Deval Shah, Zi Yu Xue, Karthik Pattabiraman, Tor M. Aamodt
Motion planning is a computationally intensive and well-studied problem in autonomous robots. However, motion planning hardware accelerators (MPA) must be soft-error resilient for deployment in safety-critical applications, and blanket application of traditional mitigation techniques is ill-suited due to cost, power, and performance overheads. We propose Collision Exposure Factor (CEF), a novel metric to assess the failure vulnerability of circuits processing spatial relationships, including motion planning. CEF is based on the insight that the safety violation probability increases with the surface area of the physical space exposed by a bit-flip. We evaluate CEF on four MPAs. We demonstrate empirically that CEF is correlated with safety violation probability, and that CEF-aware selective error mitigation provides 12.3 ×, 9.6 ×, and 4.2 × lower dangerous Failures-In-Time rate on average for the same amount of protected memory compared to uniform, bit-position, and access-frequency-aware selection of critical data. Furthermore, we show how to employ CEF to enable fault characterization using 23, 000 × fewer fault injection (FI) experiments than exhaustive FI, and evaluate our FI approach on different robots and MPAs. We demonstrate that CEF-aware FI can provide insights on vulnerable bits in an MPA while taking the same amount of time as uniform statistical FI. Finally, we use the CEF to formulate guidelines for designing soft-error resilient MPAs.
{"title":"Characterizing and Improving Resilience of Accelerators to Memory Errors in Autonomous Robots","authors":"Deval Shah, Zi Yu Xue, Karthik Pattabiraman, Tor M. Aamodt","doi":"10.1145/3627828","DOIUrl":"https://doi.org/10.1145/3627828","url":null,"abstract":"Motion planning is a computationally intensive and well-studied problem in autonomous robots. However, motion planning hardware accelerators (MPA) must be soft-error resilient for deployment in safety-critical applications, and blanket application of traditional mitigation techniques is ill-suited due to cost, power, and performance overheads. We propose Collision Exposure Factor (CEF), a novel metric to assess the failure vulnerability of circuits processing spatial relationships, including motion planning. CEF is based on the insight that the safety violation probability increases with the surface area of the physical space exposed by a bit-flip. We evaluate CEF on four MPAs. We demonstrate empirically that CEF is correlated with safety violation probability, and that CEF-aware selective error mitigation provides 12.3 ×, 9.6 ×, and 4.2 × lower dangerous Failures-In-Time rate on average for the same amount of protected memory compared to uniform, bit-position, and access-frequency-aware selection of critical data. Furthermore, we show how to employ CEF to enable fault characterization using 23, 000 × fewer fault injection (FI) experiments than exhaustive FI, and evaluate our FI approach on different robots and MPAs. We demonstrate that CEF-aware FI can provide insights on vulnerable bits in an MPA while taking the same amount of time as uniform statistical FI. Finally, we use the CEF to formulate guidelines for designing soft-error resilient MPAs.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"355 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135366639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Levente Csikor, Hoon Wei Lim, Jun Wen Wong, Soundarya Ramesh, Rohini Poolat Parameswarath, Mun Choon Chan
Automotive Keyless Entry (RKE) systems provide car owners with a degree of convenience, allowing them to lock and unlock the car without using a mechanical key. Today’s RKE systems implement disposable rolling codes, making every key fob button press unique, effectively preventing simple replay attacks. However, a prior attack called RollJam was proven to break all rolling code-based systems in general. By a careful sequence of signal jamming, capturing, and replaying, an attacker can become aware of the subsequent valid unlock signal that has not been used yet. RollJam, however, requires continuous deployment indefinitely until it is exploited. Otherwise, the captured signals become invalid if the key fob is used again without RollJam in place. We introduce RollBack, a new replay-and-resynchronize attack against most of today’s RKE systems. In particular, we show that even though the one-time code becomes invalid in rolling code systems, replaying a few previously captured signals consecutively can trigger a rollback-like mechanism in the RKE system. Put differently, the rolling codes become resynchronized back to a previous code used in the past from where all subsequent yet already used signals work again. Moreover, the victim can still use the key fob without noticing any difference before and after the attack. Unlike RollJam, RollBack does not necessitate jamming at all. In fact, it requires signal capturing only once and can be exploited at any time in the future as many times as desired. This time-agnostic property is particularly attractive to attackers, especially in car-sharing/renting scenarios where accessing the key fob is straightforward. However, while RollJam defeats virtually any rolling code-based system, vehicles might have additional anti-theft measures against malfunctioning key fobs, hence against RollBack. Our ongoing analysis (with crowd-sourced data) against different vehicle makes and models has revealed that ∼ 50% of the examined vehicles in the Asian region are vulnerable to RollBack, while the impact tends to be smaller in other regions like Europe and North America.
{"title":"RollBack: A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems","authors":"Levente Csikor, Hoon Wei Lim, Jun Wen Wong, Soundarya Ramesh, Rohini Poolat Parameswarath, Mun Choon Chan","doi":"10.1145/3627827","DOIUrl":"https://doi.org/10.1145/3627827","url":null,"abstract":"Automotive Keyless Entry (RKE) systems provide car owners with a degree of convenience, allowing them to lock and unlock the car without using a mechanical key. Today’s RKE systems implement disposable rolling codes, making every key fob button press unique, effectively preventing simple replay attacks. However, a prior attack called RollJam was proven to break all rolling code-based systems in general. By a careful sequence of signal jamming, capturing, and replaying, an attacker can become aware of the subsequent valid unlock signal that has not been used yet. RollJam, however, requires continuous deployment indefinitely until it is exploited. Otherwise, the captured signals become invalid if the key fob is used again without RollJam in place. We introduce RollBack, a new replay-and-resynchronize attack against most of today’s RKE systems. In particular, we show that even though the one-time code becomes invalid in rolling code systems, replaying a few previously captured signals consecutively can trigger a rollback-like mechanism in the RKE system. Put differently, the rolling codes become resynchronized back to a previous code used in the past from where all subsequent yet already used signals work again. Moreover, the victim can still use the key fob without noticing any difference before and after the attack. Unlike RollJam, RollBack does not necessitate jamming at all. In fact, it requires signal capturing only once and can be exploited at any time in the future as many times as desired. This time-agnostic property is particularly attractive to attackers, especially in car-sharing/renting scenarios where accessing the key fob is straightforward. However, while RollJam defeats virtually any rolling code-based system, vehicles might have additional anti-theft measures against malfunctioning key fobs, hence against RollBack. Our ongoing analysis (with crowd-sourced data) against different vehicle makes and models has revealed that ∼ 50% of the examined vehicles in the Asian region are vulnerable to RollBack, while the impact tends to be smaller in other regions like Europe and North America.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135729097","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this article, we investigate the vehicle path-following problem for a vehicle-to-vehicle (V2V)–enabled leader–follower scenario and propose an integrated control policy for the following vehicle to accurately follow the leader’s path. We propose a control strategy for the follower vehicle to maintain a velocity-dependent distance relative to the leader vehicle while stabilizing its longitudinal and lateral dynamics considering the combined-slip effect and tire force saturation. In light of reducing wireless communication errors and efficient usage of battery power and resources, we propose an intermittent V2V communication in which transmissions are scheduled based on an event-triggered law. An event is triggered and a transmission is scheduled in subsequent sample time if some of the well-defined path-following error functions (relative distance error and lateral error) exceed given tolerance bounds. Considering that the V2V communication channel might be erroneous or a transmission fails due to, e.g., vehicles’ distance or low battery power, we consider data loss in the V2V channel. Our proposed control law consists of two components: a receding horizon feedback controller with state constraints based on a safe operation envelop and a feedforward controller that generates complementary control inputs when the leader’s states are successfully communicated to the follower. To mitigate the effects of data loss on the follower’s path-following performance, we design a remote estimator for the follower to predict the leader’s state using its on-board sensor equipment when an event is triggered but the corresponding state information is not received by the follower due to a packet loss. Incorporating this estimator allows the follower to apply cautionary control inputs knowing that the path-following error had exceeded a tolerance bound. We show that while the feedback controller stabilizes the follower’s dynamics, the feedforward component improves the safety margins and reduces the path-following errors even in the presence of data loss. High-fidelity simulations are performed using CarSim to validate the effectiveness of our proposed control architecture specifically in harsh maneuvers and high-slip scenarios on various road surface conditions.
{"title":"Event-Triggered Control with Intermittent Communications over Erasure Channels for Leader-Follower Problems with the Combined-Slip Effect","authors":"Mohammad H. Mamduhi, Ehsan Hashemi","doi":"10.1145/3625562","DOIUrl":"https://doi.org/10.1145/3625562","url":null,"abstract":"In this article, we investigate the vehicle path-following problem for a vehicle-to-vehicle (V2V)–enabled leader–follower scenario and propose an integrated control policy for the following vehicle to accurately follow the leader’s path. We propose a control strategy for the follower vehicle to maintain a velocity-dependent distance relative to the leader vehicle while stabilizing its longitudinal and lateral dynamics considering the combined-slip effect and tire force saturation. In light of reducing wireless communication errors and efficient usage of battery power and resources, we propose an intermittent V2V communication in which transmissions are scheduled based on an event-triggered law. An event is triggered and a transmission is scheduled in subsequent sample time if some of the well-defined path-following error functions (relative distance error and lateral error) exceed given tolerance bounds. Considering that the V2V communication channel might be erroneous or a transmission fails due to, e.g., vehicles’ distance or low battery power, we consider data loss in the V2V channel. Our proposed control law consists of two components: a receding horizon feedback controller with state constraints based on a safe operation envelop and a feedforward controller that generates complementary control inputs when the leader’s states are successfully communicated to the follower. To mitigate the effects of data loss on the follower’s path-following performance, we design a remote estimator for the follower to predict the leader’s state using its on-board sensor equipment when an event is triggered but the corresponding state information is not received by the follower due to a packet loss. Incorporating this estimator allows the follower to apply cautionary control inputs knowing that the path-following error had exceeded a tolerance bound. We show that while the feedback controller stabilizes the follower’s dynamics, the feedforward component improves the safety margins and reduces the path-following errors even in the presence of data loss. High-fidelity simulations are performed using CarSim to validate the effectiveness of our proposed control architecture specifically in harsh maneuvers and high-slip scenarios on various road surface conditions.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135767377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Klaus Bengler, Werner Damm, Andreas Luedtke, Jochem Rieger, Benedikt Austel, Bianca Biebl, Martin Fränzle, Willem Hagemann, Moritz Held, David Hess, Klas Ihme, Severin Kacianka, Alyssa J. Kerscher, Lain Forrest, Sebastian Lehnhoff, Alexander Pretschner, Astrid Rakow, Daniel Sonntag, Janos Sztipanovits, Maike Schwammberger, Mark Schweda, Anirudh Unni, Eric Veith
As automation increases qualitatively and quantitatively in safety-critical human cyber-physical systems, it is becoming more and more challenging to increase the probability or ensure that human operators still perceive key artefacts and comprehend their roles in the system. In the companion paper, we proposed an abstract reference architecture capable of expressing all classes of system-level interactions in human cyber-physical systems. Here we demonstrate how this reference architecture supports the analysis of levels of communication between agents and helps to identify the potential for misunderstandings and misconceptions. We then develop a metamodel for safe human machine interaction. Therefore, we ask what type of information exchange must be supported on what level so that humans and systems can cooperate as a team, what is the criticality of exchanged information, what are timing requirements for such interactions, and how can we communicate highly critical information in a limited time frame in spite of the many sources of a distorted perception. We highlight shared stumbling blocks and illustrate shared design principles, which rest on established ontologies specific to particular application classes. In order to overcome the partial opacity of internal states of agents, we anticipate a key role of virtual twins of both human and technical cooperation partners for designing a suitable communication.
{"title":"A References Architecture for Human Cyber Physical Systems - PART II: Fundamental Design Principles for Human-CPS Interaction","authors":"Klaus Bengler, Werner Damm, Andreas Luedtke, Jochem Rieger, Benedikt Austel, Bianca Biebl, Martin Fränzle, Willem Hagemann, Moritz Held, David Hess, Klas Ihme, Severin Kacianka, Alyssa J. Kerscher, Lain Forrest, Sebastian Lehnhoff, Alexander Pretschner, Astrid Rakow, Daniel Sonntag, Janos Sztipanovits, Maike Schwammberger, Mark Schweda, Anirudh Unni, Eric Veith","doi":"10.1145/3622880","DOIUrl":"https://doi.org/10.1145/3622880","url":null,"abstract":"As automation increases qualitatively and quantitatively in safety-critical human cyber-physical systems, it is becoming more and more challenging to increase the probability or ensure that human operators still perceive key artefacts and comprehend their roles in the system. In the companion paper, we proposed an abstract reference architecture capable of expressing all classes of system-level interactions in human cyber-physical systems. Here we demonstrate how this reference architecture supports the analysis of levels of communication between agents and helps to identify the potential for misunderstandings and misconceptions. We then develop a metamodel for safe human machine interaction. Therefore, we ask what type of information exchange must be supported on what level so that humans and systems can cooperate as a team, what is the criticality of exchanged information, what are timing requirements for such interactions, and how can we communicate highly critical information in a limited time frame in spite of the many sources of a distorted perception. We highlight shared stumbling blocks and illustrate shared design principles, which rest on established ontologies specific to particular application classes. In order to overcome the partial opacity of internal states of agents, we anticipate a key role of virtual twins of both human and technical cooperation partners for designing a suitable communication.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136061283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiangwei Wang, Lili Su, Songyang Han, Dongjin Song, Fei Miao
Hybrid traffic which involves both autonomous and human-driven vehicles would be the norm of the autonomous vehicles’ practice for a while. On the one hand, unlike autonomous vehicles, human-driven vehicles could exhibit sudden abnormal behaviors such as unpredictably switching to dangerous driving modes – putting its neighboring vehicles under risks; such undesired mode switching could arise from numbers of human driver factors, including fatigue, drunkenness, distraction, aggressiveness, etc. On the other hand, modern vehicle-to-vehicle (V2V) communication technologies enable the autonomous vehicles to efficiently and reliably share the scarce run-time information with each other [1]. In this paper, we propose, to the best of our knowledge, the first efficient algorithm that can (1) significantly improve trajectory prediction by effectively fusing the run-time information shared by surrounding autonomous vehicles, and can (2) accurately and quickly detect abnormal human driving mode switches or abnormal driving behavior with formal assurance without hurting human drivers’ privacy. To validate our proposed algorithm, we first evaluate our proposed trajectory predictor on NGSIM and Argoverse datasets and show that our proposed predictor outperforms the baseline methods. Then through extensive experiments on SUMO simulator, we show that our proposed algorithm has great detection performance in both highway and urban traffic. The best performance achieves detection rate of (97.3% ) , average detection delay of 1.2s, and 0 false alarm.
{"title":"Towards Safe Autonomy in Hybrid Traffic: Detecting Unpredictable Abnormal Behaviors of Human Drivers via Information Sharing","authors":"Jiangwei Wang, Lili Su, Songyang Han, Dongjin Song, Fei Miao","doi":"10.1145/3616398","DOIUrl":"https://doi.org/10.1145/3616398","url":null,"abstract":"Hybrid traffic which involves both autonomous and human-driven vehicles would be the norm of the autonomous vehicles’ practice for a while. On the one hand, unlike autonomous vehicles, human-driven vehicles could exhibit sudden abnormal behaviors such as unpredictably switching to dangerous driving modes – putting its neighboring vehicles under risks; such undesired mode switching could arise from numbers of human driver factors, including fatigue, drunkenness, distraction, aggressiveness, etc. On the other hand, modern vehicle-to-vehicle (V2V) communication technologies enable the autonomous vehicles to efficiently and reliably share the scarce run-time information with each other [1]. In this paper, we propose, to the best of our knowledge, the first efficient algorithm that can (1) significantly improve trajectory prediction by effectively fusing the run-time information shared by surrounding autonomous vehicles, and can (2) accurately and quickly detect abnormal human driving mode switches or abnormal driving behavior with formal assurance without hurting human drivers’ privacy. To validate our proposed algorithm, we first evaluate our proposed trajectory predictor on NGSIM and Argoverse datasets and show that our proposed predictor outperforms the baseline methods. Then through extensive experiments on SUMO simulator, we show that our proposed algorithm has great detection performance in both highway and urban traffic. The best performance achieves detection rate of (97.3% ) , average detection delay of 1.2s, and 0 false alarm.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136059975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Werner Damm, Martin Fränzle, Alyssa J. Kerscher, Laine Forrest, Klaus Bengler, Bianca Biebl, Willem Hagemann, Moritz Held, David Hess, Klas Ihme, Severin Kacianka, Sebastian Lehnhoff, Andreas Luedtke, Alexander Pretschner, Astrid Rakow, Rieger Jochem, Daniel Sonntag, Jonas Sztipanovits, Maike Schwammberger, Mark Schweda, Alexander Trende, Anirudh Unni, Eric Veith
The design and analysis of multi-agent human cyber-physical systems in safety-critical or industry-critical domains calls for an adequate semantic foundation capable of exhaustively and rigorously describing all emergent effects in the joint dynamic behavior of the agents that are relevant to their safety and well-behavior. We present such a semantic foundation. This framework extends beyond previous approaches by extending the agent-local dynamic state beyond state components under direct control of the agent and belief about other agents (as previously suggested for understanding cooperative as well as rational behavior) to agent-local evidence and belief about the overall cooperative, competitive, or coopetitive game structure. We argue that this extension is necessary for rigorously analyzing systems of human cyber-physical systems because humans are known to employ cognitive replacement models of system dynamics that are both non-stationary and potentially incongruent. These replacement models induce visible and potentially harmful effects on their joint emergent behavior and the interaction with cyber-physical system components.
{"title":"A REFERENCE ARCHITECTURE OF HUMAN CYBER-PHYSICAL SYSTEMS – PART III: SEMANTIC FOUNDATIONS","authors":"Werner Damm, Martin Fränzle, Alyssa J. Kerscher, Laine Forrest, Klaus Bengler, Bianca Biebl, Willem Hagemann, Moritz Held, David Hess, Klas Ihme, Severin Kacianka, Sebastian Lehnhoff, Andreas Luedtke, Alexander Pretschner, Astrid Rakow, Rieger Jochem, Daniel Sonntag, Jonas Sztipanovits, Maike Schwammberger, Mark Schweda, Alexander Trende, Anirudh Unni, Eric Veith","doi":"10.1145/3622881","DOIUrl":"https://doi.org/10.1145/3622881","url":null,"abstract":"The design and analysis of multi-agent human cyber-physical systems in safety-critical or industry-critical domains calls for an adequate semantic foundation capable of exhaustively and rigorously describing all emergent effects in the joint dynamic behavior of the agents that are relevant to their safety and well-behavior. We present such a semantic foundation. This framework extends beyond previous approaches by extending the agent-local dynamic state beyond state components under direct control of the agent and belief about other agents (as previously suggested for understanding cooperative as well as rational behavior) to agent-local evidence and belief about the overall cooperative, competitive, or coopetitive game structure. We argue that this extension is necessary for rigorously analyzing systems of human cyber-physical systems because humans are known to employ cognitive replacement models of system dynamics that are both non-stationary and potentially incongruent. These replacement models induce visible and potentially harmful effects on their joint emergent behavior and the interaction with cyber-physical system components.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136062299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Werner Damm, David Hess, Mark Schweda, Janos Sztipanovits, Klaus Bengler, Bianca Biebl, Martin Fränzle, Willem Hagemann, Moritz Held, Klas Ihme, Severin Kacianka, Alyssa J. Kerscher, Sebastian Lehnhoff, Andreas Luedtke, Alexander Pretschner, Astrid Rakow, Rieger Jochem, Daniel Sonntag, Maike Schwammberger, Benedikt Austel, Anirudh Unni, Eric Veith
We propose a reference architecture of safety-critical or industry-critical human cyber-physical systems (CPSs) capable of expressing essential classes of system-level interactions between CPS and humans relevant for the societal acceptance of such systems. To reach this quality gate, the expressivity of the model must go beyond classical viewpoints such as operational, functional, and architectural views and views used for safety and security analysis. The model does so by incorporating elements of such systems for mutual introspections in situational awareness, capabilities, and intentions in order to enable a synergetic, trusted relation in the interaction of humans and CPSs, which we see as a prerequisite for their societal acceptance. The reference architecture is represented as a metamodel incorporating conceptual and behavioral semantic aspects. We illustrate the key concepts of the metamodel with examples from cooperative autonomous driving, the operating room of the future, cockpit-tower interaction, and crisis management.
{"title":"A Reference Architecture of Human Cyber-Physical Systems – PART I: Fundamental Concepts","authors":"Werner Damm, David Hess, Mark Schweda, Janos Sztipanovits, Klaus Bengler, Bianca Biebl, Martin Fränzle, Willem Hagemann, Moritz Held, Klas Ihme, Severin Kacianka, Alyssa J. Kerscher, Sebastian Lehnhoff, Andreas Luedtke, Alexander Pretschner, Astrid Rakow, Rieger Jochem, Daniel Sonntag, Maike Schwammberger, Benedikt Austel, Anirudh Unni, Eric Veith","doi":"10.1145/3622879","DOIUrl":"https://doi.org/10.1145/3622879","url":null,"abstract":"We propose a reference architecture of safety-critical or industry-critical human cyber-physical systems (CPSs) capable of expressing essential classes of system-level interactions between CPS and humans relevant for the societal acceptance of such systems. To reach this quality gate, the expressivity of the model must go beyond classical viewpoints such as operational, functional, and architectural views and views used for safety and security analysis. The model does so by incorporating elements of such systems for mutual introspections in situational awareness, capabilities, and intentions in order to enable a synergetic, trusted relation in the interaction of humans and CPSs, which we see as a prerequisite for their societal acceptance. The reference architecture is represented as a metamodel incorporating conceptual and behavioral semantic aspects. We illustrate the key concepts of the metamodel with examples from cooperative autonomous driving, the operating room of the future, cockpit-tower interaction, and crisis management.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"161 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136263822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Uncrewed Aerial Vehicles (UAVs) have been used in mission-critical scenarios such as Search and Rescue (SAR) missions. In such a mission-critical scenario, flight autonomy is a key performance metric that quantifies how long the UAV can continue the flight with a given battery charge. In a UAV running multiple software applications, flight autonomy can also be impacted by faulty application processes that excessively consume energy. In this paper, we propose FA-Assure (Fight Autonomy assurance) as a framework to assure the autonomy of a UAV considering faulty application processes through performability modeling and analysis. The framework employs hierarchically-configured stochastic Petri nets (SPNs), evaluates the performability-related metrics, and guides the design of mitigation strategies to improve autonomy. We consider a SAR mission as a case study and evaluate the feasibility of the framework through extensive numerical experiments. The numerical results quantitatively show how autonomy is enhanced by offloading and restarting faulty application processes.
{"title":"Assuring Autonomy of UAVs in Mission-critical Scenarios by Performability Modeling and Analysis","authors":"Ermeson Andrade, Fumio Machida","doi":"10.1145/3624572","DOIUrl":"https://doi.org/10.1145/3624572","url":null,"abstract":"Uncrewed Aerial Vehicles (UAVs) have been used in mission-critical scenarios such as Search and Rescue (SAR) missions. In such a mission-critical scenario, flight autonomy is a key performance metric that quantifies how long the UAV can continue the flight with a given battery charge. In a UAV running multiple software applications, flight autonomy can also be impacted by faulty application processes that excessively consume energy. In this paper, we propose FA-Assure (Fight Autonomy assurance) as a framework to assure the autonomy of a UAV considering faulty application processes through performability modeling and analysis. The framework employs hierarchically-configured stochastic Petri nets (SPNs), evaluates the performability-related metrics, and guides the design of mitigation strategies to improve autonomy. We consider a SAR mission as a case study and evaluate the feasibility of the framework through extensive numerical experiments. The numerical results quantitatively show how autonomy is enhanced by offloading and restarting faulty application processes.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135307706","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Qiushi Liang, Shengjie Zhao, Jiangfan Zhang, Hao Deng
Electricity theft can cause economic damage and even increase the risk of outage. Recently, many methods have implemented electricity theft detection on smart meter data. However, how to conduct detection on the dataset without any label still remains challenging. In this paper, we propose a novel unsupervised two-stage approach under the assumption that the training set is contaminated by attacks. Specifically, the method consists of two stages: 1) A Gaussian mixture model (GMM) is employed to cluster consumption patterns with respect to different habits of electricity usage, and with the goal of improving the accuracy of the model in the posterior stage; 2) An attention-based bidirectional Long Short-Term Memory (BLSTM) encoder-decoder scheme is employed to improve the robustness against the non-malicious changes in usage patterns leveraging the process of encoding and decoding. Quantifying the similarity of consumption patterns and reconstruction errors, the anomaly score is defined to improve detection performance. Experiments on a real dataset show that the proposed method outperforms the state-of-the-art unsupervised detectors.
{"title":"Unsupervised BLSTM Based Electricity Theft Detection with Training Data Contaminated","authors":"Qiushi Liang, Shengjie Zhao, Jiangfan Zhang, Hao Deng","doi":"10.1145/3604432","DOIUrl":"https://doi.org/10.1145/3604432","url":null,"abstract":"Electricity theft can cause economic damage and even increase the risk of outage. Recently, many methods have implemented electricity theft detection on smart meter data. However, how to conduct detection on the dataset without any label still remains challenging. In this paper, we propose a novel unsupervised two-stage approach under the assumption that the training set is contaminated by attacks. Specifically, the method consists of two stages: 1) A Gaussian mixture model (GMM) is employed to cluster consumption patterns with respect to different habits of electricity usage, and with the goal of improving the accuracy of the model in the posterior stage; 2) An attention-based bidirectional Long Short-Term Memory (BLSTM) encoder-decoder scheme is employed to improve the robustness against the non-malicious changes in usage patterns leveraging the process of encoding and decoding. Quantifying the similarity of consumption patterns and reconstruction errors, the anomaly score is defined to improve detection performance. Experiments on a real dataset show that the proposed method outperforms the state-of-the-art unsupervised detectors.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"121 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135396381","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
F. Tiausas, K. Yasumoto, J. P. Talusan, H. Yamana, H. Yamaguchi, Shameek Bhattacharjee, Abhishek Dubey, Sajal K. Das
Route Planning Systems (RPS) are a core component of autonomous personal transport systems essential for safe and efficient navigation of dynamic urban environments with the support of edge-based smart city infrastructure, but they also raise concerns about user route privacy in the context of both privately-owned and commercial vehicles. Numerous high profile data breaches in recent years have fortunately motivated research on privacy-preserving RPS, but most of them are rendered impractical by greatly increased communication and processing overhead. We address this by proposing an approach called Hierarchical Privacy-Preserving Route Planning (HPRoP) which divides and distributes the route planning task across multiple levels, and protects locations along the entire route. This is done by combining Inertial Flow partitioning, Private Information Retrieval (PIR), and Edge Computing techniques with our novel route planning heuristic algorithm. Normalized metrics were also formulated to quantify the privacy of the source/destination points (endpoint location privacy) and the route itself (route privacy). Evaluation on a simulated road network showed that HPRoP reliably produces routes differing only by (le 20% ) in length from optimal shortest paths, with completion times within ∼ 25 seconds which is reasonable for a PIR-based approach. On top of this, more than half of the produced routes achieved near-optimal endpoint location privacy (∼ 1.0) and good route privacy (≥ 0.8).
{"title":"HPRoP: Hierarchical Privacy-Preserving Route Planning for Smart Cities","authors":"F. Tiausas, K. Yasumoto, J. P. Talusan, H. Yamana, H. Yamaguchi, Shameek Bhattacharjee, Abhishek Dubey, Sajal K. Das","doi":"10.1145/3616874","DOIUrl":"https://doi.org/10.1145/3616874","url":null,"abstract":"Route Planning Systems (RPS) are a core component of autonomous personal transport systems essential for safe and efficient navigation of dynamic urban environments with the support of edge-based smart city infrastructure, but they also raise concerns about user route privacy in the context of both privately-owned and commercial vehicles. Numerous high profile data breaches in recent years have fortunately motivated research on privacy-preserving RPS, but most of them are rendered impractical by greatly increased communication and processing overhead. We address this by proposing an approach called Hierarchical Privacy-Preserving Route Planning (HPRoP) which divides and distributes the route planning task across multiple levels, and protects locations along the entire route. This is done by combining Inertial Flow partitioning, Private Information Retrieval (PIR), and Edge Computing techniques with our novel route planning heuristic algorithm. Normalized metrics were also formulated to quantify the privacy of the source/destination points (endpoint location privacy) and the route itself (route privacy). Evaluation on a simulated road network showed that HPRoP reliably produces routes differing only by (le 20% ) in length from optimal shortest paths, with completion times within ∼ 25 seconds which is reasonable for a PIR-based approach. On top of this, more than half of the produced routes achieved near-optimal endpoint location privacy (∼ 1.0) and good route privacy (≥ 0.8).","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":" ","pages":""},"PeriodicalIF":2.3,"publicationDate":"2023-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49155088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: