We present an analysis to automatically determine if a program represents a continuous function, or equivalently, if infinitesimal changes to its inputs can only cause infinitesimal changes to its outputs. The analysis can be used to verify the robustness of programs whose inputs can have small amounts of error and uncertainty— e.g., embedded controllers processing slightly unreliable sensor data, or handheld devices using slightly stale satellite data. Continuity is a fundamental notion in mathematics. However, it is difficult to apply continuity proofs from real analysis to functions that are coded as imperative programs, especially when they use diverse data types and features such as assignments, branches, and loops. We associate data types with metric spaces as opposed to just sets of values, and continuity of typed programs is phrased in terms of these spaces. Our analysis reduces questions about continuity

We present a program analysis for verifying quantitative robustness properties of programs, stated generally as: “If the inputs of a program are perturbed by an arbitrary amount ɛ, then its outputs change at most by Kɛ, where K can depend on the size of the input but not its value. ” Robustness properties generalize the analytic notion of continuity—e.g., while the function e x is continuous, it is not robust. Our problem is to verify the robustness of a function P that is coded as an imperative program, and can use diverse data types and features such as branches and loops. Our approach to the problem soundly decomposes it into two subproblems: (a) verifying that the smallest possible perturbations to the inputs of P do not change the corresponding outputs significantly, even if control now flows

Abstract. The concept of self-organization has been examined oftentimes for several domains such as physics, chemistry, mathematics, etc. However, the current technical development opens a new field of self-organizing applications by creating systems of networked and massively distributed hardware with self-organized control. Having this view in mind, this papers reviews the questions: What is a self-organizing system?, What is it not?, Should there be a separate field of science for self-organizing systems?, and What are possible approaches to engineer a self-organizing control system?. The presented ideas have been elaborated at the Lakeside Research Days’08 (University of Klagenfurt, Austria), a workshop that featured guided discussions between invited experts working in the field of selforganizing systems. 1

All rights reserved.

A Distributed Cyber-Physical System (DCPS) may receive and induce energy-based interference from and to its environment. This paper presents a model and an associated methodology that can be used to: i) schedule tasks in DCPSs to ensure that the thermal effects of the task execution are within acceptable levels; and ii) verify that a given schedule meets the constraints. The model uses coarse discretization of space and linearity of interference. The methodology involves characterizing the interference of the task execution and fitting it into the model, then using the fitted model to verify a solution or explore the solution space.

Multiprocessing architectures provide hardware for executing multiple tasks simultaneously via techniques such as simultaneous multithreading and symmetric multiprocessing. The problem addressed by this paper is that even when tasks that are executing concurrently do not communicate, they may interfere by affecting each other’s timing. For cyberphysical system applications, such interference can nullify many of the advantages offered by parallel hardware. In this paper, we argue for temporal semantics in layers of abstraction in computing. This will enable us to achieve temporal isolation on multiprocessing architectures. We discuss techniques at the microarchitecture level, in the memory hierarchy, in on-chip communication, and in the instruction-set architecture that can provide temporal semantics and control over timing. Categories and Subject Descriptors

Cyber-Physical Systems (CPS) are sensing, communication and processing platforms, deeply embedded in physical processes and provide real-time monitoring and actuation services. Such systems are becoming increasing common in enabling many of the pervasive computing technologies that are becoming available today such as, smart-homes, smart-vehicles, pervasive health monitoring systems. Given the automation that CPSs introduce in managing physical processes, and the detail of information available to them for carrying out their tasks, securing them is of prime importance. In this dissertation, a novel security paradigm for CPSs is proposed, called Cyber-Physical Security (CYPSec). CYPSec solutions are unique in that they take they take into account the environmentally-coupled nature of CPSs in enabling security solutions. This dissertation explores CYPSec solutions for two diverse but related problems. The first is a usable and secure key agreement protocol called Physiological Signal based Key Agreement (PSKA), which combines signal processing and cryptographic primitives to enable automated key agreement between sensors in a Body Area Network (BAN) without any form of external user involvement. It uses specific physiological stimuli-based features (Photoplethsymogram and Electrocardiogram) from the human body for its task. The second is an access control model called Criticality Aware Access Control (CAAC), which facilitates a more adaptive and proactive provisioning of authorizations-

In a component-based design context, we propose a relational interface theory for synchronous systems. A component is abstracted by its interface, which consists of input and output variables, as well as one or more contracts. A contract is a relation between input and output assignments. In the stateless case, there is a single contract that holds at every synchronous round. In the general, stateful, case, the contract may depend on the state, modeled as the history of past observations. Interfaces can be composed by connection or feedback. Parallel composition is a special case of connection. Feedback is allowed only for Moore interfaces, where the contract does not depend on the current values of the input variables that are connected (although it may depend on past values of such variables). The theory includes explicit notions of environments, pluggability and substitutability. Environments are themselves interfaces. Pluggability means that the closed-loop system formed by an interface and an environment is well-formed, that is, a state with unsatisfiable contract is unreachable. Substitutability means that an interface can replace another interface in any environment. A refinement relation between interfaces is proposed, that has two main properties: first, it is preserved by composition; second, it is equivalent to substitutability for well-formed interfaces. Shared refinement and abstraction operators, corresponding to greatest lower and least upper bounds with respect to refinement, are also defined. Input-complete interfaces, that impose no restrictions on inputs, and deterministic interfaces, that produce a unique output for any legal input, are discussed as special cases, and an interesting duality between the two classes is exposed. A number of illustrative examples are provided, as well as algorithms to compute compositions, check refinement, and so on, for finite-state interfaces. 1

Functional model-based design

All rights reserved.