Cyber-physical systems are found in nearly every area of daily life: transportation, energy, medical systems, and food production. Life and safety frequently depend upon their correct operation. This project develops a novel systematic framework and methods for understanding, designing, and controlling complex coupled cyber and physical systems based on large-scale computation. This is achieved by explicitly developing the connection between the abstraction, modeling and verification frameworks of physics-based models and those of discrete-transition systems. The approach is fundamentally new, based on the unification of two recent developments: (1) new probabilistic tools for simulating and analyzing high-fidelity physics-based models; and (2) statistical model checking methods. In addition to analytical research, the project produces methods and computational tools that can be used on a wide range of cyber-physical systems, particularly those that are safety and performance critical. There have been dramatic recent advances in probabilistic computational techniques for purely physics-based models, treating them computationally as Markov chains, and enabling efficient computation even for high-dimensional systems. Simultaneously with these purely physics-based model approaches, state-of-the-art methods for the verification of purely discrete-state systems have been developed based on stochastic computational tools also using Markov chains as the basis. This project connects these two independent branches to yield a radically new approach for complex, high-dimensional cyber-physical systems, based on the unifying concept of Markov models as an interface between the cyber and physical domains. An integral part of the project is a unified educational program aimed at addressing key bottlenecks in the recruitment and development of female and minority students into engineering and computer science. The educational program is developed around a new robotic vehicle with complex fluid-structure dynamics, that is used in: (i) a week-long residential summer camp for female high-school students on "Mechanics & Dynamics"; (ii)undergraduate research experiences for female and minority students to facilitate the transition to graduate education; and (iii) an experimental graduate course on verification of embedded systems.

Cyber-Physical Systems (CPS) encompass a large variety of systems including for example future energy systems (e.g. smart grid), homeland security and emergency response, smart medical technologies, smart cars and air transportation. One of the most important challenges in the design and deployment of Cyber-Physical Systems is how to formally guarantee that they are amenable to effective human control. This is a challenging problem not only because of the operational changes and increasing complexity of future CPS but also because of the nonlinear nature of the human-CPS system under realistic assumptions. Current state of the art has in general produced simplified models and has not fully considered realistic assumptions about system and environmental constraints or human cognitive abilities and limitations. To overcome current state of the art limitations, our overall research goal is to develop a theoretical framework for complex human-CPS that enables formal analysis and verification to ensure stability of the overall system operation as well as avoidance of unsafe operating states. To analyze a human-CPS involving a human operator(s) with bounded rationality three key questions are identified: (a) Are the inputs available to the operator sufficient to generate desirable behaviors for the CPS? (b) If so, how easy is it for the operator with her cognitive limitations to drive the system towards a desired behavior? (c) How can areas of poor system performance and determine appropriate mitigations be formally identified? The overall technical approach will be to (a) develop and appropriately leverage general cognitive models that incorporate human limitations and capabilities, (b) develop methods to abstract cognitive models to yield tractable analytical human models (c) develop innovative techniques to design the abstract interface between the human and underlying system to reflect mutual constraints, and (d) extend current state-of-the-art reachability and verification algorithms for analysis of abstract interfaces, iin which one of the systems in the feedback loop (i.e., the user) is mostly unknown, uncertain, highly variable or poorly modeled. The research will provide contributions with broad significance in the following areas: (1) fundamental principles and algorithms that would serve as a foundation for provably safe robust hybrid control systems for mixed human-CPS (2) methods for the development of analytical human models that incorporate cognitive abilities and limitations and their consequences in human control of CPS, (3) validated techniques for interface design that enables effective human situation awareness through an interface that ensures minimum information necessary for the human to safely control the CPS, (4) new reachability analysis techniques that are scalable and allow rapid determination of different levels of system safety. The research will help to identify problems (such as automation surprises, inadequate or excessive information contained in the user interface) in safety critical, high-risk, or expensive CPS before they are built, tested and deployed. The research will provide the formal foundations for understanding and developing human-CPS and will have a broad range of applications in the domains of healthcare, energy, air traffic control, transportation systems, homeland security and large-scale emergency response. The research will contribute to the advancement of under-represented students in STEM fields through educational innovation and outreach. The code, benchmarks and data will be released via the project website. Formal descriptions of models of human cognition are in general incompatible with formal models of the Cyber Physical System (CPS) the human operator(s) control. Therefore, it is difficult to determine in a rigorous way whether a CPS controlled by a human operator will be safe or stable and under which circumstances. The objective of this research is to develop an analytic framework of human-CPS systems that encompasses engineering compatible formal models of the human operator that preserve the basic architectural features of human cognition. In this project the team will develop methodologies for building such models as well as techniques for formal verification of the human-CPS system so that performance guarantees can be provided. They will validate models in a variety of domains ranging from air traffic control to large scale emergency response to the administration of anesthesia.

To ensure operational safety of complex cyber-physical systems such as automobiles, aircraft, and medical devices, new models, analyses, platforms, and development techniques are needed that can predict, possible interactions between features, detect them in the features' concrete implementations, and either eliminate or mitigate such interactions through precise modeling and enforcement of mixed-criticality cyber-physical system semantics. This project is taking a novel approach to reasoning about and managing feature interactions in cyber-physical systems, which encompasses interactions within software, interactions through the physical dynamics of the system, and interactions via shared computational resources. The proposed approach consists of three tightly coupled research thrusts: (1) a novel way of modeling features as automata equipped with both physical dynamics of the feature environment, and an assigned criticality level in each state of an automaton, (2) new automata-theoretic and control-theoretic analysis techniques, enabled by the modeling approach, and (3) new algorithms for adaptive sharing of computational resources between individual features that are guaranteed to satisfy the assumptions made during analysis, realized within a novel mixed-criticality cyber-physical platform architecture. The modeling approach will introduce a new model for mixed-criticality cyber-physical components and will support modern development standards, such as AUTOSAR in the automotive industry, for assigning criticality levels to features. Component interfaces in this model will capture control modes and the associated physical dynamics, operating modes and the associated resource requirements and criticality level, as well as relationships between control modes and operating modes. Analysis of features expressed in the proposed model will include detection of interactions and exploration of their effect on safety properties of the composite system. The broader impacts of the proposed work are twofold. One impact lies in the pervasive use of cyber-physical systems in our society. If the developed results are adopted in industry, it may help to promote improved safety of such systems. Results of the proposed research will be used in courses offered at both University of Pennsylvania and Washington University at the graduate and undergraduate levels. The project will also provide students with opportunities to get involved in cutting edge research within their fields of study.

This grant provides funding for establishing the scientific foundations of a product innovation process that can engage a vastly larger pool of talent to generate new ideas and to create new cyber-physical products. The primary objective is to address fundamental issues pertaining to natural interfaces, behavioral modeling and secure knowledge sharing, with particular emphasis on their integration. This objective will be achieved by pursuing the following three aims: (1) reducing barriers to participation in product innovation through natural interfaces between physical and virtual domains, (2) reducing barriers to model-based engineering in community-based product development, (3) overcoming information-related impediments to collaboration and information sharing. The findings will be embodied in a proof-of-concept cyber-physical platform for creative design and prototyping. The results of this research hold promise for a new conceptualization of a cyber-physical infrastructure, building on the developments in natural interfaces and information security. The specific outcomes include: (a) well-founded methods for 3D design support of cyber-physical products, and their software embodiment in a natural user interface, (b) techniques and middleware to support model-based engineering in virtual community-based product development, and (c) techniques and protocols for minimum disclosure interactions, quality of inputs assurance, provenance and integrity, and usage control for virtual design and making of cyber-physical products. The proposed research will advance the state of the art in shape creation, product design and manufacturing, and secure design coordination. Validation of the concepts in an educational context will benefit the engineering curriculum by exposing students to emerging ways of designing and making cyber-physical products. Over the long term, the research, education, and dissemination efforts conducted in this project will facilitate a paradigm shift where cyber-physical design and manufacturing using natural interfaces, secure behavioral modeling and knowledge sharing in communities will become a part of our nation?s creative design and manufacturing capacity.

Until now, the "cyber" component of automobiles has consisted of control algorithms and associated software for vehicular subsystems designed to achieve one or more performance, efficiency, reliability, comfort, or safety goals, primarily based on short-term intrinsic vehicle sensor data. However, there exist many extrinsic factors that can affect the degree to which these goals can be achieved. These factors can be determined from: longer-term traces of in-built sensor data that can be abstracted as triplines, socialized versions of these that are shared amongst vehicle users, and online databases. These three sources of information collectively constitute the automotive infoverse. This project harnesses this automotive infoverse to achieve these goals through high-confidence vehicle tuning and driver feedback decisions. Specifically, the project develops software called Headlight that permits the rapid development of apps that use the infoverse to achieve one or more goals. Advisory apps can provide feedback to the driver in order to ensure better fuel efficiency, while auto-tuning goals can set car parameters to promote safety. Allowing vehicles and such apps to share vehicle data with others and to use extrinsic information results in novel information processing, assurance, and privacy challenges. The project develops methods, algorithms and models to address these challenges. Broader Impact - This project can have significant societal impact by reducing carbon emissions and improving vehicular safety, can spur innovation in tuning methods and encourage researchers to experiment with this class of cyber-physical systems. The active participation of General Motors will strongly facilitate technology transfer. There is significant outreach including high school student participation, undergraduate research activities, internships, and creation of an open framework for plug and play application developers to use.

This project focuses on the problem of information acquisition, state estimation and control in the context of cyber physical systems. In our underlying model, a (set of) decision maker(s), by controlling a sequence of actions with uncertain outcomes, dynamically refines the belief about stochastically time-varying parameters of interest. These parameters are then used to control the physical system efficiently and robustly. Here the cyber system collects, processes, and acquires information about the underlying physical system of interest, which is used for its control. The proposed work will develop a new theoretical framework for stochastic learning, decision-making, and control in stochastically-varying cyber physical systems. In order to obtain analytical insights into the structure of efficient design, we first consider the case where the actions of the cyber system only affect the estimate of the underlying physical system. This class of problems arises in the context of (distributed) sensing/tracking of a physical system in isolation from cyber system control of the physical system's state. Joint state estimation and control for cyber-physical systems will then be considered. Here the most natural first step is to obtain sufficient conditions and/or special classes of systems where a separated approach to the information acquisition and efficient control is (near) optimal. To demonstrate its utility in practice, our theoretical framework will be applied in the specific context of energy efficient control of data centers and robust control of the smart grid under limited sensing. The intellectual merit of this work will be to develop a theoretical framework for the design of cyber-physical systems including information acquisition, state estimation, and control. In addition, separation theorems for the optimality of separate state estimation and control will be explored. In terms of broader impacts, significant performance improvement of control systems closed over communication networks will impact a wide range of applications for societal benefit, including smart buildings, intelligent transportation systems, energy-efficient data centers, and the future smart-grid. The PIs plan to disseminate the research results widely through conferences and journals, as well as by organizing specialized workshops and conference sessions related to cyber physical systems. The proposed project will train Ph.D. students as well as enrich the curriculum taught by the PIs in communications, stochastic control, and networks. The PIs have a strong track record in diversity and outreach activities, which for this project will include exposure and involvement of high school and undergraduate students, including under-represented minorities and women.

The electric power grid is a complex cyber-physical system, whose reliable and secure operation is of paramount importance to national security and economic vitality. There is a growing and evolving threat of cyber-based attacks, both in numbers and sophistication, on the nation's critical infrastructure. Therefore, cyber security "encompassing attack prevention, detection, mitigation, and resilience" is critical in today's power grid and the emerging smart grid. The goal of this project is to develop a unified system-theoretic framework and analytical tools for cyber-physical security of power systems, capturing the dynamics of the physical system as well as that of the cyber system. Research tasks include: 1) Development of a methodology for impact analysis that includes systematic identification of worst-case stealthy attacks on the power system's wide-area control and evaluating the resulting consequences in terms of stability violations and performance loss. 2) Development of robust cyber-physical countermeasures, employing a combination of methods from system theory, cyber security, and model-based/data-driven tools, in the form of domain-specific anomaly detection/tolerance algorithms and attack-resilient control algorithms. 3) Evaluating the effectiveness of the proposed impact modeling and mitigation algorithms through a combination of simulation and testbed-based evaluations, using realistic system topologies and attack scenarios. The project makes significant contributions to enhance the security and resiliency of the power grid and lays a scientific foundation for cyber-physical security of critical infrastructure. Also, the project develops novel curriculum modules, mentors graduate and undergraduate students including under-represented minorities, leverages industrial collaborations, and exposes high school students to cyber security concepts.

Objective: How much a person should be allowed to interact with a controlled machine? If that machine is safety critical, and if the computer that oversees its operation is essential to its operation and safety, the answer may be that the person should not be allowed to interfere with its operation at all or very little. Moreover, whether the person is a novice or an expert matters. Intellectual Merit: This research algorithmically resolves the tension between the need for safety and the need for performance, something a person may be much more adept at improving than a machine. Using a combination of techniques from numerical methods, systems theory, machine learning, human-machine interfaces, optimal control, and formal verification, this research will develop a computable notion of trust that allows the embedded system to assess the safety of the instruction a person is providing. The interface for interacting with a machine matters as well; designing motions for safety-critical systems using a keyboard may be unintuitive and lead to unsafe commands because of its limitations, while other interfaces may be more intuitive but threaten the stability of a system because the person does not understand the needs of the system. Hence, the person needs to develop trust with the machine over a period of time, and the last part of the research will include evaluating a person's performance by verifying the safety of the instructions the person provides. As the person becomes better at safe operation, she will be given more authority to control the machine while never putting the system in danger. Broader Impacts: The activities will include outreach, development of public-domain software, experimental coursework including two massive online courses, and technology transfer to rehabilitation. Outreach will include exhibits at the Museum of Science and Industry and working with an inner-city high school. The algorithms to be developed will have immediate impact on projects with the Rehabilitation Institute of Chicago, including assistive devices, stroke assessment, and neuromuscular hand control. Providing a foundation for a science of trust has the potential to transform rehabilitation research.

This project will develop architecture and supporting enabling technologies to avert imminent loss of life or property in fast changing environments. The selected application is resuscitation in an intensive care unit (ICU) because it is life critical, time critical, human-centric and includes complex devices and software. For example, heart attack can be obscured in a trauma patient hemorrhaging from a broken leg in the presence of a collapsed lung. The challenge lies in solving the overarching difficulties of safe execution while maintaining complex and dynamic workflows. The availability and skill levels of medical staff, patient conditions, and medical device configurations all change rapidly. The core contribution is design and verification of reduced complexity situation awareness architecture for Emergency Cyber Physical Human systems (ECPH), supported by enabling technologies such as workflow adaptation protocols, managing data uncertainty and safe device plug and play. The ECPH workflow adaptation protocols are not only a function of the tasks and environment at hand, but must also be aware of the capabilities and training of the medical staff. In addition, risk mitigation driven safety interlock protocols will keep the actions of medical staff and CPS in synchrony with dynamically selected workflows. This is a cooperative effort of UIUC engineering and the ICU department of Carle Foundation Hospital. An ECPH team operates to accomplish a mission under rapidly changing circumstances. The stressful, rushed, and often unfriendly environment of an ECPH system means that errors, uncertainty, and failures will arise. This research will offer safety and resilience in the face of such disruptions. Effective and immediate intervention enabled by an optimized ECPH system will dramatically reduce preventable errors. The societal impact of effective collaboration under high stress will be enormous in terms of human lives and health care costs. According to CDC in 2010, the estimated direct & indirect costs of heart attacks and strokes alone in the U.S. were $503.2 billion; a significant percent of such patients during emergency care suffer complications and harm which are preventable. This project will develop educational material for training the next generation of researchers and engineers. The technology to be developed will also be adapted to other similar ECPH environments such as fighting a raging building fire.

The electric power grid is a complex cyber-physical system, whose reliable and secure operation is of paramount importance to national security and economic vitality. There is a growing and evolving threat of cyber-based attacks, both in numbers and sophistication, on the nation's critical infrastructure. Therefore, cyber security "encompassing attack prevention, detection, mitigation, and resilience" is critical in today's power grid and the emerging smart grid. The goal of this project is to develop a unified system-theoretic framework and analytical tools for cyber-physical security of power systems, capturing the dynamics of the physical system as well as that of the cyber system. Research tasks include: 1) Development of a methodology for impact analysis that includes systematic identification of worst-case stealthy attacks on the power system's wide-area control and evaluating the resulting consequences in terms of stability violations and performance loss. 2) Development of robust cyber-physical countermeasures, employing a combination of methods from system theory, cyber security, and model-based/data-driven tools, in the form of domain-specific anomaly detection/tolerance algorithms and attack-resilient control algorithms. 3) Evaluating the effectiveness of the proposed impact modeling and mitigation algorithms through a combination of simulation and testbed-based evaluations, using realistic system topologies and attack scenarios. The project makes significant contributions to enhance the security and resiliency of the power grid and lays a scientific foundation for cyber-physical security of critical infrastructure. Also, the project develops novel curriculum modules, mentors graduate and undergraduate students including under-represented minorities, leverages industrial collaborations, and exposes high school students to cyber security concepts.