Penn Engineering is the birthplace of the modern computer. It was here that the ENIAC, the world's first electronic, large-scale, general-purpose digital computer, was developed in 1946. Since this auspicious beginning more than five decades ago, the field of computer science at Penn has been marked by exciting innovations. Over the last few years, Penn CIS has grown in algorithms, theory of computation, networking, systems and architecture, and artificial intelligence. We are building on these successes to strengthen work on databases, graphics, programming languages, and security, and to deepen our interdisciplinary work in such areas as bioinformatics, cognitive science, robotics, and management.
PublicationEnforcing Robust Declassification(2004-06-28) Myers, Andrew C; Sabelfeld, Andrei; Zdancewic, Stephan A.Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems perform intentional release of sensitive information as part of their correct functioning and therefore violate noninterference. To control information flow while permitting intentional information release, some systems have a downgrading or declassification mechanism. A major danger of such a mechanism is that it may cause unintentional information release. This paper shows that a robustness property can be used to characterize programs in which declassification mechanisms cannot be exploited by attackers to release more information than intended. It describes a simple way to provably enforce this robustness property through a type-based compile-time program analysis. The paper also presents a generalization of robustness that supports upgrading (endorsing) data integrity. PublicationAuthoring Multi-Actor Behaviors in Crowds With Diverse Personalities(2013-01-01) Kapadia, Mubbasir; Shoulson, Alexander; Durupinar, Funda; Badler, Norman IMulti-actor simulation is critical to cinematic content creation, disaster and security simulation, and interactive entertainment. A key challenge is providing an appropriate interface for authoring high-fidelity virtual actors with featurerich control mechanisms capable of complex interactions with the environment and other actors. In this chapter, we present work that addresses the problem of behavior authoring at three levels: Individual and group interactions are conducted in an event-centric manner using parameterized behavior trees, social crowd dynamics are captured using the OCEAN personality model, and a centralized automated planner is used to enforce global narrative constraints on the scale of the entire simulation. We demonstrate the benefits and limitations of each of these approaches and propose the need for a single unifying construct capable of authoring functional, purposeful, autonomous actors which conform to a global narrative in an interactive simulation. PublicationQuantifying the Gap Between Embedded Control Models and Time-Triggered Implementations(2005-12-08) Yazarel, Hakan; Girard, Antoine; Pappas, George J.; Alur, RajeevMapping a set of feedback control components to executable code introduces errors due to a variety of factors such as discretization, computational delays, and scheduling policies. We argue that the gap between the model and the implementation can be rigorously quantified leading to predictability if the implementation is viewed as a sequence of control blocks executed in statically allocated time slots on a time-triggered platform. For linear systems controlled by linear controllers, we show how to calculate the exact error between the model-level semantics and the execution semantics of an implementation, allowing us to compare different implementations. The calculated error of different implementations is demonstrated using simulations on illustrative examples. PublicationA Hierarchical Database Model for a Logic Programming Language(1988-03-01) Finin, Timothy; McGuire, JamesThis paper presents an extended Clausal Database Model for a logic programming language. Instead of being restricted to one global database, as is the case with Prolog, we allow segmentation of the database into database units which are linked together into a semi-lattice. Each database unit defines a database view which includes clauses which have been asserted into that unit as well as clauses inherited from its ancestors higher in the lattice structure. This model supports arbitrary retraction. Retracting a clause in a database unit effectively blocks its inheritance for that unit and all of its descendants. Motivations for using this model are given. We also discuss the implementation of a Prolog meta-interpreter that uses this model. (hereafter referred to as (Phd) or Prolog Hierarchical Database) This meta-interpreter is in the spirit of Prolog and therefore has a version of assert, retract and cut. PublicationInteractive design of complex time-dependent lighting(1995-03-01) Dorsey, Julie; Arvo, James; Greenberg, DonaldVisualizing complicated lighting sequences while designing large theatrical productions proves difficult. The author provides some techniques that achieve fast interaction regardless of scene and lighting complexity, even when used with costly rendering algorithms. PublicationA Bisimulation for Type Abstraction and Recursion(2005-01-12) Sumii, Eijiro; Pierce, Benjamin CWe present a sound, complete, and elementary proof method, based on bisimulation, for contextual equivalence in a λ-calculus with full universal, existential, and recursive types. Unlike logical relations (either semantic or syntactic), our development is elementary, using only sets and relations and avoiding advanced machinery such as domain theory, admissibility, and TT-closure. Unlike other bisimulations, ours is complete even for existential types. The key idea is to consider sets of relations—instead of just relations—as bisimulations. PublicationToken Coherence: A New Framework for Shared-Memory Multiprocessors(2003-11-01) Martin, Milo; Hill, Mark D; Wood, David ACommercial workload and technology trends are pushing existing shared-memory multiprocessor coherence protocols in divergent directions. Token Coherence provides a framework for new coherence protocols that can reconcile these opposing trends. PublicationMotion Planning for Redundant Branching Articulated Figures with Many Degrees of Freedom(1992-07-08) Ching, Wallace S.; Badler, Norman IA fast algorithm is presented that can handle the motion planning problem for articulated figures with branches and many degrees of freedom. The algorithm breaks down the degrees of freedom of the figure into Cspace groups and compute the free motion for each of these groups in a sequential fashion. It traverses the tree in a depth first order to compute the motion for all the branches. A special playback routine is then used to traverse the tree again in a reverse order to playback the final motion. The planner runs in linear time with respect to the total number of Cspace groups without backtracking. We believe that the planner would find a path in most cases and is fast enough for practical use in a wide range of applications. PublicationAttack-Resilient Sensor Fusion(2014-02-01) Ivanov, Radoslav; Pajic, Miroslav; Lee, InsupThis work considers the problem of attack-resilient sensor fusion in an autonomous system where multiple sensors measure the same physical variable. A malicious attacker may corrupt a subset of these sensors and send wrong measurements to the controller on their behalf, potentially compromising the safety of the system. We formalize the goals and constraints of such an attacker who also wants to avoid detection by the system. We argue that the attacker’s capabilities depend on the amount of information she has about the correct sensors’ measurements. In the presence of a shared bus where messages are broadcast to all components connected to the network, the attacker may consider all other measurements before sending her own in order to achieve maximal impact. Consequently, we investigate effects of communication schedules on sensor fusion performance. We provide worst- and average-case results in support of the Ascending schedule, where sensors send their measurements in a fixed succession based on their precision, starting from the most precise sensors. Finally, we provide a case study to illustrate the use of this approach. PublicationArchitecture-Centric Software Development for Cyber-Physical Systems(2014-10-01) Sokolsky, Oleg; Pajic, Miroslav; Bezzo, Nicola; Lee, InsupWe discuss the problem of high-assurance development of cyber-physical systems. Specifically, we concentrate on the interaction between the development of the control system layer and platform-specific software engineering for system components. We argue that an architecture-centric approach allows us to streamline the development and increase the level of assurance for the resulting system. The case study of an unmanned ground vehicle illustrates the approach.