Penn Engineering
The School of Engineering and Applied Science, established in 1852, is composed of six academic departments and numerous interdisciplinary centers, institutes, and laboratories. At Penn Engineering, we are preparing the next generation of innovative engineers, entrepreneurs and leaders. Our unique culture of cooperation and teamwork, emphasis on research, and dedicated faculty advisors who teach as well as mentor, provide the ideal environment for the intellectual growth and development of well-rounded global citizens.
- Department of Bioengineering
- Department of Chemical & Biomolecular Engineering
- Department of Computer & Information Science
- Department of Electrical & Systems Engineering
- Department of Materials Science & Engineering
- Department of Mechanical Engineering & Applied Mechanics
- Energy Research Group
- Engineering Documents
- General Robotics, Automation, Sensing and Perception Laboratory
- Institute for Medicine and Engineering
- Kod*lab
- Laboratory for Research on the Structure of Matter
Search results
Now showing 1 - 10 of 324
Publication Attack-Resilient Sensor Fusion(2014-02-01) Ivanov, Radoslav; Pajic, Miroslav; Lee, InsupThis work considers the problem of attack-resilient sensor fusion in an autonomous system where multiple sensors measure the same physical variable. A malicious attacker may corrupt a subset of these sensors and send wrong measurements to the controller on their behalf, potentially compromising the safety of the system. We formalize the goals and constraints of such an attacker who also wants to avoid detection by the system. We argue that the attacker’s capabilities depend on the amount of information she has about the correct sensors’ measurements. In the presence of a shared bus where messages are broadcast to all components connected to the network, the attacker may consider all other measurements before sending her own in order to achieve maximal impact. Consequently, we investigate effects of communication schedules on sensor fusion performance. We provide worst- and average-case results in support of the Ascending schedule, where sensors send their measurements in a fixed succession based on their precision, starting from the most precise sensors. Finally, we provide a case study to illustrate the use of this approach.Publication Architecture-Centric Software Development for Cyber-Physical Systems(2014-10-01) Sokolsky, Oleg; Pajic, Miroslav; Bezzo, Nicola; Lee, InsupWe discuss the problem of high-assurance development of cyber-physical systems. Specifically, we concentrate on the interaction between the development of the control system layer and platform-specific software engineering for system components. We argue that an architecture-centric approach allows us to streamline the development and increase the level of assurance for the resulting system. The case study of an unmanned ground vehicle illustrates the approach.Publication A Retrospective Look at the Monitoring and Checking (MaC) Framework(2019-10-01) Kannan, Sampath; Kim, Moonzoo; Lee, Insup; Sokolsky, Oleg; Viswanathan, MaheshThe Monitoring and Checking (MaC) project gave rise to a framework for runtime monitoring with respect to formally specified properties, which later came to be known as runtime verification. The project also built a pioneering runtime verification tool, Java-MaC, that was an instantiation of the approach to check properties of Java programs. In this retrospective, we discuss decisions made in the design of the framework and summarize lessons learned in the course of the project.Publication CCSR: A Calculus for Communicating Shared Resources(1990-03-12) Gerber, Richard; Lee, InsupThe timing behavior of a real-time system depends not only on delays due to process synchronization, but also on the availability of shared resources. Most current real-time models capture delays due to process synchronization; however, they abstract out resource-specific details by assuming idealistic operating environments. On the other hand, scheduling and resource allocation algorithms used for real-time systems ignore the effect of process synchronization except for simple precedence relations between processes. To bridge the gap between these two disciplines, we have developed a formalism called Communicating Shared Resources, or CSR. This paper presents the priority-based process algebra called the Calculus for Communicating Shared Resources (CCSR), which provides an equational characterization of the CSR language. The computation model of CCSR is resource-based in that multiple resources execute synchronously, while processes assigned to the same resource are interleaved according to their priorities. CCSR possesses a prioritized strong equivalence for terms based on strong bisimulation. The paper also describes a producer and consumer problem whose correct timing behavior depends on priority.Publication Schedulability Analysis of AADL models(2006-04-29) Sokolsky, Oleg; Lee, Insup; Clark, DuncanThe paper discusses the use of formal methods for the analysis of architectural models expressed in the modeling language AADL. AADL describes the system as a collection of interacting components. The AADL standard prescribes semantics for the thread components and rules of interaction between threads and other components in the system. We present a semantics-preserving translation of AADL models into the real-time process algebra ACSR, allowing us to perform schedulability analysis of AADL models.Publication Verifying the Safety of Autonomous Systems with Neural Network Controllers(2020-12-01) Ivanov, Radoslav; Carpenter, Taylor J.; Weimer, James; Alur, Rajeev; Pappas, George; Lee, InsupThis paper addresses the problem of verifying the safety of autonomous systems with neural network (NN) controllers. We focus on NNs with sigmoid/tanh activations and use the fact that the sigmoid/tanh is the solution to a quadratic differential equation. This allows us to convert the NN into an equivalent hybrid system and cast the problem as a hybrid system verification problem, which can be solved by existing tools. Furthermore, we improve the scalability of the proposed method by approximating the sigmoid with a Taylor series with worst-case error bounds. Finally, we provide an evaluation over four benchmarks, including comparisons with alternative approaches based on mixed integer linear programming as well as on star sets.Publication Robust Test Generation and Coverage for Hybrid Systems(2007-04-01) Julius, Agung; Fainekos, Georgios E; Anand, Madhukar; Lee, Insup; Pappas, GeorgeTesting is an important tool for validation of the system design and its implementation. Model-based test generation allows to systematically ascertain whether the system meets its design requirements, particularly the safety and correctness requirements of the system. In this paper, we develop a framework for generating tests from hybrid systems’ models. The core idea of the framework is to develop a notion of robust test, where one nominal test can be guaranteed to yield the same qualitative behavior with any other test that is close to it. Our approach offers three distinct advantages: 1) It allows for computing and formally quantifying the robustness of some properties; 2) it establishes a method to quantify the test coverage for every test case; and 3) the procedure is parallelizable and therefore, very scalable. We demonstrate our framework by generating tests for a navigation benchmark application.Publication A State Minimization Algorithm for Communicating State Machines With Arbitrary Data Space(1993) Kang, Inhye; Lee, InsupA fundamental issue in the automated analysis of communicating systems is the efficient generation of the reachable state space. Since it is not possible to generate all the reachable states of a system with an infinite number of states, we need a way to combine sets of states. In this paper, we describe communicating state machines with data variables, which we use to specify concurrent systems. We then present an algorithm that constructs the minimal reachability graph of a labeled transition system with infinite data values. Our algorithm clusters a set of states that are bisimilar into an equivalent class. We include an example to illustrate our algorithm and identify a set of sufficient conditions that guarantees the termination of the algorithm.Publication Reverse Software Engineering(1988-12-01) Prywes, Noah S; Ge, X.; Lee, Insup; Song, M.The goal of Reverse Software Engineering is the reuse of old outdated programs in developing new systems which have an enhanced functionality and employ modern programming languages and new computer architectures. Mere transliteration of programs from the source language to the object language does not support enhancing the functionality and the use of newer computer architectures. The main concept in this report is to generate a specification of the source programs in an intermediate nonprocedural, mathematically oriented language. This specification is purely descriptive and independent of the notion of the computer. It may serve as the medium for manually improving reliability and expanding functionally. The modified specification can be translated automatically into optimized object programs in the desired new language and for the new platforms. This report juxtaposes and correlates two classes of computer programming languages: procedural vs. nonprocedural. The nonprocedural languages are also called rule based, equational, functional or assertive. Non-procedural languages are noted for the absence of "side effects" and the freeing of a user from "thinking like a computer" when composing or studying a procedural language program. Nonprocedural languages are therefore advantageous for software development and maintenance. Non procedural languages use mathematical semantics and therefore are more suitable for analysis of the correctness and for improving the reliability of software. The difference in semantics between the two classes of languages centers on the meaning of variables. In a procedural language a variable may be assigned multiple values, while in a nonprocedural language a variable may assume one and only one value. The latter is the same convention as used in mathematics. The translation algorithm presented in this report consists of renaming variables and expanding the logic and control in the procedural program until each variable is assigned one and only one value. The translation into equations can then be performed directly. The source program and object specification are equivalent in that there is a one to one equality of values of respective variables. The specification that results from these transformations is then further simplified to make it easy to learn and understand it when performing maintenance. The presentation of translation algorithms in this report utilizes FORTRAN as the source language and MODEL as the object language. MODEL is an equational language, where rules are expressed as algebraic equations. MODEL has an effective translation into the object procedural languages PL/1, C and Ada.Publication Process Algebraic Modeling and Analysis of Power-Aware Real-Time Systems(2002-08-01) Lee, Insup; Philippou, Anna; Sokolsky, OlegThe paper describes a unified formal framework for designing and reasoning about power-constrained, real-time systems. The framework is based on process algebra, a formalism which has been developed to describe and analyze communicating, concurrent systems. The proposed extension allows the modeling of probabilistic resource failures, priorities of resource usages, and power consumption by resources within the same formalism. Thus, it is possible to evaluate alternative power-consumption behaviors and tradeoffs under different real-time schedulers, resource limitations, resource failure probabilities, etc. This paper describes the modeling and analysis techniques, and illustrates them with examples, including a dynamic voltage-scaling algorithm.