Penn Engineering
The School of Engineering and Applied Science, established in 1852, is composed of six academic departments and numerous interdisciplinary centers, institutes, and laboratories. At Penn Engineering, we are preparing the next generation of innovative engineers, entrepreneurs and leaders. Our unique culture of cooperation and teamwork, emphasis on research, and dedicated faculty advisors who teach as well as mentor, provide the ideal environment for the intellectual growth and development of well-rounded global citizens.
- Department of Bioengineering
- Department of Chemical & Biomolecular Engineering
- Department of Computer & Information Science
- Department of Electrical & Systems Engineering
- Department of Materials Science & Engineering
- Department of Mechanical Engineering & Applied Mechanics
- Energy Research Group
- Engineering Documents
- General Robotics, Automation, Sensing and Perception Laboratory
- Institute for Medicine and Engineering
- Kod*lab
- Laboratory for Research on the Structure of Matter
Search results
Now showing 1 - 10 of 1491
Publication Enforcing Robust Declassification(2004-06-28) Myers, Andrew C; Sabelfeld, Andrei; Zdancewic, Stephan A.Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems perform intentional release of sensitive information as part of their correct functioning and therefore violate noninterference. To control information flow while permitting intentional information release, some systems have a downgrading or declassification mechanism. A major danger of such a mechanism is that it may cause unintentional information release. This paper shows that a robustness property can be used to characterize programs in which declassification mechanisms cannot be exploited by attackers to release more information than intended. It describes a simple way to provably enforce this robustness property through a type-based compile-time program analysis. The paper also presents a generalization of robustness that supports upgrading (endorsing) data integrity.Publication A Reasoning Framework for Autonomous Urban Driving(2008-06-04) Ferguson, Dave; Baker, Christopher; Likhachev, Maxim; Dolan, JohnUrban driving is a demanding task for autonomous vehicles as it requires the development and integration of several challenging capabilities, including high-level route planning, interaction with other vehicles, complex maneuvers, and ultra-reliability. In this paper, we present a reasoning framework for an autonomous vehicle navigating through urban environments. Our approach combines route-level planning, context-sensitive local decision making, and sophisticated motion planning to produce safe, intelligent actions for the vehicle. We provide examples from an implementation on an autonomous passenger vehicle that has driven over 3000 autonomous kilometers and competed in, and won, the Urban Challenge.Publication Quantifying the Gap Between Embedded Control Models and Time-Triggered Implementations(2005-12-08) Yazarel, Hakan; Girard, Antoine; Pappas, George J.; Alur, RajeevMapping a set of feedback control components to executable code introduces errors due to a variety of factors such as discretization, computational delays, and scheduling policies. We argue that the gap between the model and the implementation can be rigorously quantified leading to predictability if the implementation is viewed as a sequence of control blocks executed in statically allocated time slots on a time-triggered platform. For linear systems controlled by linear controllers, we show how to calculate the exact error between the model-level semantics and the execution semantics of an implementation, allowing us to compare different implementations. The calculated error of different implementations is demonstrated using simulations on illustrative examples.Publication Structure and properties of C60@SWNT(2001-11-26) Smith, Brian W; Russo, Richard M; Chikkannanavar, Satishkumar B; Stercel, Ferenc; Luzzi, David EOur recent achievement of high-yield C60@SWNT synthesis facilitates characterization by various techniques, including selected area electron diffraction (SAD) and Raman spectroscopy. The obtained SAD patterns show that interior C60 molecules sit on a simple 1-D lattice having a parameter of 1.00 nm. Simulated SAD patterns and real-space measurements both support this determination and do not indicate a lattice with a more complex basis, e.g. a dimer basis. Empty and bulk-filled SWNTs (22%, 56%, and 90% yields), each subjected to identical processing steps, were examined by room temperature Raman spectroscopy. Systematic differences are seen between the spectra of filled and unfilled SWNTs, particularly with respect to the G- and RBM-bands of the nanotubes. We present a possible explanation for this behavior.Publication A Bisimulation for Type Abstraction and Recursion(2005-01-12) Sumii, Eijiro; Pierce, Benjamin CWe present a sound, complete, and elementary proof method, based on bisimulation, for contextual equivalence in a λ-calculus with full universal, existential, and recursive types. Unlike logical relations (either semantic or syntactic), our development is elementary, using only sets and relations and avoiding advanced machinery such as domain theory, admissibility, and TT-closure. Unlike other bisimulations, ours is complete even for existential types. The key idea is to consider sets of relations—instead of just relations—as bisimulations.Publication Motion Planning for Redundant Branching Articulated Figures with Many Degrees of Freedom(1992-07-08) Ching, Wallace S.; Badler, Norman IA fast algorithm is presented that can handle the motion planning problem for articulated figures with branches and many degrees of freedom. The algorithm breaks down the degrees of freedom of the figure into Cspace groups and compute the free motion for each of these groups in a sequential fashion. It traverses the tree in a depth first order to compute the motion for all the branches. A special playback routine is then used to traverse the tree again in a reverse order to playback the final motion. The planner runs in linear time with respect to the total number of Cspace groups without backtracking. We believe that the planner would find a path in most cases and is fast enough for practical use in a wide range of applications.Publication Design of Body-Grounded Tactile Actuators for Playback of Human Physical Contact(2011-06-01) Kuchenbecker, Katherine J; Stanley, Andrew AWe present four wearable tactile actuators capable of recreating physical sensations commonly experienced in human interactions, including tapping on, dragging across, squeezing, and twisting an individual’s wrist. In seeking to create tactile signals that feel natural and are easy to understand, we developed movement control interfaces to play back each of these forms of actual human physical contact. Through iterative design, prototyping, programming, and testing, each of these servo-motor-based mechanisms produces a signal that is gradable in magnitude, can be played in a variety of temporal patterns, is localizable to a small area of skin, and, for three of the four actuators, has an associated direction. Additionally, we have tried to design toward many of the characteristics that have made high frequency vibration the most common form of wearable tactile feedback, including low cost, light weight, comfort, and small size. Bolstered by largely positive comments from naive users during an informal testing session, we plan to continue improving these devices for future use in tactile motion guidance.Publication Attack-Resilient Sensor Fusion(2014-02-01) Ivanov, Radoslav; Pajic, Miroslav; Lee, InsupThis work considers the problem of attack-resilient sensor fusion in an autonomous system where multiple sensors measure the same physical variable. A malicious attacker may corrupt a subset of these sensors and send wrong measurements to the controller on their behalf, potentially compromising the safety of the system. We formalize the goals and constraints of such an attacker who also wants to avoid detection by the system. We argue that the attacker’s capabilities depend on the amount of information she has about the correct sensors’ measurements. In the presence of a shared bus where messages are broadcast to all components connected to the network, the attacker may consider all other measurements before sending her own in order to achieve maximal impact. Consequently, we investigate effects of communication schedules on sensor fusion performance. We provide worst- and average-case results in support of the Ascending schedule, where sensors send their measurements in a fixed succession based on their precision, starting from the most precise sensors. Finally, we provide a case study to illustrate the use of this approach.Publication Architecture-Centric Software Development for Cyber-Physical Systems(2014-10-01) Sokolsky, Oleg; Pajic, Miroslav; Bezzo, Nicola; Lee, InsupWe discuss the problem of high-assurance development of cyber-physical systems. Specifically, we concentrate on the interaction between the development of the control system layer and platform-specific software engineering for system components. We argue that an architecture-centric approach allows us to streamline the development and increase the level of assurance for the resulting system. The case study of an unmanned ground vehicle illustrates the approach.Publication Athena's Prism - A Diplomatic Strategy Role Playing Simulation for Generating Ideas and Exploring Alternatives(2005-05-01) Silverman, Barry G; Rees, Richard L; Toth, Jozsef A; Cornwell, Jason; O'Brien, Kevin; Johns, Michael; Caplan, MartyIntelligence analysts must clear at least three hurdles to get good product out the door: cognitive biases, social biases and self-imposed organizational impediments. Others (e.g., Gilovich, et al., Heuer, and Kahneman and Tversky), explain the cognitive processes that can help or trip us. A less well mapped set of dangers arises in the social dynamics of communicating tasking, working with other analysts, editing and customer interaction. Finally, the mere fact of a unit's published record creates analytic inertia - an argument at rest tends to stay at rest and one in motion (i.e., ambiguous or uncertain) tends to stay in motion. (A variation of this includes groupthink.)