This project represents a cross-disciplinary collaborative research effort on developing rigorous, closed-loop approaches for designing, simulating, and verifying medical devices. The work will open fundamental new approaches for radically accelerating the pace of medical device innovation, especially in the sphere of cardiac-device design. Specific attention will be devoted to developing advanced formal methods-based approaches for analyzing controller designs for safety and effectiveness; and devising methods for expediting regulatory and other third-party reviews of device designs. The project team includes members with research backgrounds in computer science, electrical engineering, biophysics, and cardiology; the PIs will use a coordinated approach that balances theoretical, experimental and practical concerns to yield results that are intended to transform the practice of device design while also facilitating the translation of new cardiac therapies into practice. The proposed effort will lead to significant advances in the state of the art for system verification and cardiac therapies based on the use of formal methods and closed-loop control and verification. The animating vision for the work is to enable the development of a true in silico design methodology for medical devices that can be used to speed the development of new devices and to provide greater assurance that their behaviors match designers' intentions, and to pass regulatory muster more quickly so that they can be used on patients needing their care. The scientific work being proposed will serve this vision by providing mathematically robust techniques for analyzing and verifying the behavior of medical devices, for modeling and simulating heart dynamics, and for conducting closed-loop verification of proposed therapeutic approaches. The acceleration in medical device innovation achievable as a result of the proposed research will also have long-term and sustained societal benefits, as better diagnostic and therapeutic technologies enter into the practice of medicine more quickly. It will also yield a collection of tools and techniques that will be applicable in the design of other types of devices. Finally, it will contribute to the development of human resources and the further inclusion of under-represented groups via its extensive education and outreach programs, including intensive workshop experiences for undergraduates

This project represents a cross-disciplinary collaborative research effort on developing rigorous, closed-loop approaches for designing, simulating, and verifying medical devices. The work will open fundamental new approaches for radically accelerating the pace of medical device innovation, especially in the sphere of cardiac-device design. Specific attention will be devoted to developing advanced formal methods-based approaches for analyzing controller designs for safety and effectiveness; and devising methods for expediting regulatory and other third-party reviews of device designs. The project team includes members with research backgrounds in computer science, electrical engineering, biophysics, and cardiology; the PIs will use a coordinated approach that balances theoretical, experimental and practical concerns to yield results that are intended to transform the practice of device design while also facilitating the translation of new cardiac therapies into practice. The proposed effort will lead to significant advances in the state of the art for system verification and cardiac therapies based on the use of formal methods and closed-loop control and verification. The animating vision for the work is to enable the development of a true in silico design methodology for medical devices that can be used to speed the development of new devices and to provide greater assurance that their behaviors match designers' intentions, and to pass regulatory muster more quickly so that they can be used on patients needing their care. The scientific work being proposed will serve this vision by providing mathematically robust techniques for analyzing and verifying the behavior of medical devices, for modeling and simulating heart dynamics, and for conducting closed-loop verification of proposed therapeutic approaches. The acceleration in medical device innovation achievable as a result of the proposed research will also have long-term and sustained societal benefits, as better diagnostic and therapeutic technologies enter into the practice of medicine more quickly. It will also yield a collection of tools and techniques that will be applicable in the design of other types of devices. Finally, it will contribute to the development of human resources and the further inclusion of under-represented groups via its extensive education and outreach programs, including intensive workshop experiences for undergraduates.

Title: CPS: Breakthrough: Development of Novel Architectures for Control and Diagnosis of Safety-Critical Complex Cyber-Physical Systems This project is developing novel architectures for control and diagnosis of complex cyber-physical systems subject to stringent performance requirements in terms of safety, resilience, and adaptivity. These ever-increasing demands necessitate the use of formal model-based approaches to synthesize provably-correct feedback controllers. The intellectual merit of this research lies in a novel combination of techniques from the fields of dynamical systems, discrete event systems, reactive synthesis, and graph theory, together with new advancements in terms of abstraction techniques, computationally efficient synthesis of control and diagnosis strategies that support distributed implementations, and synthesis of acquisition of information and communication strategies. The project's broader significance and importance are demonstrated by the expected improvement of the safety, resilience, and performance of complex cyber-physical systems in critical infrastructures as well as the efficiency with which they are designed and certified. The original approach being developed is based on the combination of multi-resolution abstraction graphs for building discrete models of the underlying cyber-physical system with reactive synthesis techniques that exploit a representation of the solution space in terms of a finite structure called a decentralized bipartite transition system. The concepts of abstraction graph and decentralized bipartite transition system are novel and open new avenues of investigation with significant potential to the formal synthesis of safe, resilient, and adaptive controllers. This methodology naturally results in a set of decentralized and asynchronous controllers and diagnosers, which ensures greater resilience and adaptivity. Overall, this research will significantly impact the Science of Cyber-Physical Systems and the Engineering of Cyber-Physical Systems.

Driven by both civilian and military applications, such as coordinated surveillance, search and rescue, underwater or space exploration, manipulation in hazardous environments, and rapid emergency response, cooperative actions by teams of robots has emerged as an important research area. However, the coordination strategies for such robot teams are still developed to a great extent by trial-and-error processes. Hence, the strategies cannot guarantee mission success. This award supports fundamental research to provide a provably correct formal design theory of multi-robot systems that guarantees mission success. Furthermore, results from the research can be extended to the design of more general cyber-physical systems (CPSs) consisting of distributed and coordinated subsystems, such as the national power grid, ground/air traffic networks, and manufacturing systems. These CPSs are critical components of the national civil infrastructure that must operate reliably to ensure public safety. The multidisciplinary approach taken will help broaden participation of underrepresented groups in research and positively impact engineering education. Focusing on multi-robot teams, the goal of the research is to build foundations for a provably correct formal design theory for CPSs. This design theory will guarantee a given global performance of multi-robot teams through designing local coordination rules and control laws. The basic idea is to decompose the team mission into individual subtasks such that the design can be reduced to a local synthesis problem for individual robots. Multidisciplinary approaches combining hybrid systems, supervisory control, regular inference and model checking will be utilized to achieve this goal. The developed theory will enable robots in the team to cooperatively learn their individual roles in a mission, and then automatically synthesize local supervisors to fulfill their subtasks. A salient feature of this method lies on its ability to handle environmental uncertainties and unmodeled dynamics, as there is no need for an explicit model of the transition dynamics of each agent/robot and their interactions with the environment. In addition, the design is online and reactive, enabling the robot team to adapt to changing environments and dynamic tasking. The derived theory will be implemented as software tools and will be demonstrated through real robotic systems consisting of unmanned ground and aerial vehicles in unstructured urban/rural areas.

Driven by both civilian and military applications, such as coordinated surveillance, search and rescue, underwater or space exploration, manipulation in hazardous environments, and rapid emergency response, cooperative actions by teams of robots has emerged as an important research area. However, the coordination strategies for such robot teams are still developed to a great extent by trial-and-error processes. Hence, the strategies cannot guarantee mission success. This award supports fundamental research to provide a provably correct formal design theory of multi-robot systems that guarantees mission success. Furthermore, results from the research can be extended to the design of more general cyber-physical systems (CPSs) consisting of distributed and coordinated subsystems, such as the national power grid, ground/air traffic networks, and manufacturing systems. These CPSs are critical components of the national civil infrastructure that must operate reliably to ensure public safety. The multidisciplinary approach taken will help broaden participation of underrepresented groups in research and positively impact engineering education. Focusing on multi-robot teams, the goal of the research is to build foundations for a provably correct formal design theory for CPSs. This design theory will guarantee a given global performance of multi-robot teams through designing local coordination rules and control laws. The basic idea is to decompose the team mission into individual subtasks such that the design can be reduced to a local synthesis problem for individual robots. Multidisciplinary approaches combining hybrid systems, supervisory control, regular inference and model checking will be utilized to achieve this goal. The developed theory will enable robots in the team to cooperatively learn their individual roles in a mission, and then automatically synthesize local supervisors to fulfill their subtasks. A salient feature of this method lies on its ability to handle environmental uncertainties and unmodeled dynamics, as there is no need for an explicit model of the transition dynamics of each agent/robot and their interactions with the environment. In addition, the design is online and reactive, enabling the robot team to adapt to changing environments and dynamic tasking. The derived theory will be implemented as software tools and will be demonstrated through real robotic systems consisting of unmanned ground and aerial vehicles in unstructured urban/rural areas.

Trustworthy operation of next-generation complex power grid critical infrastructures requires mathematical and practical verification solutions to guarantee the correct infrastructural functionalities. This project develops the foundations of theoretical modeling, synthesis and real-world deployment of a formal and scalable controller code verifier for programmable logic controllers (PLCs) in cyber-physical settings. PLCs are widely used for control automation in industrial control systems. A PLC is typically connected to an engineering workstation where engineers develop the control logic to process the input values from sensors and issue control commands to actuators. The project focuses on protecting infrastructures against malicious control injection attacks on PLCs, such as Stuxnet, that inject malicious code on the device to drive the underlying physical platform to an unsafe state. The broader impact of this proposal is highly significant. It offers potential for real-time security for critical infrastructure systems covering sectors such as energy and manufacturing. The project's intellectual merit is in providing a mathematical and practical verification framework for cyber-physical systems through integration of offline formal methods, online monitoring solutions, and power systems analysis. Offline formal methods do not scale for large-scale platforms due to their exhaustive safety analysis of all possible system states, while online monitoring often reports findings too late for preventative action. This project takes a hybrid approach that dynamically predicts the possible next security incidents and reports to operators before an unsafe state is encountered, allowing time for response. The broader impact of this project is in providing practical mathematical analysis capabilities for general cyber-physical safety-critical infrastructure with potential direct impact on our national security. The research outcomes are integrated into education modules for graduate, undergraduate, and K-12 classrooms.

Title: Efficient Traffic Management: A Formal Methods Approach The objective of this project is to develop a formal methods approach to traffic management. Formal methods is an area of computer science that develops efficient techniques for proving the correct operation of systems, such as computer programs and digital circuits, and for designing systems that are correct by construction. This project extends this formalism to traffic networks where correctness specifications include eliminating congestion, ensuring that the freeway throughput remains over a minimum threshold, that queues are always eventually emptied, etc. The task is then to design signal timing and ramp metering strategies to meet such specifications. To accomplish this task, the project takes advantage of the inherent structure of existing, validated mathematical models of traffic flow and develops computationally efficient design techniques. The results are tested with real traffic data from the Interstate 210 travel corridor in Southern California. The educational component of the project includes course development on modeling and control of traffic networks, featuring in particular the formal methods approach of this project, and organizing workshops to train traffic engineers and operation practitioners on the use of software tools and methodologies of the project. To meet rich control objectives expressed using temporal logic, the project exploits the piecewise affine nature of existing, validated traffic models, and derives efficient finite state abstractions that form the basis of correct-by-construction control synthesis. To ensure scalability, the project further takes advantage of inherent monotonicity properties and decomposibility into sparsely connected subsystems. The first research task is to develop a design framework for signal timing and ramp metering strategies for signalized intersections and freeway traffic control. The second task is the coordinated control of freeway onramps and nearby signalized intersections to address situations such as a freeway demand surge after a sporting event, or an accident on the freeway when signal settings must be adjusted to favor a detour route. The third task is to pursue designs that exploit the statistics of demand for probabilistic correctness guarantees, as well as designs that incorporate optimality requirements, such as minimizing travel time. Validation of the results is pursued with high-fidelity simulation models calibrated using traffic data from the Interstate 210 travel corridor.

Title: Efficient Traffic Management: A Formal Methods Approach The objective of this project is to develop a formal methods approach to traffic management. Formal methods is an area of computer science that develops efficient techniques for proving the correct operation of systems, such as computer programs and digital circuits, and for designing systems that are correct by construction. This project extends this formalism to traffic networks where correctness specifications include eliminating congestion, ensuring that the freeway throughput remains over a minimum threshold, that queues are always eventually emptied, etc. The task is then to design signal timing and ramp metering strategies to meet such specifications. To accomplish this task, the project takes advantage of the inherent structure of existing, validated mathematical models of traffic flow and develops computationally efficient design techniques. The results are tested with real traffic data from the Interstate 210 travel corridor in Southern California. The educational component of the project includes course development on modeling and control of traffic networks, featuring in particular the formal methods approach of this project, and organizing workshops to train traffic engineers and operation practitioners on the use of software tools and methodologies of the project. To meet rich control objectives expressed using temporal logic, the project exploits the piecewise affine nature of existing, validated traffic models, and derives efficient finite state abstractions that form the basis of correct-by-construction control synthesis. To ensure scalability, the project further takes advantage of inherent monotonicity properties and decomposibility into sparsely connected subsystems. The first research task is to develop a design framework for signal timing and ramp metering strategies for signalized intersections and freeway traffic control. The second task is the coordinated control of freeway onramps and nearby signalized intersections to address situations such as a freeway demand surge after a sporting event, or an accident on the freeway when signal settings must be adjusted to favor a detour route. The third task is to pursue designs that exploit the statistics of demand for probabilistic correctness guarantees, as well as designs that incorporate optimality requirements, such as minimizing travel time. Validation of the results is pursued with high-fidelity simulation models calibrated using traffic data from the Interstate 210 travel corridor.

Large battery systems with 100s/1000s cells are being used to power various physical platforms. For example, automobiles are transitioning from conventional powertrains to (plug-in) hybrid and electric vehicles (EVs). To achieve the desired efficiency of EVs, significant improvements are needed in the architecture and algorithms of battery management. This project will develop a new comprehensive battery management architecture, called Smart Battery Management System (SBMS). The research is expected to bridge the wide gap existing between cyber-physical system (CPS) research and electrification industry communities, provide environment-friendly solutions, increase the awareness of CPS, and develop skilled human resources. This project will incorporate and enhance a battery management system (BMS) by including battery state-of-charge (SoC) and state-of-health (SoH) algorithms as well as power management strategies on both pack and cell levels. Specifically, it consists of five main research tasks: (i) design a dynamically reconfigurable energy storage system to tolerate harsh internal and external stresses; (ii) develop cell-level thermal management algorithms; (iii) develop efficient, dependable charge and discharge scheduling algorithms in hybrid energy storage systems; (iv) develop a comprehensive, diagnostic/prognostic (P/D) algorithm with system parameters adjusted for making optimal decisions; and (v) build a testbed and evaluate the proposed architecture and algorithms on the testbed. This research will advance the state-of-the-art in the management of large-scale energy storage systems, extending their life and operation-time significantly, which is key to a wide range of battery-powered physical platforms. That is, SBMS will enable batteries to withstand excessive stresses and power physical platforms for a much longer time, all at low costs. SBMS will also serve as a basic framework for various aspects of CPS research, integrating (cyber) dynamic control and P/D mechanisms, and (physical) energy storage system dynamics.

Many of the ideas that drive modern cloud computing, such as server virtualization, network slicing, and robust distributed storage, arose from the research community. But because today's clouds have particular, non-malleable implementations of these ideas "baked in," they are unsuitable as facilities in which to conduct research on future cloud architectures. This project creates CloudLab, a facility that will enable fundamental advances in cloud architecture. CloudLab will not be a cloud; CloudLab will be large-scale, distributed scientific infrastructure on top of which many different clouds can be built. It will support thousands of researchers and run hundreds of different, experimental clouds simultaneously. The Phase I CloudLab deployment will provide data centers at Clemson (with Dell equipment), Utah (HP), and Wisconsin (Cisco), with each industrial partner collaborating to explore next-generation ideas for cloud architectures CloudLab will be a place where researchers can try out ideas using any cloud software stack they can imagine. It will accomplish this by running at a layer below cloud infrastructure: it will provide isolated, bare-metal access to a set of resources that researchers can use to bring up their own clouds. These clouds may run instances of today's popular stacks, modest modifications to them, or something entirely new. CloudLab will not be tied to any particular particular cloud stack, and will support experimentation on multiple in parallel. The impact of cloud computing outside the field of computer science has been substantial: it has enabled a new generation of applications and services with direct impacts on society at large. CloudLab is positioned to have an immediate and substantial impact on the research community by providing access to the resources it needs to shape the future of clouds. Cloud architecture research, enabled by CloudLab, will empower a new generation of applications and services which will bring direct benefit to the public in areas of national priority such as medicine, smart grids, and natural disaster early warning and response.