This project represents a cross-disciplinary collaborative research effort on developing rigorous, closed-loop approaches for designing, simulating, and verifying medical devices. The work will open fundamental new approaches for radically accelerating the pace of medical device innovation, especially in the sphere of cardiac-device design. Specific attention will be devoted to developing advanced formal methods-based approaches for analyzing controller designs for safety and effectiveness; and devising methods for expediting regulatory and other third-party reviews of device designs. The project team includes members with research backgrounds in computer science, electrical engineering, biophysics, and cardiology; the PIs will use a coordinated approach that balances theoretical, experimental and practical concerns to yield results that are intended to transform the practice of device design while also facilitating the translation of new cardiac therapies into practice. The proposed effort will lead to significant advances in the state of the art for system verification and cardiac therapies based on the use of formal methods and closed-loop control and verification. The animating vision for the work is to enable the development of a true in silico design methodology for medical devices that can be used to speed the development of new devices and to provide greater assurance that their behaviors match designers' intentions, and to pass regulatory muster more quickly so that they can be used on patients needing their care. The scientific work being proposed will serve this vision by providing mathematically robust techniques for analyzing and verifying the behavior of medical devices, for modeling and simulating heart dynamics, and for conducting closed-loop verification of proposed therapeutic approaches. The acceleration in medical device innovation achievable as a result of the proposed research will also have long-term and sustained societal benefits, as better diagnostic and therapeutic technologies enter into the practice of medicine more quickly. It will also yield a collection of tools and techniques that will be applicable in the design of other types of devices. Finally, it will contribute to the development of human resources and the further inclusion of under-represented groups via its extensive education and outreach programs, including intensive workshop experiences for undergraduates

This project represents a cross-disciplinary collaborative research effort on developing rigorous, closed-loop approaches for designing, simulating, and verifying medical devices. The work will open fundamental new approaches for radically accelerating the pace of medical device innovation, especially in the sphere of cardiac-device design. Specific attention will be devoted to developing advanced formal methods-based approaches for analyzing controller designs for safety and effectiveness; and devising methods for expediting regulatory and other third-party reviews of device designs. The project team includes members with research backgrounds in computer science, electrical engineering, biophysics, and cardiology; the PIs will use a coordinated approach that balances theoretical, experimental and practical concerns to yield results that are intended to transform the practice of device design while also facilitating the translation of new cardiac therapies into practice. The proposed effort will lead to significant advances in the state of the art for system verification and cardiac therapies based on the use of formal methods and closed-loop control and verification. The animating vision for the work is to enable the development of a true in silico design methodology for medical devices that can be used to speed the development of new devices and to provide greater assurance that their behaviors match designers' intentions, and to pass regulatory muster more quickly so that they can be used on patients needing their care. The scientific work being proposed will serve this vision by providing mathematically robust techniques for analyzing and verifying the behavior of medical devices, for modeling and simulating heart dynamics, and for conducting closed-loop verification of proposed therapeutic approaches. The acceleration in medical device innovation achievable as a result of the proposed research will also have long-term and sustained societal benefits, as better diagnostic and therapeutic technologies enter into the practice of medicine more quickly. It will also yield a collection of tools and techniques that will be applicable in the design of other types of devices. Finally, it will contribute to the development of human resources and the further inclusion of under-represented groups via its extensive education and outreach programs, including intensive workshop experiences for undergraduates.

The evolution of manufacturing systems from loose collections of cyber and physical components into true cyber-physical systems has expanded the opportunities for cyber-attacks against manufacturing. To ensure the continued production of high-quality parts in this new environment requires the development of novel security tools that transcend both the cyber and physical worlds. Potential cyber-attacks can cause undetectable changes in a manufacturing system that can adversely affect the product's design intent, performance, quality, or perceived quality. The result of this could be financially devastating by delaying a product's launch, ruining equipment, increasing warranty costs, or losing customer trust. More importantly, these attacks pose a risk to human safety, as operators and consumers could be using faulty equipment/products. New methods for detecting and diagnosing cyber-physical attacks will be studied and evaluated through our established industrial partners. The expected results of this project will contribute significantly in further securing our nation's manufacturing infrastructure. This project establishes a new vision for manufacturing cyber-security based upon modeling and understanding the correlation between cyber events that occur in a product/process development-cycle and the physical data generated during manufacturing. Specifically, the proposed research will take advantage of this correlation to characterize the relationships between cyber-attacks, process data, product quality observations, and side-channel impacts for the purpose of attack detection and diagnosis. These process characterizations will be coupled with new manufacturing specific cyber-attack taxonomies to provide a comprehensive understanding of attack surfaces for advanced manufacturing systems and their cyber-physical manifestations in manufacturing processes. This is a fundamental missing element in the manufacturing cyber-security body of knowledge. Finally, new forensic techniques, based on constraint optimization and machine learning, will be researched to differentiate process changes indicative of cyber-attacks from common variations in manufacturing due to inherent system variability.

Title: CPS: Breakthrough: Development of Novel Architectures for Control and Diagnosis of Safety-Critical Complex Cyber-Physical Systems This project is developing novel architectures for control and diagnosis of complex cyber-physical systems subject to stringent performance requirements in terms of safety, resilience, and adaptivity. These ever-increasing demands necessitate the use of formal model-based approaches to synthesize provably-correct feedback controllers. The intellectual merit of this research lies in a novel combination of techniques from the fields of dynamical systems, discrete event systems, reactive synthesis, and graph theory, together with new advancements in terms of abstraction techniques, computationally efficient synthesis of control and diagnosis strategies that support distributed implementations, and synthesis of acquisition of information and communication strategies. The project's broader significance and importance are demonstrated by the expected improvement of the safety, resilience, and performance of complex cyber-physical systems in critical infrastructures as well as the efficiency with which they are designed and certified. The original approach being developed is based on the combination of multi-resolution abstraction graphs for building discrete models of the underlying cyber-physical system with reactive synthesis techniques that exploit a representation of the solution space in terms of a finite structure called a decentralized bipartite transition system. The concepts of abstraction graph and decentralized bipartite transition system are novel and open new avenues of investigation with significant potential to the formal synthesis of safe, resilient, and adaptive controllers. This methodology naturally results in a set of decentralized and asynchronous controllers and diagnosers, which ensures greater resilience and adaptivity. Overall, this research will significantly impact the Science of Cyber-Physical Systems and the Engineering of Cyber-Physical Systems.

Driven by both civilian and military applications, such as coordinated surveillance, search and rescue, underwater or space exploration, manipulation in hazardous environments, and rapid emergency response, cooperative actions by teams of robots has emerged as an important research area. However, the coordination strategies for such robot teams are still developed to a great extent by trial-and-error processes. Hence, the strategies cannot guarantee mission success. This award supports fundamental research to provide a provably correct formal design theory of multi-robot systems that guarantees mission success. Furthermore, results from the research can be extended to the design of more general cyber-physical systems (CPSs) consisting of distributed and coordinated subsystems, such as the national power grid, ground/air traffic networks, and manufacturing systems. These CPSs are critical components of the national civil infrastructure that must operate reliably to ensure public safety. The multidisciplinary approach taken will help broaden participation of underrepresented groups in research and positively impact engineering education. Focusing on multi-robot teams, the goal of the research is to build foundations for a provably correct formal design theory for CPSs. This design theory will guarantee a given global performance of multi-robot teams through designing local coordination rules and control laws. The basic idea is to decompose the team mission into individual subtasks such that the design can be reduced to a local synthesis problem for individual robots. Multidisciplinary approaches combining hybrid systems, supervisory control, regular inference and model checking will be utilized to achieve this goal. The developed theory will enable robots in the team to cooperatively learn their individual roles in a mission, and then automatically synthesize local supervisors to fulfill their subtasks. A salient feature of this method lies on its ability to handle environmental uncertainties and unmodeled dynamics, as there is no need for an explicit model of the transition dynamics of each agent/robot and their interactions with the environment. In addition, the design is online and reactive, enabling the robot team to adapt to changing environments and dynamic tasking. The derived theory will be implemented as software tools and will be demonstrated through real robotic systems consisting of unmanned ground and aerial vehicles in unstructured urban/rural areas.

Driven by both civilian and military applications, such as coordinated surveillance, search and rescue, underwater or space exploration, manipulation in hazardous environments, and rapid emergency response, cooperative actions by teams of robots has emerged as an important research area. However, the coordination strategies for such robot teams are still developed to a great extent by trial-and-error processes. Hence, the strategies cannot guarantee mission success. This award supports fundamental research to provide a provably correct formal design theory of multi-robot systems that guarantees mission success. Furthermore, results from the research can be extended to the design of more general cyber-physical systems (CPSs) consisting of distributed and coordinated subsystems, such as the national power grid, ground/air traffic networks, and manufacturing systems. These CPSs are critical components of the national civil infrastructure that must operate reliably to ensure public safety. The multidisciplinary approach taken will help broaden participation of underrepresented groups in research and positively impact engineering education. Focusing on multi-robot teams, the goal of the research is to build foundations for a provably correct formal design theory for CPSs. This design theory will guarantee a given global performance of multi-robot teams through designing local coordination rules and control laws. The basic idea is to decompose the team mission into individual subtasks such that the design can be reduced to a local synthesis problem for individual robots. Multidisciplinary approaches combining hybrid systems, supervisory control, regular inference and model checking will be utilized to achieve this goal. The developed theory will enable robots in the team to cooperatively learn their individual roles in a mission, and then automatically synthesize local supervisors to fulfill their subtasks. A salient feature of this method lies on its ability to handle environmental uncertainties and unmodeled dynamics, as there is no need for an explicit model of the transition dynamics of each agent/robot and their interactions with the environment. In addition, the design is online and reactive, enabling the robot team to adapt to changing environments and dynamic tasking. The derived theory will be implemented as software tools and will be demonstrated through real robotic systems consisting of unmanned ground and aerial vehicles in unstructured urban/rural areas.

Trustworthy operation of next-generation complex power grid critical infrastructures requires mathematical and practical verification solutions to guarantee the correct infrastructural functionalities. This project develops the foundations of theoretical modeling, synthesis and real-world deployment of a formal and scalable controller code verifier for programmable logic controllers (PLCs) in cyber-physical settings. PLCs are widely used for control automation in industrial control systems. A PLC is typically connected to an engineering workstation where engineers develop the control logic to process the input values from sensors and issue control commands to actuators. The project focuses on protecting infrastructures against malicious control injection attacks on PLCs, such as Stuxnet, that inject malicious code on the device to drive the underlying physical platform to an unsafe state. The broader impact of this proposal is highly significant. It offers potential for real-time security for critical infrastructure systems covering sectors such as energy and manufacturing. The project's intellectual merit is in providing a mathematical and practical verification framework for cyber-physical systems through integration of offline formal methods, online monitoring solutions, and power systems analysis. Offline formal methods do not scale for large-scale platforms due to their exhaustive safety analysis of all possible system states, while online monitoring often reports findings too late for preventative action. This project takes a hybrid approach that dynamically predicts the possible next security incidents and reports to operators before an unsafe state is encountered, allowing time for response. The broader impact of this project is in providing practical mathematical analysis capabilities for general cyber-physical safety-critical infrastructure with potential direct impact on our national security. The research outcomes are integrated into education modules for graduate, undergraduate, and K-12 classrooms.

Through this project, the Cyber-Physical System Virtual Organization (CPS-VO) at Vanderbilt University will organize the 2014 NSF CPS PI Meeting. This meeting convenes all Principal Investigators of the National Science Foundation's (NSF) Cyber-Physical Systems Program (CPS) for the fifth time since the program began. The PI Meeting is to take place on November 6-7, 2014 in Crystal City, Arlington, Virginia. The PI meeting is an annual opportunity for NSF-sponsored CPS researchers, industry representatives, and Federal agencies' representatives to gather and review new CPS developments, identify new and emerging applications, and to discuss technology gaps and barriers. The CPS PI meeting program agenda is community-driven and includes presentations (oral and poster) from PIs, reports of past year program activities, and showcases/pitches of new CPS innovations and results. The CPS meeting will report on new discoveries in the program and provide networking opportunity between the program PI, invited researchers, government, and industrial researchers. More broadly, the multiple technology domains that will be discussed and research progress described including medical, transportation, manufacturing, energy, and others are of critical importance to the Nation.

Title: Efficient Traffic Management: A Formal Methods Approach The objective of this project is to develop a formal methods approach to traffic management. Formal methods is an area of computer science that develops efficient techniques for proving the correct operation of systems, such as computer programs and digital circuits, and for designing systems that are correct by construction. This project extends this formalism to traffic networks where correctness specifications include eliminating congestion, ensuring that the freeway throughput remains over a minimum threshold, that queues are always eventually emptied, etc. The task is then to design signal timing and ramp metering strategies to meet such specifications. To accomplish this task, the project takes advantage of the inherent structure of existing, validated mathematical models of traffic flow and develops computationally efficient design techniques. The results are tested with real traffic data from the Interstate 210 travel corridor in Southern California. The educational component of the project includes course development on modeling and control of traffic networks, featuring in particular the formal methods approach of this project, and organizing workshops to train traffic engineers and operation practitioners on the use of software tools and methodologies of the project. To meet rich control objectives expressed using temporal logic, the project exploits the piecewise affine nature of existing, validated traffic models, and derives efficient finite state abstractions that form the basis of correct-by-construction control synthesis. To ensure scalability, the project further takes advantage of inherent monotonicity properties and decomposibility into sparsely connected subsystems. The first research task is to develop a design framework for signal timing and ramp metering strategies for signalized intersections and freeway traffic control. The second task is the coordinated control of freeway onramps and nearby signalized intersections to address situations such as a freeway demand surge after a sporting event, or an accident on the freeway when signal settings must be adjusted to favor a detour route. The third task is to pursue designs that exploit the statistics of demand for probabilistic correctness guarantees, as well as designs that incorporate optimality requirements, such as minimizing travel time. Validation of the results is pursued with high-fidelity simulation models calibrated using traffic data from the Interstate 210 travel corridor.

Title: Efficient Traffic Management: A Formal Methods Approach The objective of this project is to develop a formal methods approach to traffic management. Formal methods is an area of computer science that develops efficient techniques for proving the correct operation of systems, such as computer programs and digital circuits, and for designing systems that are correct by construction. This project extends this formalism to traffic networks where correctness specifications include eliminating congestion, ensuring that the freeway throughput remains over a minimum threshold, that queues are always eventually emptied, etc. The task is then to design signal timing and ramp metering strategies to meet such specifications. To accomplish this task, the project takes advantage of the inherent structure of existing, validated mathematical models of traffic flow and develops computationally efficient design techniques. The results are tested with real traffic data from the Interstate 210 travel corridor in Southern California. The educational component of the project includes course development on modeling and control of traffic networks, featuring in particular the formal methods approach of this project, and organizing workshops to train traffic engineers and operation practitioners on the use of software tools and methodologies of the project. To meet rich control objectives expressed using temporal logic, the project exploits the piecewise affine nature of existing, validated traffic models, and derives efficient finite state abstractions that form the basis of correct-by-construction control synthesis. To ensure scalability, the project further takes advantage of inherent monotonicity properties and decomposibility into sparsely connected subsystems. The first research task is to develop a design framework for signal timing and ramp metering strategies for signalized intersections and freeway traffic control. The second task is the coordinated control of freeway onramps and nearby signalized intersections to address situations such as a freeway demand surge after a sporting event, or an accident on the freeway when signal settings must be adjusted to favor a detour route. The third task is to pursue designs that exploit the statistics of demand for probabilistic correctness guarantees, as well as designs that incorporate optimality requirements, such as minimizing travel time. Validation of the results is pursued with high-fidelity simulation models calibrated using traffic data from the Interstate 210 travel corridor.