To the best of our knowledge this kind of attack has not yet been explored in additive manufacturing systems.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"27 1","pages":"1-10"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90420650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479113
A. Chhokra, A. Dubey, N. Mahadevan, G. Karsai
The power grid incorporates a number of protection elements such as distance relays that detect faults and prevent the propagation of failure effects from influencing the rest of system. However, the decision of these protection elements is only influenced by local information in the form of bus voltage/current (V-I) samples. Due to lack of system wide perspective, erroneous settings, and latent failure modes, protection devices often mis-operate and cause cascading effects that ultimately lead to blackouts. Blackouts around the world have been triggered or worsened by circuit breakers tripping, including the blackout of 2003 in North America, where the secondary/ remote protection relays incorrectly opened the breaker. Tools that aid the operators in finding the root cause of the problem on-line are required. However, high system complexity and the interdependencies between the cyber and physical elements of the system and the mis-operation of protection devices make the failure diagnosis a challenging problem.
{"title":"Poster Abstract: Distributed Reasoning for Diagnosing Cascading Outages in Cyber Physical Energy Systems","authors":"A. Chhokra, A. Dubey, N. Mahadevan, G. Karsai","doi":"10.1109/ICCPS.2016.7479113","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479113","url":null,"abstract":"The power grid incorporates a number of protection elements such as distance relays that detect faults and prevent the propagation of failure effects from influencing the rest of system. However, the decision of these protection elements is only influenced by local information in the form of bus voltage/current (V-I) samples. Due to lack of system wide perspective, erroneous settings, and latent failure modes, protection devices often mis-operate and cause cascading effects that ultimately lead to blackouts. Blackouts around the world have been triggered or worsened by circuit breakers tripping, including the blackout of 2003 in North America, where the secondary/ remote protection relays incorrectly opened the breaker. Tools that aid the operators in finding the root cause of the problem on-line are required. However, high system complexity and the interdependencies between the cyber and physical elements of the system and the mis-operation of protection devices make the failure diagnosis a challenging problem.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"38 1","pages":"1-1"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88936408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479100
Baekgyu Kim, J. Shum, Akshay Jarandikar, Shin'ichi Shiraishi
The recent trend in automotive domain such as ADAS (Advanced Driver Assistance Systems) and self-driving systems make it more difficult to test the correctness of the vehicle control software due to their complexity. Virtual vehicle simulation tools, such as CarSim and Prescan, are widely used to test the correctness of the control software in a virtual environment. Such a Model/Software-in-the-Loop Simulation (MiLS/SiLS) enables one to integrate the control software with the virtual vehicle component that will run on the virtual road environment. To utilize such simulation tools, it is necessary to create various types of road environments in a way the developed software can experience a wide range of realistic driving scenarios. Currently, there is no way to automatically generate realistic road environments that are compatible with those simulation tools. Hence, engineers have to manually create such road environments, which is a time consuming and unproductive process. In this demo, we present the case study of the systematic road environment generation framework using the Unity3D tool.
{"title":"Demo Abstract: Systematic Road Environment Generation for Vehicle Software Simulation","authors":"Baekgyu Kim, J. Shum, Akshay Jarandikar, Shin'ichi Shiraishi","doi":"10.1109/ICCPS.2016.7479100","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479100","url":null,"abstract":"The recent trend in automotive domain such as ADAS (Advanced Driver Assistance Systems) and self-driving systems make it more difficult to test the correctness of the vehicle control software due to their complexity. Virtual vehicle simulation tools, such as CarSim and Prescan, are widely used to test the correctness of the control software in a virtual environment. Such a Model/Software-in-the-Loop Simulation (MiLS/SiLS) enables one to integrate the control software with the virtual vehicle component that will run on the virtual road environment. To utilize such simulation tools, it is necessary to create various types of road environments in a way the developed software can experience a wide range of realistic driving scenarios. Currently, there is no way to automatically generate realistic road environments that are compatible with those simulation tools. Hence, engineers have to manually create such road environments, which is a time consuming and unproductive process. In this demo, we present the case study of the systematic road environment generation framework using the Unity3D tool.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"28 1","pages":"1-1"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84421239","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479129
Yuya Maruyama, S. Kato, Takuya Azumi
Cyber-Physical Systems (CPS) represent next generation distributed and embedded systems. Robot Operating System (ROS), an open-source middleware for robotics development, has been widely used for CPS applications. However, ROS is not suitable for real-time and embedded systems, because ROS does not support to meet real-time requirements, and runs only on a few kinds of OSs. Facing this problem, ROS is going to be significantly upgraded as ROS2 with utilizing Data Distribution Service (DDS). DDS is suitable for CPS due to its various transport configurations (e.g. reliability and durability). ROS2 needs to convert data for DDS and abstracting DDS from ROS2 users, which causes the overhead examined in this research. Transport latency between ROS2 nodes varies by transport situations, data size, and DDS vendors. We clarify the performance characteristics of currently-available data transport on ROS or ROS2 in various situations. Revealing the present capability of ROS2 depending on DDS vendors and DDS configurations, we explore and evaluate the facing constraints and potential of ROS2.
{"title":"WiP Abstract: Preliminary Evaluation of ROS2","authors":"Yuya Maruyama, S. Kato, Takuya Azumi","doi":"10.1109/ICCPS.2016.7479129","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479129","url":null,"abstract":"Cyber-Physical Systems (CPS) represent next generation distributed and embedded systems. Robot Operating System (ROS), an open-source middleware for robotics development, has been widely used for CPS applications. However, ROS is not suitable for real-time and embedded systems, because ROS does not support to meet real-time requirements, and runs only on a few kinds of OSs. Facing this problem, ROS is going to be significantly upgraded as ROS2 with utilizing Data Distribution Service (DDS). DDS is suitable for CPS due to its various transport configurations (e.g. reliability and durability). ROS2 needs to convert data for DDS and abstracting DDS from ROS2 users, which causes the overhead examined in this research. Transport latency between ROS2 nodes varies by transport situations, data size, and DDS vendors. We clarify the performance characteristics of currently-available data transport on ROS or ROS2 in various situations. Revealing the present capability of ROS2 depending on DDS vendors and DDS configurations, we explore and evaluate the facing constraints and potential of ROS2.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"134 1","pages":"1-1"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86322959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479106
Jana Tumova, S. Karaman, C. Belta, D. Rus
In this paper, we consider the problem of automated plan synthesis for a vehicle operating in a road network, which is modeled as a weighted transition system. The vehicle is assigned a set of demands, each of which involves a task specification in the form of a syntactically co-safe LTL formula, a deadline for achieving this task, and a demand priority. The demands arrive gradually, upon the run of the vehicle, and hence periodical replanning is needed. We particularly focus on cases, where all tasks cannot be accomplished within the desired deadlines and propose several different ways to measure the degree of demand violation that take into account the demand priorities. We develop a general solution to the problem of least-violating planning and replanning based on a translation to linear programming problem. Furthermore, for a particular subclass of demands, we provide a more efficient solution based on graph search algorithms. The benefits of the approach are demonstrated through illustrative simulations inspired by mobility-on-demand scenarios.
{"title":"Least-Violating Planning in Road Networks from Temporal Logic Specifications","authors":"Jana Tumova, S. Karaman, C. Belta, D. Rus","doi":"10.1109/ICCPS.2016.7479106","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479106","url":null,"abstract":"In this paper, we consider the problem of automated plan synthesis for a vehicle operating in a road network, which is modeled as a weighted transition system. The vehicle is assigned a set of demands, each of which involves a task specification in the form of a syntactically co-safe LTL formula, a deadline for achieving this task, and a demand priority. The demands arrive gradually, upon the run of the vehicle, and hence periodical replanning is needed. We particularly focus on cases, where all tasks cannot be accomplished within the desired deadlines and propose several different ways to measure the degree of demand violation that take into account the demand priorities. We develop a general solution to the problem of least-violating planning and replanning based on a translation to linear programming problem. Furthermore, for a particular subclass of demands, we provide a more efficient solution based on graph search algorithms. The benefits of the approach are demonstrated through illustrative simulations inspired by mobility-on-demand scenarios.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"15 1","pages":"1-9"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81917483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479111
Alessandro Biondi, M. Natale, G. Buttazzo
Engine control tasks include computational activities triggered at specific rotation angles of the crankshaft, making the computational load increase with the engine speed. To avoid overload at high speeds, simplified control implementations are used, defining different operational modes at different speed intervals. The design of a set of adaptive variable rate tasks is an optimization problem, consisting in determining the rotation speeds at which mode changes should occur to optimize the system performance while guaranteeing the schedulability. This paper presents three methods for tackling the optimization problem under a set of assumptions about the performance metric and the problem constraints. Two are heuristics and one is a branch and bound that is guaranteed, when it terminates, to find the optimum within a given granularity. In addition, a simple method to compute a performance upper bound is presented. The analysis of the problem reveals several insights for the design and the heuristics are shown to be quite close to the performance upper bound and the optimum with finite granularity.
{"title":"Performance-Driven Design of Engine Control Tasks","authors":"Alessandro Biondi, M. Natale, G. Buttazzo","doi":"10.1109/ICCPS.2016.7479111","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479111","url":null,"abstract":"Engine control tasks include computational activities triggered at specific rotation angles of the crankshaft, making the computational load increase with the engine speed. To avoid overload at high speeds, simplified control implementations are used, defining different operational modes at different speed intervals. The design of a set of adaptive variable rate tasks is an optimization problem, consisting in determining the rotation speeds at which mode changes should occur to optimize the system performance while guaranteeing the schedulability. This paper presents three methods for tackling the optimization problem under a set of assumptions about the performance metric and the problem constraints. Two are heuristics and one is a branch and bound that is guaranteed, when it terminates, to find the optimum within a given granularity. In addition, a simple method to compute a performance upper bound is presented. The analysis of the problem reveals several insights for the design and the heuristics are shown to be quite close to the performance upper bound and the optimum with finite granularity.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"39 1","pages":"1-10"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80948189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The routing game models congestion in transportation networks, communication networks, and other cyber physical systems in which agents compete for shared resources. We consider an online learning model of player dynamics: at each iteration, every player chooses a route (or a probability distribution over routes, which corresponds to a flow allocation over the physical network), then the joint decision of all players determines the costs of each path, which are then revealed to the players. We pose the following estimation problem: given a sequence of player decisions and the corresponding costs, we would like to estimate the learning model parameters. We consider in particular entropic mirror descent dynamics, reduce the problem to estimating the learning rates of each player. We demonstrate this method using data collected from a routing game experiment, played by human participants: We develop a web application to implement the routing game. When players log in, they are assigned an origin and destination on the graph. They can choose, at each iteration, a distribution over their available routes, and each player seeks to minimize her own cost. We collect a data set using this interface, then apply the proposed method to estimate the learning model parameters. We observe in particular that after an exploration phase, the joint decision of the players remains within a small distance of the Nash equilibrium. We also use the estimated model parameters to predict the flow distribution over routes, and compare these predictions to the actual distribution. Finally, we discuss some of the qualitative implications of the experiments, and give directions for future research.
{"title":"On Learning How Players Learn: Estimation of Learning Dynamics in the Routing Game","authors":"Kiet Lam, W. Krichene, A. Bayen","doi":"10.1145/3078620","DOIUrl":"https://doi.org/10.1145/3078620","url":null,"abstract":"The routing game models congestion in transportation networks, communication networks, and other cyber physical systems in which agents compete for shared resources. We consider an online learning model of player dynamics: at each iteration, every player chooses a route (or a probability distribution over routes, which corresponds to a flow allocation over the physical network), then the joint decision of all players determines the costs of each path, which are then revealed to the players. We pose the following estimation problem: given a sequence of player decisions and the corresponding costs, we would like to estimate the learning model parameters. We consider in particular entropic mirror descent dynamics, reduce the problem to estimating the learning rates of each player. We demonstrate this method using data collected from a routing game experiment, played by human participants: We develop a web application to implement the routing game. When players log in, they are assigned an origin and destination on the graph. They can choose, at each iteration, a distribution over their available routes, and each player seeks to minimize her own cost. We collect a data set using this interface, then apply the proposed method to estimate the learning model parameters. We observe in particular that after an exploration phase, the joint decision of the players remains within a small distance of the Nash equilibrium. We also use the estimated model parameters to predict the flow distribution over routes, and compare these predictions to the actual distribution. Finally, we discuss some of the qualitative implications of the experiments, and give directions for future research.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"58 1","pages":"1-10"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80163896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479120
Zhipeng Liu, Andrew Clark, Phillip Lee, L. Bushnell, D. Kirschen, R. Poovendran
Voltage instability occurs when a power system is unable to meet reactive power demand at one or more buses. Voltage instability events have caused several major out- ages and promise to become more frequent due to in- creasing energy demand. The future smart grid may help to ensure voltage stability by enabling rapid detection of possible voltage instability and implementation of corrective action. These corrective actions will only be effective in restoring stability if they are chosen in a timely, scalable manner. Current techniques for select- ing control actions, however, rely on exhaustive search, and hence may choose an inefficient control strategy. In this paper, we propose a submodular optimization approach to designing a control strategy to prevent volt- age instability at one or more buses. Our key insight is that the deviation from the desired voltage is a super- modular function of the set of reactive power injections that are employed, leading to computationally efficient control algorithms with provable optimality guarantees. Furthermore, we show that the optimality bound of our approach can be improved from 1/3 to 1/2 when the power system operates under heavy loading conditions. We demonstrate our framework through extensive simulation study on the IEEE 30 bus test case.
{"title":"Towards Scalable Voltage Control in Smart Grid: A Submodular Optimization Approach","authors":"Zhipeng Liu, Andrew Clark, Phillip Lee, L. Bushnell, D. Kirschen, R. Poovendran","doi":"10.1109/ICCPS.2016.7479120","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479120","url":null,"abstract":"Voltage instability occurs when a power system is unable to meet reactive power demand at one or more buses. Voltage instability events have caused several major out- ages and promise to become more frequent due to in- creasing energy demand. The future smart grid may help to ensure voltage stability by enabling rapid detection of possible voltage instability and implementation of corrective action. These corrective actions will only be effective in restoring stability if they are chosen in a timely, scalable manner. Current techniques for select- ing control actions, however, rely on exhaustive search, and hence may choose an inefficient control strategy. In this paper, we propose a submodular optimization approach to designing a control strategy to prevent volt- age instability at one or more buses. Our key insight is that the deviation from the desired voltage is a super- modular function of the set of reactive power injections that are employed, leading to computationally efficient control algorithms with provable optimality guarantees. Furthermore, we show that the optimality bound of our approach can be improved from 1/3 to 1/2 when the power system operates under heavy loading conditions. We demonstrate our framework through extensive simulation study on the IEEE 30 bus test case.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"99 2 1","pages":"1-10"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78002664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479121
Chunhui Guo, Shangping Ren, Yu Jiang, Po-Liang Wu, L. Sha, Richard B. Berlin
Improving effectiveness and safety of patient care is an ultimate objective for medical cyber- physical systems. However, the existing medical best practice guidelines in hospital handbooks are often lengthy and difficult for medical staff to remember and apply clinically. Statechart is a widely used model in designing complex systems and enables rapid prototyping and clinical validation with medical doctors. However, clinical validation is often not adequate for guaranteeing the correctness and safety of medical cyber-physical systems, and formal verification is required. The paper presents an approach that transforms medical best practice guidelines to verifiable statechart models and supports both clinical validation in collaboration with medical doctors and formal verification. In particular, we use an open source statechart tool Yakindu to model best practice guidelines and use the statechart to interact with doctors for validating the model correctness. The statechart model is then automatically transformed to a verifiable formal model, such as timed automata, so that existing formal verification tool, such as UPPAAL, can be used to verify required safety properties. The approach also provides the ability to trace back to the paths in the statechart model (Yakindu model) when a specific property in its associated formal model (UPPAAL model) fails. A cardiac arrest scenario is used as a case study to validate the proposed approach. The tool is available on our website www.cs.iit.edu/~code/software/Y2U.
{"title":"Transforming Medical Best Practice Guidelines to Executable and Verifiable Statechart Models","authors":"Chunhui Guo, Shangping Ren, Yu Jiang, Po-Liang Wu, L. Sha, Richard B. Berlin","doi":"10.1109/ICCPS.2016.7479121","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479121","url":null,"abstract":"Improving effectiveness and safety of patient care is an ultimate objective for medical cyber- physical systems. However, the existing medical best practice guidelines in hospital handbooks are often lengthy and difficult for medical staff to remember and apply clinically. Statechart is a widely used model in designing complex systems and enables rapid prototyping and clinical validation with medical doctors. However, clinical validation is often not adequate for guaranteeing the correctness and safety of medical cyber-physical systems, and formal verification is required. The paper presents an approach that transforms medical best practice guidelines to verifiable statechart models and supports both clinical validation in collaboration with medical doctors and formal verification. In particular, we use an open source statechart tool Yakindu to model best practice guidelines and use the statechart to interact with doctors for validating the model correctness. The statechart model is then automatically transformed to a verifiable formal model, such as timed automata, so that existing formal verification tool, such as UPPAAL, can be used to verify required safety properties. The approach also provides the ability to trace back to the paths in the statechart model (Yakindu model) when a specific property in its associated formal model (UPPAAL model) fails. A cardiac arrest scenario is used as a case study to validate the proposed approach. The tool is available on our website www.cs.iit.edu/~code/software/Y2U.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"5 1","pages":"1-10"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87397795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-04-11DOI: 10.1109/ICCPS.2016.7479102
Radoslav Ivanov, Nikolay A. Atanasov, James Weimer, M. Pajic, Allan F. Simpao, M. Rehman, George J. Pappas, Insup Lee
In this paper we address the problem of estimating the blood oxygen concentration in children during surgery. Currently, the oxygen content can only be measured through invasive means such as drawing blood from the patient. In this work, we attempt to perform estimation by only using other non-invasive measurements (e.g., fraction of oxygen in inspired air, volume of inspired air) collected during surgery. Although models mapping these measurements to blood oxygen content contain multiple parameters that vary widely across patients, the non-invasive measurements can be used to provide binary information about whether the oxygen concentration is rising or dropping. This information can then be incorporated in a context-aware filter that is used to combine regular continuous measurements with discrete detection events in order to improve estimation. We evaluate the filter using real- patient data collected over the last decade at the Children's Hospital of Philadelphia and show that it is a promising approach for the estimation of unobservable physiological variables.
{"title":"Estimation of Blood Oxygen Content Using Context-Aware Filtering","authors":"Radoslav Ivanov, Nikolay A. Atanasov, James Weimer, M. Pajic, Allan F. Simpao, M. Rehman, George J. Pappas, Insup Lee","doi":"10.1109/ICCPS.2016.7479102","DOIUrl":"https://doi.org/10.1109/ICCPS.2016.7479102","url":null,"abstract":"In this paper we address the problem of estimating the blood oxygen concentration in children during surgery. Currently, the oxygen content can only be measured through invasive means such as drawing blood from the patient. In this work, we attempt to perform estimation by only using other non-invasive measurements (e.g., fraction of oxygen in inspired air, volume of inspired air) collected during surgery. Although models mapping these measurements to blood oxygen content contain multiple parameters that vary widely across patients, the non-invasive measurements can be used to provide binary information about whether the oxygen concentration is rising or dropping. This information can then be incorporated in a context-aware filter that is used to combine regular continuous measurements with discrete detection events in order to improve estimation. We evaluate the filter using real- patient data collected over the last decade at the Children's Hospital of Philadelphia and show that it is a promising approach for the estimation of unobservable physiological variables.","PeriodicalId":6619,"journal":{"name":"2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)","volume":"31 1","pages":"1-10"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84586115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: