Weimer, James
Email Address
ORCID
Disciplines
Search Results
Now showing 1 - 10 of 23
Publication Towards Assurance Cases for Resilient Control Systems(2014-08-01) Weimer, James; Sokolsky, Oleg; Bezzo, Nicola; Lee, InsupThe paper studies the problem of constructing assurance cases for embedded control systems developed using a model-based approach. Assurance cases aim to provide a convincing argument that the system delivers certain guarantees, based on the evidence obtained during the design and evaluation of the system. We suggest an argument strategy centered around properties of models used in the development and properties of tools that manipulate these models. The paper presents the case study of a resilient speed estimator for an autonomous ground vehicle and takes the reader through a detailed assurance case arguing that the estimator computes speed estimates with bounded error.Publication Estimation of Blood Oxygen Content Using Context-Aware Filtering(2016-04-01) Ivanov, Radoslav; Atanasov, Nikolay; Weimer, James; Simpao, Allan F; Rehman, Mohamed A; Pappas, George; Lee, Insup; Pajic, MiroslavIn this paper we address the problem of estimating the blood oxygen concentration in children during surgery.Currently, the oxygen content can only be measured through invasive means such as drawing blood from the patient. In this work, we attempt to perform estimation by only using other non-invasive measurements (e.g., fraction of oxygen in inspired air, volume of inspired air) collected during surgery. Although models mapping these measurements to blood oxygen content contain multiple parameters that vary widely across patients, the non-invasive measurements can be used to provide binary information about whether the oxygen concentration is rising or dropping. This information can then be incorporated in a context-aware filter that is used to combine regular continuous measurements with discrete detection events in order to improve estimation. We evaluate the filter using real-patient data collected over the last decade at the Children’s Hospital of Philadelphia and show that it is a promising approach for the estimation of unobservable physiological variables.Publication Towards a Model-Based Meal Detector for Type I Diabetics(2015-04-13) Chen, Sanjian; Weimer, James; Rickels, Michael R.; Peleckis, Amy; Lee, InsupBlood glucose management systems are an important class of Medical Cyber-Physical Systems that provide vital everyday decision support service to diabetics. An artificial pancreas, which integrates a continuous glucose monitor, a wearable insulin pump, and control algorithms running on embedded computing devices, can significantly improve the quality of life for millions of Type 1 diabetics. A primary problem in the development of an artificial pancreas is the accurate detection and estimation of meal carbohydrates, which cause significant glucose system disturbances. Meal carbohydrate detection is challenging since post-meal glucose responses greatly depend on patient-specific physiology and meal composition. In this paper, we develop a novel meal-time detector that leverages a linearized physiological model to realize a (nearly) constant false alarm rate (CFAR) performance despite unknown model parameters and uncertain meal inputs. Insilico evaluations using 10, 000 virtual subjects on an FDA-accepted maximal physiological model illustrate that the proposed CFAR meal detector significantly outperforms a current state-of-the-art meal detector that utilizes a voting scheme based on rate-of-change (RoC) measures. The proposed detector achieves 99.6% correct detection rate while averaging one false alarm every 24 days (a 1.4% false alarm rate), which represents an 84% reduction in false alarms and a 95% reduction in missed alarms when compared to the RoC approach.Publication Improving Classifier Confidence using Lossy Label-Invariant Transformations(2021-04-01) Jang, Sooyong; Lee, Insup; Weimer, JamesProviding reliable model uncertainty estimates is imperative to enabling robust decision making by autonomous agents and humans alike. While recently there have been significant advances in confidence calibration for trained models, examples with poor calibration persist in most calibrated models. Consequently, multiple techniques have been proposed that leverage label-invariant transformations of the input (i.e., an input manifold) to improve worst-case confidence calibration. However, manifold-based confidence calibration techniques generally do not scale and/or require expensive retraining when applied to models with large input spaces (e.g., ImageNet). In this paper, we present the recursive lossy label-invariant calibration (ReCal) technique that leverages label-invariant transformations of the input that induce a loss of discriminatory information to recursively group (and calibrate) inputs – without requiring model retraining. We show that ReCal outperforms other calibration methods on multiple datasets, especially, on large-scale datasets such as ImageNet.Publication ModelGuard: Runtime Validation of Lipschitz-continuous Models(2021-07-01) Carpenter, Taylor J.; Ivanov, Radoslav; Lee, Insup; Weimer, JamesThis paper presents ModelGuard, a sampling-based approach to runtime model validation for Lipschitz-continuous models. Although techniques exist for the validation of many classes of models, the majority of these methods cannot be applied to the whole of Lipschitz-continuous models, which includes neural network models. Additionally, existing techniques generally consider only white-box models. By taking a sampling-based approach, we can address black-box models, represented only by an input-output relationship and a Lipschitz constant. We show that by randomly sampling from a parameter space and evaluating the model, it is possible to guarantee the correctness of traces labeled consistent and provide a confidence on the correctness of traces labeled inconsistent. We evaluate the applicability and scalability of ModelGuard in three case studies, including a physical platform.Publication An Intraoperative Glucose Control Benchmark for Formal Verification(2015-10-01) Chen, Sanjian; O'Kelly, Matthew; Weimer, James; Sokolsky, Oleg; Lee, InsupDiabetes associated complications are affecting an increasingly large population of hospitalized patients. Since glucose physiology is significantly impacted by patient-specific parameters, it is critical to verify that a clinical glucose control protocol is safe across a wide patient population. A safe protocol should not drive the glucose level into dangerous low (hypoglycemia) or high (hyperglycemia) ranges. Verification of glucose controllers is challenging due to the high-dimensional, non-linear glucose physiological models which contain both unobservable states and unmeasurable patient-specific parameters. This paper presents a hybrid system model of a closed-loop physiological system that includes an existing FDA-accepted high-fidelity physiological model tailored to intraoperative settings and a validated improvement to a clinical glucose control protocol for diabetic cardiac surgery patients. We propose the closed-loop model as a physiological system benchmark for verification and present our initial results on verifying the system using the SMT-based hybrid system verification tool dReach.Publication Attack-Resilient Minimum Mean-Squared Error Estimation(2014-06-01) Weimer, James; Bezzo, Nicola; Pajic, Miroslav; Sokolsky, Oleg; Lee, InsupThis work addresses the design of resilient estimators for stochastic systems. To this end, we introduce a minimum mean-squared error resilient (MMSE-R) estimator whose conditional mean squared error from the state remains finitely bounded and is independent of additive measurement attacks. An implementation of the MMSE-R estimator is presented and is shown as the solution of a semidefinite programming problem, which can be implemented efficiently using convex optimization techniques. The MMSE-R strategy is evaluated against other competing strategies representing other estimation approaches in the presence of small and large measurement attacks. The results indicate that the MMSE-R estimator significantly outperforms (in terms of mean-squared error) other realizable resilient (and non-resilient) estimators.Publication Detecting Security Leaks in Hybrid Systems with Information Flow Analysis(2019-10-01) Nguyen, Luan Viet; Mohan, Gautam; Weimer, James; Sokolsky, Oleg; Lee, Insup; Alur, RajeevInformation flow analysis is an effective way to check useful security properties, such as whether secret information can leak to adversaries. Despite being widely investigated in the realm of programming languages, information-flow- based security analysis has not been widely studied in the domain of cyber-physical systems (CPS). CPS provide interesting challenges to traditional type-based techniques, as they model mixed discrete-continuous behaviors and are usually expressed as a composition of state machines. In this paper, we propose a lightweight static analysis methodology that enables information security properties for CPS models.We introduce a set of security rules for hybrid automata that characterizes the property of non-interference. Based on those rules, we propose an algorithm that generates security constraints between each sub-component of hybrid automata, and then transforms these constraints into a directed dependency graph to search for non-interference violations. The proposed algorithm can be applied directly to parallel compositions of automata without resorting to model-flattening techniques. Our static checker works on hybrid systems modeled in Simulink/Stateflow format and decides whether or not the model satisfies non-interference given a user-provided security annotation for each variable. Moreover, our approach can also infer the security labels of variables, allowing a designer to verify the correctness of partial security annotations. We demonstrate the potential benefits of the proposed methodology on two case studies.Publication Resilient Parameter-Invariant Control With Application to Vehicle Cruise Control(2013-03-20) Weimer, James; Bezzo, Nicola; Pajic, Miroslav; Pappas, George J.; Sokolsky, Oleg; Lee, InsupThis work addresses the general problem of resilient control of unknown stochastic linear time-invariant (LTI) systems in the presence of sensor attacks. Motivated by a vehicle cruise control application, this work considers a first order system with multiple measurements, of which a bounded subset may be corrupted. A frequency-domain-designed resilient parameter-invariant controller is introduced that simultaneously minimizes the effect of corrupted sensors, while maintaining a desired closed-loop performance, invariant to unknown model parameters. Simulated results illustrate that the resilient parameter-invariant controller is capable of stabilizing unknown state disturbances and can perform state trajectory tracking.Publication Context-Aware Detection in Medical Cyber-Physical Systems(2018-04-01) Ivanov, Radoslav; Weimer, James; Lee, InsupThis paper considers the problem of incorporating context in medical cyber-physical systems (MCPS) applications for the purpose of improving the performance of MCPS detectors. In particular, in many applications additional data could be used to conclude that actual measurements might be noisy or wrong (e.g., machine settings might indicate that the machine is improperly attached to the patient); we call such data context. The first contribution of this work is the formal definition of context, namely additional information whose presence is associated with a change in the measurement model (e.g., higher variance). Given this formulation, we developed the context-aware parameter-invariant (CA-PAIN) detector; the CA-PAIN detector improves upon the original PAIN detector by recognizing events with noisy measurements and not raising unnecessary false alarms. We evaluate the CA-PAIN detector both in simulation and on real-patient data; in both cases, the CA-PAIN detector achieves roughly a 20-percent reduction of false alarm rates over the PAIN detector, thus indicating that formalizing context and using it in a rigorous way is a promising direction for future work.