Session I: Autonomous Systems and Robotics

Session II: Control and Optimisation for Smart Grids

Session III: Hybrid Systems and Control

Session IV: Software Engineering for CPS

Session V: CPS Test Beds

Session VI: CPS Security and Anomaly Detection


Security of Cyber-Physical Systems
by P. R. Kumar (Texas A&M University)

Autonomous Systems and Robotics

Hardware-in-loop-simulation for multiagents
by Hemendra Arya (IIT Bombay)

Researchers are working actively in the area of robotics consisting of large agents. While developing theories and proofs simplified models are used and these form the basis for solving complex problems. To bring more realism, models close to reality are used in simulation. There are some real systems which are difficult to model. Such systems can be a real system as part of the simulation and this is called Hardware-in-loop-simulation.

Hardware-in-loop-simulation consists of virtual components as mathematical models and real components as actual hardware. These mathematical models may not be simple or may be distributed on multiple computers. Real components are embedded in synthetic environment which is close to real environment. Hardware-in-loop-simulation for multiagents poses many challenges:

a) Multiagent simulation: Agents may be heterogeneous and have models not executing on single computer: Agents may be ground vehicle/aerial vehicles/space vehicles etc. Mathematical models of these agents may be very simple like a point mass or full 6-DOF simulation. Resource requirement for execution of mathematical model will depend on the fidelity of the model.

b) Realtime: In Hardware-in-loop-simulation some of the components are real and these will operate at there own pace i.e. wall clock. To match the time of real system, synthetic environment has to execute at wall clock pace. Realtime execution of mathematical models for very fast system is a challenge.

c) Environment simulation: Agents motion is in some environment and this may be very complex e.g. simulating buildings or cities etc.

d) Sensor simulation: Agents may use variety of sensors and may need separate computer e.g. GPS simulators or ADC/DAC cards are not supported on computer where mathematical model is executed

e) Communication between agents: Communication can be one to one or one to many or many to one

f) Simulation facilities not collocated: Teams are not collocated and working on different platform on their models. These facilities are connected by dedicated communication lines or on shared lines

g) Hardware requirement: It increases as the number of agents increases: In general one computer is used for one agent and it is highly underutilised and for multiagents resource requirements may become unmanageable to simplify this multiple agents are executed on one computer and hence reducing the resource requirements. Another possibility is using single board computers which have low foot print and power consumption for single agent simulation.

In this talk few architectures for distributed Hardware-in-loop-simulation will be presented. These studies are aimed at reducing hardware for simulating large number of agents in near realtime environment. Agents used in this work are mini aerial vehicles and inter agent communication is wireless. Opensource JSBSIM flight mechanics simulator is used for vehicle simulation. Opensource software JSBSIM was tweaked to achieve better realtime performance. Realtime performance is characterised by measurement of jitter between two consecutive model simulations. Upto 16 mini aerial vehicles were simulated on a single computer, thus bringing down hardware for swarm simulation. This single computer executed 16 flight mechanics models, sensor output and actuator input by serial communication using multiport RS232 card. Pixhawk was used as onboard computer for control and guidance. Agents were communicating wirelessly, it was implemented using Xbee modules. Simple cyclic pursuit algorithm was implemented to demonstrate the capability of Hardware-in-loop-simulator. Another variant of this architecture was also implemented in which sensor simulation was executed on different computer connected over Ethernet. This architecture is useful when drivers for the interface cards are not available for a given platform. Performance in terms of jitter in achieving realtime execution and delay in sensor information was investigated.

Automated task and motion plan generation for multi-robot systems from complex specifications
by Indranil Saha (IIT Kanpur)

Autonomous multi-robot systems have tremendous potential to be useful in various applications including search and rescue, surveillance, law enforcement, precision agriculture and warehouse management. Given a high-level specification for a multi-robot system, it is technically challenging to determine the responsibilities of the individual robots and a plan for them to execute their responsibilities safely in such a way that the given specification is satisfied optimally. In this talk, I will present a task and motion planning framework for multi-robot systems where the desired behavior of a group of robots is specified using a set of linear temporal logic (LTL) properties. The method for generating task and motion plan for the robots in this framework relies on a library of motion primitives for the robots, using which we formulate the planning problem as an SMT solving problem and use an off-the-shelf SMT solver to generate safe trajectories for the robots. We will discuss various challenges that we face in scaling up our solution to large-scale multi-robot systems and describe how we address some of these challenges. As an example application, we will show how the multi-robot coverage problem can be effectively solved in our framework.

Control and Optimization for Smart Grids

Virtual energy storage for solar and wind power with distributed coordination of smart devices
by Prabir Barooah (University of Florida)

As we move away from fossil fuels toward renewable energy sources such as solar and wind, inexpensive energy storage technologies are required. This is so since renewable energy sources, such as solar and wind, are intermittent. An alternative to batteries – which are quite expensive – is “smart loads”, such as air conditioners equipped with computation and communication capability. With appropriate software, the power consumption of air conditioning – and many other loads – can be varied around a baseline. This variation is analogous to the charging and discharging of a battery. Loads equipped with such intelligence have the potential to provide a vast and inexpensive source of energy storage.

Two principal challenges in creating a reliable virtual battery from millions of consumer loads include (1) maintaining consumers’ Quality of Service (QoS) within strict bounds, and (2) coordinating the actions of loads with minimal communication to ensure accurate reference tracking by the aggregate. This talk describes our work in addressing these two challenges. Key ideas that underpin the proposed methodology include spectral decomposition for QoS-abiding resource classification, communication-free distributed control that exploits physical-signaling for coordination, and randomized control for reducing combinatorial problems to convex ones.

Microgrid-based operations: A new operating paradigm for utilities
by Anupama Kowli (IIT Bombay)

This talk introduces a new concept of microgrid-based operations for distribution networks to improve grid reliability. The key idea is to intelligently partition the distribution network into smaller microgrid cells that are capable of operating in tandem during normal operations and can function as islands during contingencies to minimize customer interruptions. The boundaries of these microgrids may be fixed based on a suitable supply adequacy criterion or may dynamically adapt to existing supply and demand conditions.

The talk will describe on-going efforts to devise partitioning schemes for both scenarios. The partitioning schemes form the backbone of the microgrid-based operational strategies which leverage the partitions to minimize the impact of disturbances on customers and maximize the deployment of renewable generation. Simulation results showcasing the benefits of these strategies to improve grid reliability will be presented. Prototype architectures for integrating these strategies into existing distribution management systems will also be discussed. Special emphasis will be on the technology enablers needed to deploy these operational strategies and potential vulnerabilities introduced as a result.

Analytics opportunities in the energy sector
by Vijay Arya (IBM India Research Labs)

The energy sector is on the cusp of a digital transformation. Utilities worldwide are undertaking advanced metering and smart grid initiatives to improve energy efficiency, reduce carbon footprint, and integrate distributed energy resources while improving the overall efficiency and reliability of the power system. This poses a number of interesting analytics and optimization challenges.

This presentation will provide a glimpse of real industry problems and solution covering different areas of the energy sector including distribution networks, renewable energy, demand response, unit commitment, storage, and microgrids.


Hybrid Systems and Control

Formal synthesis of control strategies for dynamical systems
by Calin A. Belta (Boston University)

In control theory, complex models of physical processes, such as systems of differential equations, are analyzed or controlled from simple specifications, such as stability and set invariance. In formal methods, rich specifications, such as formulae of temporal logics, are checked against simple models of software programs and digital circuits, such as finite transition systems. With the development and integration of cyber physical and safety critical systems, there is an increasing need for computational tools for verification and control of complex systems from rich, temporal logic specifications.

In this talk, I will discuss a set of approaches to formal synthesis of control strategies for dynamical systems from temporal logic specifications. I will first show how automata games for finite systems can be extended to obtain conservative control strategies for low dimensional linear and multilinear dynamical systems. I will then present several methods to reduce conservativeness and improve the scalability of the control synthesis algorithms for more general classes of dynamics.

I will illustrate the usefulness of these approaches with examples from robotics and traffic control.

Wind farm controls: An industrial cyber-physical systems case study
by Venkatrao Ryali (GE Renewable Energy)

This talk presents a case study involving wind farm controls to highlight some critical challenges in the industrial application of cyber-physical system control concepts. The case study involves application of a networked control system to maximize the power output of a wind farm by minimizing inter-turbine wake losses, that occur when a velocity deficit created behind a turbine rotor reduces the wind available at downwind turbines, lowering overall plant-level energy production. Wakes often represent the largest source of power losses in a wind farm and are one of the most difficult losses to manage.

The wind farm wake control application presented here reduces these wake power losses through coordinated control of turbine set-points to trade-off power capture by upwind turbines with more wind downstream. The control objective requires the solving of a large-scale dynamic optimization problem involving real-time assessment of waking across the wind farm & appropriate modulation of turbine set-points over a communication network to minimize the overall farm-wide wake loss. This talk presents key challenges and approaches to solving the above control problem. The talk also highlights the need for research at the intersection of embedded sensing, online & real-time modeling, and adaptive controls that has potential not only for wind applications, but also for the broader industrial IoT application space.

Cross-domain solutions from a connected company
by Stefan Abendroth (Bosch)

As a connected company with strong roots in different domains, Bosch’s objective in a connected world is not only to enable new applications, but to achieve a unique user experience with strong requirements regarding safety, security, quality of service, and interoperability.

In this talk, I present tangible examples of how new solutions can be brought into traditional domains in order to combine the best of both worlds: Flexible services enabled by communication networks on the one hand, dependable systems for demanding applications on the other hand. (1) With physical layer security technologies, we provide plug&secure communications both in wireless sensor networks and in vehicles. (2) New wireless technologies enable ultra-reliable, low latency industrial applications. (3) Service-oriented communication brings cloud based functions deeply into the vehicle.

Formal verification of robustness properties of hybrid control systems
by Pavithra Prabhakar (Kansas State University)

Cyber-physical systems (CPSs) consist of complex systems that combine control, computation and communication to achieve sophisticated functionalities as in autonomous driving in driverless cars and automated load balancing in smart grids. The safety criticality of these systems demands strong guarantees about their correct functioning. Formal verification is an area of computer science that deals with rigorous and automated methods for correctness analysis based on mathematical models of systems and correctness specifications. In this talk, we present an overview of our work on formal verification techniques for cyber-physical systems analysis using the framework of hybrid systems. Hybrid systems capture an important feature of CPSs, namely, mixed discrete-continuous behaviors that arise due to the interaction of complex digital control software (discrete elements) with physical systems (continuous elements).

We will focus on the formal verification of a fundamental property in control design, namely, stability. Stability is a robustness property that capture notions such as small perturbations to the initial state or input to a system result in only small variations in the behavior of the system. We will present a novel algorithmic approach to stability analysis based on model-checking and abstraction-refinement techniques. We highlight the technical challenges in the development of an algorithmic framework for stability analysis owing to the robustness aspect. We will present experimental results using our tool AVERIST (Algorithmic VERifier for STability), that illustrate the practical benefits of the algorithmic approach as compared to well-known deductive methods for automated verification of stability based on Lyapunov functions. Finally, we will present some future research directions including automated design of hybrid control systems and formal analysis of hybrid systems in the presence of uncertainties.

Software Engineering for CPS

Exploiting fog and edge resources for cloud-hosted cyber-physical system services
by Aniruddha Gokhale (Vanderbilt University)

Despite the known benefits of hosting cloud-based services, the longer and often unpredictable end-to-end network latencies between the end user and the cloud can be detrimental to the response time requirements of the interactive cloud-hosted applications. Existing efforts that exploit edge/fog technology to migrate services closer to clients in order to improve response times do not fully resolve this problem as they do not focus on performance and interference issues at the migrated locations. This talk proposes INDICES framework that addresses these limitations by providing a novel solution that determines when and to which MDC a service should be migrated to and thus provides the desired performance. Empirical results validating our claims are presented using a setup comprising a centralized cloud and MDCs composed of heterogeneous hardware.


Resource-efficient remote monitoring and diagnostics of cyber-physical systems
by Vinai Sundaram (SensorHound)

Cyber-physical systems (CPS) have the potential to bring about a revolution in efficiency, robustness, and safety in applications such as smart grids, health care, smart buildings, and advanced manufacturing. To unleash the potential of CPS, they must first be made robust themselves. In fact, given the huge responsibility placed on CPS, outages and failures in CPS applications can have drastic consequences. Despite careful design and validation, CPS are subject to complex runtime failures due to unexpected interaction with the environment and propagation of failures between physical and cyber domains, requiring runtime monitoring and diagnostic solutions.

Post-deployment monitoring and diagnosis of CPS is technically challenging because of stringent constraints on CPU, memory, permanent storage, energy, and network bandwidth. Prior attempts to monitoring of CPS are specialized for individual types of defects, require continuous manual intervention, or impose high overhead. In this talk, we will present novel tools and techniques that enable CPS developers to automatically detect anomalous behaviors in deployed systems, and will allow them to efficiently diagnose the problem such that it can be quickly and confidently corrected.

CPS Test Beds

The Internet of Everything and Industry 4.0 revolutions
by Ram D. Sriram (US National Institute of Standards and Technology – NIST)

The Internet, which has spanned several networks in a wide variety of domains, is having a significant impact on every aspect of our lives. These networks are currently being extended to have significant sensing capabilities, with the evolution of the Internet of Things (IoT). With additional control we are entering the era of cyber-physical systems (CPS). In the near future the networks will go beyond physically linked computers to include multimodal-information from biological, cognitive, semantic, and social networks. This paradigm shift will involve symbiotic networks of people (social networks), smart devices, and smart phones or mobile personal computing and communication devices that will form smart net-centric systems and societies (SNSS), which is also known as Internet of Everything in the U.S. and Industry 4.0 in Europe. These devices – and the network – will be constantly sensing, monitoring, interpreting, and controlling the environment. In this talk, I will provide a unified framework for Internet of Things, cyber-physical systems, and smart networked systems and societies, along with a brief introduction to Industry 4.0. I will discuss the various research issues and representative projects at NIST.

Category theory for CPS
by Eswaran Subrahmanian (Carnegie Mellon University and US National Institute of Standards and Technology – NIST)

The study of cyber physical systems (CPS) requires consideration of two distinct types of composition problems. First we must integrate existing approaches for analyzing physical dynamics and computational behavior (not to mention probability). This is essentially definitional for CPS. Second, most CPS are designed to interact via network processes, and this forces us to consider systems-of-systems composition, where one CPS (a car) is both a composed system in its own right (from engine, brakes, etc.) and a component of a larger system (traffic flow). We will motivate these two types of composition with examples from medicine, smart cities and the industrial internet.

We will argue that category theory (CT), a branch of abstract mathematics, provides the means to address both of these concerns. CT has played a unifying role in mathematics, providing a common language for studying other structures such as state charts and dynamical systems. This provides a common context in which the different methods required for CPS can interact. At the level of systems, CT provides a detailed specification for building compositional systems and analyses. Above all, CT has the potential to provide a rigorous and systematic foundation for engineering of CPS.

CPS Security and Anomaly Detection

On the resilience of cyber-physical systems
by Bruno Sinopoli (Carnegie Mellon University)

Recent advances in sensing, communication and computing allow cost effective deployment in the physical world of large-scale networks of sensors and actuators, enabling fine grain monitoring and control of a multitude of physical systems and infrastructures. Such systems, called cyber-physical, lie at the intersection of control, communication and computing. The close interplay among these fields renders independent design of the control, communication, and computing subsystems a risky approach, as separation of concerns does not constitute a realistic assumption in real world scenarios. It is therefore imperative to derive new models and methodologies to allow analysis and design of robust and secure cyber-physical systems (CPS). In this talk I will present an overview of recent research on the topic and discuss future directions.



Cyber security of cyber-physical critical infrastructures: A case for a schizoid design approach
by Sandeep Shukla (IIT Kanpur)

In the past, the design of cyber-physical systems (CPS) required a model based engineering approach – a design methodology consisting of physics based mathematical modeling of the physical system, and a control theoretic modeling of the control system put together in a formal or semi-formal framework. The designers would start from an abstract model, and refine it down to an implementation model in several steps, either formally or informally. The implementation model is then validated for functional correctness, and satisfaction of performance, real-time schedulability goals. Functional Safety, robustness to input assumptions, reliability under fault assumptions, and resilience to unknown adversities were considered as important design goals for safety-critical CPS.

With the increased use of networked distributed control of large and geographically distributed critical infrastructures such as smart grid and the exposure to cyber-attacks ushered in by the IP-convergence phenomenon – designers must now consider cyber-security and cyber defense as first class design objectives. However, in order to do so, designers have to don a dual personality – while designing for robustness, reliability, functional safety – a model driven engineering approach would work – for designing for cyber-security and defense, the designer has to enter the mindset of a malicious attacker. For instance, one has to consider the various observations or sampling points of the system (e.g. sensors to read or sample the physical environment), and think how an attacker might compromise the unobservability of those points without authentication, and what knowledge of the system dynamics or the control mechanism of the system might be actually reconstructed by the attacker. One also has to consider the actuation points of the system, and ponder the least number of such actuation points the attacker has to take over in order to disrupt the dynamics of the system enough to create considerable damage. One must envision how to obfuscate the dynamics of the system even when certain sensing or actuation points are compromised. Also, it is known that a large percentage of attacks are induced by insider or a collusion of internal and external agents. Thus, perimeter defense alone cannot defend the system. In such cases, the symptoms of an ongoing attack in the dynamics of the system itself must be discerned continually.

This approach to viewing the system from an adversarial position requires us to topple the design paradigm over its head, and we will need to build models from data, and not just  generate data from models. The designer must observe a system in action – even through partial observations, and construct a model close enough to the real system model – and then use the partial access to create damages to the because the approximate model allows her to do so. Almost like a schizophrenic duality, the engineer also has to wear the designers hat, and consider a game in which the observations are obfuscated enough to render it impossible for an attacker to build any useful model to induce clever attacks. The designer has to worry if she can construct from unobfuscated observations, a dynamics quickly enough so that the difference between the expected dynamics and the real dynamics can trigger alarms to alert the system administrators. In this talk, while discussing this view of system design, we will also talk about VSCADA – a virtual distributed SCADA lab we created for modeling SCADA systems for critical infrastructures, and how to use such a virtual lab completely implemented in simulation – to achieve the cyber security and cyber defense objectives of critical infrastructures – through attack injections, attack detection, and experiments on new defense mechanisms. We will also discuss the real SCADA test bed we are building at our center for cyber security of critical infrastructures at IIT Kanpur.