Park, Junkil
Email Address
ORCID
Disciplines
Search Results
Now showing 1 - 5 of 5
Publication Verified ROS-Based Deployment of Platform-Independent Control Systems(2015-04-27) Park, Junkil; Sokolsky, Oleg; Weirich, Stephanie; Meng, Wenrui; Lee, InsupThe paper considers the problem of model-based deployment of platform-independent control code on a specific platform. The approach is based on automatic generation of platform-specific glue code from an architectural model of the system. We present a tool, ROSGen, that generates the glue code based on a declarative specification of platform interfaces. Our implementation targets the popular Robot Operating System (ROS) platform. We demonstrate that the code generation process is amenable to formal verification. The code generator is implemented in Coq and relies on the infrastructure provided by the CompCert and VST tool. We prove that the generated code always correctly connects the controller function to sensors and actuators in the robot. We use ROSGen to implement a cruise control system on the LandShark robot.Publication Automatic Verification Of Linear Controller Software(2018-01-01) Park, JunkilMany safety-critical cyber-physical systems have a software-based controller at their core. Since the system behavior relies on the operation of the controller, it is imperative to ensure the correctness of the controller to have a high assurance for such systems. Nowadays, controllers are developed in a model-based fashion. Controller models are designed, and their performances are analyzed first at the model level. Once the control design is complete, software implementation is automatically generated from the mathematical model of the controller by a code generator. To assure the correctness of the controller implementation, it is necessary to check that the code generation is correctly done. Commercial code generators are complex black-box software that are generally not formally verified. Subtle bugs have been found in commercially available code generators that consequently generate incorrect code. In the absence of verified code generators, it is desirable to verify instances of implementations against their original models. Such verification is desired to be performed from the input-output perspective because correct implementations may have different state representations to each other for several possible reasons (e.g., code generator's choice of state representation, optimization used in code generator and code transformation). In this dissertation, we propose several methods to verify a given controller implementation against its given model from the input-output perspective. First of all, we propose a method to derive assertions from the controller model, and check if the assertions are invariant to the controller implementation via a proposed toolchain based on a popular deductive program verification framework. Moreover, we propose an alternative more scalable method that extracts a model from the controller implementation using the symbolic execution technique, and compare the extracted model to the original controller model using state-of-the-art constraint solvers. Lastly, we extend our latter method to correctly account for the rounding errors in the floating-point computation of the controller implementation. We demonstrate the scalability of our proposed approaches through evaluation with randomly generated controller specifications of realistic size.Publication Adaptive Transient Fault Model for Sensor Attack Detection(2016-10-01) Park, Junkil; Ivanov, Radoslav; Jo, Minsu; Weimer, James; Baek, Youngmi; Lee, Insup; Son, Sang HyukThis paper considers the problem of sensor attack detection for multiple operating mode systems, building upon an existing attack detection method that uses a transient fault model with fixed parameters. For a multiple operating mode system, the existing method would have to use the most conservative model parameters to preserve the soundness in attack detection, thus not being effective in attack detection for some operating modes. To address this problem, we propose an adaptive transient fault model to use the appropriate parameter values in accordance with the change of the operating mode of the system. The benefit of our proposed system is demonstrated using real measurement data obtained from an unmanned ground vehicle.Publication Security of Cyber-Physical Systems in the Presence of Transient Sensor Faults(2017-07-01) Park, Junkil; Ivanov, Radoslav; Weimer, James; Lee, Insup; Pajic, Miroslav; Son, Sang HyukThis paper is concerned with the security of modern Cyber-Physical Systems in the presence of transient sensor faults. We consider a system with multiple sensors measuring the same physical variable, where each sensor provides an interval with all possible values of the true state. We note that some sensors might output faulty readings and others may be controlled by a malicious attacker. Different from previous works, in this paper we aim to distinguish between faults and attacks and develop an attack detection algorithm for the latter only. To do this, we note that there are two kinds of faults – transient and permanent; the former are benign and short-lived whereas the latter may have dangerous consequences on system performance.We argue that sensors have an underlying transient fault model that quantifies the amount of time in which transient faults can occur. In addition, we provide a framework for developing such a model if it is not provided by manufacturers. Attacks can manifest as either transient or permanent faults depending on the attacker’s goal. We provide different techniques for handling each kind. For the former, we analyze the worst-case performance of sensor fusion over time given each sensor’s transient fault model and develop a filtered fusion interval that is guaranteed to contain the true value and is bounded in size. To deal with attacks that do not comply with sensors’ transient fault models, we propose a sound attack detection algorithm based on pairwise inconsistencies between sensor measurements. Finally, we provide a real-data case study on an unmanned ground vehicle to evaluate the various aspects of this paper.Publication Sensor Attack Detection in the Presence of Transient Faults(2015-04-14) Park, Junkil; Ivanov, Radoslav; Weimer, James; Pajic, Miroslav; Lee, InsupThis paper addresses the problem of detection and identification of sensor attacks in the presence of transient faults. We consider a system with multiple sensors measuring the same physical variable, where some sensors might be under attack and provide malicious values. We consider a setup, in which each sensor provides the controller with an interval of possible values for the true value. While approaches exist for detecting malicious sensor attacks, they are conservative in that they treat attacks and faults in the same way, thus neglecting the fact that sensors may provide faulty measurements at times due to temporary disturbances (e.g., a tunnel for GPS). To address this problem, we propose a transient fault model for each sensor and an algorithm designed to detect and identify attacks in the presence of transient faults. The fault model consists of three aspects: the size of the sensor's interval (1) and an upper bound on the number of errors (2) allowed in a given window size (3). Given such a model for each sensor, the algorithm uses pairwise inconsistencies between sensors to detect and identify attacks. In addition to the algorithm, we provide a framework for selecting a fault model for each sensor based on training data. Finally, we validate the algorithm's performance on real measurement data obtained from an unmanned ground vehicle.