The objective of this project is to research tools to manage uncertainty in the design and certification process of safety-critical aviation systems. The research focuses on three innovative ideas to support this objective. First, probabilistic techniques will be introduced to specify system-level requirements and bound the performance of dynamical components. These will reduce the design costs associated with complex aviation systems consisting of tightly integrated components produced by many independent engineering organizations. Second, a framework will be created for developing software components that use probabilistic execution to model and manage the risk of software failure. These techniques will make software more robust, lower the cost of validating code changes, and allow software quality to be integrated smoothly into overall system-level analysis. Third, techniques from Extreme Value Theory will be applied to develop adaptive verification and validation procedures. This will enable early introduction of new and advanced aviation systems. These systems will initially have restricted capabilities, but these restrictions will be gradually relaxed as justified by continual logging of data from in-service products. The three main research aims will lead to a significant reduction in the costs and time required for fielding new aviation systems. This will enable, for example, the safe and rapid implementation of next generation air traffic control systems that have the potential of tripling airspace capacity with no reduction in safety. The proposed methods are also applicable to other complex systems including smart power grids and automated highways. Integrated into the research is an education plan for developing a highly skilled workforce capable of designing safety critical systems. This plan centers around two main activities: (a) creation of undergraduate labs focusing on safety-critical systems, and (b) integration of safety-critical concepts into a national robotic snowplow competition. These activities will provide inspirational, real-world applications to motivate student learning.

This project focuses on the formal design of semi-autonomous automotive Cyber Physical Systems (CPS). Rather than disconnecting the driver from the vehicle, the goal is to obtain a vehicle where the degree of autonomy is continuously changed in real-time as a function of certified uncertainty ranges for driver behavior and environment reconstruction. The highly integrated research plan will advance the science and engineering for CPS by developing methods for (1) reconstructing 3D scenes which incorporate high-level topological and low-level metric information, (2) extracting driver behavioral models from large datasets using geometry, reasoning and inferences, (3) designing provably-safe control schemes which trade-off real-time feasibility and conservatism by using the evidence collected during actual driving. Assisting humans in controlling complex and safety-critical systems is a global challenge. In order to improve the safety of human-operated CPS we need to provide guarantees in the reconstruction of the environment where the humans and the CPS operate, and to develop control systems that use predictive cognitive models of the human when interacting with the CPS. A successful and integrated research in both areas will impact not only the automotive sector but many other human-operated systems. These include telesurgery, homeland security, assisted rehabilitation, power networks, environmental monitoring, and all transportation CPS. Graduate, undergraduate and underrepresented engineering students will benefit through classroom instruction, involvement in the research and a continuous interaction with industrial partners who are leaders in the field of assisted driving.

The objective of this research is to prove that cyber-physical systems are safe before they are deployed. The approaches the research investigates are extensions of approaches used to test communications protocols. The problems with cyber-physical systems are that 1) they are much more complicated than communications protocols, 2) time is a more critical component of these systems, and 3) in a competitive environment there are likely to be many implementations that must interoperate. The complexity of communications protocols is reduced by using a layered architecture. Each layer provides a well defined service to the next layer. This research is developing multi-dimensional architectures that reflect the different ways that the cyber-physical system interacts with the physical world. The techniques are evaluated on a driver-assisted merge protocol. An architecture for the merge protocol has four dimensions organized as stacks for communications, external sensors, vehicle monitoring and control, and timing. This architecture will also be useful during standardization. Timing increases verification complexity by increasing the number of potential execution paths. The research conducted in this project explores how to reduce the number of paths by synchronizing clocks and using simultaneous operations. This approach is reasonable because of the timing accuracy now available with GPS. A two step verification process is used that creates an unambiguous model of the cyber-physical system, first proving that the model is safe, then checking that each implementation conforms to the model. This reduces the number and cost of tests for a three-party merge protocol. Specifically, assuming there are N implementation versions for different manufacturers and models, this approach reduces the number of necessary interaction tests, which would be cubic in N, to a single model verification and N conformance tests.

Implantable Cardiac Defibrillators (ICDs) are at the forefront of preventing sudden death in patients suffering from ventricular arrhythmias. ICDs have evolved into complex Cyber-Physical Systems (CPS)which tightly sensing, hardware, and software to diagnose arrythmias based on electrogram signals and control cardiac excitation. These devices are life-critical, yet the Verification and Validation (V&V) techniques used for establishing their safety have remained somewhat informal, and rely largely on extensive unit testing. There have been a number of exciting developments in formal verification technologies. This proposal introduces these techniques into the ICD verification process, and will demonstrate their suitability for application in other medical devices. The project will develop a model-based framework for ICDs, and will apply formal verification techniques, such as model checking and reachability analysis, to high-fidelity cardiac electrophysiological models that capture the electrical excitation induced by the ICD's control software. Through extensive collaboration with FDA research staff, the proposal will demonstrate the effectiveness of formal verification technology and suitability in medical device applications.

The project investigates a formal verification framework for artificial pancreas (AP) controllers that automate the delivery of insulin to patients with type-1 diabetes (T1D). AP controllers are safety critical: excessive insulin delivery can lead to serious, potentially fatal, consequences. The verification framework under development allows designers of AP controllers to check that their control algorithms will operate safely and reliably against large disturbances that include patient meals, physical activities, and sensor anomalies including noise, delays, and sensor attenuation. The intellectual merits of the project lie in the development of state-of-the-art formal verification tools, that reason over mathematical models of the closed-loop including external disturbances and insulin-glucose response. These tools perform an exhaustive exploration of the closed loop system behaviors, generating potentially adverse situations for the control algorithm under verification. In addition, automatic techniques are being investigated to help AP designers improve the control algorithm by tuning controller parameters to eliminate harmful behaviors and optimize performance. The broader significance and importance of the project are to minimize the manual testing effort for AP controllers, integrate formal tools in the certification process, and ultimately ensure the availability of safe and reliable devices to patients with type-1 diabetes. The framework is made available to researchers who are developing AP controllers to help them verify and iteratively improve their designs. The team is integrating the research into the educational mission by designing hands-on courses to train undergraduate students in the science of Cyber-Physical Systems (CPS) using the design of AP controllers as a motivating example. Furthermore, educational material that explains the basic ideas, current challenges and promises of the AP concept is being made available to a wide audience that includes patients with T1D, their families, interested students, and researchers. The research is being carried out collaboratively by teams of experts in formal verification for Cyber-Physical Systems, control system experts with experience designing AP controllers, mathematical modeling experts, and clinical experts who have clinically evaluated AP controllers. To enable the construction of the verification framework from the current state-of-the-art verification tools, the project is addressing major research challenges, including (a) building plausible mathematical models of disturbances from available clinical datasets characterizing human meals, activity patterns, and continuous glucose sensor anomalies. The resulting models are integrated in a formal verification framework; (b) simplifying existing models of insulin glucose response using smaller but more complex delay differential models; (c) automating the process of abstracting the controller implementation for the purposes of verification; (d) producing verification results that can be interpreted by control engineers and clinical researchers without necessarily understanding formal verification techniques; and (e) partially automating the process of design improvements to potentially eliminate severe faults and improve performance. The framework is evaluated on a set of promising AP controller designs that are currently under various stages of clinical evaluation.

Wireless body area sensing networks (WBANs) have the potential to revolutionize health care in the near term and enhance other application domains including sports, entertainment, military and emergency situations. These WBANs represent a novel cyber-physical system that unites engineering systems, the natural world and human individuals. The coupling of bio-sensors with a wireless infrastructure enables the real-time monitoring of an individual's health, environment and related behaviors continuously, as well as the provision of real-time feedback with nimble, adaptive, and personalized interventions. Recent technological advances in low power integrated circuits, signal processing and wireless communications have enabled the design of tiny, low cost, lightweight, intelligent medical devices, sensors and networking platforms that have the potential to make the concept of truly pervasive wireless sensor networks a reality. To develop the WBANs of the future, this breakthrough research will pursue the interfaces of sensing, communication and control. This project aims to investigate energy and delay sensitive sensing, communication, decision-making and control for health monitoring application of wireless body area networks. In these systems, sensors with varying accuracy observe heterogeneous source signals that must be processed and communicated and used for inference and decision-making purposes. All of these operations must be carried out in the presence of constraints on power and energy resources at the sensors, limited communication and computational abilities and with low end-to-end delay between the sensing of information to its eventual utilization. In this project, a global (end-to end) perspective is adopted that optimizes network operation to improve the information quality and enhance the lifetime of the network, focusing in particular on optimal use of sensor resources such as energy, new sensing and communication paradigms that balance information quality and energy expenditure, and real-time encoding and decoding methods that provide strict delay guarantees on information delivery. The proposed work will contribute to several research areas including optimal resource allocation at sensors, adaptive sensing methods, real-time encoding and decoding and event-based communication. The educational impact of the proposed research will come through the training of new information technology professionals and scientists with expertise in cross-disciplinary research, development of new courses based on the proposed research activity and continued efforts to include women and under-represented minorities in the research program.

Buildings in the U.S. contribute to 39% of energy use, consume approximately 70% of the electricity, and account for 39% of CO2 emissions. Hence, developing green building architectures is an extremely critical component in energy sustainability. The investigators will develop a unified analytical approach for green building design that comprehensively manages energy sustainability by taking into account the complex interactions between these systems of systems, providing a high degree of security, agility and robust to extreme events. The project will serve to advance the general science in CPS, help bridge the gap between the cyber and civil infrastructure communities, educate students across different disciplines, include topics in curriculum development, and actively recruit underrepresented minority and undergraduate students. The main thesis of this research is that ad hoc green energy designs are often myopic, not taking into account key interdependencies between subsystems and users, and thus often lead to undesirable solutions. In fact, studies have shown that 28%-35% of LEED-certified buildings consumed more energy than their conventional counterparts, all of which calls for the development of a comprehensive analytical foundation for designing green buildings. In particular, the investigators will focus on three interrelated thrust areas: (i) Integrated energy management for a single-building, where the goal is to jointly consider the complex interactions among building subsystems. The investigators will develop novel control schemes that opportunistically exploit the energy demand elasticity of the building subsystems and adapt to occupancy patterns, human comfort zones, and ambient environments. (ii) Managing multi-building interactions to develop (near) optimal distributed control and coordination schemes that provide performance guarantees. (iii) Designing for anomalous conditions such as extreme weather and malicious attacks, where power grid connections and/or cyber-networks are disrupted. The research will provide directions at developing an analytical foundation and cross-cutting principles that will shed insight on the design and control of not only building systems, but also general CPS systems. An important goal is to help bridge the gap between the networking, controls, and civil infrastructure communities by giving talks and publishing works in all of these forums. The investigators will disseminate the research findings to industry as well as offer education and outreach programs to the K-12 students in STEM disciplines. The investigators will also actively continue their already strong existing efforts in recruiting women and underrepresented minorities, as well as providing rich research experience to undergraduate REU students. This project will provide fertile training for students spanning civil infrastructure research, networking, controls, optimization, and algorithmic development. The investigators will also actively include the outcomes of the research in existing and new courses at both the Ohio State University and Virginia Tech.