This CPS Frontiers project addresses highly dynamic Cyber-Physical Systems (CPSs), understood as systems where a computing delay of a few milliseconds or an incorrectly computed response to a disturbance can lead to catastrophic consequences. Such is the case of cars losing traction when cornering at high speed, unmanned air vehicles performing critical maneuvers such as landing, or disaster and rescue response bipedal robots rushing through the rubble to collect information or save human lives. The preceding examples currently share a common element: the design of their control software is made possible by extensive experience, laborious testing and fine tuning of parameters, and yet, the resulting closed-loop system has no formal guarantees of meeting specifications. The vision of the project is to provide a methodology that allows for complex and dynamic CPSs to meet real-world requirements in an efficient and robust way through the formal synthesis of control software. The research is developing a formal framework for correct-by-construction control software synthesis for highly dynamic CPSs with broad applications to automotive safety systems, prostheses, exoskeletons, aerospace systems, manufacturing, and legged robotics. The design methodology developed here will improve the competitiveness of segments of industry that require a tight integration between hardware and highly advanced control software such as: automotive (dynamic stability and control), aerospace (UAVs), medical (prosthetics, orthotics, and exoskeleton design) and robotics (legged locomotion). To enhance the impact of these efforts, the PIs are developing interdisciplinary teaching materials to be made freely available and disseminating their work to a broad audience.

The project investigates a formal verification framework for artificial pancreas (AP) controllers that automate the delivery of insulin to patients with type-1 diabetes (T1D). AP controllers are safety critical: excessive insulin delivery can lead to serious, potentially fatal, consequences. The verification framework under development allows designers of AP controllers to check that their control algorithms will operate safely and reliably against large disturbances that include patient meals, physical activities, and sensor anomalies including noise, delays, and sensor attenuation. The intellectual merits of the project lie in the development of state-of-the-art formal verification tools, that reason over mathematical models of the closed-loop including external disturbances and insulin-glucose response. These tools perform an exhaustive exploration of the closed loop system behaviors, generating potentially adverse situations for the control algorithm under verification. In addition, automatic techniques are being investigated to help AP designers improve the control algorithm by tuning controller parameters to eliminate harmful behaviors and optimize performance. The broader significance and importance of the project are to minimize the manual testing effort for AP controllers, integrate formal tools in the certification process, and ultimately ensure the availability of safe and reliable devices to patients with type-1 diabetes. The framework is made available to researchers who are developing AP controllers to help them verify and iteratively improve their designs. The team is integrating the research into the educational mission by designing hands-on courses to train undergraduate students in the science of Cyber-Physical Systems (CPS) using the design of AP controllers as a motivating example. Furthermore, educational material that explains the basic ideas, current challenges and promises of the AP concept is being made available to a wide audience that includes patients with T1D, their families, interested students, and researchers. The research is being carried out collaboratively by teams of experts in formal verification for Cyber-Physical Systems, control system experts with experience designing AP controllers, mathematical modeling experts, and clinical experts who have clinically evaluated AP controllers. To enable the construction of the verification framework from the current state-of-the-art verification tools, the project is addressing major research challenges, including (a) building plausible mathematical models of disturbances from available clinical datasets characterizing human meals, activity patterns, and continuous glucose sensor anomalies. The resulting models are integrated in a formal verification framework; (b) simplifying existing models of insulin glucose response using smaller but more complex delay differential models; (c) automating the process of abstracting the controller implementation for the purposes of verification; (d) producing verification results that can be interpreted by control engineers and clinical researchers without necessarily understanding formal verification techniques; and (e) partially automating the process of design improvements to potentially eliminate severe faults and improve performance. The framework is evaluated on a set of promising AP controller designs that are currently under various stages of clinical evaluation.

Harnessing wind energy is one of the pressing challenges of our time. The scale, complexity, and robustness of wind power systems present compelling cyber-physical system design issues. Leveraging the physical infrastructure at Purdue, this project aims to develop comprehensive computational infrastructure for distributed real-time control. In contrast to traditional efforts that focus on programming-in-the-small, this project emphasizes programmability, robustness, longevity, and assurance of integrated wind farms. The design of the proposed computational infrastructure is motivated by, and validated on, complex cyber-physical interactions underlying Wind Power Engineering. There are currently no high-level tools for expressing coordinated behavior of wind farms. Using the proposed cyber-physical system, the project aims to validate the thesis that integrated control techniques can significantly improve performance, reduce downtime, improve predictability of maintenance, and enhance safety in operational environments. The project has significant broader impact. Wind energy in the US is the fastest growing source of clean, renewable domestically produced energy. Improvements in productivity and longevity of this clean energy source, even by a few percentage points will have significant impact on the overall energy landscape and decision-making. Mitigating failures and enhancing safety will go a long way towards shaping popular perceptions of wind farms -- accelerating broader acceptance within local communities. Given the relative infancy of "smart" wind farms, the potential of the project cannot be overstated.

This Data-driven Decision-making in Cyber-physical systems (CPS) project focuses on bringing tools from data science and systems science together to develop new tools for analyzing and making accurate decisions in complex cyber-physical systems (e.g., power-grid, transportation network, power plants and smart buildings) to make them safer, more efficient and highly secure. This project develops algorithms, implements software and demonstrates proof-of-concept using large integrated building system as a challenge application area. Potential advantages of the tools developed in this research over current methods will be higher degree of accuracy, increased automation and lower cost of implementation. Majority of state-of-the-art methods use ad-hoc rules and physics-based models for such problems. However, they lack in accuracy and scalability due to the very complex nature of current and future large interconnected systems. The tools developed in this project will alleviate these issues significantly via intelligent use of large volume of data generated from the systems. The theoretical aspect of the research will make use of inherently multidisciplinary concepts from Nonlinear Dynamics, Information Theory, Machine Learning and Statistical Mechanics. The research project primarily supports interdisciplinary education and career development of graduate students as well as offers education and outreach programs to high school and undergraduate students in STEM disciplines. The project engages the Center for Building Energy Research (CBER) at Iowa State to demonstrate success on a real platform. The center provides a unique opportunity to the researchers to test and validate the tools on the Interlock House test bed which is a high end field laboratory for energy efficiency research and data validation. This enhances the potential of transitioning the new technology toward commercial reality.Soumik

This project advances the scientific knowledge on design methods for improving the resilience of civil infrastructures to disruptions. To improve resilience, critical services in civil infrastructure sectors must utilize new diagnostic tools and control algorithms that ensure survivability in the presence of both security attacks and random faults, and also include the models of incentives of human decision makers in the design process. This project will develop a practical design toolkit and platform to enable the integration of resiliency-improving control tools and incentive schemes for Cyber-Physical Systems (CPS) deployed in civil infrastructures. Theory and algorithms will be applied to assess resiliency levels, select strategies to improve performance, and provide reliability and security guarantees for sector-specific CPS functionalities in water, electricity distribution and transportation infrastructures. The main focus is on resilient design of network control functionalities to address problems of incident response, demand management, and supply uncertainties. More broadly, the knowledge and tools from this project will influence CPS designs in water, transport, and energy sectors, and also be applicable to other systems such as supply-chains for food, oil and gas. The proposed platform will be used to develop case studies, test implementations, and design projects for supporting education and outreach activities. Current CPS deployments lack integrated components designed to survive in uncertain environments subject to random events and the actions of strategic entities. The toolkit (i) models the propagation of disruptions due to failure of cyber-physical components, (ii) detects and responds to both local and network-level failures, and (iii) designs incentive schemes that improve aggregate levels of public good (e.g., decongestion, security), while accounting for network interdependencies and private information among strategic entities. The validation approach uses real-world data collected from public sources, test cases developed by domain experts, and simulation software. These tools are integrated to provide a multi-layer design platform, which explores the design space to synthesize solutions that meet resiliency specifications. The platform ensures that synthesized implementations meet functionality requirements, and also estimates the performance guarantees necessary for CPS resilience. This modeling, validation, exploration, and synthesis approach provides a scientific basis for resilience engineering. It supports CPS education by providing a platform and structured workflow for future engineers to approach and appreciate implementation realities and socio-technical constraints.

SCALE2 explores the design of resilient, inexpensive cyber-physical systems (CPS) technologies to create community-wide smartspaces for public/personal safety. SCALE2 aims to demonstrate that community safety can be realized by augmenting CPS technologies with end-to-end resilience mechanisms. Such a study requires real-world community-scale deployments to understand citizen concerns and can only be achieved through partnerships between various stakeholders - researchers, government agencies, and industry. The SCALE2 multisensory platform will use inexpensive Internet of things (IoT) components, and support dependable operation by enabling resilient information-flow through multiple system layers. Research will explore mechanisms for (a) ingest of real-time data through flexible rich data models, (b) Quality of Service (QoS)-aware messaging to cloud platforms, and (c) reliable detection of higher-level community events through semantics-driven virtual sensing. SCALE2, through its established partnerships/testbeds, offers a unique short-term opportunity to guide future resilience technologies, train the next generation of students and have broader community impact. SCALE2 will be deployed at Montgomery County, MD, and the Irvine-Sensorium working with local agencies.

The electric power grid, a cyber-physical system (CPS), faces an alarmingly high risk of catastrophic damage from cyber-attacks. However, modeling cyber-attacks, evaluating consequences, and developing appropriate countermeasures require a detailed, realistic, and tractable model of electric power CPS operations. The primary barrier is the lack of access to models for the complex legacy proprietary systems upon which the electric power grid has relied for decades. This project aims to overcome these challenges with the development of an attack-verifying (verifiable) software framework that will capture the electric power system operations in adequate detail. Cyber threats will be verified using this framework through a combination of sound theoretical methods and an open-source commercial simulation engine accessible via a unique transition to practice (TTP) option. This research focuses on four fundamental and related thrusts: (i) identifying classes of cyber-attacks with quantifiable physical consequences and developing detection-based countermeasures; (ii) identifying communication attacks on distributed grid operations and developing information-sharing countermeasures; (iii) developing a verifiable software framework that models the spatio-temporal operations of the electric grid in tandem with thrusts (i) and (ii) to verify attack models, evaluate countermeasures, and develop new resiliency protocols; and (iv) a TTP option, in collaboration with industry-leading experts from IncSys and PowerData, to develop commercial grade open source power simulation software packages to integrate and test the attacks and countermeasures of Thrusts (i) through (iii) as well as develop workforce training curriculum for North American Electric Reliability Council (NERC) certification. This research also includes engagement with K-12 students via the Arizona Science Laboratory program.

This project focuses on modeling and mitigating cyber attacks on Cyber-Physical Systems (CPS), which are increasingly prevalent in all aspects of society such as health care, energy, and transportation. Attacks initiated on the cyber components of CPS can be mounted remotely at little economic cost and can significantly degrade the safety and performance of CPS due to the tight coupling between cyber and physical components. This project develops a passivity-based framework for modeling, composing, and mitigating multiple attacks on CPS. Passivity is an energy dissipation property that provides basic rules for analyzing and composing interconnected systems. In addition to passive adversary models and composition rules, this project will investigate techniques for decomposition of composed attack models into basic primitives which will lead to development of new mitigation strategies. Approximate bi-simulation techniques will be introduced to verify the developed adversary models and mitigation strategies. The proposed approach is general and will be applicable to mitigate CPS security challenges arising in multiple sectors including transportation, energy, manufacturing, and others. The goals of the project are as follows: (a) research and development of passive dynamical models of multiple attacks, as well as characterization of the class of attacks that admit a passive representation; (b) investigation and development of passivity-based composition and decomposition rules, enabling identification of new attack variants and associated mitigation strategies; (c) research and development of approximate techniques for verification of composed adversary models and mitigation strategies; and (d) validation and prototyping of the proposed models through an experimental testbed.

Advances in technology mean that computer-controlled physical devices that currently still require human operators, such as automobiles, trains, airplanes, and medical treatment systems, could operate entirely autonomously and make rational decisions on their own. Autonomous cars and drones are a concrete and highly publicized face of this dream. Before this dream can be realized we must address the need for safety - the guaranteed absence of undesirable behaviors emerging from autonomy. Highly publicized technology accidents such as rocket launch failures, uncontrolled exposure to radiation during treatment, aircraft automation failures and unintended automotive accelerations serve as warnings of what can happen if safety is not adequately addressed in the design of such cyber-physical systems. One approach for safety analysis is the use of software tools that apply formal logic to prove the absence of undesired behavior in the control software of a system. In prior work, this approach this been proven to work for simple controller software that is generated automatically by tools from abstract models like Simulink diagrams. However, autonomous decision making requires more complex software that is able to solve optimization problems in real time. Formal verification of control software that includes such optimization algorithms remains an unmet challenge. The project SORTIES (Semantics of Optimization for Real Time Intelligent Embedded Systems) draws upon expertise in optimization theory, control theory, and computer science to address this challenge. Beginning with the convergence properties of convex optimization algorithms, SORTIES examines how these properties can be automatically expressed as inductive invariants for the software implementation of the algorithms, and then incorporates these properties inside the source code itself as formal annotations which convey the underlying reasoning to the software engineer and to existing computer-aided verification tools. The SORTIES goal is an open-source-semantics-carrying autocoder, which takes an optimization algorithm and its convergence properties as input, and produces annotated, verifiable code as output. The demonstration of the tool on several examples, such as a Mars lander, an aircraft avionics system, and a jet engine controller, shows that the evidence of quality produced by annotations is fully compatible with its application to truly functional products. Project research is integrated with education through training of "tri-lingual" professionals, who are equally conversant in system operation, program analysis, and the theory of control and optimization.