verified runtime validation of verified cyber physical
play

Verified Runtime Validation of Verified Cyber-Physical System Models - PowerPoint PPT Presentation

May 16, 2023 •224 likes •504 views

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e Platzer Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop, Dec. 12, 2014 For Details, see ModelPlex paper at

  1. Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr´ e Platzer Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop, Dec. 12, 2014 For Details, see ModelPlex paper at RV’14 Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 1 of 9

  2. Formal Verification in CPS Development Real CPS safe Proof Reachability Analysis . . . Verification Results Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 2 of 9

  3. Formal Verification in CPS Development Real CPS safe abstract Model α ∗ Proof Control α ctrl v := v + 1 Reachability safe sense Analysis act . . . Plant α plant x ′ = v Verification Results Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 2 of 9

  4. Formal Verification in CPS Development Real CPS safe Challenge Verification results about models abstract only apply if CPS fits to the model Model α ∗ � Verifiably correct runtime model validation Proof Control α ctrl v := v + 1 Reachability safe sense Analysis act . . . Plant α plant x ′ = v Verification Results Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 2 of 9

  5. Runtime Model Validation Ensures that verification results about models apply to CPS implementations predict turn plant Model α ctrl i − 1 i + 1 i . . . model adequate? control safe? until next cycle? Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 3 of 9

  6. Runtime Model Validation Ensures that verification results about models apply to CPS implementations Insights predict turn Verification results transfer to CPS when validating model compliance Compliance with model is characterizable in logic Compliance formula transformed by proof to plant Model α ctrl i − 1 i + 1 i executable monitor . . . model adequate? control safe? until next cycle? Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 3 of 9

  7. Model Validation at Runtime “Simplex for Models” Controller Sensors Actuators Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 9

  8. Model Validation at Runtime “Simplex for Models” Controller ModelPlex Compliance Fallback Monitor Sensors Actuators Compliance Monitor Checks CPS for compliance with model at runtime Fallback Safe action, executed when monitor is not satisfied Challenge What conditions do the monitors need to check to be safe? Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 9

  9. Model Validation at Runtime “Simplex for Models” Controller ModelPlex Compliance Fallback Monitor Sensors Actuators Challenge: Monitorability Our current monitors compare two consecutive states (but: which conditions can we actually observe?) Monitoring a history of states: becomes necessary when using temporal operators in safety condition Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 9

  10. Model Validation at Runtime “Simplex for Models” Controller ModelPlex Compliance Fallback Monitor Sensors Actuators Challenge: Monitor assumptions if not modeled otherwise Intercepts all communication: sensors - controller - actuators Untampered values, time-consistent and unit-consistent values No execution overhead, no clock drift No communication delays (sensor - controller - monitor - actuator) Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 9

  11. Model Validation at Runtime “Simplex for Models” Controller ModelPlex Compliance Fallback Monitor Sensors Actuators Challenge: Fallback and Enforceability Cannot just disallow unsafe actions, need fallback (redundant) Which properties are enforceable with a specific fallback action? What is an appropriate fallback to enforce a specific property? Enforceability of temporal properties is tricky Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 9

  12. Model Validation at Runtime “Simplex for Models” Controller ModelPlex Compliance Fallback Monitor Sensors Actuators Challenge: Fallback assumptions if not modeled otherwise Executable unconditionally Immediate reaction Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 9

  13. Model Validation at Runtime “Simplex for Models” Controller ModelPlex Compliance Fallback Monitor Sensors Actuators Challenge: Platform assumptions Reals vs. floats (currently: interval arithmetic) Correct compiler and processor Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 9

  14. Monitor Characterization When are two states linked through a run of model α ? ⊆ Model α i − 1 i Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 5 of 9

  15. Monitor Characterization When are two states linked through a run of model α ? a prior state char- a posterior state ⊆ characterized by x + acterized by x − Model α i − 1 i ( x − , x + ) ∈ ρ ( α ) reachability relation of α Semantical: Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 5 of 9

  16. Monitor Characterization When are two states linked through a run of model α ? a prior state char- a posterior state ⊆ characterized by x + acterized by x − Model α i − 1 i Offline ( x − , x + ) ∈ ρ ( α ) starting at x = x − Semantical: exists a run of α to a � Theorem state where x = x + ( x = x − ) → � α ( x ) � ( x = x + ) Logic (d L ): Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 5 of 9

  17. Monitor Characterization When are two states linked through a run of model α ? a prior state char- a posterior state ⊆ characterized by x + acterized by x − Model α i − 1 i Offline ( x − , x + ) ∈ ρ ( α ) starting at x = x − Semantical: exists a run of α to a � Theorem state where x = x + ( x = x − ) → � α ( x ) � ( x = x + ) Logic (d L ): d L proof � F ( x − , x + ) Real arithmetic: check at runtime (efficient) Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 5 of 9

  18. Monitor Characterization When are two states linked through a run of model α ? a prior state char- a posterior state ⊆ characterized by x + acterized by x − Model α i − 1 i Offline ( x − , x + ) ∈ ρ ( α ) starting at x = x − Semantical: exists a run of α to a � Theorem state where x = x + ( x = x − ) → � α ( x ) � ( x = x + ) Logic (d L ): ⇑ d L proof F ( x − , x + ) Real arithmetic: check at runtime (efficient) Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 5 of 9

  19. Challenges What is missing to ensure that proofs apply to real CPS? Monitorability, fallback and enforceability, implementation Synthesis Model quality, model adaptation plant Model α ctrl i − 1 i + 1 i . . . Model Monitor Controller Monitor Prediction Monitor model adequate? control safe? until next cycle? Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 6 of 9

  20. Synthesis Challenges Proof calculus of d L executes models symbolically Model α posterior state x + i − 1 prior state x − i proof attempt ( x = x − ) → � α ( x ) � ( x = x + ) Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 9

  21. Synthesis Challenges Proof calculus of d L executes models symbolically Model α climb posterior state x + i − 1 prior state x − i descend proof attempt ( x = x − ) → � climb ∪ descend � ( x = x + ) �∪�� climb � φ ∨ � descend � φ � climb ∪ descend � φ Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 9

  22. Synthesis Challenges Proof calculus of d L executes models symbolically Model α climb posterior state x + i − 1 prior state x − i descend proof attempt ( x = x − ) → � climb ∪ descend � ( x = x + ) ∨ � climb � ( x = x + ) � descend � ( x = x + ) Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 9

  23. Synthesis Challenges Proof calculus of d L executes models symbolically Model α climb posterior state x + i − 1 prior state x − i descend proof attempt ( x = x − ) → � climb ∪ descend � ( x = x + ) ∨ � climb � ( x = x + ) � descend � ( x = x + ) F 1 ( x − , x + ) F 2 ( x − , x + ) Stefan Mitsch, Andr´ e Platzer—Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch

ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch

ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e Platzer Computer Science Department, Carnegie Mellon University RV14, Sept. 24, 2014 Simplex for Hybrid System Models Stefan Mitsch ,

844 views • 50 slides
ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical Systems Stefan Mitsch Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop 2017 May 12, 2017 joint work with Andr e

537 views • 31 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer

VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer

VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer 1 , Yong Kiam Tan 1 , Stefan Mitsch 1 , Magnus O. Myreen 2 , and Andr e Platzer 1 Carnegie Mellon University 1 Chalmers University of Technology 2

672 views • 44 slides
Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation

Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation

Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation Experiment 2. Significant changes to the architectures 3. Work Breakdown Structure 4. Critical path on your schedule 5. Top 3 risks and planned mitigation

567 views • 19 slides
Verified Runtime Monitoring: From Foundations to Practice Presenter: Brandon Bohrer 1 , based on

Verified Runtime Monitoring: From Foundations to Practice Presenter: Brandon Bohrer 1 , based on

Verified Runtime Monitoring: From Foundations to Practice Presenter: Brandon Bohrer 1 , based on works with: Yong Kiam Tan 1 , Stefan Mitsch 1 , Andrew Sogokon 1 , Edward Ahn 1 , David Held 1 , John Dolan 1 , Aman Khurana 1 , Magnus O. Myreen 2 ,

637 views • 44 slides
Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

From the office of Texas Conference of SDA Human Resources ___________________________________ Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus She will be working with every church and

279 views • 5 slides
Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda What is Verified Boot? Description of Verified Boot Components Q&A What Is Verified Boot? Verified Boot establishes a chain of

432 views • 19 slides
Verified translation validation of static analyses Sandrine Blazy Univ. Rennes, CNRS IRISA, Inria

Verified translation validation of static analyses Sandrine Blazy Univ. Rennes, CNRS IRISA, Inria

Verified translation validation of static analyses Sandrine Blazy Univ. Rennes, CNRS IRISA, Inria joint work with Gilles Barthe, Vincent Laporte, David Pichardie and Alix Trieu IFIP WG 2.11 2018 6 8 1 How to check

401 views • 20 slides
S V V .lu software verification & validation Testing of Cyber-Physical Systems:

S V V .lu software verification & validation Testing of Cyber-Physical Systems:

S V V .lu software verification & validation Testing of Cyber-Physical Systems: Diversity-driven Strategies Lionel Briand COW 57, London, UK Cyber-Physical Systems A system of collaborating computational elements controlling

808 views • 41 slides
Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe,

Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe,

Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe, Vincent Laporte, David Pichardie and Alix Trieu IFIP WG 1.9/2.15, Leuven, 2017-05-11 1 Background: verifying a compiler Compiler + proof that the

446 views • 19 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
What sets Verified Users apart? Insights, Analysis and Prediction of Verified Users on Twitter

What sets Verified Users apart? Insights, Analysis and Prediction of Verified Users on Twitter

What sets Verified Users apart? Insights, Analysis and Prediction of Verified Users on Twitter Indraneil Paul (IIIT Hyderabad), Abhinav Khattar (IIIT Delhi), Shaan Chopra (IIIT Delhi), Ponnurangam Kumaraguru (IIIT Delhi), Manish Gupta

731 views • 39 slides
Component-based Verification of Cyber-Physical Flow Systems Andreas Mller

Component-based Verification of Cyber-Physical Flow Systems Andreas Mller

Verified Traffic Networks: Component-based Verification of Cyber-Physical Flow Systems Andreas Mller andreas.mueller@jku.at Stefan Mitsch - stefan.mitsch@jku.at Andr Platzer - aplatzer@cs.cmu.edu Johannes Kepler University, Linz

711 views • 68 slides
Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski contact@paulk.fr Monday July 4 th 2016 Introducing Verified Boot and Related Issues Introducing Verified Boot and Related Issues Bootup Process BIOS History

947 views • 39 slides
Asset Management in Kentucky Jon Wilcoxson, PE KYTC Division of Maintenance Operations and

Asset Management in Kentucky Jon Wilcoxson, PE KYTC Division of Maintenance Operations and

Asset Management in Kentucky Jon Wilcoxson, PE KYTC Division of Maintenance Operations and Pavement Management Branch Historic Project Development Process Planning Design Construction Operations Project Development Cycle Operations

565 views • 21 slides
Smoothing Gianpaolo Palma Triangle Mesh List of vertices + List of triangle as triple of vertex

Smoothing Gianpaolo Palma Triangle Mesh List of vertices + List of triangle as triple of vertex

Surface Cleaning and Smoothing Gianpaolo Palma Triangle Mesh List of vertices + List of triangle as triple of vertex references Mesh Adjacency Relation FACE-VERTEX Mesh Adjacency Relation FACE-FACE Mesh Adjacency Relation VERTEX-FACE Mesh

906 views • 46 slides
str r rr rs

str r rr rs

t r r rts tt strts r t rs s

664 views • 31 slides
7.1 Surface Smoothing Hao Li http://cs599.hao-li.com 1 Administrative Todays Office

7.1 Surface Smoothing Hao Li http://cs599.hao-li.com 1 Administrative Todays Office

Spring 2014 CSCI 599: Digital Geometry Processing 7.1 Surface Smoothing Hao Li http://cs599.hao-li.com 1 Administrative Todays Office Hour from 2:00 to 3:00 2 Mesh Optimization Smoothing Low geometric noise Fairing

792 views • 52 slides
Binary evolution and supernova kicks Mathieu Renzo The most common binary evolution path 2 see

Binary evolution and supernova kicks Mathieu Renzo The most common binary evolution path 2 see

Binary evolution and supernova kicks Mathieu Renzo The most common binary evolution path 2 see outreach movie at https://www.youtube.com/watch?v=qmfJNI0PXbo The most common binary evolution path 2 see outreach movie at

353 views • 34 slides
Faint Core-Collapse Supernovae with Fallback Takashi Moriya (IPMU, University of Tokyo) N.

Faint Core-Collapse Supernovae with Fallback Takashi Moriya (IPMU, University of Tokyo) N.

Faint Core-Collapse Supernovae with Fallback Takashi Moriya (IPMU, University of Tokyo) N. Tominaga (Konan Univ.), M. Tanaka (IPMU), K. Nomoto (IPMU), D. Sauer (Stockholm Univ.), P . Mazzali (MPA), & Maeda (IPMU) long GRBs - death of

480 views • 8 slides
1. Strongest, best option: Discovery device Correct grammar of data Data 2. Next best option:

1. Strongest, best option: Discovery device Correct grammar of data Data 2. Next best option:

1. Strongest, best option: Discovery device Correct grammar of data Data 2. Next best option: Data Yes, or , No Verification device Grammar 3. Fallback position: Data G 1 is better; or , G 2 is better. Grammar 1 Evaluation metric Grammar

407 views • 21 slides
Solutions of Equations in One Variable Secant & Regula Falsi Methods Numerical Analysis (9th

Solutions of Equations in One Variable Secant & Regula Falsi Methods Numerical Analysis (9th

Solutions of Equations in One Variable Secant & Regula Falsi Methods Numerical Analysis (9th Edition) R L Burden & J D Faires Beamer Presentation Slides prepared by John Carroll Dublin City University 2011 Brooks/Cole, Cengage

932 views • 74 slides

More recommend