Pajic, Miroslav
Email Address
ORCID
Disciplines
Search Results
Now showing 1 - 10 of 47
Publication AUTOPLUG: An Architecture for Remote Electronic Controller Unit Diagnostics in Automotive Systems(2012-01-01) Pant, Yash Vardhan; Pajic, Miroslav; Mangharam, RahulIn 2010, over 20.3 million vehicles were recalled. Software issues related to automotive controls such as cruise control, anti-lock braking system, traction control and stability control, account for an increasingly large percentage of the overall vehicles recalled. There is a need for new and scalable methods to evaluate automotive controls in a realistic and open setting. We have developed AutoPlug, an automotive Electronic Controller Unit (ECU) architecture between the vehicle and a Remote Diagnostics Center to diagnose, test, update and verify controls software. Within the vehicle, we evaluate observerbased runtime diagnostic schemes and introduce a framework for remote management of vehicle recalls. The diagnostics scheme deals with both real-time and non-real time faults, and we introduce a decision function to detect and isolate faults in a system with modeling uncertainties. We also evaluate the applicability of “Opportunistic Diagnostics”, where the observerbased diagnostics are scheduled in the ECU’s RTOS only when there is slack available in the system. This aperiodic diagnostics scheme performs similar to the standard, periodic diagnostics scheme under reasonable assumptions. This approach works on existing ECUs and does not interfere with current task sets. The overall framework integrates in-vehicle and remote diagnostics and serves to make vehicle recalls management a less reactive and cost-intensive procedure.Publication Cyber-Physical Modeling of Implantable Cardiac Medical Devices(2011-12-29) Jiang, Zhihao; Pajic, Miroslav; Mangharam, RahulThe design of bug-free and safe medical device software is challenging, especially in complex implantable devices that control and actuate organs in unanticipated contexts. Safety recalls of pacemakers and implantable cardioverter defibrillators between 1990 and 2000 affected over 600,000 devices. Of these, 200,000 or 41%, were due to firmware issues and their effect continues to increase in frequency. There is currently no formal methodology or open experimental platform to test and verify the correct operation of medical device software within the closed-loop context of the patient. To this effect, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning and malfunctioning (i.e., during arrhythmia) heart. By extracting the timing properties of the heart and pacemaker device, we present a methodology to construct a timed-automata model for functional and formal testing and verification of the closed-loop system. The VHM's capability of generating clinically-relevant response has been validated for a variety of common arrhythmias. Based on a set of requirements, we describe a closed-loop testing environment that allows for interactive and physiologically relevant model-based test generation for basic pacemaker device operations such as maintaining the heart rate, atrial-ventricle synchrony and complex conditions such as pacemaker-mediated tachycardia. This system is a step toward a testing and verification approach for medical cyber-physical systems with the patient-in-the-loop.Publication Real-time Heart Model for Implantable Cardiac Device Validation and Verification(2010-01-20) Jiang, Zhihao; Pajic, Miroslav; Connolly, Allison T; Dixit, Sanjay; Mangharam, RahulDesigning bug-free medical device software is dif- ficult, especially in complex implantable devices that may be used in unanticipated contexts. Safety recalls of pacemakers and implantable cardioverter defibrillators due to firmware problems between 1990 and 2000 affected over 200,000 devices, comprising 41% of the devices recalled and are increasing in frequency. There is currently no formal methodology or open experimental platform to validate and verify the correct operation of medical device software. To this effect, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning (i.e. during normal sinus rhythm) and malfunctioning (i.e. during arrhythmia) heart. We present a methodology to extract timing properties of the heart to construct a timed-automata model. The platform exposes functional and formal interfaces for validation and verification of implantable cardiac devices. We demonstrate the VHM is capable of generating clinically-relevant response to intrinsic (i.e. premature stimuli) and external (i.e. artificial pacemaker) signals for a variety of common arrhythmias. By connecting the VHM with a pacemaker model, we are able to pace and synchronize the heart during the onset of irregular heart rhythms. The VHM has also been implemented on a hardware platform for closed-loop experimentation with existing and virtual medical devices. The VHM allows for exploratory electrophysiology studies for physicians to evaluate their diagnosis and determine the appropriate device therapy. This integrated functional and formal device design approach will potentially help expedite medical device certification for safer operation.Publication Modeling and Verification of a Dual Chamber Implantable Pacemaker(2012-04-16) Jiang, Zhihao; Pajic, Miroslav; Moarref, Salar; Alur, Rajeev; Mangharam, RahulThe design and implementation of software for medical devices is challenging due to their rapidly increasing functionality and the tight coupling of computation, control, and communication. The safety-critical nature and the lack of existing industry standards for verification, make this an ideal domain for exploring applications of formal modeling and analysis. In this paper, we use a dual chamber implantable pacemaker as a case study for modeling and verification of control algorithms for medical devices in UPPAAL. We present detailed models of different components of the pacemaker based on the algorithm descriptions from Boston Scientific. We formalize basic safety requirements based on specifications from Boston Scientific as well as additional physiological knowledge. The most critical potential safety violation for a pacemaker is that it may lead the closed-loop system into an undesirable pattern (for example, Tachycardia). Modern pacemakers are implemented with termination algorithms to prevent such conditions. We show how to identify these conditions and check correctness of corresponding termination algorithms by augmenting the basic models with monitors for detecting undesirable patterns. Along with emerging tools for code generation from UPPAAL models, this effort enables model driven design and certification of software for medical devices.Publication Demo Abstract: A Platform for Implantable Medical Device Validation(2010-10-01) Pajic, Miroslav; Jiang, Zhihao; Mangharam, Rahul; Connolly, Allison; Dixit, SanjayPublication From Verification to Implementation: A Model Translation Tool and a Pacemaker Case Study(2012-01-01) Pajic, Miroslav; Jiang, Zhihao; Lee, Insup; Sokolsky, Oleg; Mangharam, RahulModel-Driven Design (MDD) of cyber-physical systems advocates for design procedures that start with formal modeling of the real-time system, followed by the model’s verification at an early stage. The verified model must then be translated to a more detailed model for simulation-based testing and finally translated into executable code in a physical implementation. As later stages build on the same core model, it is essential that models used earlier in the pipeline are valid approximations of the more detailed models developed downstream. The focus of this effort is on the design and development of a model translation tool, UPP2SF, and how it integrates system modeling, verification, model-based WCET analysis, simulation, code generation and testing into an MDD based framework. UPP2SF facilitates automatic conversion of verified timed automata-based models (in UPPAAL) to models that may be simulated and tested (in Simulink/Stateflow). We describe the design rules to ensure the conversion is correct, efficient and applicable to a large class of models. We show how the tool enables MDD of an implantable cardiac pacemaker. We demonstrate that UPP2SF preserves behaviors of the pacemaker model from UPPAAL to Stateflow. The resultant Stateflow chart is automatically converted into C and tested on a hardware platform for a set of requirements.Publication Real-time Heart Model for Implantable Cardiac Device Validation and Verification(2010-07-06) Jiang, Zhihao; Pajic, Miroslav; Connolly, Allison; Dixit, Sanjay; Mangharam, RahulDesigning bug-free medical device software is challenging, especially in complex implantable devices that may be used in unanticipated contexts. Safety recalls of pacemakers and implantable cardioverter defibrillators due to firmware problems between 1990 and 2000 affected over 200, 000 devices. This encompasses 41% of the devices recalled and continues to increase in frequency. There is currently no formal methodology or open experimental platform to validate and verify the correct operation of medical device software. To this effect, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning (i.e. during normal sinus rhythm) and malfunctioning (i.e. during arrhythmia) heart. We present a methodology to construct a timed-automata model by extracting timing properties of the heart. The platform employs functional and formal interfaces for validation and verification of implantable cardiac devices. We demonstrate the VHM is capable of generating clinically-relevant response to intrinsic (i.e. premature stimuli) and external (i.e. artificial pacemaker) signals for a variety of common arrhythmias. By connecting the VHM with a pacemaker model, we are able to pace and synchronize the heart during the onset of irregular heart rhythms. The VHM has also been implemented on a hardware platform for closed-loop experimentation with existing and virtual medical devices. This integrated functional and formal device design approach has potential to help expedite medical device certification for safe operation.Publication The Wireless Control Network: A New Approach for Control over Networks(2010-03-01) Pajic, Miroslav; Pappas, George; Mangharam, Rahul; Sundaram, ShreyasWe present a method to stabilize a plant with a network of resource constrained wireless nodes. As opposed to traditional networked control schemes where the nodes simply route information to and from a dedicated controller (perhaps performing some encoding along the way), our approach treats the network itself as the controller. Specifically, we formulate a strategy for each node in the network to follow where at each time-step, each node updates its internal state to be a linear combination of the states of the nodes in its neighborhood. We show that this causes the entire network to behave as a linear dynamical system, with sparsity constraints imposed by the network topology. We provide a numerical design procedure (based on linear matrix inequalities) to determine the appropriate linear combinations to be applied by each node so that the transmissions of the nodes closest to the actuators will stabilize the plant. We also show how our design procedure can be modified to maintain mean square stability under packet drops in the network, and present a distributed scheme that can handle node failures while preserving stability. We call this architecture a Wireless Control Network, and show that it introduces very low computational and communication overhead to the nodes in the network, allows the use of simple transmission scheduling algorithms, and enables compositional design (where the existing wireless control infrastructure can be easily extended to handle new plants that are brought online in the vicinity of the network).Publication Robust Architectures for Embedded Wireless Network Control and Actuation(2011-01-01) Pajic, Miroslav; Chernoguzov, Alexander; Mangharam, RahulNetworked Cyber-Physical Systems are fundamentally constrained by the tight coupling and closed-loop control of physical processes. To address actuation in such closed-loop wireless control systems there is a strong need to re-think the communication architectures and protocols for reliability, coordination and control. We introduce the Embedded Virtual Machine (EVM), a programming abstraction where controller tasks with their control and timing properties are maintained across physical node boundaries and functionality is capable of migrating to the most competent set of physical controllers. In the context of process and discrete control, an EVM is the distributed runtime system that dynamically selects primary-backup sets of controllers given spatial and temporal constraints of the underlying wireless network. EVM-based algorithms allow network control algorithms to operate seamlessly over less reliable wireless networks with topological changes. They introduce new capabilities such as predictable outcomes during sensor/actuator failure, adaptation to mode changes and runtime optimization of resource consumption. An automated design flow from Simulink to platform-independent domain specific languages, and subsequently, to platform-dependent code generation is presented. Through case studies in discrete and process control we demonstrate the capabilities of EVM-based wireless network control systems.Publication Attack-Resilient Minimum Mean-Squared Error Estimation(2014-06-01) Weimer, James; Bezzo, Nicola; Pajic, Miroslav; Sokolsky, Oleg; Lee, InsupThis work addresses the design of resilient estimators for stochastic systems. To this end, we introduce a minimum mean-squared error resilient (MMSE-R) estimator whose conditional mean squared error from the state remains finitely bounded and is independent of additive measurement attacks. An implementation of the MMSE-R estimator is presented and is shown as the solution of a semidefinite programming problem, which can be implemented efficiently using convex optimization techniques. The MMSE-R strategy is evaluated against other competing strategies representing other estimation approaches in the presence of small and large measurement attacks. The results indicate that the MMSE-R estimator significantly outperforms (in terms of mean-squared error) other realizable resilient (and non-resilient) estimators.