Safe CPS from unsafe controllers

  title={Safe CPS from unsafe controllers},
  author={Usama Mehmood and Stanley Bak and Scott A. Smolka and Scott D. Stoller},
  journal={Proceedings of the Workshop on Computation-Aware Algorithmic Design for Cyber-Physical Systems},
  • Usama Mehmood, Stanley Bak, S. Stoller
  • Published 19 May 2021
  • Computer Science
  • Proceedings of the Workshop on Computation-Aware Algorithmic Design for Cyber-Physical Systems
Modern cyber-physical systems (CPS) interact with the physical world, hence their correctness is important. In this work, we build upon the Simplex Architecture, where control authority may switch from an unverified and potentially unsafe advanced controller to a verified-safe baseline controller in order to maintain system safety. We take the approach further by lifting the requirement that the baseline controller must be verified or even correct, instead also treating it as a black-box… 

Figures from this paper

The Black-Box Simplex Architecture for Runtime Assurance of Autonomous CPS
This work shows that runtime checks can replace the requirement to statically verify safety of the baseline controller, and proves the architecture is safe and presents two case studies where model-predictive control provides safe multi-robot coordination, and neural networks provably prevent collisions in groups of F-16 aircraft.
Run Time Assurance for Safety-Critical Systems: An Introduction to Safety Filtering Approaches for Complex Control Systems
The Automatic Ground Collision Avoidance System (Auto GCAS), an RTA system integrated on the jets less than two years earlier in the Fall of 2014, detected that the aircraft was about to collide, commanded a roll to wings level and pull up maneuver, and recovered the aircraft less than 3,000 feet above the Arizona desert.
Runtime Safety Assurance for Learning-enabled Control of Autonomous Driving Vehicles
Simulation experiment results demonstrate that Simplex-Drive can always ensure the operation safety without sacrificing control performance, even if the DRL policy may lead to deviations from the safe status.


Real-Time Reachability for Verified Simplex Design
A combined online/offline approach, which uses aspects of the two earlier methods along with a real-time reach ability computation, also maintains safety, but with significantly less conservatism.
The System-Level Simplex Architecture for Improved Real-Time Embedded System Safety
The System-Level Simplex Architecture is introduced, which uses hardware/software co-design to provide fail-operational guarantees for both logical application-level faults, as well as faults in previously dependent layers including the RTOS and microprocessor.
SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems
SOTER is presented, a robotics programming framework with two key components: a programming language for implementing and testing high-level reactive robotics software, and an integrated runtime assurance (RTA) system that helps enable the use of uncertified components, while still providing safety guarantees.
A Study on Run Time Assurance for Complex Cyber Physical Systems
This study investigates the key technologies available and needed to increase the reliance on run time assurance, and suggests that if, through the use of run time architecture, the authors can provably bound systems behavior, then it may be possible to reduce the dependence on comprehensive off-line verification, shifting the analysis/test burden to the more provable run timeurance mechanism.
Contingency Model Predictive Control for Automated Vehicles
We present Contingency Model Predictive Control (CMPC), a novel and implementable control framework which tracks a desired path while simultaneously maintaining a contingency plan - an alternate
An Online Approach to Active Set Invariance
This paper shows how one can constrain a system to stay within reach of an appropriately chosen backup set in a minimally invasive way by performing online sensitivity analysis around a backup trajectory and factor in state constraints to enforce set invariance only based on online computations of sensitivities.
Neural Simplex Architecture
The Neural Simplex Architecture (NSA), a new approach to runtime assurance that provides safety guarantees for neural controllers of autonomous and other complex systems without unduly sacrificing performance, is presented.
Runtime Assurance Framework Development for Highly Adaptive Flight Control Systems
This report describes the technical progress made by Barron Associates, Inc. and its partners in runtime assurance (RTA) systems, which hold the promise of protecting advanced systems that cannot be fully certified at design time due to their inherent complexity.
ModelPlex: verified runtime validation of verified cyber-physical system models
ModelPlex is introduced, a method ensuring that verification results about models apply to CPS implementations and a systematic technique to synthesize provably correct monitors automatically from CPS proofs in differential dynamic logic by a correct-by-construction approach, leading to verifiably correct runtime model validation.
ReachFlow: An Online Safety Assurance Framework for Waypoint-Following of Self-driving Cars
This work proposes an online monitor called Reach-Flow for fault prevention of waypoint-following tasks for self-driving cars and demonstrates the effectiveness by rigorously verifying a safe way point- following control and providing a fallback control for an unsafe situation in which a large deviation from the planned path is predicted.