Cyber-physical systems (CPS), such as automobiles, planes, and heavy equipment rely on complex distributed supply chains that source parts from manufacturers across the world. A fundamental problem that these systems face is ensuring the safety, security, and integrity of both the cyber components and physical parts that they receive through their supply chain. Because of the separation between the manufacturer and the consumer of the part, there are immense challenges in ensuring that physical parts arrive from the desired source and are not modified or swapped for inferior copies in transit. For example, the Aerospace Industries Association states that "though we know counterfeit parts enter the aerospace supply chain, the time and place of their entry is unpredictable." If either the cyber-components or the physical parts being incorporated into these systems have been tampered with, significant cyber-physical security risk is introduced. As an example, an attacker who has a part's cyber-information can simply produce a counterfeit part, clone any physical identifiers (serial numbers, etc.), and claim that the cyber-information is for the cloned part.

While cyber-security techniques, such as roots of trust and signing chains, exist to help ensure software integrity, there are no commensurate roots of trust and signing chains that can guarantee the source and integrity of both the cyber components and physical parts. As such, there is a risk that the algorithms and control approaches used in a supply chain will not identify the inferior performance characteristics of a counterfeit part and control its operation in an unsafe manner. The primary goal of this research is to create an integrity mechanism based on physically unclonable functions to ensure that an entire CPS is built from both trusted software and physical parts. To achieve this goal, the research investigates (i) a physical measurement technique (electro-mechanical impedance) to provide parts an unclonable physical identity and (ii) the cyber signing approaches to build chains of trust from these identities.

There is no question that indoor environments are often uncomfortable or unhealthy for occupants. This is an even more critical issue in healthcare facilities, where patients may experience the stressful effects of poor thermal, luminous, and acoustic environments more acutely. With complementary expertise from engineering and psychology, the proposed research is focused on creating a human-on-the-loop, responsive indoor environmental system with the potential to offer better quality of care in hospitals. The outputs of this project will have profound societal impacts on the wellbeing of both healthy individuals and on recovering sick individuals. Research outcomes will enable real time human-built environment interaction to minimize stress and optimize performance in any built environment, and ultimately lead towards economic benefits achieved through wellness and higher productivity. Improved indoor environmental quality in hospital settings will improve patient healing, which is an important societal benefit. Similar strategies can be used for educational facilities, and office buildings. This research encourages Broadening Participation through inclusion of individuals from underrepresented groups (female and Latinx Co-PIs), female and minority students, and a minority serving lead institution from an EPSCoR state. Results will be disseminated broadly through scientific publications and seminars, and K-12 outreach, including STEM competitions, and summer programs.

Indoor environmental quality (IEQ) not only impacts the physical health of patients, but also their psychological health. Yet environmental controls for heating, cooling and ventilation, noise attenuation, and lighting in hospitals are based on outdated models of how hospitals function, who occupies these settings, and what emerging technologies are available. As a result, many hospitals are just functionally adequate, often likely to be too cold or hot, too loud, or too bright. In order to capitalize on the healing potential of the hospital?s built environment, we propose a three-year collaborative effort between the University of Hawaii at Manoa, Arizona State University, and Drexel University to develop innovative biosensor technologies, deep-learning health data analytics, and user-centric control algorithms to connect these three domains in which the interdependencies of the physiological, physical, and psychological will be investigated, quantified, and addressed. The team is partnering with the Children?s Hospital of Philadelphia (CHOP) to validate the approach. Specific anticipated engineering/science contributions include: 1) innovative cyber-physical system architecture using heterogeneous biosensing and data analytics for real-time control; 2) new sensor fusion based technology for non-invasive, precise physiological measures that are surrogate stress indicators; 3) progressive development of innovative human centric deep model linking physiological biometrics to psychological measures, and connecting environmental factors to psychological measures facilitated with physiological biometrics; 4) new stress responsive real-time supervisory control strategies including optimal environmental adjustment, and 5) multi-level system evaluation via virtual, laboratory, and field testing at a hospital environment at CHOP.

A sudden surge in demand in traffic networks disrupts the equilibrium conditions upon which these networks are planned and operated. Lack of understanding of the population's strategic choices under extreme demand may result in paradoxical outcomes, such as evacuations aiming to save lives instead resulting in mass casualties on the road or opening up of new roads increasing rather than decreasing travel time. This project will devise systems and procedures for managing the strategic choices of populations (e.g., whether to evacuate or shelter in place, which escape routes to take) and the actions of the authorities (e.g., which zones to evacuate and in which sequence, where to route the traffic, whether to close some roads or open extra lanes in a given direction). The tools resulting from this project will enable better response systems to assist local authorities in managing extreme demand, such as when entire counties have to be evacuated to protect the residents from a wildfire. The project will develop a modeling and simulation tool chain to predict traffic bottleneck locations and their severity together with expected travel times and delays, thus determining the spectrum of outcomes, identifying worst cases, and enabling the authorities to make informed decisions.

The technical approach is rooted in population games, which model the dynamics of strategic noncooperative interactions among large populations of agents competing for resources. The project, however, will depart from the equilibrium focus of the existing theory and will offer transient analysis tools that account for not only the strategy revisions of the agents, but also a host of cyber and physical dynamics, such as queueing dynamics in traffic flow, responsive signal control at intersections, information dissemination to agents, and evolution of hazards, such as fire propagation. The research tasks to enable the project's vision of a "cyber-physical population game theory" include characterizing transient behavior with system-theoretic methods, accounting for uncertainty in strategy revision models, extending the theory to a continuum of user preferences, rethinking the stochastic processes underlying the dynamical models, modifying the theory for short-term horizons for time-critical operations, learning dynamical models from data, and formulating extensive form games between a population and a single agent, motivated by the population response to evacuation orders. In addition, the project will identify control actions (such as responsive signal policies, road closures, disabling certain turns) to close the data-decision-action loop and steer the dynamics towards desirable outcomes and avoiding unsafe ones.

Large-scale systems with societal relevance, such as power generation systems, are increasingly able to leverage new technologies to mitigate their environmental impact, e.g., by harvesting energy from renewable sources. This NSF CPS project aims to investigate methods and computational tools to design a new user-centric paradigm for energy apportionment and distribution and, more broadly, for trustworthy utility services. In this paradigm, distributed networked systems will assist the end users of electricity in scheduling and apportioning their consumption. Further, they will enable local and national utility managers to optimize the use of green energy sources while mitigating the effects of intermittence, promote fairness, equity, and affordability. This project pursues a tractable approach to address the challenges of modeling and designing these large-scale, mixed-autonomy, multi-agent CPSs. The intellectual merits include new scalable methods, algorithms, and tools for the design of distributed decision-making strategies and system architectures that can assist the end users in meeting their goals while guaranteeing compliance with the fairness, reliability, and physical constraints of the design. The broader impacts include enabling the automated design of distributed CPSs that coordinate their decision-making in many applications, from robotic swarms to smart manufacturing and smart cities. The research outcomes will also be used in K-12 and undergraduate STEM outreach efforts.

The proposed framework, termed Automated Synthesis for Trustworthy Autonomous Utility Services (ASTrA), addresses the design challenges via a three-pronged approach. It uses population games to model the effect of distributed decision-making infrastructures (DMI) on large populations of strategic agents. DMIs will be realized via dedicated networked hybrid hardware architectures and algorithms we seek to design. ASTrA further introduces a systematic, layered methodology to automate the design, verification, and validation of DMIs from expressive representations of the requirements. Finally, it offers a set of cutting-edge computational tools to facilitate our methodology by enabling efficient reasoning about the interaction between discrete models, e.g., used to describe complex missions or embedded software components, and continuous models used to describe physical processes. The evaluation plan involves experimentation on a real testbed designed for zero-net-energy applications.

This project aims to enable mutualistic interaction of cyber damage prognostics and physical reconfigurable sensing for mutualistic and self-adaptive cyber-physical systems (CPS). Drawing inspiration from mutualism in biology where two species interact in a way that benefits both, the cyber and the physical interact in a way that they simultaneously benefit from and contribute to each other to enhance the ability of the CPS to predict, reconfigure, and adapt. Such interaction is generalizable, allowing it to enhance CPS applications in various domains. In the civil infrastructure systems domain, the mutualistic interaction-enabled CPS will allow for reconfiguring a single type of sensor, adaptively based on damage prognostics, to monitor multiple classes of infrastructure damages ? thereby improving the cost-effectiveness of multi-damage infrastructure monitoring by reducing the types and number of sensors needed and maximizing the timeliness and accuracy of damage assessment and prediction at the same time. Enabling cost-effective multi-damage monitoring is promising to leapfrog the development of safer, more resilient, and sustainable infrastructure, which would stimulate economic growth and social welfare for the benefit of the nation and its people. This project will also contribute to NSF?s commitment to broadening participation in engineering (BPE) by developing innovative, interdisciplinary, and inclusive BPE programs to attract, train, and reward the next-generation engineering researchers and practitioners who are capable creators of CPS technology and not only passive consumers, thereby enhancing the U.S. economy, security, and well-being.

The envisioned CPS includes three integrated components: (1) data-driven, knowledge-informed deep learning methods for generalizable damage prognostics to predict the onset and propagation of infrastructure damages, providing information about target damages to inform reconfigurable sensing, (2) signal difference maximization theory-based reconfigurable sensing methods to optimize and physically control the configurations of the sensors to actively seek to monitor each of the predicted target damages, providing damage-seeking feedback to inform damage prognostics, and (3) quality-aware edge cloud computing methods for efficient and effective damage information extraction from raw sensing signals, serving as the bridge between damage prognostics and reconfigurable sensing. The proposed CPS will be tested in multi-damage monitoring of bridges using simulation-based and actual CPS prototypes, and would be generalized to monitoring other civil infrastructure in the future. The proposed CPS methods have the potential to transform the way we design, create, and operate CPS to enable the next-generation CPS that have greater predictive ability, reconfigurability, and adaptability.

Many cyber-physical systems (CPS) have real-time (RT) requirements. For these RT-CPS, such as a network of unmanned aerial vehicles that deliver packages to customers? homes or a robot that performs/aides in cardiac surgery, deadline misses may result in economic losses or even fatal consequences. At the same time, as these RT-CPS interact with, and are depended on by, humans, they must also be trustworthy. The goal of this research is to design secure RT-CPS that are less complex, easier to analyze, and reliable for critical application domains such as defense, medicine, transportation, manufacturing, and agriculture, to name just a few. Since RT-CPS now permeate most aspects of our daily lives, especially in the smart city and internet-of-things (IoT) context, this research will improve confidence in automated systems by users. Research results will be disseminated to both academia and industry, and permit timely adoption since the hardware required in this research is already publicly available. This project will result in a pipeline of engineers and computer scientists who are well-versed in the interdisciplinary nature of securing RT-CPS, as well as course modules and red-teaming exercises for undergraduate students in all engineering disciplines and interactive learning modules and internship experience for K-12 students in D.C., Detroit, Dallas, and St. Louis.

The goal of this research is to design secure RT-CPS from the ground up while explicitly accounting for physical dynamics of said RT-CPS at runtime to achieve resilience via prevention and detection of, and recovery from, attacks. This will be accomplished by (i) securing the scheduling infrastructure from the ground up, (ii) using a formal framework for trading off security against timeliness while accounting for system dynamics, and for the cost of security to be explicitly quantified, and (iii) performing state- and function-dependent on-demand recovery. Said RT-CPS will be able to proactively prevent attacks using moving target defenses, as well as detect and recover from attacks that cannot be avoided. This research will pave the way for RT-CPS and internet-of-things (IoT) to be implemented with confidence: their timely and correct operation guaranteed. Specific contributions of this research are: (i) a trusted scheduling infrastructure that can protect the integrity of the real-time tasks, the scheduler, its task queues, and I/O, and which can recover from (intentional) errors, (ii) a probabilistic real-time/security co-design framework that exploits trusted execution to protect the security of the real-time tasks, (iii) novel schedulability analysis techniques, (iv) an incremental recovery mechanism for continuous operation, and (v) validation on automated ground vehicles, drones, and robot arms. Contributions expanding the knowledge base will be made to the fields of CPS, IoT, real-time systems, security, and control systems.

Artificial Intelligence (AI) has shown superior performance in enhancing driving safety in advanced driver-assistance systems (ADAS). State-of-the-art deep neural networks (DNNs) achieve high accuracy at the expense of increased model complexity, which raises the computation burden of onboard processing units of vehicles for ADAS inference tasks. The primary goal of this project is to develop innovative collaborative AI inference strategies with the emerging edge computing paradigm. The strategies can adaptively adjust cooperative inference techniques for best utilizing available computation and communication resources and ultimately enable high-accuracy and real-time inference. The project will inspire greater collaborations between experts in wireless communication, edge computing, computer vision, autonomous driving testbed development, and automotive manufacturing, and facilitate AI applications in a variety of IoT systems. The educational testbed developed from this project can be integrated into courses to provide hands-on experiences. This project will benefit undergraduate, master, and Ph.D. programs and increase under-represented groups? engagement by leveraging the existing diversity-related outreach efforts.

A multi-disciplinary team with complementary expertise from Rowan University, Temple University, Stony Brook University, and Kettering University is assembled to pursue a coordinated study of collaborative AI inference. The PIs explore integrative research to enable deep learning technologies in resource-constrained ADAS for high-accuracy and real-time inference. Theory-wise, the PIs plan to take advantage of the observation that DNNs can be decomposed into a set of fine-grained components to allow distributed AI inference on both the vehicle and edge server sides for inference acceleration. Application-wise, the PIs plan to design novel DNN models which are optimized for the cooperative AI inference paradigm. Testbed-wise, a vehicle edge computing platform with V2X communication and edge computing capability will be developed at Kettering University GM Mobility Research Center. The cooperative AI inference system will be implemented, and the research findings will be validated on realistic vehicular edge computing environments thoroughly. The data, software, and educational testbeds developed from this project will be widely disseminated. Domain experts in autonomous driving testbed development, intelligent transportation systems, and automotive manufacturing will be engaged in project-related issues to ensure relevant challenges in this project are impactful for real-world applications.
 

The proposed research focuses on cascading failures in electrical energy cyber-physical systems (CPS), which is a critical infrastructure of our nation. Cascading failures, where the failure of one or few components causes a wide-spread failure of the interconnected system, is a major cause of blackouts in power grids. The mechanism of such failures is highly complex as it involves the physical layer of the grid (e.g. generators, transmission lines, etc.) and the cyber layer (e.g. communication and control elements) in a coupled manner. This is a very important problem to investigate as cascading failures can cost our economy billions of dollars. This project takes a holistic view at taming cascading failures in electrical energy CPS. The proposed research has two tightly coupled thrust areas. Thrust 1 aims at an accurate understanding of the cascading failure mechanism and its prevention, while Thrust 2 focuses on recovery following blackouts under uncertainty of failure locations. Theory of trajectory sensitivity and graph theory are leveraged to develop a fundamental understanding of cascading failures in energy CPS, which can be applied to other CPSs where the physical system is dynamic in nature and the failure propagation in the physical system and the cyber system are coupled. The proposed preventive control strategy can protect critical infrastructures from large-scale failures and facilitate higher resiliency, whereas the proposed recovery strategy is applicable in the aftermath of a blackout caused by cascades, natural disasters, or other events, which will reduce downtime of the critical infrastructure. In support of the Broadening Participation in Computing initiative among women, the proposed research will be integrated into the one-week summer camps offered by the School of EECS at Penn State. Presentations about this research will be given to high school girls over the course of one week in the 2019 camps, and then camps focused on curriculum on the topic of this research will be offered in 2020 and 2021.

The proposed research has two key objectives (a) develop an accurate understanding of the cascading failure mechanism and its prevention, and (b) develop a recovery plan following blackouts under uncertainty of failure locations and budget constraints. The quasi-steady-state (QSS) model of power grid used in literature for studying cascade propagation produces inaccurate results towards the later stages of blackouts, whereas a fully dynamic model is impractical for large-scale statistical analyses. To solve this, a 'temporally hybrid' and a 'spatio-temporally hybrid' model are proposed, which quantify the stress of the grid at the systems level and the component level, respectively, using trajectory sensitivity theory, and appropriately switch from the QSS to the dynamic model. Next, a unified graph-based model for interdependent power grid and communication systems is developed, which takes into account several special features of the legacy Supervisory Control and Data Acquisition (SCADA) system along with the modern Wide-Area Monitoring, Protection, and Controls (WAMPAC) system, and the observability and controllability they provide for the CPS. Furthermore, a stability-constrained remedial action scheme for cascade prevention is proposed. Finally, a new approach for progressive assessment and recovery, which leverages the hybrid power grid models and the unified communication network model, is proposed in the presence of budget constraints and failure uncertainties.

Consider two future autonomous system use-cases: (i) a bomb defusing rover sent into an unfamiliar, GPS and communication denied environment (e.g., a cave or mine), tasked with the objective of locating and defusing an improvised explosive device, and (ii) an autonomous racing drone competing in a future autonomous incarnation of the Drone Racing League. Both systems will make decisions based on inputs from a combination of simple, single output sensing devices, such as inertial measurement units, and complex, high dimensional output sensing modalities, such as cameras and LiDAR. This shift from relying only on simple, single output sensing devices to systems that incorporate rich, complex perceptual sensing modalities requires rethinking the design of safety-critical autonomous systems, especially given the inextricable role that machine and deep learning play in the design of modern perceptual sensors. These two motivating examples raise an even more fundamental question however: given the vastly different dynamics, environments, objectives, and safety/risk constraints, should these two systems have perceptual sensors with different properties? Indeed, due to the extremely safety critical nature of the bomb defusing task, an emphasis on robustness, risk aversion, and safety seems necessary. Conversely, the designer of the drone racer may be willing to sacrifice robustness to maximize responsiveness and lower lap-time. This extreme diversity in requirements highlights the need for a principled approach to navigate tradeoffs in this complex design space, which is what this proposal seeks to develop. Existing approaches to designing perception/action pipelines are either modular, which often ignore uncertainty and limit interaction between components, or monolithic and end-to-end, which are difficult to interpret, troubleshoot, and have high sample-complexity.

This project proposes an alternative approach and rethinks the scientific foundations of using machine learning and computer vision to process rich high-dimensional perceptual data for use in safety-critical cyber-physical control applications. Thrusts will develop integration between perception, planning and control that allow for their co-design and co-optimization. Using novel robust learning methods for perceptual representations and predictive models that characterize tradeoffs between robustness (e.g., to lighting & weather changes, rotations) and performance (e.g., responsiveness, discriminativeness), jointly learned perception maps and uncertainty profiles will be abstracted as ``noisy virtual sensors? for use in uncertainty aware perception-based planning & control algorithms with stability, performance, and safety guarantees. These insights will be integrated into novel perception-based model predictive control algorithms, which allow for planning, stability, and safety guarantees through a unifying optimization-based framework acting on rich perceptual data. Experimental validation of the benefits of these methods will be conducted at Penn using photorealistic simulations and physical camera equipped quadcopters, and be used to demonstrate perception-based planning and control algorithms at the extremes of speed/safety tradeoffs. On the educational front, the research outcomes of this proposal will be used to develop a sequence of courses on safe autonomy, safe perception, and learning and control at the University of Pennsylvania. Longer term, the goal of this project is to create a new community of researchers that focus on robust learning for perception-based control. Towards this goal, departmental efforts will be leveraged to increase and diversify the PhD students working on this project.

The future of cyber-physical systems are smart technologies that can work collaboratively, cooperatively, and safely with humans. Smart technologies and humans will share autonomy, i.e., the right, obligation and ability to share control in order to meet their mutual objectives in the environment of operations. For example, surgical robots must interact with surgeons to increase their capabilities in performing high-precision surgeries, drones need to deliver packages to humans and places, and autonomous cars need to share roads with human-driven cars. In all such interactions, these systems must act safely despite the risks and uncertainties that are intrinsic with humans, technologies, and the environments in which they interact. The key insight of this project is that control strategies can be developed that increase safety in situations where a human needs to closely interact with a cyber-physical system (CPS) that is capable of autonomy or semi-autonomous action.

The goal of this project is to develop risk-aware interactive control and planning for achieving safe cyber-physical-human (CPS-h) systems. This project will advance the state-of-the-art of CPS-h planning and control in three main ways: (i) developing computationally tractable risk-aware trajectory planning algorithms that are suited to general autonomous CPS-h, (ii) developing a computationally efficient and empirically supported framework to account for risk-awareness in human?s decision-making, and (iii) deriving interaction-aware planning algorithms for achieving safe and efficient interactions between multiple risk-aware agents. The proposed algorithms will be extensively evaluated with human subjects in interaction with autonomous CPS-h such as autonomous cars and quadcopters. This work will have direct impact on many CPS-h domains including but not limited to multi-agent interactions, autonomous driving, collaboration and coordination between humans and autonomous agents in safety-critical scenarios.