safe ai for cps
play

Safe AI for CPS Andr Platzer Carnegie Mellon University Joint work - PowerPoint PPT Presentation

Sep 21, 2022 •232 likes •1.19k views

Safe AI for CPS Andr Platzer Carnegie Mellon University Joint work with Nathan Fulton Safety-Critical Systems "How can we provide people with cyber-physical systems they can bet their lives on?" - Jeannette Wing Safety-Critical

  1. Safe AI for CPS André Platzer Carnegie Mellon University Joint work with Nathan Fulton

  2. Safety-Critical Systems "How can we provide people with cyber-physical systems they can bet their lives on?" - Jeannette Wing

  3. Safety-Critical Systems "How can we provide people with cyber-physical systems they can bet their lives on?" - Jeannette Wing

  4. This Talk Ensure the safety of Autonomous Cyber-Physical Systems. Best of both worlds: learning together with CPS safety Flexibility of learning • Guarantees of CPS formal methods • Diametrically opposed: flexibility+adaptability versus predictability+simplicity 1. Cyber-Physical Systems with Differential Dynamic Logic 2. Sandboxed reinforcement learning is provably safe 3. Model-update learning addresses uncertainty with multiple models

  5. Airborne Collision Avoidance System ACAS X Developed by FAA to replace current TCAS in aircraft ● Approximately optimizes MDP on a grid ● Advisory from lookup tables with 5D interpolation regions ● Identified safe region per advisory and proved in KeYmaera X ● dela y 1 6 2 3 5 1 4 STTT’17

  6. Comparison: ACAS X issues DNC h No change Following ownship 10,80 (ft) advisory DNC trajectory path 0 without DNC 10,400 intruder path 10,200 ownship 10,000 path with DNC 9,600 20 15 10 5 0 5 10 15 20 time to crossing (s) But CL1500 or no change would not lead to a collision

  7. Model-Based Verification Reinforcement Learning φ

  8. Model-Based Verification Reinforcement Learning pos < stopSign

  9. Model-Based Verification Reinforcement Learning ctrl pos < stopSign

  10. Model-Based Verification Reinforcement Learning ctrl pos < stopSign Approach : prove that control software achieves a specification with respect to a model of the physical system.

  11. Model-Based Verification Reinforcement Learning ctrl pos < stopSign Approach : prove that control software achieves a specification with respect to a model of the physical system.

  12. Model-Based Verification Reinforcement Learning φ Benefits: Strong safety guarantees ● Automated analysis ●

  13. Model-Based Verification Reinforcement Learning φ Benefits: Strong safety guarantees ● Automated analysis ● Drawbacks: Control policies are typically ● non-deterministic: answers “what is safe”, not “what is useful”

  14. Model-Based Verification Reinforcement Learning φ Benefits: Strong safety guarantees ● Automated analysis ● Drawbacks: Control policies are typically ● non-deterministic: answers “what is safe”, not “what is useful” Assumes accurate model ●

  15. Model-Based Verification Reinforcement Learning Act φ Benefits: Observe Strong safety guarantees ● Automated analysis ● Drawbacks: Control policies are typically ● non-deterministic: answers “what is safe”, not “what is useful” Assumes accurate model. ●

  16. Model-Based Verification Reinforcement Learning Act φ Observe Benefits: Benefits: Strong safety guarantees No need for complete model ● ● Automated analysis Optimal (effective) policies ● ● Drawbacks: Control policies are typically ● non-deterministic: answers “what is safe”, not “what is useful” Assumes accurate model. ●

  17. Model-Based Verification Reinforcement Learning Act φ Observe Benefits: Benefits: Strong safety guarantees No need for complete model ● ● Automated analysis Optimal (effective) policies ● ● Drawbacks: Drawbacks: Control policies are typically No strong safety guarantees ● ● non-deterministic: answers Proofs are obtained and ● “what is safe”, not “what is checked by hand useful” Formal proofs = decades-long ● Assumes accurate model. proof development ●

  18. Model-Based Verification Reinforcement Learning Act φ Observe Goal: Provably correct reinforcement learning Benefits: Benefits: Strong safety guarantees No need for complete model ● ● Aomputational aids (ATP) Optimal (effective) policies ● ● Drawbacks: Drawbacks: Control policies are typically No strong safety guarantees ● ● non-deterministic: answers Proofs are obtained and ● “what is safe”, not “what is checked by hand useful” Formal proofs = decades-long ● Assumes accurate model proof development ●

  19. Model-Based Verification Reinforcement Learning Act φ Observe Goal: Provably correct reinforcement learning Benefits: Benefits: 1. Learn Safety Strong safety guarantees No need for complete model ● ● 2. Learn a Safe Policy Aomputational aids (ATP) Optimal (effective) policies ● ● 3. Justify claims of safety Drawbacks: Drawbacks: Control policies are typically No strong safety guarantees ● ● non-deterministic: answers Proofs are obtained and ● “what is safe”, not “what is checked by hand useful” Formal proofs = decades-long ● Assumes accurate model proof development ●

  20. Part I: Differential Dynamic Logic Trustworthy Proofs for Hybrid Systems

  21. Hybrid Programs x := t x=x 0 x=t y=y 0 y=y 0 z=z 0 z=z 0 ... ...

  22. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ...

  23. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ... If P is true: no change ?P If P is false: terminate

  24. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ... If P is true: no change ?P If P is false: terminate a* a ...a...

  25. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ... a ∪ b If P is true: no change ?P If P is false: terminate a* a ...a...

  26. Hybrid Programs a;b x := t x=x 0 x=t a;b y=y 0 y=y 0 z=z 0 z=z 0 a b ... ... a ∪ b If P is true: no change ?P If P is false: terminate x=F(0) ... x’=f(x) a* x=x 0 a ...a... ⋮ ... x=F(T) ...

  27. Approaching a Stopped Car Own Car Stopped Car Is this property true? [ { {accel ∪ brake}; t:=0; {pos’=vel,vel’=accel,t’=1 & vel ≥ 0 & t ≤ T} }* ](pos <= stoppedCarPos)

  28. Approaching a Stopped Car Own Car Stopped Car Assuming we only accelerate when it’s safe to do so , is this property true? [ { {accel ∪ brake}; t:=0; {pos’=vel,vel’=accel,t’=1 & vel ≥ 0 & t ≤ T} }* ](pos <= stoppedCarPos)

  29. Approaching a Stopped Car Own Car Stopped Car safeDistance(pos,vel,stoppedCarPos,B) if we also assume the system is safe initially: safeDistance(pos,vel,stoppedCarPos,B) → [ { {accel ∪ brake}; t:=0; {pos’=vel,vel’=accel,t’=1 & vel ≥ 0 & t ≤ T} }* ](pos <= stoppedCarPos)

  30. Approaching a Stopped Car Own Car Stopped Car safeDistance(pos,vel,stoppedCarPos,B) safeDistance(pos,vel,stoppedCarPos,B) → [ { {accel ∪ brake}; t:=0; {pos’=vel,vel’=accel,t’=1 & vel ≥ 0 & t ≤ T} }* ](pos <= stoppedCarPos)

  31. The Fundamental Question Proofs give strong mathematical evidence of safety. Why would our program not work if we have a proof ?

  32. The Fundamental Question Why would our program not work if we have a proof ? 1. Was the proof correct?

  33. The Fundamental Question Why would our program not work if we have a proof ? 1. Was the proof correct? 2. Was the model accurate enough? ≠

  34. The Fundamental Question Why would our program not work if we have a proof ? 1. Was the proof correct? KeYmaera X 2. Was the model accurate enough? dI Tactic: DI Axiom: ODE & Controls Tooling [{x'=f&Q}]P↔([?Q]P←(Q→[{x'=f&Q}]P')) Example: [v’=r p v 2 -g,t’=1]v ≥ v 0 - gt ↔ Clever Bellerophon … ↔ Programs Side derivation: [v’:=r p v 2 -g][t’:=1]v’ ≥ -g*t’ ↔ (v ≥ v 0 - r p v 2 -g ≥ -g ↔ gt)’ ↔ H → r p ≥ 0 ... ↔ ... ↔ KyX qed Axioms ... H=r p ≥0 & r a ≥0 & g>0 & ...

  35. The Fundamental Question Why would our program not work if we have a proof ? 1. Was the proof correct? KeYmaera X 2. Was the model accurate enough? Safe RL dI Tactic: DI Axiom: ODE & Controls Tooling [{x'=f&Q}]P↔([?Q]P←(Q→[{x'=f&Q}]P')) Example: [v’=r p v 2 -g,t’=1]v ≥ v 0 - gt ↔ Clever Bellerophon … ↔ Programs Side derivation: [v’:=r p v 2 -g][t’:=1]v’ ≥ -g*t’ ↔ (v ≥ v 0 - r p v 2 -g ≥ -g ↔ gt)’ ↔ H → r p ≥ 0 ... ↔ ... ↔ KyX qed Axioms ... H=r p ≥0 & r a ≥0 & g>0 & ...

  36. Part II: Justified Speculative Control ≠ Safe reinforcement learning in partially modeled environments AAAI 2018

  37. Model-Based Verification Accurate, analyzable models often exist! { ∪ brake ∪ ?safeTurn; turn}; {?safeAccel;accel {pos’ = vel, vel’ = acc} }*

  38. Model-Based Verification Accurate , analyzable models often exist! { ∪ brake ∪ ?safeTurn; turn}; {?safeAccel;accel {pos’ = vel, vel’ = acc} discrete control }* Continuous motion

  39. Model-Based Verification Accurate , analyzable models often exist! { ∪ brake ∪ ?safeTurn; turn}; {?safeAccel;accel {pos’ = vel, vel’ = acc} discrete, non-deterministic }* Continuous control motion

  40. Model-Based Verification Accurate , analyzable models often exist! init → [ { ∪ brake ∪ ?safeTurn; turn}; { ?safeAccel;accel {pos’ = vel, vel’ = acc} }* ]pos < stopSign

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W orkshop- 3 1 May 2 0 1 0 , European Medicines Agency, London, UK Presented by: Joao-Pedro Franco &amp; Caroline Le Barbier, PhD Scientific

389 views • 22 slides
Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany

Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany

Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany Dr. Stefan Voget Agenda SAFE Motivation makes Functional safety safe SAFE in SAFE and the project standardization landscape 2 SAFE

569 views • 20 slides
The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self-

The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self-

SAFE STRIP has received funding from the European Unions Horizon 2020 Research and Innovation Programme under grant agreement no 723211. The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self- explaining

271 views • 23 slides
1 Safe Kids Worldwide | Medicine Safety Conversation starter: Ask parents and caregivers in the

1 Safe Kids Worldwide | Medicine Safety Conversation starter: Ask parents and caregivers in the

Introduction [Coalition/presenter intro] Safe Kids is raising awareness and educating families about keeping kids safe around medicine. Safe Kids has done research and developed materials about safe storage, dosing and disposal of medicine.

281 views • 27 slides
The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food

The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food

The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food Certification Program have been prepared to accompany the nine-page slide presentation that may be shared with employees, members of the community or other

387 views • 9 slides
Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe?

Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe?

Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe? Course hes not safe. But hes good. LUKE 10:25-28 (ESV) 25 And behold, a lawyer stood up to put him to the test, saying, Teacher,

389 views • 24 slides
everyone home safe every day Keep each other safe Something to think about: By challenging y

everyone home safe every day Keep each other safe Something to think about: By challenging y

everyone home safe every day Keep each other safe Something to think about: By challenging y our colleagues Winter safety advice can often tell us things that we already know. unsafe behaviour, y ou re looking For example, we all know

654 views • 46 slides
Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29.

Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29.

Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29. September 2006 European Work Hazards Network http://www.balpa.org/intranet/BALPA-Camp/The-Aircra/index.htm Bilde hentet fra AOPIS: Contaminated

826 views • 45 slides
Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide

Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide

Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide Every minute More than 67,000 children a parent or caregiver calls a are seen in emergency poison control center about departments for a medication

530 views • 22 slides
The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/

The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/

The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/ SAFE FOOD COMPANY, QUALITY &amp; SAFETY PROGRAM Why Safe Feed/Safe Food Matters to Feed Mill Managers Recognition by FDA Officials Translates to

653 views • 9 slides
WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving

WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving

WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving lives to ensure food can be cooked to meet nutritional needs in emergencies Reducing protection and health risks for women and children cooking

74 views • 6 slides
Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What

Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What

Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What is a Safe Haven? It's a place where a new mom desperate to hide an unwanted baby can bring her newborn instead of abandoning the infant in an unsafe

394 views • 20 slides
Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me

Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me

Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me r ge nc y Ke e p Safe is for he lp and suppor t whe n out and about. T o make a phone c all in c ase of e me r ge nc y to the polic e ,

201 views • 18 slides
1 Safe pressure vessels Safe pressure vessels Therefore, for safety However, if one

1 Safe pressure vessels Safe pressure vessels Therefore, for safety However, if one

Case Studies in Materials Selection Safe pressure vessels Material for a pressure vessel Cylindrical pressure vessels are containers for a fluid under pressure A safe design will be based on one of two factors Short term thermal

351 views • 8 slides
WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE

WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE

WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE Addressing the serious challenges linked with access Fuel-efficient stoves to cooking fuel for the most vulnerable people in Fuel for Alternative

93 views • 8 slides
Safe School Programme National Anti-Bullying Coalition Safe Students Safe

Safe School Programme National Anti-Bullying Coalition Safe Students Safe

National Anti-Bullying Coalition Safe Students Safe Teachers Safe Schools Safer Future Safe School Programme National Anti-Bullying Coalition Safe Students Safe Teachers

491 views • 21 slides
Competency-Based Education Competencies, Criteria, &amp; Assessment Saturday Session #2 of 4

Competency-Based Education Competencies, Criteria, &amp; Assessment Saturday Session #2 of 4

Competency-Based Education Competencies, Criteria, &amp; Assessment Saturday Session #2 of 4 March 30, 2019 Benito Juarez Community Academy TODAYS FACILITATORS From the Great Schools Partnership Carrie McWilliams, Senior Associate

323 views • 20 slides
Google Classroom Training How to Access Google Classroom How to Join a Class How to find

Google Classroom Training How to Access Google Classroom How to Join a Class How to find

Google Classroom Training How to Access Google Classroom How to Join a Class How to find Assignments Lets try it! How do I know when my childs work is due? Graded Work Google Meet How does my child turn in

325 views • 10 slides
FEDERAL LAW convenient, and responsible manner Also reduces diversion and the introduction of

FEDERAL LAW convenient, and responsible manner Also reduces diversion and the introduction of

Richard Mazzoni RPh Chariman NE Amy Buesing RPh Hospital LuGina Mendez RPh NW Joe Anderson RPh Central Neal Dungan RPh SE Chris Woodul RPh SW Buffie Saavedra Public Cathleen Wingert Public Vacant Public

514 views • 15 slides
OSS CVE Trends Kazuki Omo( ): ka-omo@sios.com SIOS T echnology, Inc. Who am I ? -

OSS CVE Trends Kazuki Omo( ): ka-omo@sios.com SIOS T echnology, Inc. Who am I ? -

OSS CVE Trends Kazuki Omo( ): ka-omo@sios.com SIOS T echnology, Inc. Who am I ? - Security Researcher/Engineer (17 years) - SELinux/MAC Evangelist (13 years) - Antivirus Engineer (3 years) - SIEM Engineer (3 years) - Linux

1.02k views • 62 slides
Partial Evaluation Based CPS Transformation: An Implementation Case Study Rajesh Jayaprakash

Partial Evaluation Based CPS Transformation: An Implementation Case Study Rajesh Jayaprakash

Partial Evaluation Based CPS Transformation: An Implementation Case Study Rajesh Jayaprakash Tata Consultancy Services Chennai, India Overview Preliminaries Partial evaluation CPS Optimization of Nave CPS Transformation

509 views • 39 slides
Conversion from callcc to Continuation Passing Style (CPS) Tom Nikken Based on slides from

Conversion from callcc to Continuation Passing Style (CPS) Tom Nikken Based on slides from

Conversion from callcc to Continuation Passing Style (CPS) Tom Nikken Based on slides from Xavier Leroy, INRIA Type Theory and Coq May 8th 2018 Tom Nikken Conversion from callcc to CPS 1 / 16 Conversion to continuation-passing style (CPS)

640 views • 37 slides
Cyber-Physical Systems Introduction IECE 553/453 Fall 2019 Prof. Dola Saha 1 Introductions

Cyber-Physical Systems Introduction IECE 553/453 Fall 2019 Prof. Dola Saha 1 Introductions

Cyber-Physical Systems Introduction IECE 553/453 Fall 2019 Prof. Dola Saha 1 Introductions Instructor Prof. Dola Saha, PhD University of Colorado Boulder http://www.albany.edu/faculty/dsaha/

731 views • 34 slides
What about Virtualization? Basic Goals Basic goals: Stephen Hand et al (Xen,

What about Virtualization? Basic Goals Basic goals: Stephen Hand et al (Xen,

Cyber-Physical Systems (CPS) OS / Middleware for Cyber-Physical New innovations needed for software infrastructures Systems Communication, computation &amp; physical system aspects to be considered Example applications: Richard West

274 views • 3 slides

More recommend