This project is developing theoretical foundations and computational algorithms for synthesizing higher-level supervisory and information-acquisition control logic in cyber-physical systems that expend or replenish their resources while interacting with the environment. On the one hand, qualitative requirements capture the safety requirements that are imposed on the system as it operates. On the other hand, quantitative requirements capture resource constraints in the context of energy-aware systems. These dual considerations are needed in applications of cyber-physical systems where efficient management of resources must be accounted for in the dynamic operation of the system in order to achieve the desired objectives within a given energy or resource budget. The approach pursued is formal and model-based. It leverages a recently-developed unified framework for supervisory control and information acquisition in the higher-level control logic of cyber-physical systems, but it explicitly embeds quantitative constraints in the solution procedure in order to capture the energy or resources expended and/or replenished by the cyber-physical system as it interacts with its environment. This generic solution methodology is applicable to several classes of cyber-physical systems subject to energy constraints. Software tools are being developed to facilitate the transition of these results to application domains. Of special interest is energy-aware mission planning in autonomous systems, a rich domain where qualitative mission requirements are coupled with quantitative constraints. Overall, this project impacts both the Science of Cyber-Physical Systems and the Engineering of Cyber-Physical Systems.

Automation is being increasingly introduced into every man-made system. The thrust to achieve trustworthy autonomous systems, which can attain goals independently in the presence of significant uncertainties and for long periods of time without any human intervention, has always been enticing. Significant progress has been made in the avenues of both software and hardware for meeting these objectives. However, technological challenges still exist and particularly in terms of decision making under uncertainty. In an autonomous system, uncertainties can arise from the operating environment, adversarial attacks, and from within the system. While a lot of work has been done on ensuring safety of systems under standard sensing errors, much less attention has been given on securing it and its sensors from attacks. As such, autonomous cyber-physical systems (CPS), which rely heavily on sensing units for decision making, remain vulnerable to such attacks. Given the fact that the age of autonomous CPS is upon us and their influence is gradually increasing, it becomes an urgent task to develop effective solutions to ensure the security and trustworthiness of autonomous CPS under adversarial attacks. The researchers of this project provide a comprehensive real-time, resource-aware solution for detection and recovery of autonomous CPS from physical and cyber-attacks. This project also includes effort to educate and prepare the community for the potential cyber and physical threats on autonomous CPS. With the observation that a thorough security certification of autonomous CPS will provide formal evaluation of autonomous CPS, the researchers in this project intend to develop methods to facilitate manufacturers for certifying security solutions. Toward this goal, the researchers will first develop new theories to understand the impact of physical and cyber-attack on system level properties such as controllability, stability, and safety. They will then develop algorithms for detection and recovery of CPS from physical attacks on active sensors. The proposed recovery method will ensure the integrity of sensor measurements when the system is under attack. Furthermore, a new analysis framework will be constructed that uses platform-based design methodology to represent the CPS and verifies it against design metric constraints such as security, timing, resource, and performance. The key contributions of this project towards autonomous CPS security certification include 1) a comprehensive study of relationship between attacks and system-level properties; 2) algorithms and their optimization for detection and automatic recovery of autonomous CPS from attacks; and 3) systematically quantifying impact of security on design metrics.

Cyber-physical systems (CPS) encompass the next generation of computerized control for countless aspects of the physical world and interactions thereof. The typical engineering process for CPS reuses existing designs, models, components, and software from one version to the next. For example, in automotive engineering, it is common to reuse significant portions of existing model-year vehicle designs when developing the next model-year vehicle, and such practices are common across CPS industries, from aerospace to biomedical. While reuse drastically enhances efficiency and productivity, it leads to the possibility of introducing unintended mismatches between subcomponents' specifications. For example, a 2011 US National Highway Traffic Safety Administration (NHTSA) recall of over 1.5 million model-year 2005-2010 vehicles was due to the upgrade of a physical transmission component that was not appropriately addressed in software. A mismatch between cyber and physical specifications may occur when a software or hardware upgrade (in effect, a cyber or physical specification change) is not addressed by an update (in effect, a matching specification change) in the other domain. This research will develop new techniques and software tools to detect automatically if cyber-physical specification mismatches exist, and then mitigate the effects of such mismatches at runtime, with the overall goal to yield more reliable and safer CPS upon which society increasingly depends. The detection and mitigation methods developed will be evaluated in an energy CPS testbed. While the evaluation testbed is in the energy domain, the methods are applicable to other CPS domains such as automotive, aerospace, and biomedical. The educational goals will bridge gaps between computer science and electrical engineering, preparing a diverse set of next-generation CPS engineers by developing education platforms to enhance CPS engineering design and verification skills. The proposed research is to develop new techniques and tools to automatically identify and mitigate the effects of cyber-physical specification mismatches. There are three major research objectives. The first objective is to identify cyber-physical specification mismatches. To identify mismatches, a detection problem will be formalized using the framework of hybrid input/output automata (HIOA). Offline algorithms will be designed to find candidate specifications from models and implementations using static and dynamic analyses, and then identify candidate mismatches. The second objective is to monitor and assure safe CPS upgrades. As modern CPS designs are complex, it may be infeasible to determine all specifications and mismatches between all subcomponents at design time. Runtime monitoring and verification methods will be developed for inferred specifications to detect mismatches at runtime. When they are identified, a runtime assurance framework building on supervisory control and the Simplex architecture will assure safe CPS runtime operation. The third objective is to evaluate safe CPS upgrades in an example CPS. The results of the other objectives and their ability to ensure safe CPS upgrades will be evaluated in an energy CPS testbed, namely an AC electrical distribution microgrid that interfaces DC-producing renewables like photovoltaics to AC.

Cyber-physical systems (CPS) are engineered systems created as networks of interacting physical and computational processes. Most modern products in major industrial sectors, such as automotive, avionics, medical devices, and power systems already are or rapidly becoming CPS driven by new requirements and competitive pressures. However, in recent years, a number of successful cyber attacks against CPS targets, some of which have even caused severe physical damage, have demonstrated that security and resilience of CPS is a very critical problem, and that new methods and technologies are required to build dependable systems. Modern automotive vehicles, for example, employ sensors such as laser range finders and cameras, GPS and inertial measurement units, on-board computing, and network connections all of which contribute to vulnerabilities that can be exploited for deploying attacks with possibly catastrophic consequences. Securing such systems requires that potential points of compromise and vehicle-related data are protected. In order to fulfill the great promise of CPS technologies such as autonomous vehicles and realize the potential technological, economic, and societal impact, it is necessary to develop principles and methods that ensure the development of CPS capable of functioning dependably, safely, and securely. In view of these challenges, the project develops an approach for integration of reconfigurable control software design and moving target defense for CPS. The main idea is to improve CPS security by making the attack surface dynamic and unpredictable while ensuring safe behavior and correct functionality of the overall system. The proposed energy-based control design approach generates multiple alternatives of the software application that are robust to performance variability and uncertainty. A runtime environment is designed to implement instruction set randomization, address space randomization, and data space randomization. The heart of the runtime environment is a configuration manager that can modify the software configuration, either proactively or reactively upon detection of attacks, while preserving the functionality and ensuring stable and safe CPS behavior. By changing the control software on-the-fly, the approach creates a cyber moving target and raises significantly the cost for a successful attack without impacting the essential behavior and functionality. Demonstration and experimental evaluation will be performed using a hardware-in-the-loop simulation testbed for automotive CPS.

Strategic decision-making for physical-world infrastructures is rapidly transitioning toward a pervasively cyber-enabled paradigm, in which human stakeholders and automation leverage the cyber-infrastructure at large (including on-line data sources, cloud computing, and handheld devices). This changing paradigm is leading to tight coupling of the cyber- infrastructure with multiple physical- world infrastructures, including air transportation and electric power systems. These management-coupled cyber- and physical- infrastructures (MCCPIs) are subject to complex threats from natural and sentient adversaries, which can enact complex propagative impacts across networked physical-, cyber-, and human elements. We propose here to develop a modeling framework and tool suite for threat assessment for MCCPIs. The proposed modeling framework for MCCPIs has three aspects: 1) a tractable moment-linear modeling paradigm for the hybrid, stochastic, and multi-layer dynamics of MCCPIs; 2) models for sentient and natural adversaries, that capture their measurement and actuation capabilities in the cyber- and physical- worlds, intelligence, and trust-level; and 3) formal definitions for information security and vulnerability. The attendant tool suite will provide situational awareness of the propagative impacts of threats. Specifically, three functionalities termed Target, Feature, and Defend will be developed, which exploit topological characteristics of an MCCPI to evaluate and mitigate threat impacts. We will then pursue analyses that tie special infrastructure-network features to security/vulnerability. As a central case study, the framework and tools will be used for threat assessment and risk analysis of strategic air traffic management. Three canonical types of threats will be addressed: environmental-to-physical threats, cyber-physical co-threats, and human-in-the-loop threats. This case study will include development and deployment of software decision aids for managing man-made disturbances to the air traffic system. This is a continuing grant of Award # 1544863

This CPS Frontiers project addresses highly dynamic Cyber-Physical Systems (CPSs), understood as systems where a computing delay of a few milliseconds or an incorrectly computed response to a disturbance can lead to catastrophic consequences. Such is the case of cars losing traction when cornering at high speed, unmanned air vehicles performing critical maneuvers such as landing, or disaster and rescue response bipedal robots rushing through the rubble to collect information or save human lives. The preceding examples currently share a common element: the design of their control software is made possible by extensive experience, laborious testing and fine tuning of parameters, and yet, the resulting closed-loop system has no formal guarantees of meeting specifications. The vision of the project is to provide a methodology that allows for complex and dynamic CPSs to meet real-world requirements in an efficient and robust way through the formal synthesis of control software. The research is developing a formal framework for correct-by-construction control software synthesis for highly dynamic CPSs with broad applications to automotive safety systems, prostheses, exoskeletons, aerospace systems, manufacturing, and legged robotics. The design methodology developed here will improve the competitiveness of segments of industry that require a tight integration between hardware and highly advanced control software such as: automotive (dynamic stability and control), aerospace (UAVs), medical (prosthetics, orthotics, and exoskeleton design) and robotics (legged locomotion). To enhance the impact of these efforts, the PIs are developing interdisciplinary teaching materials to be made freely available and disseminating their work to a broad audience. This is a continuing grant of Award # 1562236

This proposal will establish a framework for developing distributed Cyber-Physical Systems operating in a Networked Control Systems (NCS) environment. Specific attention is focused on an application where the computational, and communication challenges are unique due to the sheer size of the physical system, and communications between system elements include potential for significant losses and delays. An example of this is the power grid which includes large-scale deployment of distributed and networked Phasor Measurement Units (PMUs) and wind energy resources. Although, much has been done to model and analyze the impact of data dropouts and delay in NCS at a theoretical level, their impact on the behavior of cyber physical systems has received little attention. As a result much of the past research done on the `smart grid' has oversimplified the `physical' portion of the model, thereby overlooking key computational challenges lying at the heart of the dimensionality of the model and the heterogeneity in the dynamics of the grid. A clear gap has remained in understanding the implications of uncertainties in NCS (e.g. bandwidth limitations, packet dropout, packet disorientation, latency, signal loss, etc.) cross-coupled with the uncertainties in a large power grid with wind farms (e.g. variability in wind power, fault and nonlinearity, change in topology etc.) on the reliable operation of the grid. To address these challenges, this project will, for the first time, develop a modeling framework for discovering hitherto unknown interactions through co-simulation of NCS, distributed computing, and a large power grid included distributed wind generation resources. Most importantly, it addresses challenges in distributed computation through frequency domain abstractions and proposes two novel techniques in grid stabilization during packet dropout. The broader impact lies in providing deeper understanding of the impact of delays and dropouts in the Smart Grid. This will enable a better utilization of energy transmission assets and improve integration of renewable energy sources. The project will facilitate participation of women in STEM disciplines, and will include outreach with local Native American tribal community colleges This project will develop fundamental understanding of impact of network delays and drops using an approach that is applicable to a variety of CPS. It will enable transformative Wide-Areas Measurement Systems research for the smart grid through modeling adequacy studies of a representative sub-transient model of the grid along with the representation of packet drop in the communication network by a Gilbert model. Most importantly, fundamental concepts of frequency domain abstraction including balanced truncation and optimal Hankel-norm approximation are proposed to significantly reduce the burden of distributed computing. Finally, a novel `reduced copy' approach and a `modified Kalman filtering' approach are proposed to address the problem of grid stabilization using wind farm controls when packet drop is encountered.

The objective of this research is to design a semi-automated, efficient, and secure emergency response system to reduce the time it takes emergency vehicles to reach their destinations, while increasing the safety of non-emergency vehicles and emergency vehicles alike. Providing route and maneuver guidance to emergency vehicles and non-emergency vehicles will make emergency travel safer and enable police and other first responders to reach and transport those in need, in less time. This should reduce the number of crashes involving emergency vehicles and associated litigation costs while improving medical outcomes, reducing property damage, and instilling greater public confidence in emergency services. At the same time, non-emergency vehicles will also be offered increased safety and, with the reduction of long delays attributed to emergency vehicles, experience reduced incident-related travel time, which will increase productivity and quality of life for drivers. Incorporating connected vehicles into the emergency response system will also provide synergistic opportunities for non-emergency vehicles, including live updates on accident sites, areas to avoid, and information on emergency routes that can be incorporated into navigation software so drivers can avoid potential delays. While the proposed system will naturally advance the quality of transportation in smart cities, it will also provide a platform for future techniques to build upon. For example, the proposed system could be connected with emergency care facilities to balance the load of emergency patients at hospitals, and act as a catalyst toward the realization of a fully-automated emergency response system. New courses and course modules will be developed to recruit and better prepare a future workforce that is well versed in multi-disciplinary collaborations. Video demos and a testbed will be used to showcase the research to the public. The key research component will be the design of an emergency response system that (1) dynamically determines EV routes, (2) coordinates actions by non-emergency vehicles using connected vehicle technology to efficiently and effectively clear paths for emergency vehicles, (3) is able to adapt to uncertain traffic and network conditions, and (4) is difficult to abuse or compromise. The project will result in (1) algorithms that dynamically select EV routes based on uncertain or limited traffic data, (2) emergency protocols that exploit connected vehicle technology to facilitate emergency vehicles maneuvers, (3) an automation module to assist with decision making and maneuvers, and (4) an infrastructure and vehicle hardening framework that prevents cyber abuse. Experiments will be performed on a testbed and a real test track to validate the proposed research.

This EArly-concept Grant for Exploratory Research (EAGER) award supports fundamental research on the design of an agile manufacturing exchange system (MES) in which suppliers of raw materials, assemblers, transportation companies, etc., will participate through standardized protocols to fulfill complex manufacturing orders. This design will provide the foundation for a smart software mediation layer (i.e., a "broker") that will enable a MES to be self-learning and adaptive to dynamic/diverse service requests and resource availability, as well as support a large network of service providers and users within a complex information ecosystem. The economic competitiveness of the U.S. depends on new and innovative methods for intelligent mass customization systems for the manufacturing sector, which will enable the processing of small-sized and diverse orders that demand almost instant fulfillment. The MES will enable this transformation by supporting on-demand integration of resources, graceful recovery from failures, and dynamic adaptation without any disruption in operations. In order to meet these goals, research will be focused on adaptation to emerging system behaviors by dynamically evolving optimization strategies in real-time. Users and providers will be connected in a dynamic manufacturing network that will accommodate multiple product flows, uncertainty in links between providers and themselves, and fault tolerance to provide service despite failed network components. This level of adaptation, seamless efficiency, and uninterrupted service will constitute a significant step forward towards a smart MES. The research goals will be accomplished through the design of a distributed real-time optimization and knowledge discovery framework that will address workflow optimization, resource allocation, and data-driven performance prediction in a dynamic manufacturing network of users, brokers, and providers. The specific research tasks include online admission control policies, dynamic production planning, analysis and prediction of service-level performance for forecasting, distributed methods for dynamic resource allocation under uncertainty, and visual analytics techniques to support human decision makers and situational awareness.

This project focuses on tackling the security and privacy of Cyber-Physical Systems (CPS) by integrating the theory and best practices from the information security community as well as practical approaches from the control theory community. The first part of the project focuses on security and protection of cyber-physical critical infrastructures such as the power grid, water distribution networks, and transportation networks against computer attacks in order to prevent disruptions that may cause loss of service, infrastructure damage or even loss of life. The second part of the project focuses on privacy of CPS and proposes new algorithms to deal with the unprecedented levels of data collection granularity of physical human activity. The work in these two parts focuses on the integration of practical control theory concepts into computer security solutions. In particular, in the last decade, the control theory community has proposed fundamental advances in CPS security; in parallel, the computer security community has also achieved significant advances in practical implementation aspects for CPS security and privacy. While both of these fields have made significant progress independently, there is still a large language and conceptual barrier between the two fields, and as a result, computer security experts have developed a parallel and independent research agenda from control theory researchers. In order to design future CPS security and privacy mechanisms, the two communities need to come closer together and leverage the insights that each has developed. This project attempts to facilitate the integration of these two communities by leveraging the physical properties of the system under control in two research problems: (1) Physics-based CPS security; and (2) Physics-based CPS privacy. Physics-based CPS security leverages the time series from sensor and control signals to detect deviations from expected operation. This is a growing area of research in both security and control theory venues, although there are several open problems in this space. This proposal tackles some of these open problems including the definition of new evaluation metrics that capture the unique operational properties of control systems, the consistent evaluation of different proposals for models and anomaly detection tests, and the development of new industrial control protocol parsers. Physics-based CPS privacy focuses on how to guide the implementation of general privacy recommendations like the Fair Information Practice principles into cyber-physical systems, leveraging the fact that these physical systems often have an objective to achieve, and this objective depends on the data-handling policies of the operator. The project focuses on investigating the trade-off between privacy and control performance and developing tools to guide how data minimization, data delays, and data retention should be implemented.