1 / 28

Model Based Safety Analysis of Cyber Physical Systems (CPSs)

Model Based Safety Analysis of Cyber Physical Systems (CPSs). Sailesh Umamaheswara Kandula Committee: Dr. Sandeep Gupta (Chair) Dr. Yann Hang Lee Dr. Georgios E Fainekos. Outline. Cyber Physical Systems Modeling abstractions for Cyber Physical Systems

mavis
Download Presentation

Model Based Safety Analysis of Cyber Physical Systems (CPSs)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Model Based Safety Analysis of Cyber Physical Systems (CPSs) SaileshUmamaheswaraKandula Committee: Dr. Sandeep Gupta (Chair) Dr. Yann Hang Lee Dr. Georgios E Fainekos

  2. Outline • Cyber Physical Systems • Modeling abstractions for Cyber Physical Systems • Safety analysis algorithm for Cyber Physical Systems • Case Study : Safety of passengers traveling in Autonomous Vehicles • Conclusion and future work

  3. Cyber Physical Systems (CPS) Stanley, Stanford's DARPA grand challenge entry[1] Collision of MIT’s and Cornell’s autonomous vehicles at DARPA Urban Challenge [2] • CPS : • Computing systems (e.g. autonomous vehicles) • Physical world (e.g. passengers, road conditions) • Cyber-Physical Interactions (e.g. planned interaction, erroneous interaction). • Overlapping Interactions may harm physical world • Physical world is unsafe if it’s parameters go above threshold value. Model based safety analysis at design time. Holistic modeling of autonomous vehicle and physical world • Perform architectural and behavior modeling of CPS (i.e. model CPS sub-systems and interactions). • Need : • Modeling abstractions to specify cyber physical interactions • Safety analysis algorithm to verify safety of physical world • Causes of MIT’s and Cornell’s autonomous • vehicles collision [2]: • Failure to anticipate vehicle intent. • Difficulties in sensor data association causing • inability to detect phantom obstacles. Objective: 1. Modeling abstractions that facilitate specification of CPS behavior and architecture. 2. Safety analysis algorithm for verifying the safety of physical world.

  4. Research Problem • How to model CPS sub-systems at various levels of abstractions? • How to specify properties of computing systems that affect safety of CPS? • How to specify characteristics of physical world (i.e. specify various scenarios) ? Safety Features: S: Seat Belt A: Air Bag B: Anti lock breaking system T: Traction control system Different types of Autonomous Vehicles (Entries in table are sample values) Physical world characteristics

  5. Research Problem Contd. Planned and erroneous behaviors • How to tie behavior of computing system to a scenario? • How to specify interactions between multiple computing systems in a complex scenario? Coupe on straight road Sedan on curved road Sedan on curved road Pick up truck on curved road Coupe on curved road Inherit generic behavior Instantiation sedans coupes coupes Pickup-trucks sedans coupes Curved road Straight road Ramp to highway

  6. Research Contributions

  7. Related Work

  8. CPS Perspective of Autonomous Vehicles Planned interactions always exist. Erroneous interactions exist when threshold conditions are met (e.g. :- high vehicle speed along a sharp turn might lead to skid) Cyber system Physical system Sensing sub system Sensed data Road conditions, obstacles Autonomous Vehicle Navigation sub system Cyber Physical Interactions Planned Path Trajectory Planned Erroneous Control sub system (e.g. speed control) Spatial Regions Spatial Regions Motion characteristics Motion characteristics Erroneous Path Control Output Vehicle dynamics and properties Conceptual Architecture of AV from CPS perspective Scenario of Multiple AVs moving on straight road

  9. Overlapping of cyber physical interactions Case 1 Case 3 Case 2 Guard rail Erroneous interaction overlaps with a physical object Planned interactions overlap Planned and erroneous interaction overlap Planned interaction Overlapping of planned and erroneous interactions can harm physical world (e.g. severe passenger injuries). Erroneous interaction

  10. Outline • Cyber Physical Systems • Modeling abstractions for Cyber Physical Systems • Safety analysis algorithm for Cyber Physical Systems • Case Study : Safety of passengers traveling in Autonomous Vehicles • Conclusion and future work

  11. CPS behavior modeling requirements Spatial regions of planned and erroneous interactions determined at analysis phase • Planned interaction • Trajectory (i.e. way-points) • Control logic. • Motion equations. • Erroneous Interaction • Control logic. • Motion equations. • Conditions causing unplanned interactions. • Physical World/System • Properties. • Safety Criteria • Safety threshold. • Safety Equations. • Analysis Parameters • System analysis duration. • Time step.

  12. CPS Modeling Constructs Analysis Parameters System analysis duration 2.Time step CPS LCPS1 LCPSn Safety Criteria Analysis Parameters Safety Criteria 1. Safety threshold 2. Safety equations …. Computing System Safety Threshold Safety Equations Physical System Time Step Time Duration Erroneous interaction Control logic Condition for erroneous interaction 3. Motion equations Intended region of mobility Unintended region Of Mobility Planned interaction Trajectory 2. Control logic 3. Motion equations Physical Properties Physical Properties Computing Mobility Physical Process Minimum Threshold Physical Process Computing Mobility Control logic equations Motion Equations, way -points Conditions causing interaction Control logic equations

  13. Implementation of Modeling Constructs in AADL[8] • AADL: Architectural modeling of Real time embedded systems. • Abstractions: system, threads, process, bus etc. • Extensibility : annex. • Modeling constructs implemented as cpsannex. • OSATE framework[8] : libraries to parse AADL model System model in core language System model in cps annex CPS Model in AADL OSATE core libraries Annex parser/grammer OSATE Framework Annex parse tree generator Annex libraries

  14. Example: Modeling safety of passengers involved in a collision between Autonomous Vehicle and Guard Rail Trajectory : Way- points and heading angle I Intended region of mobility Computing mobility Control System Lateral Control Algorithm [3]: Ω= arctan(2*L(3y1- x1tanѲ)/(x1)2) L: wheel base of vehicle (X1,y1): next way-point Ѳ: Vehicle Heading angle Ω: Lateral control output Intended region of mobility Physical process Longitudinal Control Algorithm [3]: v = vprec + k1(vprec - vfollow ) + k2(Lr - Lm) Safety Criteria Safety Threshold Lr: Reference Inter vehicular distance Lm: Measured Inter vehicular distance Vprec : velocity of preceding vehicle Vfollo: velocity of following vehicle Safety Criteria: Probability of serious injury should be zero. Safety Criteria Safety Equations Unintended region of mobility Minimum threshold Condition for skid [4]: v > ( ufriction *rcurvature*g)1/2 ß = 8.4 degrees Unintended region of mobility Computing mobility Vehicle motion after skid : ß = arcos (rlane/ (rlane + ws)) Probability of serious injury to passengers [5]: P = 1/( 1 + exp (4.0139 - 0.1252*x)) x: Change in vehicle’s velocity after a collision. Safety Criteria Safety Equations Obtained using LS-Dyna [12], simulation software

  15. Modeling using AADL-CPS annex beginDeclaration CPS end begin cps annex Unintended Region Of Mobility:{ Minimum Threshold : Equation: Necessary condition for skid Computing Mobility: Equation: Vehicle motion after skid } Safety Criteria{ Safety Threshold: Occupant Injury < AIS 3 Safety Equations : Table 1 Equation: Probability of serious injury to passengers } Intended Region of Mobility:{ Physical Process : Equation: Lateral Control Algorithm Equation : Longitudinal Control Algorithm Computing Mobility: Way-points } endannex beginDeclarationPhysical_System end beginImplementationPhysical_system: Guard Rail_Curve Properties: end beginImplementation CPS: Motion_HorizontalCurves subcomponents LCPS1 end beginDeclaraionComputing_System end begin Declaration Local CPS end begin Declaration Local CPS end beginDeclaration Local CPS End beginImplementation Local CPS: LCSP1 subcomponents AutonomousVehicle1 End beginImplementationComputing_System: AutonomousVehicle1 end Detailed AADL model web-link

  16. Outline • Cyber Physical Systems • Modeling abstractions for Cyber Physical Systems • Safety analysis algorithm for Cyber Physical Systems • Case Study : Safety of passengers traveling in Autonomous Vehicles • Conclusion and future work

  17. Safety analysis algorithm cases to analyze Case 1 Case 3 Case 2 Guard rail Planned interactions overlap Planned interaction overlaps with erroneous interaction erroneous interaction overlaps with a physical object Planned interaction Erroneous interaction

  18. Safety analysis algorithm [11] Start Set currentTime = 0 Compute spatial regions (SIROm) of planned Interaction for computing nodes Use safety equations to determine safety violation Case 1 Do SIROms of mulitple nodes intersect O(n2) yes Is safety threshold violated no no Is physical property > minimum threshold Increment by time step Compute spatial regions of (SUIROms) erroneous interaction yes O(n2) Is current Time < time duration System is unsafe no Case 2 yes SUIROm and SIROm of multiple nodes intersect End O(n2) yes Case 3 System is safe yes SUIROms / SIROms intersect with physical object End

  19. Outline • Cyber Physical Systems • Modeling abstractions for Cyber Physical Systems • Safety analysis algorithm for Cyber Physical Systems • Case Study : Safety of passengers traveling in Autonomous Vehicles • Conclusion and future work

  20. Case Study: Analyzing safety of passengers involved in a collision between Autonomous Vehicle and Guard Rail • Instantiation • Translation of generic safety analysis algorithm to this scenario • CaseStudyAnalysisNew.pptx • Factors considered: • accidents between 2002-2007 • serious accidents • accidents due to pick-up trucks • accidents due to speeding and single vehicle collision . Analysis Result and Validation [11]:

  21. Modeling Body Sensor Network using CPS abstractions [12] Computing systems (Sensors) Physical properties: Power dissipation of sensors. Body Area Network Wearable Sensor Nodes Thermal Map of Human Body Communication Range Logical view Operational view Cyber physical view Intended interaction : Communication between sensor nodes Physical systems (Human Tissue) Physical Properties: Human tissue conductivity, blood perfusion rate etc. Unintended interaction: Temperature rise of human tissue by penn’s heat transfer equation [12] Safety Threshold: Safety Criteria: Body temperature < 39 C [12]

  22. Answers to research questions • How to model components of a CPS at various levels of abstractions such that it is: • How to specify properties of computing systems that affect safety of CPS? • How to specify characteristics of physical world (i.e. specify various scenarios) ? . Model : 1) AV : computing system. 2) Features: computing properties Model : 1)Scenario : physical system instance 2)Characteristics: physical system properties

  23. Answers to research questions Autonomous vehicles and scenario : LCPS. Planned and erroneous interactions: cps annex Planned and erroneous behaviors under various scenarios • How to tie the behavior of computing system to a scenario? • How to specify interactions of multiple computing systems in a scenario? Sedan’s behavior on curved road with ice Coupe’s behavior on curved road Pick up truck’s behavior on curved road Multiple coupes Multiple sedans Multiple coupes Multiple Pickup-trucks Multiple sedans Multiple coupes Ramp to highway Curved road Straight road Complex scenario: CPS with LCPSs Instantiation: LCPS

  24. Conclusion and Future Work • Safety is a crucial aspect of CPS, design time safety verification is essential for wide spread acceptance of these systems. • Architectural modeling abstractions are proposed for modeling CPS sub-systems and interactions. • Intuitiveness : Abstractions are intuitive in nature. • Semantics and Modularization: Abstractions capture semantics of planned and unplanned interactions in a modular manner. • Instantiation: Instantiation of modular abstractions for specific scenarios • Safety analysis algorithm is proposed to analyze the safety of CPS. • Modeling abstractions and safety analysis algorithm applied to two case studies. • Future work: • Applying modeling constructs to other domain. • Generating formal models from architectural models.

  25. References 1. “Stanley: The robot that won the DARPA Grand Challenge: Research Articles,” J. Robot. Syst., vol. 23, no. 9, pp. 661– 692, 2006. 2. The MIT–Cornell Collision and Why It Happened, Journal of Field Robotics 25(10), 775–807 (2008). 3. S. Kato, S. Tsugawa, K. Tokuda, T. Matsui, and H. Fujii, “Vehicle control algorithms for cooperative driving with automated vehicles and intervehicle communications,” Intelligent Transportation Systems, IEEE Transactions on, vol. 3, no. 3, pp. 155 – 161, sep. 2002. 4. Engineering Mechanics: Statics and Dynamics by A.M Bedford. 5. B. George, D. Kennerly, B. Nabih, K. Alexander, A. Jeffrey, and P. Elana, “Development of URGENCY 2.1 for the Prediction of Crash Injury Severity.” 6. M. Althoff, O. Stursberg, and M. Buss, Model-based probabilistic collision detection in autonomous driving. Trans. Intell. Transport. Sys., vol. 10, pp. 299–310, June 2009 7. Q. Tang, N. Tummala, S. K. S. Gupta, and L. Schwiebert, Communication scheduling to minimize thermal effects of implanted biosensor networks in homogeneous tissue, IEEE Tran. Biomedical Eng. 8. AADL, www.aadlinfo.com 9.T. Tech, “AZ-83 roadway assessment report,Rosemont copper project,” 2009. 10. “National Crash Analysis Center at George Washington University,” http://www.ncac.gwu.edu/vml/models.html. 11.S. Kandula, T. Mukherjee, and S.K.S. Gupta Toward Autonomous Vehicle Safety Verification from Mobile Cyber Physical Systems Perspective, under review, ICCPS-2011 12. A. Banerjee, S. Kandula, T. Mukherjee, and S.K.S. Gupta BAND-AiDe: A Tool for Cyber-Physical Oriented Analysis and Design of Body Area Networks and Devices , ACM Transactions in Embedded Computing Systems, Special Issue on Wireless Health 2010, Accepted for publication 13. Douglas Gabauer, Corelating Delta-V to occupant injury using Event Data Recorders.

  26. Extra Slides

  27. Annex support for differential(DE) and partial differential equations(PDE) • Specification of DE: Del(order)(DependentVariable)(IndependentVariable) • Specification of PDE: Pdel (order) (DependentVariable) (IndependentVariable) ((order)(IndependentVariable))+

  28. Annex for Unintended region of mobility • waypointlist: • (( LCURLY INT COMMAN INT COMMA INT RCURLY)+) (SEMI); • minimumthreshold: : • (condstmt); • impactingimpactedrelationship : • (expr): • computingmobility: • :(expr |waypointlist ) • ; • …. • unintendedregionofmobility: (PHYSICALPROCESS LCURLY physicalprocess • RCURLY ) • (COMPUTINGMOBILITY LCURLY computingmobility • RCURLY ) • (MINIMUMTHRESHOLD LCURLY minimumthreshold • RCURLY ) • (IMPACTINGIMPACTEDRELATION LCURLY impactingimpactedrelation RCURLY)

More Related