Date: Tuesday 25 March 2014
Time: 14:30 - 16:00
Location / Room: Konferenz 4

Chair:
Rolf Ernst, Technische Universitaet Braunschweig, DE

Co-Chair:
Anuradha Annaswamy, MIT, US

This session showcases recent results in cybersecurity and codesign in CPS. The first paper analyzes a stealth cyberattack scenario where a distributed sensor system is disturbed by an attacker who tries to reduce the sensor fusion quality and suggests an algorithmic approach to increase robustness against this attack. The second paper addresses the joint design of a feedback controller and a server-based resource reservation mechanism to guarantee closed-loop stability. The third paper describes a codesign approach formally guaranteeing control robustness for a communication channel with a bounded number of frame losses.

Time	Label	Presentation Title Authors
14:30	3.6.1	(Best Paper Award Candidate) ATTACK-RESILIENT SENSOR FUSION Speakers: Radoslav Ivanov, Miroslav Pajic and Insup Lee, University of Pennsylvania, US Abstract This work considers the problem of attack-resilient sensor fusion in an autonomous system where multiple sensors measure the same physical variable. A malicious attacker may corrupt a subset of these sensors and send wrong measurements to the controller on their behalf, potentially compromising the safety of the system. We formalize the goals and constraints of such an attacker who also wants to avoid detection by the system. We argue that the attacker's capabilities depend on the amount of information she has about the correct sensors' measurements. In the presence of a shared bus where messages are broadcast to all components connected to the network, the attacker may consider all other measurements before sending her own in order to achieve maximal impact. Consequently, we investigate effects of communication schedules on sensor fusion performance. We provide worst- and average-case results in support of the Ascending schedule, where sensors send their measurements in a fixed succession based on their precision, starting from the most precise sensors. Finally, we provide a case study to illustrate the use of this approach.
15:00	3.6.2	BANDWIDTH-EFFICIENT CONTROLLER-SERVER CO-DESIGN WITH STABILITY GUARANTEES Speakers: Amir Aminifar1, Enrico Bini2, Petru Eles1 and Zebo Peng1 1Linköping University, SE; 2Lund University, SE Abstract Many cyber-physical systems comprise several control applications implemented on a shared platform, for which stability is a fundamental requirement. This is as opposed to the classical hard real-time systems where often the criterion is meeting the deadline. However, the stability of control applications depends on not only the delay experienced, but also the jitter. Therefore, the notion of deadline is considered to be artificial for control applications that promotes the need for new techniques for designing cyber-physical systems. The approach in this paper is built on a server-based resource reservation mechanism, which provides compositionality, isolation, and the opportunity of systematic controller-server co-design. We address the controller-server co-design of such systems to obtain design solutions with the minimal bandwidth to guarantee stability.
15:30	3.6.3	FAULT-TOLERANT CONTROL SYNTHESIS AND VERIFICATION OF DISTRIBUTED EMBEDDED SYSTEMS Speakers: Matthias Kauer1, Damoon Soudbakhsh2, Dip Goswami3, Samarjit Chakraborty4 and Anuradha Annaswamy5 1TUM CREATE Ltd,, SG; 2Masschussetts Institute of Technology, US; 3Eindhoven University of Technology, NL; 4TU Munich, DE; 5MIT, US Abstract We deal with synthesis of distributed embedded control systems closed over a faulty or severely constrained communication network. Such overloaded communication networks are common in cost-sensitive domains such as automotive. Design of such systems aims to meet all deadlines following the traditional notion of schedulability. In this work, we aim to exploit robustness of the controller and propose a novel implementation approach to achieve a tighter design. Toward this, we answer two research questions: (i) given a distributed architecture, how to characterize and formally verify the bound on deadline misses, (ii) given such a bound, how to design a controller such that desired stability and Quality of Control (QoC) requirements are met. We address question (i) by modeling a distributed embedded architecture as a network of Event Count Automata (ECA), and subsequently introducing and formally verifying a property formulation with reduced complexity. We address question (ii) by introducing a novel fault-tolerant control strategy which adjusts the control input at runtime based on the occurrence of fault or drop. We show that QoC under faulty communication improves significantly using the proposed fault-tolerant strategy.
16:00	IP1-21, 195	GARBAGE COLLECTION FOR MULTI-VERSION INDEX ON FLASH MEMORY Speakers: Kam-Yiu Lam1, Jian-Tao Wang1, Yuan-Hao Chang2, Jen-Wei Hsieh3, Po-Chun Huang4, Chung Keung Poon5 and ChunJiang Zhu1 1City University of Hong Kong, HK; 2Academia Sinica, TW; 3National Taiwan University of Science and Technology, TW; 4Acadmia Sinica, TW; 5City University of Hong Kong, TW Abstract In this paper, we study the important performance issues in using the purging-range query to reclaim old data versions to be free blocks in a flash-based multi-version database. To reduce the overheads for using the purging-range query in garbage collection, the physical block labeling (PBL) scheme is proposed to provide a better estimation on the purging version number to be used for purging old data versions. With the use of the frequency-based placement (FBP) scheme to place data versions in a block, the efficiency in garbage collection can be further enhanced by increasing the deadspans of data versions and reducing reallocation cost especially when the spaces of the flash memory for the databases are limited.
16:01	IP1-22, 395	D2CYBER: A DESIGN AUTOMATION TOOL FOR DEPENDABLE CYBERCARS Speakers: Arslan Munir and Farinaz Koushanfar, Rice University, US Abstract The next generation of automobiles (also known as cybercars) will increasingly incorporate electronic control units (ECUs) in novel automotive control applications. Recent work has demonstrated vulnerability of modern car control systems to security attacks that directly impacts the cybercar's physical safety and dependability. In this paper, we provide an integrated approach for the design of secure and dependable cybercars using a case study: a steer-by-wire (SBW) application over controller area network (CAN). The challenge is to embed both security and dependability over CAN while ensuring that the real-time constraints of the cybercar applications are not violated. Our approach enables early design feasibility analysis by embedding essential security primitives (i.e., confidentiality, integrity, and authentication) over CAN subject to the real-time constraints imposed by the desired quality of service and behavioral reliability. Our method leverages multi-core ECUs for providing fault-tolerance by redundant multi-threading (RMT) and also further enhances RMT for quick error detection. We quantify the error resilience of our approach and evaluate the interplay of performance, fault-tolerance, security, and scalability for our SBW case study.
16:02	IP1-23, 819	CONTRACT-BASED DESIGN OF CONTROL PROTOCOLS FOR SAFETY-CRITICAL CYBER-PHYSICAL SYSTEMS Speakers: Pierluigi Nuzzo, John Finn, Antonio Iannopollo and Alberto Sangiovanni-Vincentelli, University of California at Berkeley, US Abstract We introduce a platform-based design methodology that addresses the complexity and heterogeneity of cyber-physical systems by using assume-guarantee contracts to formalize the design process and enable realization of control protocols in a hierarchical and compositional manner. Given the architecture of the physical plant to be controlled, the design is carried out as a sequence of refinement steps from an initial specification to a final implementation, including synthesis from requirements and mapping of higher-level functional and non-functional models into a set of candidate solutions built out of a library of components at the lower level. Initial top-level requirements are captured as contracts and expressed using linear temporal logic (LTL) and signal temporal logic (STL) formulas to enable requirement analysis and early detection of inconsistencies. Requirements are then refined into a controller architecture by combining reactive synthesis steps from LTL specifications with simulation-based design space exploration steps. We demonstrate our approach on the design of embedded controllers for aircraft electric power distribution.
16:00		End of session Coffee Break in Exhibition Area On Tuesday-Thursday the coffee and lunch breaks will be located in the Exhibition Area (Terrace Level).