Pajic, Miroslav

Email Address
Research Projects
Organizational Units
Research Interests

Search Results

Now showing 1 - 10 of 47
  • Publication
    AUTOPLUG: An Architecture for Remote Electronic Controller Unit Diagnostics in Automotive Systems
    (2012-01-01) Pant, Yash Vardhan; Pajic, Miroslav; Mangharam, Rahul
    In 2010, over 20.3 million vehicles were recalled. Software issues related to automotive controls such as cruise control, anti-lock braking system, traction control and stability control, account for an increasingly large percentage of the overall vehicles recalled. There is a need for new and scalable methods to evaluate automotive controls in a realistic and open setting. We have developed AutoPlug, an automotive Electronic Controller Unit (ECU) architecture between the vehicle and a Remote Diagnostics Center to diagnose, test, update and verify controls software. Within the vehicle, we evaluate observerbased runtime diagnostic schemes and introduce a framework for remote management of vehicle recalls. The diagnostics scheme deals with both real-time and non-real time faults, and we introduce a decision function to detect and isolate faults in a system with modeling uncertainties. We also evaluate the applicability of “Opportunistic Diagnostics”, where the observerbased diagnostics are scheduled in the ECU’s RTOS only when there is slack available in the system. This aperiodic diagnostics scheme performs similar to the standard, periodic diagnostics scheme under reasonable assumptions. This approach works on existing ECUs and does not interfere with current task sets. The overall framework integrates in-vehicle and remote diagnostics and serves to make vehicle recalls management a less reactive and cost-intensive procedure.
  • Publication
    Cyber-Physical Modeling of Implantable Cardiac Medical Devices
    (2011-12-29) Jiang, Zhihao; Pajic, Miroslav; Mangharam, Rahul
    The design of bug-free and safe medical device software is challenging, especially in complex implantable devices that control and actuate organs in unanticipated contexts. Safety recalls of pacemakers and implantable cardioverter defibrillators between 1990 and 2000 affected over 600,000 devices. Of these, 200,000 or 41%, were due to firmware issues and their effect continues to increase in frequency. There is currently no formal methodology or open experimental platform to test and verify the correct operation of medical device software within the closed-loop context of the patient. To this effect, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning and malfunctioning (i.e., during arrhythmia) heart. By extracting the timing properties of the heart and pacemaker device, we present a methodology to construct a timed-automata model for functional and formal testing and verification of the closed-loop system. The VHM's capability of generating clinically-relevant response has been validated for a variety of common arrhythmias. Based on a set of requirements, we describe a closed-loop testing environment that allows for interactive and physiologically relevant model-based test generation for basic pacemaker device operations such as maintaining the heart rate, atrial-ventricle synchrony and complex conditions such as pacemaker-mediated tachycardia. This system is a step toward a testing and verification approach for medical cyber-physical systems with the patient-in-the-loop.
  • Publication
    Real-time Heart Model for Implantable Cardiac Device Validation and Verification
    (2010-01-20) Jiang, Zhihao; Pajic, Miroslav; Connolly, Allison T; Dixit, Sanjay; Mangharam, Rahul
    Designing bug-free medical device software is dif- ficult, especially in complex implantable devices that may be used in unanticipated contexts. Safety recalls of pacemakers and implantable cardioverter defibrillators due to firmware problems between 1990 and 2000 affected over 200,000 devices, comprising 41% of the devices recalled and are increasing in frequency. There is currently no formal methodology or open experimental platform to validate and verify the correct operation of medical device software. To this effect, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning (i.e. during normal sinus rhythm) and malfunctioning (i.e. during arrhythmia) heart. We present a methodology to extract timing properties of the heart to construct a timed-automata model. The platform exposes functional and formal interfaces for validation and verification of implantable cardiac devices. We demonstrate the VHM is capable of generating clinically-relevant response to intrinsic (i.e. premature stimuli) and external (i.e. artificial pacemaker) signals for a variety of common arrhythmias. By connecting the VHM with a pacemaker model, we are able to pace and synchronize the heart during the onset of irregular heart rhythms. The VHM has also been implemented on a hardware platform for closed-loop experimentation with existing and virtual medical devices. The VHM allows for exploratory electrophysiology studies for physicians to evaluate their diagnosis and determine the appropriate device therapy. This integrated functional and formal device design approach will potentially help expedite medical device certification for safer operation.
  • Publication
    Model-Driven Safety Analysis of Closed-Loop Medical Systems
    (2012-10-01) Pajic, Miroslav; Mangharam, Rahul; Sokolsky, Oleg; Arney, David; Goldman, Julian M.; Lee, Insup
    In modern hospitals, patients are treated using a wide array of medical devices that are increasingly interacting with each other over the network, thus offering a perfect example of a cyber-physical system. We study the safety of a medical device system for the physiologic closed-loop control of drug infusion. The main contribution of the paper is the verification approach for the safety properties of closed-loop medical device systems. We demonstrate, using a case study, that the approach can be applied to a system of clinical importance. Our method combines simulation-based analysis of a detailed model of the system that contains continuous patient dynamics with model checking of a more abstract timed automata model. We show that the relationship between the two models preserves the crucial aspect of the timing behavior that ensures the conservativeness of the safety analysis. We also describe system design that can provide open-loop safety under network failure.
  • Publication
    Towards Synthesis of Platform-Aware Attack-Resilient Control Systems: Extended Abstract
    (2013-04-09) Pajic, Miroslav; Bezzo, Nicola; Weimer, James; Alur, Rajeev; Mangharam, Rahul; Michael, Nathan; Pappas, George J; Sokolsky, Oleg; Tabuada, Paulo; Weirich, Stephanie; Lee, Insup
  • Publication
    A Simple Distributed Method for Control over Wireless Networks
    (2011-04-01) Pajic, Miroslav; Sundaram, Shreyas; Pappas, George; Mangharam, Rahul
    We present a distributed scheme used for control over wireless networks. In our previous work, we introduced the concept of a Wireless Control Network (WCN), where the network itself, with no centralized node, acts as the controller. In this work, we show how the WCN can be modified to include observer style updates which substantially improves robustness of the closed-loop system to link failures. In addition, we analyze how the WCN simplifies extraction of the communication and computation schedules and enables system compositionality and scalability.
  • Publication
    Attack-Resilient Sensor Fusion
    (2014-02-01) Ivanov, Radoslav; Pajic, Miroslav; Lee, Insup
    This work considers the problem of attack-resilient sensor fusion in an autonomous system where multiple sensors measure the same physical variable. A malicious attacker may corrupt a subset of these sensors and send wrong measurements to the controller on their behalf, potentially compromising the safety of the system. We formalize the goals and constraints of such an attacker who also wants to avoid detection by the system. We argue that the attacker’s capabilities depend on the amount of information she has about the correct sensors’ measurements. In the presence of a shared bus where messages are broadcast to all components connected to the network, the attacker may consider all other measurements before sending her own in order to achieve maximal impact. Consequently, we investigate effects of communication schedules on sensor fusion performance. We provide worst- and average-case results in support of the Ascending schedule, where sensors send their measurements in a fixed succession based on their precision, starting from the most precise sensors. Finally, we provide a case study to illustrate the use of this approach.
  • Publication
    Architecture-Centric Software Development for Cyber-Physical Systems
    (2014-10-01) Sokolsky, Oleg; Pajic, Miroslav; Bezzo, Nicola; Lee, Insup
    We discuss the problem of high-assurance development of cyber-physical systems. Specifically, we concentrate on the interaction between the development of the control system layer and platform-specific software engineering for system components. We argue that an architecture-centric approach allows us to streamline the development and increase the level of assurance for the resulting system. The case study of an unmanned ground vehicle illustrates the approach.
  • Publication
    Robust Localization Using Context-Aware Filtering
    (2015-07-01) Ivanov, Radoslav; Atanasov, Nikolay; Pajic, Miroslav; Lee, Insup; Pappas, George
    In this paper we develop a robot localization technique that incorporates discrete context measurements, in addition to standard continuous state measurements. Context measurements provide binary information about detected events in the robot’s environment, e.g., a building is recognized using image processing or a known radio station is received. Such measurements can only be detected from certain positions and can, therefore, be correlated with the robot’s state. We investigate two specific examples where context measurements are especially useful – an urban localization scenario where GPS measurements are not reliable as well as the capture of the RQ-170 Sentinel drone in Iran, where GPS measurements were spoofed. By focusing on a specific class of probability of context detection functions, we derive a closed-form Gaussian mixture filter that is precise, captures context, and has the theoretical properties of the Kalman filter. Finally, we provide simulations of the urban localization scenario with an unmanned ground vehicle and show that the proposed context-aware filter is more robust and more accurate than the conventional extended Kalman filter, which only uses continuous measurements.
  • Publication
    Topological conditions for in-network stabilization of dynamical systems
    (2013-04-01) Pajic, Miroslav; Sundaram, Shreyas; Mangharam, Rahul; Pappas, George
    We study the problem of stabilizing a linear system over a wireless network using a simple in-network computation method. Specifically, we study an architecture called the "Wireless Control Network'' (WCN), where each wireless node maintains a state, and periodically updates it as a linear combination of neighboring plant outputs and node states. This architecture has previously been shown to have low computational overhead and beneficial scheduling and compositionality properties. In this paper we characterize fundamental topological conditions to allow stabilization using such a scheme. To achieve this, we exploit the fact that the WCN scheme causes the network to act as a linear dynamical system, and analyze the coupling between the plant's dynamics and the dynamics of the network. We show that stabilizing control inputs can be computed in-network if the vertex connectivity of the network is larger than the geometric multiplicity of any unstable eigenvalue of the plant. This condition is analogous to the typical min-cut condition required in classical information dissemination problems. Furthermore, we specify equivalent topological conditions for stabilization over a wired (or point-to-point) network that employs network coding in a traditional way -- as a communication mechanism between the plant's sensors and decentralized controllers at the actuators.