Every year around 30,000 fatalities and 2.2 million injuries happen on US roads. The problem is compounded with huge economic losses due to traffic congestions. Advances in Cooperative Vehicle Efficiency and Safety (CVES) systems promise to significantly reduce the human and economic cost of transportation. However, large scale deployment of such systems is impeded by significant technical and scientific gaps, especially when it comes to achieving real-time and high accuracy situational awareness for cooperating vehicles. This CAREER project aims at closing these gaps through developing fundamental information networking methodologies for coordinated control of automated systems. These methodologies will be based on the innovative concept of modeled knowledge propagation. In addition, the educational component of this project integrates interdisciplinary Cyber-Physical Systems (CPS) subjects on the design of automated networked systems into graduate and undergraduate training modules. For robust operation, CVES systems require each vehicle to have reliable real-time awareness of the state of other coordinated vehicles. This project addresses the critical need for robust control-oriented situational awareness by developing a multi-resolution information networking methodology that is model- and context-aware. The approach is to develop the novel concepts of model communication and its derived multi-resolution networking. Context-aware model-communication relies on transmission and synchronization of models (e.g., stochastic hybrid system structures and parameters) instead of raw measurements. This allows for high fidelity synchronization of dynamical models of CVES over networks. Multi-resolution networking concept is enabled through scalable representations of models. Multi resolution models allow in-network adaptation of model fidelity to available network resources. The result is robustness of CVES to network service variability. The successful deployment of CVES, even partially, will provide significant societal benefits through reduced traffic accidents and improved efficiency. This project will enable large scale CVES deployment by addressing its scalability challenge. In addition, methodologies developed in this project will be crucial to emerging autonomous vehicles, which are also expected to coordinate their actions over communication networks. The fundamental research outcomes on knowledge propagation through network synchronization of dynamical models will be broadly applicable in other CPS domains such as smart grid. The educational component of this project will target training of CPS researchers and engineers on subjects in intelligent transportation and energy systems.

The age of autonomous mobile systems is dawning -- from autonomous cars to household robots to aerial drones -- and they are expected to transform multiple industries and have significant impact on the US economy. Through wireless coordination, these systems create a whole that is greater than the sum of its parts. For example, vehicle "platoons" increase both highway throughput and fuel efficiency by traveling nearly bumper-to-bumper, using a wireless coupling to brake and accelerate simultaneously. Similarly, vehicles or drones can speed around blind corners using the sensing capabilities of the agents ahead of them. However, wireless communication is still considered too unreliable for safety-critical operations like these. This research is creating new techniques for safe wirelessly coordinated mobility, which is becoming increasingly important with the proliferation of autonomous mobile systems. The approach is to develop a framework for joint modeling and analysis of motion and communication in order to find provably safe coordination paths. This includes new models that can predict the effect of motion paths on the wireless channel, together with new formal methods that can use these models in a tractable manner to synthesize control strategies with provable guarantees. The key innovations include new methods to assess the validity of a Radio Frequency model, new methods for tractable probabilistic reasoning over complex models of the wireless channel and protocols, and new control strategies that achieve provable safety guarantees for states that would have been unsafe without wireless coordination. If successful, this research will allow mobile systems to realize the performance benefits of wireless coordination while preserving the ability to provide provable safety guarantees. The focus is not on improving the wireless channel reliability; instead, the aim is to provide safety guarantees on the entire mobile system by modeling and analyzing the channel's dynamic properties in a rapidly changing environment.

Cyber-physical systems (CPS) are deployed in safety-critical and mission-critical applications for which security is a primary design concern. At the same time, these systems must be designed to be more flexible to changing requirements and environment conditions. This project pursues foundational work on a new methodology for CPS design to enable a "plug-and-play" approach that also ensures the security and safety of the system from the design phase. Such a principled design approach can have an enormous positive impact on the emerging national "smart" infrastructure. Through collaborations with industry partners, the project aims to improve the design process in the CPS industry with a particular focus on automotive systems. Additionally, this project plans to integrate research into undergraduate and graduate coursework, especially capstone projects, and will have an impact on the textbooks and online course content developed by the researchers. This project develops a fundamentally new theory for quantitative contract-based design of CPS that balances security requirements with critical safety and performance concerns. This theory meets a pressing need faced by industrial cyber-physical systems, which are being transformed by a push towards "plug-and-play" design architectures. This push tends to upend the design process for CPS, bringing with it renewed concerns about security and privacy. The proposed approach has the following key components: (i) a precise interface specification for each "plug-in" component in a novel quantitative temporal logic; (ii) rapid, run-time verification methods for checking component conformance to specifications, and (iii) A new approach for mapping components onto existing architectures while satisfying performance and security specifications, and minimizing costs. The approach will be developed and evaluated in an industrial automotive context. The proposed rigorous logic-based formalism, backed by algorithmic advances in verification and synthesis, has the potential to create new fundamental science and help put the industrial trend towards plug-and-play architectures on a firm footing.

Automation is being increasingly introduced into every man-made system. The thrust to achieve trustworthy autonomous systems, which can attain goals independently in the presence of significant uncertainties and for long periods of time without any human intervention, has always been enticing. Significant progress has been made in the avenues of both software and hardware for meeting these objectives. However, technological challenges still exist and particularly in terms of decision making under uncertainty. In an autonomous system, uncertainties can arise from the operating environment, adversarial attacks, and from within the system. While a lot of work has been done on ensuring safety of systems under standard sensing errors, much less attention has been given on securing it and its sensors from attacks. As such, autonomous cyber-physical systems (CPS), which rely heavily on sensing units for decision making, remain vulnerable to such attacks. Given the fact that the age of autonomous CPS is upon us and their influence is gradually increasing, it becomes an urgent task to develop effective solutions to ensure the security and trustworthiness of autonomous CPS under adversarial attacks. The researchers of this project provide a comprehensive real-time, resource-aware solution for detection and recovery of autonomous CPS from physical and cyber-attacks. This project also includes effort to educate and prepare the community for the potential cyber and physical threats on autonomous CPS. With the observation that a thorough security certification of autonomous CPS will provide formal evaluation of autonomous CPS, the researchers in this project intend to develop methods to facilitate manufacturers for certifying security solutions. Toward this goal, the researchers will first develop new theories to understand the impact of physical and cyber-attack on system level properties such as controllability, stability, and safety. They will then develop algorithms for detection and recovery of CPS from physical attacks on active sensors. The proposed recovery method will ensure the integrity of sensor measurements when the system is under attack. Furthermore, a new analysis framework will be constructed that uses platform-based design methodology to represent the CPS and verifies it against design metric constraints such as security, timing, resource, and performance. The key contributions of this project towards autonomous CPS security certification include 1) a comprehensive study of relationship between attacks and system-level properties; 2) algorithms and their optimization for detection and automatic recovery of autonomous CPS from attacks; and 3) systematically quantifying impact of security on design metrics.

Cyber-physical systems (CPS) encompass the next generation of computerized control for countless aspects of the physical world and interactions thereof. The typical engineering process for CPS reuses existing designs, models, components, and software from one version to the next. For example, in automotive engineering, it is common to reuse significant portions of existing model-year vehicle designs when developing the next model-year vehicle, and such practices are common across CPS industries, from aerospace to biomedical. While reuse drastically enhances efficiency and productivity, it leads to the possibility of introducing unintended mismatches between subcomponents' specifications. For example, a 2011 US National Highway Traffic Safety Administration (NHTSA) recall of over 1.5 million model-year 2005-2010 vehicles was due to the upgrade of a physical transmission component that was not appropriately addressed in software. A mismatch between cyber and physical specifications may occur when a software or hardware upgrade (in effect, a cyber or physical specification change) is not addressed by an update (in effect, a matching specification change) in the other domain. This research will develop new techniques and software tools to detect automatically if cyber-physical specification mismatches exist, and then mitigate the effects of such mismatches at runtime, with the overall goal to yield more reliable and safer CPS upon which society increasingly depends. The detection and mitigation methods developed will be evaluated in an energy CPS testbed. While the evaluation testbed is in the energy domain, the methods are applicable to other CPS domains such as automotive, aerospace, and biomedical. The educational goals will bridge gaps between computer science and electrical engineering, preparing a diverse set of next-generation CPS engineers by developing education platforms to enhance CPS engineering design and verification skills. The proposed research is to develop new techniques and tools to automatically identify and mitigate the effects of cyber-physical specification mismatches. There are three major research objectives. The first objective is to identify cyber-physical specification mismatches. To identify mismatches, a detection problem will be formalized using the framework of hybrid input/output automata (HIOA). Offline algorithms will be designed to find candidate specifications from models and implementations using static and dynamic analyses, and then identify candidate mismatches. The second objective is to monitor and assure safe CPS upgrades. As modern CPS designs are complex, it may be infeasible to determine all specifications and mismatches between all subcomponents at design time. Runtime monitoring and verification methods will be developed for inferred specifications to detect mismatches at runtime. When they are identified, a runtime assurance framework building on supervisory control and the Simplex architecture will assure safe CPS runtime operation. The third objective is to evaluate safe CPS upgrades in an example CPS. The results of the other objectives and their ability to ensure safe CPS upgrades will be evaluated in an energy CPS testbed, namely an AC electrical distribution microgrid that interfaces DC-producing renewables like photovoltaics to AC.

Cyber-physical systems (CPS) are engineered systems created as networks of interacting physical and computational processes. Most modern products in major industrial sectors, such as automotive, avionics, medical devices, and power systems already are or rapidly becoming CPS driven by new requirements and competitive pressures. However, in recent years, a number of successful cyber attacks against CPS targets, some of which have even caused severe physical damage, have demonstrated that security and resilience of CPS is a very critical problem, and that new methods and technologies are required to build dependable systems. Modern automotive vehicles, for example, employ sensors such as laser range finders and cameras, GPS and inertial measurement units, on-board computing, and network connections all of which contribute to vulnerabilities that can be exploited for deploying attacks with possibly catastrophic consequences. Securing such systems requires that potential points of compromise and vehicle-related data are protected. In order to fulfill the great promise of CPS technologies such as autonomous vehicles and realize the potential technological, economic, and societal impact, it is necessary to develop principles and methods that ensure the development of CPS capable of functioning dependably, safely, and securely. In view of these challenges, the project develops an approach for integration of reconfigurable control software design and moving target defense for CPS. The main idea is to improve CPS security by making the attack surface dynamic and unpredictable while ensuring safe behavior and correct functionality of the overall system. The proposed energy-based control design approach generates multiple alternatives of the software application that are robust to performance variability and uncertainty. A runtime environment is designed to implement instruction set randomization, address space randomization, and data space randomization. The heart of the runtime environment is a configuration manager that can modify the software configuration, either proactively or reactively upon detection of attacks, while preserving the functionality and ensuring stable and safe CPS behavior. By changing the control software on-the-fly, the approach creates a cyber moving target and raises significantly the cost for a successful attack without impacting the essential behavior and functionality. Demonstration and experimental evaluation will be performed using a hardware-in-the-loop simulation testbed for automotive CPS.