The age of autonomous mobile systems is dawning -- from autonomous cars to household robots to aerial drones -- and they are expected to transform multiple industries and have significant impact on the US economy. Through wireless coordination, these systems create a whole that is greater than the sum of its parts. For example, vehicle "platoons" increase both highway throughput and fuel efficiency by traveling nearly bumper-to-bumper, using a wireless coupling to brake and accelerate simultaneously. Similarly, vehicles or drones can speed around blind corners using the sensing capabilities of the agents ahead of them. However, wireless communication is still considered too unreliable for safety-critical operations like these. This research is creating new techniques for safe wirelessly coordinated mobility, which is becoming increasingly important with the proliferation of autonomous mobile systems. The approach is to develop a framework for joint modeling and analysis of motion and communication in order to find provably safe coordination paths. This includes new models that can predict the effect of motion paths on the wireless channel, together with new formal methods that can use these models in a tractable manner to synthesize control strategies with provable guarantees. The key innovations include new methods to assess the validity of a Radio Frequency model, new methods for tractable probabilistic reasoning over complex models of the wireless channel and protocols, and new control strategies that achieve provable safety guarantees for states that would have been unsafe without wireless coordination. If successful, this research will allow mobile systems to realize the performance benefits of wireless coordination while preserving the ability to provide provable safety guarantees. The focus is not on improving the wireless channel reliability; instead, the aim is to provide safety guarantees on the entire mobile system by modeling and analyzing the channel's dynamic properties in a rapidly changing environment.

The purpose of this project is to plan and organize the 2017 NSF Cyber-Physical Systems (CPS) Principal Investigator (PI) Meeting. This meeting convenes all PIs of the National Science Foundation CPS Program for the fifth time since the program began. The PI Meeting is to take place on November 13-14, 2017 in Alexandria, Virginia. The PI meeting is an annual opportunity for NSF-sponsored CPS researchers, industry representatives, and Federal agencies' representatives to gather and review new CPS developments, identify new and emerging applications, and to discuss technology gaps and barriers. The program agenda is community-driven and includes presentations (oral and poster) from PIs, reports of past year program activities, and showcase/pitch new CPS innovations and results. The annual PI Meeting serves as the only opportunity where the CPS researcher community gathers to share their research, discuss new research opportunities and challenges, and explore new ideas and partnerships for future work. Furthermore, the PI meeting is also an opportunity for the academic research community to interact with industry entities and government agencies with vested interest in CPS research and development. The PI Meeting is a forum for sharing ideas across the CPS community. It has played a major role in growing the community across broad range of sectors and technologies, and performing outreach to others who have interest in learning about the program and participating as future proposers, transition partners, or future sponsors. The 2017 PI meeting will feature additional demonstrations to show the impact of CPS research. Finally, we expect to conduct discussions across the community on considerations and ideas to inspire CPS 2.0, and future collaborations with the Industrial Internet Consortium which includes multiple organizations transitioning CPS research into practice.

This project is developing theoretical foundations and computational algorithms for synthesizing higher-level supervisory and information-acquisition control logic in cyber-physical systems that expend or replenish their resources while interacting with the environment. On the one hand, qualitative requirements capture the safety requirements that are imposed on the system as it operates. On the other hand, quantitative requirements capture resource constraints in the context of energy-aware systems. These dual considerations are needed in applications of cyber-physical systems where efficient management of resources must be accounted for in the dynamic operation of the system in order to achieve the desired objectives within a given energy or resource budget. The approach pursued is formal and model-based. It leverages a recently-developed unified framework for supervisory control and information acquisition in the higher-level control logic of cyber-physical systems, but it explicitly embeds quantitative constraints in the solution procedure in order to capture the energy or resources expended and/or replenished by the cyber-physical system as it interacts with its environment. This generic solution methodology is applicable to several classes of cyber-physical systems subject to energy constraints. Software tools are being developed to facilitate the transition of these results to application domains. Of special interest is energy-aware mission planning in autonomous systems, a rich domain where qualitative mission requirements are coupled with quantitative constraints. Overall, this project impacts both the Science of Cyber-Physical Systems and the Engineering of Cyber-Physical Systems.

Automation is being increasingly introduced into every man-made system. The thrust to achieve trustworthy autonomous systems, which can attain goals independently in the presence of significant uncertainties and for long periods of time without any human intervention, has always been enticing. Significant progress has been made in the avenues of both software and hardware for meeting these objectives. However, technological challenges still exist and particularly in terms of decision making under uncertainty. In an autonomous system, uncertainties can arise from the operating environment, adversarial attacks, and from within the system. While a lot of work has been done on ensuring safety of systems under standard sensing errors, much less attention has been given on securing it and its sensors from attacks. As such, autonomous cyber-physical systems (CPS), which rely heavily on sensing units for decision making, remain vulnerable to such attacks. Given the fact that the age of autonomous CPS is upon us and their influence is gradually increasing, it becomes an urgent task to develop effective solutions to ensure the security and trustworthiness of autonomous CPS under adversarial attacks. The researchers of this project provide a comprehensive real-time, resource-aware solution for detection and recovery of autonomous CPS from physical and cyber-attacks. This project also includes effort to educate and prepare the community for the potential cyber and physical threats on autonomous CPS. With the observation that a thorough security certification of autonomous CPS will provide formal evaluation of autonomous CPS, the researchers in this project intend to develop methods to facilitate manufacturers for certifying security solutions. Toward this goal, the researchers will first develop new theories to understand the impact of physical and cyber-attack on system level properties such as controllability, stability, and safety. They will then develop algorithms for detection and recovery of CPS from physical attacks on active sensors. The proposed recovery method will ensure the integrity of sensor measurements when the system is under attack. Furthermore, a new analysis framework will be constructed that uses platform-based design methodology to represent the CPS and verifies it against design metric constraints such as security, timing, resource, and performance. The key contributions of this project towards autonomous CPS security certification include 1) a comprehensive study of relationship between attacks and system-level properties; 2) algorithms and their optimization for detection and automatic recovery of autonomous CPS from attacks; and 3) systematically quantifying impact of security on design metrics.

Cyber-physical systems (CPS) are engineered systems created as networks of interacting physical and computational processes. Most modern products in major industrial sectors, such as automotive, avionics, medical devices, and power systems already are or rapidly becoming CPS driven by new requirements and competitive pressures. However, in recent years, a number of successful cyber attacks against CPS targets, some of which have even caused severe physical damage, have demonstrated that security and resilience of CPS is a very critical problem, and that new methods and technologies are required to build dependable systems. Modern automotive vehicles, for example, employ sensors such as laser range finders and cameras, GPS and inertial measurement units, on-board computing, and network connections all of which contribute to vulnerabilities that can be exploited for deploying attacks with possibly catastrophic consequences. Securing such systems requires that potential points of compromise and vehicle-related data are protected. In order to fulfill the great promise of CPS technologies such as autonomous vehicles and realize the potential technological, economic, and societal impact, it is necessary to develop principles and methods that ensure the development of CPS capable of functioning dependably, safely, and securely. In view of these challenges, the project develops an approach for integration of reconfigurable control software design and moving target defense for CPS. The main idea is to improve CPS security by making the attack surface dynamic and unpredictable while ensuring safe behavior and correct functionality of the overall system. The proposed energy-based control design approach generates multiple alternatives of the software application that are robust to performance variability and uncertainty. A runtime environment is designed to implement instruction set randomization, address space randomization, and data space randomization. The heart of the runtime environment is a configuration manager that can modify the software configuration, either proactively or reactively upon detection of attacks, while preserving the functionality and ensuring stable and safe CPS behavior. By changing the control software on-the-fly, the approach creates a cyber moving target and raises significantly the cost for a successful attack without impacting the essential behavior and functionality. Demonstration and experimental evaluation will be performed using a hardware-in-the-loop simulation testbed for automotive CPS.

Strategic decision-making for physical-world infrastructures is rapidly transitioning toward a pervasively cyber-enabled paradigm, in which human stakeholders and automation leverage the cyber-infrastructure at large (including on-line data sources, cloud computing, and handheld devices). This changing paradigm is leading to tight coupling of the cyber- infrastructure with multiple physical- world infrastructures, including air transportation and electric power systems. These management-coupled cyber- and physical- infrastructures (MCCPIs) are subject to complex threats from natural and sentient adversaries, which can enact complex propagative impacts across networked physical-, cyber-, and human elements. We propose here to develop a modeling framework and tool suite for threat assessment for MCCPIs. The proposed modeling framework for MCCPIs has three aspects: 1) a tractable moment-linear modeling paradigm for the hybrid, stochastic, and multi-layer dynamics of MCCPIs; 2) models for sentient and natural adversaries, that capture their measurement and actuation capabilities in the cyber- and physical- worlds, intelligence, and trust-level; and 3) formal definitions for information security and vulnerability. The attendant tool suite will provide situational awareness of the propagative impacts of threats. Specifically, three functionalities termed Target, Feature, and Defend will be developed, which exploit topological characteristics of an MCCPI to evaluate and mitigate threat impacts. We will then pursue analyses that tie special infrastructure-network features to security/vulnerability. As a central case study, the framework and tools will be used for threat assessment and risk analysis of strategic air traffic management. Three canonical types of threats will be addressed: environmental-to-physical threats, cyber-physical co-threats, and human-in-the-loop threats. This case study will include development and deployment of software decision aids for managing man-made disturbances to the air traffic system. This is a continuing grant of Award # 1544863

This CPS Frontiers project addresses highly dynamic Cyber-Physical Systems (CPSs), understood as systems where a computing delay of a few milliseconds or an incorrectly computed response to a disturbance can lead to catastrophic consequences. Such is the case of cars losing traction when cornering at high speed, unmanned air vehicles performing critical maneuvers such as landing, or disaster and rescue response bipedal robots rushing through the rubble to collect information or save human lives. The preceding examples currently share a common element: the design of their control software is made possible by extensive experience, laborious testing and fine tuning of parameters, and yet, the resulting closed-loop system has no formal guarantees of meeting specifications. The vision of the project is to provide a methodology that allows for complex and dynamic CPSs to meet real-world requirements in an efficient and robust way through the formal synthesis of control software. The research is developing a formal framework for correct-by-construction control software synthesis for highly dynamic CPSs with broad applications to automotive safety systems, prostheses, exoskeletons, aerospace systems, manufacturing, and legged robotics. The design methodology developed here will improve the competitiveness of segments of industry that require a tight integration between hardware and highly advanced control software such as: automotive (dynamic stability and control), aerospace (UAVs), medical (prosthetics, orthotics, and exoskeleton design) and robotics (legged locomotion). To enhance the impact of these efforts, the PIs are developing interdisciplinary teaching materials to be made freely available and disseminating their work to a broad audience. This is a continuing grant of Award # 1562236