D. Angermeier, Hannah Wester, Kristian Beilke, Gerhard Hansch, Jörn Eichler
Security risk assessment is an important task in systems engineering. It is used to derive security requirements for a secure system design and to evaluate design alternatives as well as vulnerabilities. Security risk assessment is also a complex and interdisciplinary task, where experts from the application domain and the security domain have to collaborate and understand each other. Automated and tool-supported approaches are desired to help manage the complexity. However, the models used for system engineering usually focus on functional behavior and lack security-related aspects. Therefore, we present our modeling approach that alleviates communication between the involved experts and features steps of computer-aided modeling to achieve consistency and avoid omission errors. We demonstrate our approach with an example. We also describe how to model impact rating and attack feasibility estimation in a modular fashion, along with the propagation and aggregation of these estimations through the model. As a result, experts can make local decisions or changes in the model, which in turn provides the impact of these decisions or changes on the overall risk profile. Finally, we discuss the advantages of our model-based method.
{"title":"Security Risk Assessments: Modeling and Risk Level Propagation","authors":"D. Angermeier, Hannah Wester, Kristian Beilke, Gerhard Hansch, Jörn Eichler","doi":"10.1145/3569458","DOIUrl":"https://doi.org/10.1145/3569458","url":null,"abstract":"Security risk assessment is an important task in systems engineering. It is used to derive security requirements for a secure system design and to evaluate design alternatives as well as vulnerabilities. Security risk assessment is also a complex and interdisciplinary task, where experts from the application domain and the security domain have to collaborate and understand each other. Automated and tool-supported approaches are desired to help manage the complexity. However, the models used for system engineering usually focus on functional behavior and lack security-related aspects. Therefore, we present our modeling approach that alleviates communication between the involved experts and features steps of computer-aided modeling to achieve consistency and avoid omission errors. We demonstrate our approach with an example. We also describe how to model impact rating and attack feasibility estimation in a modular fashion, along with the propagation and aggregation of these estimations through the model. As a result, experts can make local decisions or changes in the model, which in turn provides the impact of these decisions or changes on the overall risk profile. Finally, we discuss the advantages of our model-based method.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"7 1","pages":"1 - 25"},"PeriodicalIF":2.3,"publicationDate":"2022-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49176055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abdullah Al Maruf, Luyao Niu, Andrew Clark, J. S. Mertoguno, R. Poovendran
Cyber-physical systems (CPS) are required to satisfy safety constraints in various application domains such as robotics, industrial manufacturing systems, and power systems. Faults and cyber attacks have been shown to cause safety violations, which can damage the system and endanger human lives. Resilient architectures have been proposed to ensure safety of CPS under such faults and attacks via methodologies including redundancy and restarting from safe operating conditions. The existing resilient architectures for CPS utilize different mechanisms to guarantee safety, and currently, there is no common framework to compare them. Moreover, the analysis and design undertaken for CPS employing one architecture is not readily extendable to another. In this article, we propose a timing-based framework for CPS employing various resilient architectures and develop a common methodology for safety analysis and computation of control policies and design parameters. Using the insight that the cyber subsystem operates in one out of a finite number of statuses, we first develop a hybrid system model that captures CPS adopting any of these architectures. Based on the hybrid system, we formulate the problem of joint computation of control policies and associated timing parameters for CPS to satisfy a given safety constraint and derive sufficient conditions for the solution. Utilizing the derived conditions, we provide an algorithm to compute control policies and timing parameters relevant to the employed architecture. We also note that our solution can be applied to a wide class of CPS with polynomial dynamics and also allows incorporation of new architectures. We verify our proposed framework by performing a case study on adaptive cruise control of vehicles.
{"title":"A Timing-Based Framework for Designing Resilient Cyber-Physical Systems under Safety Constraint","authors":"Abdullah Al Maruf, Luyao Niu, Andrew Clark, J. S. Mertoguno, R. Poovendran","doi":"10.1145/3594638","DOIUrl":"https://doi.org/10.1145/3594638","url":null,"abstract":"Cyber-physical systems (CPS) are required to satisfy safety constraints in various application domains such as robotics, industrial manufacturing systems, and power systems. Faults and cyber attacks have been shown to cause safety violations, which can damage the system and endanger human lives. Resilient architectures have been proposed to ensure safety of CPS under such faults and attacks via methodologies including redundancy and restarting from safe operating conditions. The existing resilient architectures for CPS utilize different mechanisms to guarantee safety, and currently, there is no common framework to compare them. Moreover, the analysis and design undertaken for CPS employing one architecture is not readily extendable to another. In this article, we propose a timing-based framework for CPS employing various resilient architectures and develop a common methodology for safety analysis and computation of control policies and design parameters. Using the insight that the cyber subsystem operates in one out of a finite number of statuses, we first develop a hybrid system model that captures CPS adopting any of these architectures. Based on the hybrid system, we formulate the problem of joint computation of control policies and associated timing parameters for CPS to satisfy a given safety constraint and derive sufficient conditions for the solution. Utilizing the derived conditions, we provide an algorithm to compute control policies and timing parameters relevant to the employed architecture. We also note that our solution can be applied to a wide class of CPS with polynomial dynamics and also allows incorporation of new architectures. We verify our proposed framework by performing a case study on adaptive cruise control of vehicles.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":" ","pages":"1 - 25"},"PeriodicalIF":2.3,"publicationDate":"2022-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49433790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yukun Yuan, Meiyi Ma, Songyang Han, Desheng Zhang, Fei Miao, J. Stankovic, Shan Lin
As various smart services are increasingly deployed in modern cities, many unexpected conflicts arise due to various physical world couplings. Existing solutions for conflict resolution often rely on centralized control to enforce predetermined and fixed priorities of different services, which is challenging due to the inconsistent and private objectives of the services. Also, the centralized solutions miss opportunities to more effectively resolve conflicts according to their spatiotemporal locality of the conflicts. To address this issue, we design a decentralized negotiation and conflict resolution framework named DeResolver, which allows services to resolve conflicts by communicating and negotiating with each other to reach a Pareto-optimal agreement autonomously and efficiently. Our design features a two-step self-supervised learning-based algorithm to predict acceptable proposals and their rankings of each opponent through the negotiation. Our design is evaluated with a smart city case study of three services: intelligent traffic light control, pedestrian service, and environmental control. In this case study, a data-driven evaluation is conducted using a large dataset consisting of the GPS locations of 246 surveillance cameras and an automatic traffic monitoring system with more than 3 million records per day to extract real-world vehicle routes. The evaluation results show that our solution achieves much more balanced results, i.e., only increasing the average waiting time of vehicles, the measurement metric of intelligent traffic light control service, by 6.8% while reducing the weighted sum of air pollutant emission, measured for environment control service, by 12.1%, and the pedestrian waiting time, the measurement metric of pedestrian service, by 33.1%, compared to priority-based solution.
{"title":"DeResolver: A Decentralized Conflict Resolution Framework with Autonomous Negotiation for Smart City Services","authors":"Yukun Yuan, Meiyi Ma, Songyang Han, Desheng Zhang, Fei Miao, J. Stankovic, Shan Lin","doi":"10.1145/3529096","DOIUrl":"https://doi.org/10.1145/3529096","url":null,"abstract":"As various smart services are increasingly deployed in modern cities, many unexpected conflicts arise due to various physical world couplings. Existing solutions for conflict resolution often rely on centralized control to enforce predetermined and fixed priorities of different services, which is challenging due to the inconsistent and private objectives of the services. Also, the centralized solutions miss opportunities to more effectively resolve conflicts according to their spatiotemporal locality of the conflicts. To address this issue, we design a decentralized negotiation and conflict resolution framework named DeResolver, which allows services to resolve conflicts by communicating and negotiating with each other to reach a Pareto-optimal agreement autonomously and efficiently. Our design features a two-step self-supervised learning-based algorithm to predict acceptable proposals and their rankings of each opponent through the negotiation. Our design is evaluated with a smart city case study of three services: intelligent traffic light control, pedestrian service, and environmental control. In this case study, a data-driven evaluation is conducted using a large dataset consisting of the GPS locations of 246 surveillance cameras and an automatic traffic monitoring system with more than 3 million records per day to extract real-world vehicle routes. The evaluation results show that our solution achieves much more balanced results, i.e., only increasing the average waiting time of vehicles, the measurement metric of intelligent traffic light control service, by 6.8% while reducing the weighted sum of air pollutant emission, measured for environment control service, by 12.1%, and the pedestrian waiting time, the measurement metric of pedestrian service, by 33.1%, compared to priority-based solution.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"6 1","pages":"1 - 27"},"PeriodicalIF":2.3,"publicationDate":"2022-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49349973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Monitoring of hybrid systems attracts both scientific and practical attention. However, monitoring algorithms suffer from the methodological difficulty of only observing sampled discrete-time signals, while real behaviors are continuous-time signals. To mitigate this problem of sampling uncertainties, we introduce a model-bounded monitoring scheme, where we use prior knowledge about the target system to prune interpolation candidates. Technically, we express such prior knowledge by linear hybrid automata (LHAs)—the LHAs are called bounding models. We introduce a novel notion of monitored language of LHAs, and we reduce the monitoring problem to the membership problem of the monitored language. We present two partial algorithms—one is via reduction to reachability in LHAs and the other is a direct one using polyhedra—and show that these methods, and thus the proposed model-bounded monitoring scheme, are efficient and practically relevant.
{"title":"Model-bounded Monitoring of Hybrid Systems","authors":"Masaki Waga, É. André, I. Hasuo","doi":"10.1145/3529095","DOIUrl":"https://doi.org/10.1145/3529095","url":null,"abstract":"Monitoring of hybrid systems attracts both scientific and practical attention. However, monitoring algorithms suffer from the methodological difficulty of only observing sampled discrete-time signals, while real behaviors are continuous-time signals. To mitigate this problem of sampling uncertainties, we introduce a model-bounded monitoring scheme, where we use prior knowledge about the target system to prune interpolation candidates. Technically, we express such prior knowledge by linear hybrid automata (LHAs)—the LHAs are called bounding models. We introduce a novel notion of monitored language of LHAs, and we reduce the monitoring problem to the membership problem of the monitored language. We present two partial algorithms—one is via reduction to reachability in LHAs and the other is a direct one using polyhedra—and show that these methods, and thus the proposed model-bounded monitoring scheme, are efficient and practically relevant.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"6 1","pages":"1 - 26"},"PeriodicalIF":2.3,"publicationDate":"2022-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42937640","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
During the design of safety-critical systems, safety and security engineers make use of architecture patterns, such as Watchdog and Firewall, to address identified failures and threats. Often, however, the deployment of safety architecture patterns has consequences on security; e.g., the deployment of a safety architecture pattern may lead to new threats. The other way around may also be possible; i.e., the deployment of a security architecture pattern may lead to new failures. Safety and security co-design is, therefore, required to understand such consequences and tradeoffs in order to reach appropriate system designs. Currently, architecture pattern descriptions, including their consequences, are described using natural language. Therefore, their deployment in system design is carried out manually by experts and thus is time-consuming and prone to human error, especially given the high system complexity. We propose the use of semantically rich architecture patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods. Based on our domain-specific language, we specify reasoning principles as logic specifications written as answer-set programs. KRR engines enable the automation of safety and security co-engineering activities, including the automated recommendation of which architecture patterns can address failures or threats, and consequences of deploying such patterns. We demonstrate our approach on an example taken from the ISO 21434 standard.
{"title":"Automating Safety and Security Co-design through Semantically Rich Architecture Patterns","authors":"Yuri Gil Dantas, Vivek Nigam","doi":"10.1145/3565269","DOIUrl":"https://doi.org/10.1145/3565269","url":null,"abstract":"During the design of safety-critical systems, safety and security engineers make use of architecture patterns, such as Watchdog and Firewall, to address identified failures and threats. Often, however, the deployment of safety architecture patterns has consequences on security; e.g., the deployment of a safety architecture pattern may lead to new threats. The other way around may also be possible; i.e., the deployment of a security architecture pattern may lead to new failures. Safety and security co-design is, therefore, required to understand such consequences and tradeoffs in order to reach appropriate system designs. Currently, architecture pattern descriptions, including their consequences, are described using natural language. Therefore, their deployment in system design is carried out manually by experts and thus is time-consuming and prone to human error, especially given the high system complexity. We propose the use of semantically rich architecture patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods. Based on our domain-specific language, we specify reasoning principles as logic specifications written as answer-set programs. KRR engines enable the automation of safety and security co-engineering activities, including the automated recommendation of which architecture patterns can address failures or threats, and consequences of deploying such patterns. We demonstrate our approach on an example taken from the ISO 21434 standard.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"7 1","pages":"1 - 28"},"PeriodicalIF":2.3,"publicationDate":"2022-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44278879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hamza Bourbouh, P. Garoche, C. Garion, X. Thirioux
Model-based design is now unavoidable when building embedded systems and, more specifically, controllers. Among the available model languages, the synchronous dataflow paradigm, as implemented in languages such as MATLAB Simulink or ANSYS SCADE, has become predominant in critical embedded system industries. Both of these frameworks are used to design the controller itself but also provide code generation means, enabling faster deployment to target and easier V&V activities performed earlier in the design process, at the model level. Synchronous models also ease the definition of formal specification through the use of synchronous observers, attaching requirements to the model in the very same language, mastered by engineers and tooled with simulation means or code generation. However, few works address the automatic synthesis of MATLAB Simulink annotations from lower-level models or code. This article presents a compilation process from Lustre models to genuine MATLAB Simulink, without the need to rely on external C functions or MATLAB functions. This translation is based on the modular compilation of Lustre to imperative code and preserves the hierarchy of the input Lustre model within the generated Simulink one. We implemented the approach and used it to validate a compilation toolchain, mapping Simulink to Lustre and then C, thanks to equivalence testing and checking. This backward compilation from Lustre to Simulink also provides the ability to produce automatically Simulink components modeling specification, proof arguments, or test cases coverage criteria.
{"title":"From Lustre to Simulink","authors":"Hamza Bourbouh, P. Garoche, C. Garion, X. Thirioux","doi":"10.1145/3461668","DOIUrl":"https://doi.org/10.1145/3461668","url":null,"abstract":"Model-based design is now unavoidable when building embedded systems and, more specifically, controllers. Among the available model languages, the synchronous dataflow paradigm, as implemented in languages such as MATLAB Simulink or ANSYS SCADE, has become predominant in critical embedded system industries. Both of these frameworks are used to design the controller itself but also provide code generation means, enabling faster deployment to target and easier V&V activities performed earlier in the design process, at the model level. Synchronous models also ease the definition of formal specification through the use of synchronous observers, attaching requirements to the model in the very same language, mastered by engineers and tooled with simulation means or code generation. However, few works address the automatic synthesis of MATLAB Simulink annotations from lower-level models or code. This article presents a compilation process from Lustre models to genuine MATLAB Simulink, without the need to rely on external C functions or MATLAB functions. This translation is based on the modular compilation of Lustre to imperative code and preserves the hierarchy of the input Lustre model within the generated Simulink one. We implemented the approach and used it to validate a compilation toolchain, mapping Simulink to Lustre and then C, thanks to equivalence testing and checking. This backward compilation from Lustre to Simulink also provides the ability to produce automatically Simulink components modeling specification, proof arguments, or test cases coverage criteria.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 20"},"PeriodicalIF":2.3,"publicationDate":"2021-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3461668","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47509264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cyber-physical systems (CPS) are driving a wide range of exciting applications from smart cities to smart healthcare. In contrast to traditional embedded systems, CPS operate in unpredictable environments in which they must meet stringent requirements such as end-to-end timeliness and physical system stability. The field of CPS addresses these critical challenges through seamless integration of computing and physical components. In the second decade since its inception as an interdisciplinary field, CPS is growing as a vibrant scientific and engineering discipline. I am honored to be named the new editor-in-chief of ACM Transactions on Cyber-Physical Systems (TCPS). TCPS has established itself as a leading journal in the field of CPS under the great leadership of Tei-Wei Kuo as the founding editor-in-chief. While traditional computer science disciplines are dominated by their premier conferences, the diverse and interdisciplinary nature of CPS provides a unique opportunity for TCPS to become the premier venue for publishing CPS research. Our aspiration is to grow TCPS into the flagship publication where best CPS works are published in a timely fashion, covering both the foundation and emergent frontiers of CPS research. In the following I’d like to share some initiatives that the editorial board is undertaking to realize our aspiration. Special issues on emerging topics. Special issues have been instrumental for establishing the topics and growing the submission pipeline of TCPS. Given the rapid evolution of CPS, we will continue to organize special issues on emerging topics. New topics on CPS often face challenges at established publication venues due to their interdisciplinary nature. TCPS aims to fill the gap with special issues that capture the state of the art of the new topics and shape the evolving areas. The success of special issues depends on the impacts of the topics and the leadership of the guest editors. We welcome strong proposals from the community on emerging topics of CPS. Foundation and core technologies. In parallel to the development of innovative applications and point solutions, we are witnessing the emergence of the foundation and core technologies of CPS as a scientific and engineering discipline. Examples range from cyber-physical co-design approaches to holistic system architectures crosscutting cyber and physical components. We welcome research papers on foundations and core CPS technologies underpinning the field of CPS. We will balance the special issues and regular issues to cover both new and established topics. Furthermore, some of the special issues will help evolve new topics toward established areas of CPS that continue to attract regular submissions. Timely, predictable, and rigorous reviews. Lengthy and unpredictable review cycles are major factors that discourage authors from submitting to journals. We aim to streamline the review process based on the best practices of ACM publications. Furthermore, we plan
{"title":"Toward a Scientific and Engineering Discipline of Cyber-Physical Systems","authors":"Chenyang Lu","doi":"10.1145/3464945","DOIUrl":"https://doi.org/10.1145/3464945","url":null,"abstract":"Cyber-physical systems (CPS) are driving a wide range of exciting applications from smart cities to smart healthcare. In contrast to traditional embedded systems, CPS operate in unpredictable environments in which they must meet stringent requirements such as end-to-end timeliness and physical system stability. The field of CPS addresses these critical challenges through seamless integration of computing and physical components. In the second decade since its inception as an interdisciplinary field, CPS is growing as a vibrant scientific and engineering discipline. I am honored to be named the new editor-in-chief of ACM Transactions on Cyber-Physical Systems (TCPS). TCPS has established itself as a leading journal in the field of CPS under the great leadership of Tei-Wei Kuo as the founding editor-in-chief. While traditional computer science disciplines are dominated by their premier conferences, the diverse and interdisciplinary nature of CPS provides a unique opportunity for TCPS to become the premier venue for publishing CPS research. Our aspiration is to grow TCPS into the flagship publication where best CPS works are published in a timely fashion, covering both the foundation and emergent frontiers of CPS research. In the following I’d like to share some initiatives that the editorial board is undertaking to realize our aspiration. Special issues on emerging topics. Special issues have been instrumental for establishing the topics and growing the submission pipeline of TCPS. Given the rapid evolution of CPS, we will continue to organize special issues on emerging topics. New topics on CPS often face challenges at established publication venues due to their interdisciplinary nature. TCPS aims to fill the gap with special issues that capture the state of the art of the new topics and shape the evolving areas. The success of special issues depends on the impacts of the topics and the leadership of the guest editors. We welcome strong proposals from the community on emerging topics of CPS. Foundation and core technologies. In parallel to the development of innovative applications and point solutions, we are witnessing the emergence of the foundation and core technologies of CPS as a scientific and engineering discipline. Examples range from cyber-physical co-design approaches to holistic system architectures crosscutting cyber and physical components. We welcome research papers on foundations and core CPS technologies underpinning the field of CPS. We will balance the special issues and regular issues to cover both new and established topics. Furthermore, some of the special issues will help evolve new topics toward established areas of CPS that continue to attract regular submissions. Timely, predictable, and rigorous reviews. Lengthy and unpredictable review cycles are major factors that discourage authors from submitting to journals. We aim to streamline the review process based on the best practices of ACM publications. Furthermore, we plan ","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 2"},"PeriodicalIF":2.3,"publicationDate":"2021-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3464945","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43575838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Geoffrey Pettet, Ayan Mukhopadhyay, Mykel J. Kochenderfer, A. Dubey
Resource allocation under uncertainty is a classic problem in city-scale cyber-physical systems. Consider emergency response, where urban planners and first responders optimize the location of ambulances to minimize expected response times to incidents such as road accidents. Typically, such problems involve sequential decision making under uncertainty and can be modeled as Markov (or semi-Markov) decision processes. The goal of the decision maker is to learn a mapping from states to actions that can maximize expected rewards. While online, offline, and decentralized approaches have been proposed to tackle such problems, scalability remains a challenge for real world use cases. We present a general approach to hierarchical planning that leverages structure in city level CPS problems for resource allocation. We use emergency response as a case study and show how a large resource allocation problem can be split into smaller problems. We then use Monte Carlo planning for solving the smaller problems and managing the interaction between them. Finally, we use data from Nashville, Tennessee, a major metropolitan area in the United States, to validate our approach. Our experiments show that the proposed approach outperforms state-of-the-art approaches used in the field of emergency response.
{"title":"Hierarchical Planning for Dynamic Resource Allocation in Smart and Connected Communities","authors":"Geoffrey Pettet, Ayan Mukhopadhyay, Mykel J. Kochenderfer, A. Dubey","doi":"10.1145/3502869","DOIUrl":"https://doi.org/10.1145/3502869","url":null,"abstract":"Resource allocation under uncertainty is a classic problem in city-scale cyber-physical systems. Consider emergency response, where urban planners and first responders optimize the location of ambulances to minimize expected response times to incidents such as road accidents. Typically, such problems involve sequential decision making under uncertainty and can be modeled as Markov (or semi-Markov) decision processes. The goal of the decision maker is to learn a mapping from states to actions that can maximize expected rewards. While online, offline, and decentralized approaches have been proposed to tackle such problems, scalability remains a challenge for real world use cases. We present a general approach to hierarchical planning that leverages structure in city level CPS problems for resource allocation. We use emergency response as a case study and show how a large resource allocation problem can be split into smaller problems. We then use Monte Carlo planning for solving the smaller problems and managing the interaction between them. Finally, we use data from Nashville, Tennessee, a major metropolitan area in the United States, to validate our approach. Our experiments show that the proposed approach outperforms state-of-the-art approaches used in the field of emergency response.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"6 1","pages":"1 - 26"},"PeriodicalIF":2.3,"publicationDate":"2021-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46520928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sensor platforms used in environmental monitoring applications are often subject to harsh environmental conditions while monitoring complex phenomena. Therefore, designing dependable monitoring systems is challenging given the external disturbances affecting sensor measurements. Even the apparently simple task of outlier detection in sensor data becomes a hard problem, amplified by the difficulty in distinguishing true data errors due to sensor faults from deviations due to natural phenomenon, which look like data errors. Existing solutions for runtime outlier detection typically assume that the physical processes can be accurately modeled, or that outliers consist in large deviations that are easily detected and filtered by appropriate thresholds. Other solutions assume that it is possible to deploy multiple sensors providing redundant data to support voting-based techniques. In this article, we propose a new methodology for dependable runtime detection of outliers in environmental monitoring systems, aiming to increase data quality by treating them. We propose the use of machine learning techniques to model each sensor behavior, exploiting the existence of correlated data provided by other related sensors. Using these models, along with knowledge of processed past measurements, it is possible to obtain accurate estimations of the observed environment parameters and build failure detectors that use these estimations. When a failure is detected, these estimations also allow one to correct the erroneous measurements and hence improve the overall data quality. Our methodology not only allows one to distinguish truly abnormal measurements from deviations due to complex natural phenomena, but also allows the quantification of each measurement quality, which is relevant from a dependability perspective. We apply the methodology to real datasets from a complex aquatic monitoring system, measuring temperature and salinity parameters, through which we illustrate the process for building the machine learning prediction models using a technique based on Artificial Neural Networks, denoted ANNODE (ANN Outlier Detection). From this application, we also observe the effectiveness of our ANNODE approach for accurate outlier detection in harsh environments. Then we validate these positive results by comparing ANNODE with state-of-the-art solutions for outlier detection. The results show that ANNODE improves existing solutions regarding accuracy of outlier detection.
{"title":"Using Machine Learning for Dependable Outlier Detection in Environmental Monitoring Systems","authors":"Gonçalo Jesus, A. Casimiro, Anabela Oliveira","doi":"10.1145/3445812","DOIUrl":"https://doi.org/10.1145/3445812","url":null,"abstract":"Sensor platforms used in environmental monitoring applications are often subject to harsh environmental conditions while monitoring complex phenomena. Therefore, designing dependable monitoring systems is challenging given the external disturbances affecting sensor measurements. Even the apparently simple task of outlier detection in sensor data becomes a hard problem, amplified by the difficulty in distinguishing true data errors due to sensor faults from deviations due to natural phenomenon, which look like data errors. Existing solutions for runtime outlier detection typically assume that the physical processes can be accurately modeled, or that outliers consist in large deviations that are easily detected and filtered by appropriate thresholds. Other solutions assume that it is possible to deploy multiple sensors providing redundant data to support voting-based techniques. In this article, we propose a new methodology for dependable runtime detection of outliers in environmental monitoring systems, aiming to increase data quality by treating them. We propose the use of machine learning techniques to model each sensor behavior, exploiting the existence of correlated data provided by other related sensors. Using these models, along with knowledge of processed past measurements, it is possible to obtain accurate estimations of the observed environment parameters and build failure detectors that use these estimations. When a failure is detected, these estimations also allow one to correct the erroneous measurements and hence improve the overall data quality. Our methodology not only allows one to distinguish truly abnormal measurements from deviations due to complex natural phenomena, but also allows the quantification of each measurement quality, which is relevant from a dependability perspective. We apply the methodology to real datasets from a complex aquatic monitoring system, measuring temperature and salinity parameters, through which we illustrate the process for building the machine learning prediction models using a technique based on Artificial Neural Networks, denoted ANNODE (ANN Outlier Detection). From this application, we also observe the effectiveness of our ANNODE approach for accurate outlier detection in harsh environments. Then we validate these positive results by comparing ANNODE with state-of-the-art solutions for outlier detection. The results show that ANNODE improves existing solutions regarding accuracy of outlier detection.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 30"},"PeriodicalIF":2.3,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3445812","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45316508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cyber-Physical Systems (CPS) often involve complex networks of interconnected software and hardware components that are logically combined to achieve a common goal or mission; for example, keeping a plane in the air or providing energy to a city. Failures in these components may jeopardise the mission of the system. Therefore, identifying the minimal set of critical CPS components that is most likely to fail, and prevent the global system from accomplishing its mission, becomes essential to ensure reliability. In this article, we present a novel approach to identifying the Most Likely Mission-critical Component Set (MLMCS) using AND/OR dependency graphs enriched with independent failure probabilities. We address the MLMCS problem as a Maximum Satisfiability (MaxSAT) problem. We translate probabilities into a negative logarithmic space to linearise the problem within MaxSAT. The experimental results conducted with our open source tool LDA4CPS indicate that the approach is both effective and efficient. We also present a case study on complex aircraft systems that shows the feasibility of our approach and its applicability to mission-critical cyber-physical systems. Finally, we present two MLMCS-based security applications focused on system hardening and forensic investigations.
{"title":"Analysing Mission-critical Cyber-physical Systems with AND/OR Graphs and MaxSAT","authors":"Martín Barrère, C. Hankin","doi":"10.1145/3451169","DOIUrl":"https://doi.org/10.1145/3451169","url":null,"abstract":"Cyber-Physical Systems (CPS) often involve complex networks of interconnected software and hardware components that are logically combined to achieve a common goal or mission; for example, keeping a plane in the air or providing energy to a city. Failures in these components may jeopardise the mission of the system. Therefore, identifying the minimal set of critical CPS components that is most likely to fail, and prevent the global system from accomplishing its mission, becomes essential to ensure reliability. In this article, we present a novel approach to identifying the Most Likely Mission-critical Component Set (MLMCS) using AND/OR dependency graphs enriched with independent failure probabilities. We address the MLMCS problem as a Maximum Satisfiability (MaxSAT) problem. We translate probabilities into a negative logarithmic space to linearise the problem within MaxSAT. The experimental results conducted with our open source tool LDA4CPS indicate that the approach is both effective and efficient. We also present a case study on complex aircraft systems that shows the feasibility of our approach and its applicability to mission-critical cyber-physical systems. Finally, we present two MLMCS-based security applications focused on system hardening and forensic investigations.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 29"},"PeriodicalIF":2.3,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3451169","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47080722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}