No Arabic abstract
Modern network systems such as transportation, manufacturing, and communication systems are subject to cyber-physical disruptions. Cyber disruptions compromise sensing and/or actuating which closed-loop control relies on, and physical disruptions undermine network capability. This paper develops a novel approach to analysis and design of traffic control for dynamic flow networks subject to a rather broad class of disruptions. We consider a single-origin-single-destination acyclic network with possibly finite link storage spaces. Both cyber and physical disruptions are modeled as a set of discrete modes that modify the control and/or the network flow dynamics. The network switches between various modes according to a Markov process. By considering switched, piecewise polynomial Lyapunov functions and exploiting monotonicity of the network flow dynamics, we analyze network throughput under various disruption scenarios and show that cyber-physical disruptions can significantly reduce network throughput. For control design, we derive two results analogous to the classical max-flow min-cut theorem: (i) for a network with observable disruption modes, there exist mode-dependent controls that attain the expected-min-cut capacity; (ii) for a network with infinite link storage spaces, there exists an open-loop control that attains the min-expected-cut capacity. We also design a closed-loop control for general cases and derive an explicit relation from the control to a lower-bound for throughput. Our approach is illustrated by a series of numerical examples.
Distributed energy resource (DER) frequency regulations are promising technologies for future grid operation. Unlike conventional generators, DERs might require open communication networks to exchange signals with control centers, possibly through DER aggregators; therefore, the impacts of the communication variations on the system stability need to be investigated. This paper develops a cyber-physical dynamic simulation model based on the Hierarchical Engine for Large-Scale Co-Simulation (HELICS) to evaluate the impact of the communication variations, such as delays in DER frequency regulations. The feasible delay range can be obtained under different parameter settings. The results show that the risk of instability generally increases with the communication delay.
Assuring the correct behavior of cyber-physical systems requires significant modeling effort, particularly during early stages of the engineering and design process when a system is not yet available for testing or verification of proper behavior. A primary motivation for `getting things right in these early design stages is that altering the design is significantly less costly and more effective than when hardware and software have already been developed. Engineering cyber-physical systems requires the construction of several different types of models, each representing a different view, which include stakeholder requirements, system behavior, and the system architecture. Furthermore, each of these models can be represented at different levels of abstraction. Formal reasoning has improved the precision and expanded the available types of analysis in assuring correctness of requirements, behaviors, and architectures. However, each is usually modeled in distinct formalisms and corresponding tools. Currently, this disparity means that a system designer must manually check that the different models are in agreement. Manually editing and checking models is error prone, time consuming, and sensitive to any changes in the design of the models themselves. Wiring diagrams and related theory provide a means for formally organizing these different but related modeling views, resulting in a compositional modeling language for cyber-physical systems. Such a categorical language can make concrete the relationship between different model views, thereby managing complexity, allowing hierarchical decomposition of system models, and formally proving consistency between models.
Neural networks have been increasingly applied for control in learning-enabled cyber-physical systems (LE-CPSs) and demonstrated great promises in improving system performance and efficiency, as well as reducing the need for complex physical models. However, the lack of safety guarantees for such neural network based controllers has significantly impeded their adoption in safety-critical CPSs. In this work, we propose a controller adaptation approach that automatically switches among multiple controllers, including neural network controllers, to guarantee system safety and improve energy efficiency. Our approach includes two key components based on formal methods and machine learning. First, we approximate each controller with a Bernstein-polynomial based hybrid system model under bounded disturbance, and compute a safe invariant set for each controller based on its corresponding hybrid system. Intuitively, the invariant set of a controller defines the state space where the system can always remain safe under its control. The union of the controllers invariants sets then define a safe adaptation space that is larger than (or equal to) that of each controller. Second, we develop a deep reinforcement learning method to learn a controller switching strategy for reducing the control/actuation energy cost, while with the help of a safety guard rule, ensuring that the system stays within the safe space. Experiments on a linear adaptive cruise control system and a non-linear Van der Pols oscillator demonstrate the effectiveness of our approach on energy saving and safety enhancement.
High performance but unverified controllers, e.g., artificial intelligence-based (a.k.a. AI-based) controllers, are widely employed in cyber-physical systems (CPSs) to accomplish complex control missions. However, guaranteeing the safety and reliability of CPSs with this kind of controllers is currently very challenging, which is of vital importance in many real-life safety-critical applications. To cope with this difficulty, we propose in this work a Safe-visor architecture for sandboxing unverified controllers in CPSs operating in noisy environments (a.k.a. stochastic CPSs). The proposed architecture contains a history-based supervisor, which checks inputs from the unverified controller and makes a compromise between functionality and safety of the system, and a safety advisor that provides fallback when the unverified controller endangers the safety of the system. Both the history-based supervisor and the safety advisor are designed based on an approximate probabilistic relation between the original system and its finite abstraction. By employing this architecture, we provide formal probabilistic guarantees on preserving the safety specifications expressed by accepting languages of deterministic finite automata (DFA). Meanwhile, the unverified controllers can still be employed in the control loop even though they are not reliable. We demonstrate the effectiveness of our proposed results by applying them to two (physical) case studies.
This paper models a class of hierarchical cyber-physical systems and studies its associated consensus problem. The model has a pyramid structure, which reflects many realistic natural or human systems. By analyzing the spectrum of the coupling matrix, it is shown that all nodes in the physical layer can reach a consensus based on the proposed distributed protocols without interlayer delays. Then, the result is extended to the case with interlayer delays. A necessary and sufficient condition for consensus-seeking is derived from the frequency domain perspective, which describes a permissible range of the delay. Finally, the application of the proposed model in the power-sharing problem is simulated to demonstrate the effectiveness and significance of the analytic results.