Static-Dynamic Analysis of Security Metrics
|
|
- Stuart Harrington
- 6 years ago
- Views:
Transcription
1 Static-Dynamic Analysis of Security Metrics for Cyber-Physical Systems Sayan Mitra (PI), Geir Dullerud (co-pi), Swarat Chaudhuri (co-pi) University of Illinois at Urbana Champaign NSA SoS Quarterly meeting, University of Maryland October 29 th
2 Project team Sayan Mitra UIUC, ECE Hybrid & Distributed systems Geir Dullerud UIUC, MechE Control theory, hybrid systems Swarat Chaudhuri Rice University, CS Programming Languages, Formal methods Zhenqi Huang PhD student, ECE Yu Wang PhD student, MechE 2
3 Project goal Hard problem addressed: (1) Predictive security metrics and (2) scalability and composability Title: Static-Dynamic Analysis of Security Metrics for Cyber- Physical Systems Goals: (a) Identify security metrics & adversary models (b) develop theory, algorithms & tools for analyzing the metrics in the context of adversary models 3
4 CPS & Security Plant dynamics Actuator hardware Sensor hardware Controller Hardware software 4
5 Models, code, adversaries, & metrics Plant dynamics Actuator hardware Sensor hardware Controller Hardware software 5
6 Hierarchy of modeling formalisms Discrete transition systems (countable states) FSM, PDA, TMs Communicating processes IO automata, process algebras Dynamical Systems x = f(x, t, u) Guard(x) x = f 1 x, t Inv 1 Nondeterministic transition systems Switched Systems x = f σ t (x, t, u) Reset(x, x ) x = f 2 x, t Inv 2 Networked Hybrid Automata* 6
7 Metrics : Physical systems to CPS Safety factor, Margin of safety, reserve capacity Availability, Stability envelope, safety margin, vulnerability level Brooklyn bridge (1883) Adversary models access: actuator intrusion sensor jamming malicious programs energy: opportunistic curious focused committed 7
8 Outline Two problems Reachability for nonlinear hybrid systems Cost of security in distributed control Two applications Alerting protocol for parallel landing Pacemaker with networked cardiac tissue Ongoing work Synthesis with and for adversary 8
9 Part 1 STATIC-DYNAMIC ANALYSIS 9
10 Basic analysis problem: verification. Model, adversary, requirements Algorithm Bug trace Certificate x 0 Init, u U, a A, t [0, T], such that trajectory ξ x 0, a, u, t violates requirements? Yes (bug / security violation trace) / No (certificate) 10
11 Hybrid System Safety Verification. Early 90 s: Exactly compute unbounded time reach set Decidable for timed automata [Alur Dill 92] Undecidable even for rectangular dynamics [Henzinger 95] Late : Approximate bounded time reach set Hamilton-Jacobi-Bellman approach [Tomlin et al. 02] Polytopes [Henzinger 97], ellipsoids [Kurzhanski] zonotopes [Girard 05], support functions [Frehse 08] Predicate abstraction [Alur 03], CEGAR [Clarke 03] [Mitra 13] Today: Scalability Simulation-based methods [Julius 02] [Mitra 10-13][Donze 07] 11
12 A simple strategy Given start S and target Compute finite cover of initial set Simulate from the center x 0 of each cover Bloat simulation so that bloated tube contains all trajectories from the cover Union = over-approximation of reach set Check intersection/containment with T Refine T x 0 How much to bloat? How to handle mode switches? 12
13 Discrepancy (Annotations in the spirit of loop invariants). Definition. β: R 2n R 0 R 0 defines a discrepancy of the system if for any two states x 1 and x 2 X, For any t, 1. ξ x 1, t ξ x 2, t β x 1, x 2, t and 2. β 0 as x 1 x 2 x 0 invariant x 10 until x 10 do x x + 1 od ξ x 1, t V ξ x 1, t, ξ x 2, t β x 1, x 2, t 13
14 Lipschitz Constant. If L is a Lipschitz constant for f(x,t) then ξ x 1, t ξ x 2, t e Lt x 1 x 2 Theorem [Lohmiller & Slotine 98]. A positive definite matrix M is a contraction metric if there is a constant b M > 0 such that the Jacobian J of f satisfies: J T M + M J + b M M 0. If M is a contraction metric then k, δ > 0 such that ξ x, t 14
15 Hybrid Systems: Invariants Track & propagate may and must fragments of reachtube tagregion R, P = must may not R P R P R P = invariantprefix(ψ, S) = R 0, tag 0,, R m, tag m, such that either tag i = must if all the R j s before it are must tag i = may if all the R j s before it are at least may and at least one of them is not must 16
16 Sound & Relatively Complete. Theorem. (Soundness). If Algorithm returns safe or a counter-example, then A is indeed safe or has a counter-example. Definition Given HA A = V, Loc, A, D, T, an ε-perturbation of A is a new HA A that is identical except, Θ = B ε (Θ), l Loc, Inv = B ε (Inv) (b) a A, Guard a = B ε (Guard a ). A is robustly meets U iff ε > 0, such that A meets U ε upto time bound T, and transition bound N. Robustly violates iff ε < 0 such that A is violates U ε. Theorem. (Relative Completeness) Algorithm always terminates whenever the A is either robustly meets or violates the requirement. 17
17 Part II COST OF PRIVACY IN CONTROL Huang Wang Mitra Dullerud [CCS WPES 2012] [HiCons 2014] [CDC 2014] [ICDCN 2015] 18
18 Controlling Agents in a Shared Environment x 1 x 1 x n x n Traffic Traffic z = 1 N x i z = 1 n x i z z Vehicle Vehicle i x i = f i (x i, z, i u) x i = f i (x i, z, u) Controller Controller u i = g(x i, z) u i = g i (p i, x i ) Vehicle Vehicle j x j = f j (x j, z, j u) x j = f j (x j, z, u) Controller Controller u j = g(x j, z) u j = g j (x j ) 19
19 Controlling Agents in a Shared Environment x 1 x 1 x n x n Traffic Traffic z = 1 N x i z = 1 n x i z z x 1 x n Server z = 1 n x i z Vehicle Vehicle i x i = f i (x i, z, i u) x i = f i (x i, z, u) Vehicle Vehicle j x j = f j (x j, z, j u) x j = f j (x j, z, u) Controller Controller u i = g(x i, z) u i = g i (x i, z ) Controller Controller u j = g(x j, z) u j = g j (z ) M 20
20 Control while Protecting Sensitive Data Obs: observation stream of the system bounded by time T, the x 1 broadcast positions. Sensitive data: g = {g 1,, g n } g and g be two sequences of controllers that are identical except g i and g i. The system is differentially private iff P g leads to Obs P g leads to Obs e g i g i Cost of privacy: sup E[Cost g, M Cost g, M ] g,i What is the cost of Privacy in distributed control? 21
21 DP Control x 1 x 1 x n x n Traffic Traffic z = 1 N x i z = 1 n x i z z x 1 = x 1 + Lap( ΔT ε ) x 2 = x 2 + Lap( ΔT ε ) Server z = 1 n x i z Vehicle Vehicle i x i = f i (x i, z, i u) x i = f i (x i, z, u) Vehicle Vehicle j x j = f j (x j, z, j u) x j = f j (x j, z, u) Controller Controller u i = g(x i, z) u i = g i (x i, z) Controller Controller u j = g(x j, z) u j = g j (x j, z) M 22
22 Control while Protecting Sensitive Data Obs: observation stream of the system bounded by time T, the broadcast positions. x 1 Privacy: g and g be two sequences of controllers that are identical except g i and g i. The system preserves differentially private iff Cost of privacy: sup g P g leads to Obs P g leads to Obs e g i g i E[Cost g, M Cost g, M ] Theorem. COP = O( T3 N 2 ε2) for stable linear systems [HiCons 2014] Cost reasonable for short-lived agents and large number of agents Adversary estimates the initial system state from observations. X(t) = E[X(0) Z(0), Z(1),, Z(t)]. Accuracy at time t N is measured by H( X t ). Lower-bound on H for any ε-dp one shot query [CDC 2014]. 23
23 TWO APPLICATIONS OF STATIC-DYNAMIC ANALYSIS Duggirala Wang Mitra Munoz Viswanathan (FM 2014) Huang Fan Meracre Mitra Kiwatkowska (CAV 2014) 24
24 ysep SB SF SAPA-ALAS Parallel Landing Protocol Ownship and Intruder approaching parallel runways with small separation ALAS (at ownship) protocol is supposed to raise an alarm if within T time units the Intruder can violate safe separation based on 3 different projections xsep SH Verify Alert b Unsafe for different scenarios Scenario 1. With xsep [.11,.12] Nm ysep [.1,.21] Nm, φ = 30 o φ max = 45 o vy o = 136 Nmph, vy i = 155 Nmph Alert b Unsafe is satisfied by Reachtube ψ if I 2 Must Unsafe May Unsafe there exists I 1 Must Alert such that I 1 < I 2 b 25
25 Real-time Alerting Protocol. Sound & robustly completeness C2E2 verifies interesting scenarios in reasonable time; shows that false alarms are possible; found scenarios where alarm may be missed Scenario Alert 4 Unsafe Running time (mins:sec) Alert? Unsafe 6 False 3: True 1:13 8 True 2: False 7: True 2: True 4:55 9 False 2: False 3: False 4: False 6:
26 Scalability through Compositionality Module 1? Module 2 Module 1 Module 3 Module 2 Module 3 Module 4 Module 5 q a x 1 = f a (x 1, x 2, x 3 ) x 2 = f b (x 2, x 1, x 3 ) L N q b q c x 3 = f c (x 3, x 1, x 2 ) 27
27 Input-to-State (IS) Discrepancy u x = f(x, u) x x ξ(x, u, t) ξ(x,u, t) time u (t) u(t) time t Definition. IS discrepancy is defined by β and γ such that for any initial states x, x and any inputs u, u, ξ(x, u, t) ξ x, u, t β(x, x, t) + β 0 as x x, and γ 0 as u u 0 t γ u s u s ds 28
28 Reduced System M(δ 1, δ 2, V 1, V 2 ). x = f M x x = m 1, m 2, clk m 1 m 2 clk = f M x = β 1 δ 1, clk + γ 1 m 2 β 2 δ 2, clk + γ 2 m
29 Bloating with Reduced Model x 1 = f 1 (x 1, u 1 ) m 1 = β 1 δ, t +γ 1 (m 2,m 3 ) x 2 = f 2 (x 2,u 2 ) x 3 = f 3 (x 3, u 3 ) m 2 = β 2 δ, t +γ 2 (m 1,m 3 ) m 3 = β 3 δ, t +γ 3 (m 1,m 2 ) x m(t) ξ(t) time δ m(t) time The bloated tube contains all trajectories start from the δ-ball of x. The over-approximation can be computed arbitrarily precise. 30
30 Reduced M gives effective Discrepancy of A. Theorem. For any δ = δ 1,δ 2, V = V 1, V 2 and T Reach A B δ x, T t T B V μ t (ξ x, t ) Theorem. For any ϵ > 0 there exists δ = δ 1, δ 2 such that V (ξ x, t ) B ε (Reach A (B δ x, T) t T B μ t Here μ t is the solution of M(δ 1, δ 2, V 1, V 2 ). Huang et al. HSCC 2014, CAV
31 Pacemaker + Cardiac Network. Action potential remains in specific range No alternation of action potentials Nodes Thresh Sims Run time (s) Property TRUE TRUE TRUE TRUE NA 63.4 FALSE TRUE TRUE
32 PART IV ONGOING WORK 33
33 Adversarial synthesis problem u t a t x t+1 = f t x t, u t, a t Given system A, u Ctr, x 0 Init, a Adv : t ξ(x 0, u, a, t) Safe ξ x 0, u, a, T Goal requirements are met? Adv: a i 2 b: intrusion budget constraints Ctr: c i u i k: actuation constraints 34
34 Decomposition with Leverage Reach x 0, u, Adv, t = Reach x 0, u, O, t L(x 0, u, t) ---Leverage For each t H, compute Safe t L t = Safe & Goal t L t = Goal Check u Ctrl : t, x 0 Init, Reach Init, u, 0, t Safe t? For linear dynamics and L2-budget L x 0, u, t can be computed exactly We can find b crit that makes control impossible Classify initial states based on vulnerability 35
35 Summary Static-Dynamic Analysis = sound and relatively complete algorithm for analysis of nonlinear nondeterministic models Tool support (C2E2, try it: Compositional analysis Symbolic simulation of adversary-free system + overapproximation of leverage Synthesize controllers and attack strategies Measure vulnerability of states w.r.t. attacks 36
Algorithmic Verification of Stability of Hybrid Systems
Algorithmic Verification of Stability of Hybrid Systems Pavithra Prabhakar Kansas State University University of Kansas February 24, 2017 1 Cyber-Physical Systems (CPS) Systems in which software "cyber"
More informationDryVR: Data-driven verification and compositional reasoning for automotive systems
DryVR: Data-driven verification and compositional reasoning for automotive systems Chuchu Fan, Bolun Qi, Sayan Mitra, Mahesh Viswannathan University of Illinois at Urbana-Champaign CAV 2017, Heidelberg,
More informationCEGAR:Counterexample-Guided Abstraction Refinement
CEGAR: Counterexample-guided Abstraction Refinement Sayan Mitra ECE/CS 584: Embedded System Verification November 13, 2012 Outline Finite State Systems: Abstraction Refinement CEGAR Validation Refinment
More informationVerifying Safety Properties of Hybrid Systems.
Verifying Safety Properties of Hybrid Systems. Sriram Sankaranarayanan University of Colorado, Boulder, CO. October 22, 2010. Talk Outline 1. Formal Verification 2. Hybrid Systems 3. Invariant Synthesis
More informationSimulation-based Verification of Cardiac Pacemakers with Guaranteed Coverage
1 Simulation-based Verification of Cardiac Pacemakers with Guaranteed Coverage Zhenqi Huang 1, Chuchu Fan 1, Alexandru Mereacre 2, Sayan Mitra 1, Marta Kwiatkowska 2 1 {zhuang25,cfan10,mitras}@illinois.edu
More informationLecture 6: Reachability Analysis of Timed and Hybrid Automata
University of Illinois at Urbana-Champaign Lecture 6: Reachability Analysis of Timed and Hybrid Automata Sayan Mitra Special Classes of Hybrid Automata Timed Automata ß Rectangular Initialized HA Rectangular
More informationAPPROXIMATE SIMULATION RELATIONS FOR HYBRID SYSTEMS 1. Antoine Girard A. Agung Julius George J. Pappas
APPROXIMATE SIMULATION RELATIONS FOR HYBRID SYSTEMS 1 Antoine Girard A. Agung Julius George J. Pappas Department of Electrical and Systems Engineering University of Pennsylvania Philadelphia, PA 1914 {agirard,agung,pappasg}@seas.upenn.edu
More informationANALYZING REAL TIME LINEAR CONTROL SYSTEMS USING SOFTWARE VERIFICATION. Parasara Sridhar Duggirala UConn Mahesh Viswanathan UIUC
ANALYZING REAL TIME LINEAR CONTROL SYSTEMS USING SOFTWARE VERIFICATION Parasara Sridhar Duggirala UConn Mahesh Viswanathan UIUC Real-Time Systems Linear Control Systems Verification Verification Control
More informationVerification of Nonlinear Hybrid Systems with Ariadne
Verification of Nonlinear Hybrid Systems with Ariadne Luca Geretti and Tiziano Villa June 2, 2016 June 2, 2016 Verona, Italy 1 / 1 Outline June 2, 2016 Verona, Italy 2 / 1 Outline June 2, 2016 Verona,
More informationSimulation-Based Verification of Cardiac Pacemakers With Guaranteed Coverage
Simulation-Based Verification of Cardiac Pacemakers With Guaranteed Coverage Zhenqi Huang, Chuchu Fan, and Sayan Mitra University of Illinois at Urbana-Champaign Alexandru Mereacre and Marta Kwiatkowska
More informationBounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39
Bounded Model Checking with SAT/SMT Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Recap: Symbolic Model Checking with BDDs Method used by most industrial strength model checkers:
More informationVerification of Hybrid Systems with Ariadne
Verification of Hybrid Systems with Ariadne Davide Bresolin 1 Luca Geretti 2 Tiziano Villa 3 1 University of Bologna 2 University of Udine 3 University of Verona An open workshop on Formal Methods for
More informationAutomatic reachability analysis for nonlinear hybrid models with C2E2
Automatic reachability analysis for nonlinear hybrid models with C2E2 Chuchu Fan 1, Bolun Qi 1, Sayan Mitra 1, Mahesh Viswanathan 1, and Parasara Sridhar Duggirala 2 1 University of Illinois, Urbana-Champaign
More informationTesting System Conformance for Cyber-Physical Systems
Testing System Conformance for Cyber-Physical Systems Testing systems by walking the dog Rupak Majumdar Max Planck Institute for Software Systems Joint work with Vinayak Prabhu (MPI-SWS) and Jyo Deshmukh
More informationSymbolic Reachability Analysis of Lazy Linear Hybrid Automata. Susmit Jha, Bryan Brady and Sanjit A. Seshia
Symbolic Reachability Analysis of Lazy Linear Hybrid Automata Susmit Jha, Bryan Brady and Sanjit A. Seshia Traditional Hybrid Automata Traditional Hybrid Automata do not model delay and finite precision
More informationModels for Control and Verification
Outline Models for Control and Verification Ian Mitchell Department of Computer Science The University of British Columbia Classes of models Well-posed models Difference Equations Nonlinear Ordinary Differential
More informationEECS 144/244: System Modeling, Analysis, and Optimization
EECS 144/244: System Modeling, Analysis, and Optimization Continuous Systems Lecture: Hybrid Systems Alexandre Donzé University of California, Berkeley April 5, 2013 Alexandre Donzé: EECS 144/244 Hybrid
More informationController Synthesis for Linear Time-varying Systems with Adversaries
Controller Synthesis for Linear Time-varying Systems with Adversaries Zhenqi Huang Yu Wang Sayan Mitra Geir Dullerud {zhuang25, yuwang8, mitras, dullerudge}@illinois.edu Coordinate Science Laboratory University
More informationTutorial 1: Modern SMT Solvers and Verification
University of Illinois at Urbana-Champaign Tutorial 1: Modern SMT Solvers and Verification Sayan Mitra Electrical & Computer Engineering Coordinated Science Laboratory University of Illinois at Urbana
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationStep Simulation Based Verification of Nonlinear Deterministic Hybrid System
Step Simulation Based Verification of Nonlinear Deterministic Hybrid System Ratnesh Kumar, Professor, IEEE Fellow PhD Student: Hao Ren Electrical and Computer Engineering Iowa State University Verification
More informationInformation Flow Analysis via Path Condition Refinement
Information Flow Analysis via Path Condition Refinement Mana Taghdiri, Gregor Snelting, Carsten Sinz Karlsruhe Institute of Technology, Germany FAST September 16, 2010 KIT University of the State of Baden-Wuerttemberg
More informationVerification of Annotated Models from Executions
Verification of Annotated Models from Executions ABSTRACT Simulations can help enhance confidence in system designs but they provide almost no formal guarantees. In this paper, we present a simulation-based
More informationProbReach: Probabilistic Bounded Reachability for Uncertain Hybrid Systems
ProbReach: Probabilistic Bounded Reachability for Uncertain Hybrid Systems Fedor Shmarov, Paolo Zuliani School of Computing Science, Newcastle University, UK 1 / 41 Introduction ProbReach tool for probabilistic
More informationComputable Analysis, Hybrid Automata, and Decision Procedures (Extended Thesis Abstract)
Computable Analysis, Hybrid Automata, and Decision Procedures (Extended Thesis Abstract) Sicun Gao 1 Introduction 1.1 Overview Cyber-Physical Systems (CPS) are systems that integrate digital computation
More informationParametric Verification and Test Coverage for Hybrid Automata Using the Inverse Method
Parametric Verification and Test Coverage for Hybrid Automata Using the Inverse Method Laurent Fribourg and Ulrich Kühne LSV ENS de Cachan, 94235 Cachan, France {kuehne,fribourg}@lsv.ens-cachan.fr Abstract.
More informationDeductive Verification of Continuous Dynamical Systems
Deductive Verification of Continuous Dynamical Systems Dept. of Computer Science, Stanford University (Joint work with Ashish Tiwari, SRI International.) 1 Introduction What are Continuous Dynamical Systems?
More informationLecture 8 Receding Horizon Temporal Logic Planning & Finite-State Abstraction
Lecture 8 Receding Horizon Temporal Logic Planning & Finite-State Abstraction Ufuk Topcu Nok Wongpiromsarn Richard M. Murray AFRL, 26 April 2012 Contents of the lecture: Intro: Incorporating continuous
More informationSymbolic Control of Incrementally Stable Systems
Symbolic Control of Incrementally Stable Systems Antoine Girard Laboratoire Jean Kuntzmann, Université Joseph Fourier Grenoble, France Workshop on Formal Verification of Embedded Control Systems LCCC,
More informationUnbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods
Unbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods Sanjit A. Seshia and Randal E. Bryant Computer Science Department Carnegie Mellon University Verifying Timed Embedded Systems
More informationCompositionally Analyzing a Proportional-Integral Controller Family
2 5th IEEE Conference on Decision and Control and European Control Conference (CDC-ECC) Orlando, FL, USA, December 2-5, 2 Compositionally Analyzing a Proportional-Integral Controller Family Ashish Tiwari
More informationA Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow
A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and André Platzer Logical Systems Lab Computer Science Department Carnegie Mellon University LICS 18 1 / 21 Outline: Hybrid {Dynamics,
More informationModel Checking of Hybrid Systems
Model Checking of Hybrid Systems Goran Frehse AVACS Autumn School, October 1, 2015 Univ. Grenoble Alpes Verimag, 2 avenue de Vignate, Centre Equation, 38610 Gières, France, Overview Hybrid Automata Set-Based
More informationSpecification Mining of Industrial-scale Control Systems
100 120 Specification Mining of Industrial-scale Control Systems Alexandre Donzé Joint work with Xiaoqing Jin, Jyotirmoy V. Deshmuck, Sanjit A. Seshia University of California, Berkeley May 14, 2013 Alexandre
More informationReachability Analysis: State of the Art for Various System Classes
Reachability Analysis: State of the Art for Various System Classes Matthias Althoff Carnegie Mellon University October 19, 2011 Matthias Althoff (CMU) Reachability Analysis October 19, 2011 1 / 16 Introduction
More informationDiscrete abstractions of hybrid systems for verification
Discrete abstractions of hybrid systems for verification George J. Pappas Departments of ESE and CIS University of Pennsylvania pappasg@ee.upenn.edu http://www.seas.upenn.edu/~pappasg DISC Summer School
More informationNon-linear Interpolant Generation and Its Application to Program Verification
Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State Key Laboratory of Computer Science, Institute of Software, CAS Joint work with Liyun Dai, Ting Gan, Bow-Yaw
More informationHybridSAL Relational Abstracter
HybridSAL Relational Abstracter Ashish Tiwari SRI International, Menlo Park, CA. ashish.tiwari@sri.com Abstract. In this paper, we present the HybridSAL relational abstracter a tool for verifying continuous
More informationIntegrating Induction, Deduction and Structure for Synthesis
Integrating Induction, Deduction and Structure for Synthesis Sanjit A. Seshia Associate Professor EECS Department UC Berkeley Students: S. Jha, W.Li, L. Dworkin, D. Sadigh Collaborators: A. Tiwari, S.
More informationRigorous Simulation-Based Analysis of Linear Hybrid Systems
Rigorous Simulation-Based Analysis of Linear Hybrid Systems Stanley Bak 1 and Parasara Sridhar Duggirala 2 1 Air Force Research Laboratory 2 University of Connecticut Abstract. Design analysis of Cyber-Physical
More informationAutomata-theoretic analysis of hybrid systems
Automata-theoretic analysis of hybrid systems Madhavan Mukund SPIC Mathematical Institute 92, G N Chetty Road Chennai 600 017, India Email: madhavan@smi.ernet.in URL: http://www.smi.ernet.in/~madhavan
More informationReach Sets and the Hamilton-Jacobi Equation
Reach Sets and the Hamilton-Jacobi Equation Ian Mitchell Department of Computer Science The University of British Columbia Joint work with Alex Bayen, Meeko Oishi & Claire Tomlin (Stanford) research supported
More informationRanking Verification Counterexamples: An Invariant guided approach
Ranking Verification Counterexamples: An Invariant guided approach Ansuman Banerjee Indian Statistical Institute Joint work with Pallab Dasgupta, Srobona Mitra and Harish Kumar Complex Systems Everywhere
More informationSemantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr
Semantic Equivalences and the Verification of Infinite-State Systems Richard Mayr Department of Computer Science Albert-Ludwigs-University Freiburg Germany Verification of Infinite-State Systems 1 c 2004
More informationAbstractions for Hybrid Systems
Abstractions for Hybrid Systems Ashish Tiwari (tiwari@csl.sri.com) SRI International, 333 Ravenswood Ave, Menlo Park, CA, U.S.A Abstract. We present a procedure for constructing sound finite-state discrete
More informationA new Abstraction-Refinement based Verifier for Modular Linear Hybrid Automata and its Implementation
A new Abstraction-Refinement based Verifier for Modular Linear Hybrid Automata and its Implementation Hao Ren 1 (ren@iastate.edu), Jing Huang 2 (freescaler@live.com), Shengbing Jiang 3 (shengbing.jiang@gm.com)
More informationCompositionally Analyzing a Proportional-Integral Controller Family
Compositionally Analyzing a Proportional-Integral Controller Family Ashish Tiwari Abstract We define always eventually region stability and then formulate the absolute always eventually region stability
More informationarxiv: v1 [cs.fl] 25 Nov 2018
Real-Time Systems Modeling and Analysis Lakhan Shiva Kamireddy [0000 0001 6007 5408] University of Colorado, Boulder CO 80302, USA {lakhan.kamireddy}@colorado.edu arxiv:1811.10083v1 [cs.fl] 25 Nov 2018
More informationAbstraction-based synthesis: Challenges and victories
Abstraction-based synthesis: Challenges and victories Majid Zamani Hybrid Control Systems Group Electrical Engineering Department Technische Universität München December 14, 2015 Majid Zamani (TU München)
More informationComputation of an Over-Approximation of the Backward Reachable Set using Subsystem Level Set Functions. Stanford University, Stanford, CA 94305
To appear in Dynamics of Continuous, Discrete and Impulsive Systems http:monotone.uwaterloo.ca/ journal Computation of an Over-Approximation of the Backward Reachable Set using Subsystem Level Set Functions
More informationGeorgios E. Fainekos, Savvas G. Loizou and George J. Pappas. GRASP Lab Departments of CIS, MEAM and ESE University of Pennsylvania
Georgios E. Fainekos, Savvas G. Loizou and George J. Pappas CDC 2006 Math free Presentation! Lab Departments of CIS, MEAM and ESE University of Pennsylvania Motivation Motion Planning 60 50 40 π 0 π 4
More informationFeedback Refinement Relations for the Synthesis of Symbolic Controllers
Feedback Refinement Relations for the Synthesis of Symbolic Controllers Gunther Reissig 1, Alexander Weber 1 and Matthias Rungger 2 1: Chair of Control Engineering Universität der Bundeswehr, München 2:
More informationReachability Analysis of Nonlinear and Hybrid Systems using Zonotopes May 7, / 56
Reachability Analysis of Nonlinear and Hybrid Systems using Zonotopes Matthias Althoff Carnegie Mellon Univ. May 7, 2010 Reachability Analysis of Nonlinear and Hybrid Systems using Zonotopes May 7, 2010
More informationLecture 9 Synthesis of Reactive Control Protocols
Lecture 9 Synthesis of Reactive Control Protocols Nok Wongpiromsarn Singapore-MIT Alliance for Research and Technology Richard M. Murray and Ufuk Topcu California Institute of Technology EECI, 16 May 2012
More informationCyber-Physical Systems Modeling and Simulation of Hybrid Systems
Cyber-Physical Systems Modeling and Simulation of Hybrid Systems Matthias Althoff TU München 05. June 2015 Matthias Althoff Modeling and Simulation of Hybrid Systems 05. June 2015 1 / 28 Overview Overview
More informationModeling and Analysis of Hybrid Systems
Modeling and Analysis of Hybrid Systems 7. Linear hybrid automata II Prof. Dr. Erika Ábrahám Informatik 2 - LuFG Theory of Hybrid Systems RWTH Aachen University Szeged, Hungary, 27 September - 6 October
More informationReachability Analysis for One Dimensional Linear Parabolic Equations
Reachability Analysis for One Dimensional Linear Parabolic Equations Hoang-Dung Tran Weiming Xiang Stanley Bak Taylor T. Johnson Vanderbilt University, TN 37023, USA. Air Force Research Laboratory, USA.
More informationAssertions and Measurements for Mixed-Signal Simulation
Assertions and Measurements for Mixed-Signal Simulation PhD Thesis Thomas Ferrère VERIMAG, University of Grenoble (directeur: Oded Maler) Mentor Graphics Corporation (co-encadrant: Ernst Christen) October
More informationEmbedded Systems 2. REVIEW: Actor models. A system is a function that accepts an input signal and yields an output signal.
Embedded Systems 2 REVIEW: Actor models A system is a function that accepts an input signal and yields an output signal. The domain and range of the system function are sets of signals, which themselves
More informationSwitching Protocol Synthesis for Temporal Logic Specifications
Switching Protocol Synthesis for Temporal Logic Specifications Jun Liu, Necmiye Ozay, Ufuk Topcu, and Richard M. Murray Abstract We consider the problem of synthesizing a robust switching controller for
More informationTimed Automata. Semantics, Algorithms and Tools. Zhou Huaiyang
Timed Automata Semantics, Algorithms and Tools Zhou Huaiyang Agenda } Introduction } Timed Automata } Formal Syntax } Operational Semantics } Verification Problems } Symbolic Semantics & Verification }
More informationVerification of analog and mixed-signal circuits using hybrid systems techniques
FMCAD, November 2004, Austin Verification of analog and mixed-signal circuits using hybrid systems techniques Thao Dang, Alexandre Donze, Oded Maler VERIMAG Grenoble, France Plan 1. Introduction 2. Verification
More informationResilient Formal Synthesis
Resilient Formal Synthesis Calin Belta Boston University CDC 2017 Workshop: 30 years of the Ramadge-Wonham Theory of Supervisory Control: A Retrospective and Future Perspectives Outline Formal Synthesis
More informationVerifying Average Dwell Time of Hybrid Systems
pdfauthor Verifying Average Dwell Time of Hybrid Systems Sayan Mitra Massachusetts Institute of Technology Daniel Liberzon University of Illinois at Urbana-Champaign and Nancy Lynch Massachusetts Institute
More informationThe algorithmic analysis of hybrid system
The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher: Prof. Ugo Buy Xin Li, Huiyong Xiao Nov. 13, 2002 Summary What s a hybrid system? Definition of Hybrid Automaton
More informationas support functions [18] and polynomials [34].
Decomposed Reachability Analysis for Nonlinear Systems Xin Chen University of Colorado, Boulder, CO xinchen@colorado.edu Sriram Sankaranarayanan University of Colorado, Boulder, CO srirams@colorado.edu
More informationModel Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies
Model Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies Tom Henzinger EPFL Three Verification Communities Model checking: -automatic, but inefficient
More informationSynthesis of Switching Protocols from Temporal Logic Specifications
Submitted, 2012 American Control Conference (ACC) http://www.cds.caltech.edu/~murray/papers DRAFT 1 Synthesis of Switching Protocols from Temporal Logic Specifications Jun Liu, Necmiye Ozay, Ufuk Topcu,
More informationNonlinear Real Arithmetic and δ-satisfiability. Paolo Zuliani
Nonlinear Real Arithmetic and δ-satisfiability Paolo Zuliani School of Computing Science Newcastle University, UK (Slides courtesy of Sicun Gao, UCSD) 1 / 27 Introduction We use hybrid systems for modelling
More informationAn Introduction to Hybrid Automata, Numerical Simulation and Reachability Analysis
An Introduction to Hybrid Automata, Numerical Simulation and Reachability Analysis Goran Frehse SyDe Summer School, September 10, 2015 Univ. Grenoble Alpes Verimag, 2 avenue de Vignate, Centre Equation,
More informationSafety Preserving Control Synthesis for Sampled Data Systems
Safety Preserving Control Synthesis for Sampled Data Systems Ian M. Mitchell Department of Computer Science, University of British Columbia Shahab Kaynama, Mo Chen Department of Electrical Engineering
More informationHybrid systems and computer science a short tutorial
Hybrid systems and computer science a short tutorial Eugene Asarin Université Paris 7 - LIAFA SFM 04 - RT, Bertinoro p. 1/4 Introductory equations Hybrid Systems = Discrete+Continuous SFM 04 - RT, Bertinoro
More informationSymbolic Verification of Hybrid Systems: An Algebraic Approach
European Journal of Control (2001)71±16 # 2001 EUCA Symbolic Verification of Hybrid Systems An Algebraic Approach Martin v. Mohrenschildt Department of Computing and Software, Faculty of Engineering, McMaster
More informationModelling Real-Time Systems. Henrik Ejersbo Jensen Aalborg University
Modelling Real-Time Systems Henrik Ejersbo Jensen Aalborg University Hybrid & Real Time Systems Control Theory Plant Continuous sensors actuators Task TaskTask Controller Program Discrete Computer Science
More informationAlgorithmic verification
Algorithmic verification Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2018 Outline Overview Model checking Symbolic execution Outline Overview Model checking Symbolic execution Program verification
More informationFormally Correct Monitors for Hybrid Automata. Verimag Research Report n o TR
Formally Correct Monitors for Hybrid Automata Goran Frehse, Nikolaos Kekatos, Dejan Nickovic Verimag Research Report n o TR-2017-5 September 20, 2017 Verimag, University of Grenoble Alpes, Grenoble, France.
More informationAn Introduction to Hybrid Systems Modeling
CS620, IIT BOMBAY An Introduction to Hybrid Systems Modeling Ashutosh Trivedi Department of Computer Science and Engineering, IIT Bombay CS620: New Trends in IT: Modeling and Verification of Cyber-Physical
More informationSoftware Verification
Software Verification Grégoire Sutre LaBRI, University of Bordeaux, CNRS, France Summer School on Verification Technology, Systems & Applications September 2008 Grégoire Sutre Software Verification VTSA
More informationPhD Thesis Defense June 23, 2008
1 Georgios E. Fainekos PhD Thesis Defense June 23, 2008 Department of Computer Information Science University of Pennsylvania fainekos at seas upenn edu http://www.seas.upenn.edu/~fainekos/ Embedded in
More informationLecture 6 Verification of Hybrid Systems
Lecture 6 Verification of Hybrid Systems Ufuk Topcu Nok Wongpiromsarn Richard M. Murray AFRL, 25 April 2012 Outline: A hybrid system model Finite-state abstractions and use of model checking Deductive
More informationSynthesis of Reactive Switching Protocols from Temporal Logic Specifications
1 Synthesis of Reactive Switching Protocols from Temporal Logic Specifications Jun Liu, Necmiye Ozay, Ufuk Topcu, and Richard M. Murray Abstract We propose formal means for synthesizing switching protocols
More informationEE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016
EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016 Discrete Event Simulation Stavros Tripakis University of California, Berkeley Stavros Tripakis (UC Berkeley)
More informationSoftware Verification using Predicate Abstraction and Iterative Refinement: Part 1
using Predicate Abstraction and Iterative Refinement: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 28, 2011 Outline Overview of Model Checking Creating Models
More informationLecture 7 Synthesis of Reactive Control Protocols
Lecture 7 Synthesis of Reactive Control Protocols Richard M. Murray Nok Wongpiromsarn Ufuk Topcu California Institute of Technology AFRL, 25 April 2012 Outline Review: networked control systems and cooperative
More informationBisimulations for Input-Output Stability of Hybrid Systems
Bisimulations for Input-Output Stability of Hybrid Systems Pavithra Prabhakar Computing and Information Sciences Kansas State University Manhattan, KS, USA pprabhakar@ksu.edu Jun Liu Applied Mathematics
More informationGeometric Programming Relaxations for Linear System Reachability
Geometric Programg Relaxations for Linear System Reachability Hakan Yazarel and George J. Pappas Abstract One of the main obstacles in the safety analysis of continuous and hybrid systems has been the
More informationTimed Automata VINO 2011
Timed Automata VINO 2011 VeriDis Group - LORIA July 18, 2011 Content 1 Introduction 2 Timed Automata 3 Networks of timed automata Motivation Formalism for modeling and verification of real-time systems.
More informationVerifying Global Convergence for a Digital Phase-Locked Loop
Verifying Global Convergence for a Digital Phase-Locked Loop Jijie Wei & Yan Peng & Mark Greenstreet & Grace Yu University of British Columbia Vancouver, Canada October 22, 2013 Wei & Peng & Greenstreet
More informationTHE objective of this paper is to synthesize switching. Synthesis of Reactive Switching Protocols from Temporal Logic Specifications
Synthesis of Reactive Switching Protocols from Temporal Logic Specifications Jun Liu, Member, IEEE, Necmiye Ozay, Member, IEEE, Ufuk Topcu, Member, IEEE, and Richard M Murray, Fellow, IEEE Abstract We
More informationAn Introduction to Hybrid Systems Modeling
CS620, IIT BOMBAY An Introduction to Hybrid Systems Modeling Ashutosh Trivedi Department of Computer Science and Engineering, IIT Bombay CS620: New Trends in IT: Modeling and Verification of Cyber-Physical
More informationSoftware Verification with Abstraction-Based Methods
Software Verification with Abstraction-Based Methods Ákos Hajdu PhD student Department of Measurement and Information Systems, Budapest University of Technology and Economics MTA-BME Lendület Cyber-Physical
More informationIntroduction to Abstract Interpretation. ECE 584 Sayan Mitra Lecture 18
Introduction to Abstract Interpretation ECE 584 Sayan Mitra Lecture 18 References Patrick Cousot,RadhiaCousot:Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction
More informationFrom Electrical Switched Networks to Hybrid Automata. Alessandro Cimatti 1, Sergio Mover 2, Mirko Sessa 1,3
1 2 3 From Electrical Switched Networks to Hybrid Automata Alessandro Cimatti 1, Sergio Mover 2, Mirko Sessa 1,3 Multidomain physical systems Multiple physical domains: electrical hydraulic mechanical
More informationc 2011 Kyoung-Dae Kim
c 2011 Kyoung-Dae Kim MIDDLEWARE AND CONTROL OF CYBER-PHYSICAL SYSTEMS: TEMPORAL GUARANTEES AND HYBRID SYSTEM ANALYSIS BY KYOUNG-DAE KIM DISSERTATION Submitted in partial fulfillment of the requirements
More informationOn Signal Temporal Logic
100 120 On Signal Temporal Logic Alexandre Donzé University of California, Berkeley February 3, 2014 Alexandre Donzé EECS294-98 Spring 2014 1 / 52 Outline 100 120 1 Signal Temporal Logic From LTL to STL
More informationFormally Analyzing Adaptive Flight Control
Formally Analyzing Adaptive Flight Control Ashish Tiwari SRI International 333 Ravenswood Ave Menlo Park, CA 94025 Supported in part by NASA IRAC NRA grant number: NNX08AB95A Ashish Tiwari Symbolic Verification
More informationSynthesizing from Components: Building from Blocks
Synthesizing from Components: Building from Blocks Ashish Tiwari SRI International 333 Ravenswood Ave Menlo Park, CA 94025 Joint work with Sumit Gulwani (MSR), Vijay Anand Korthikanti (UIUC), Susmit Jha
More informationFormal Verification and Automated Generation of Invariant Sets
Formal Verification and Automated Generation of Invariant Sets Khalil Ghorbal Carnegie Mellon University Joint work with Andrew Sogokon and André Platzer Toulouse, France 11-12 June, 2015 K. Ghorbal (CMU,
More informationAnalysis of a Boost Converter Circuit Using Linear Hybrid Automata
Analysis of a Boost Converter Circuit Using Linear Hybrid Automata Ulrich Kühne LSV ENS de Cachan, 94235 Cachan Cedex, France, kuehne@lsv.ens-cachan.fr 1 Introduction Boost converter circuits are an important
More informationSimulation-guided Contraction Analysis
Simulation-guided Contraction Analysis Ayca Balkan 1 Jyotirmoy V. Deshmukh 2 James Kapinski 2 Paulo Tabuada 1 Abstract We present a simulation-guided approach to perform contraction analysis of nonlinear
More information