[{"id":"christianStudyCoreSupport2015","abstract":"The application of neutron noise analysis (NNA) to the ex-core neutron detector signal for monitoring the vibration characteristics of a reactor core support barrel (CSB) was investigated. Ex-core flux data were generated by using a nonanalog Monte Carlo neutron transport method in a simulated CSB model where the implicit capture and Russian roulette technique were utilized. First and third order beam and shell modes of CSB vibration were modeled based on parallel processing simulation. A NNA module was developed to analyze the ex-core flux data based on its time variation, normalized power spectral density, normalized cross-power spectral density, coherence, and phase differences. The data were then analyzed with a fuzzy logic module to determine the vibration characteristics. The ex-core neutron signal fluctuation was directly proportional to the CSB's vibration observed at 8 Hz and 15 Hz in the beam mode vibration, and at 8 Hz in the shell mode vibration. The coherence result between flux pairs was unity at the vibration peak frequencies. A distinct pattern of phase differences was observed for each of the vibration models. The developed fuzzy logic module demonstrated successful recognition of the vibration frequencies, modes, orders, directions, and phase differences within 0.4 ms for the beam and shell mode vibrations.","author":[{"family":"Christian","given":"Robby"},{"family":"Song","given":"Seon Ho"},{"family":"Kang","given":"Hyun Gook"}],"citation-key":"christianStudyCoreSupport2015","container-title":"Nuclear Engineering and Technology","DOI":"10.1016/j.net.2014.10.002","ISSN":"17385733","issue":"2","issued":{"date-parts":[["2015"]]},"page":"165-175","section":"165","title":"Study of core support barrel vibration monitoring using ex-core neutron noise analysis and fuzzy logic algorithm","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S1738573315000042?via%3Dihub","volume":"47"},{"id":"trentyOperationalFeedbackInternal1995","abstract":"EDF has acquired extensive feedback on vibration of reactor vessel internals by analysing ex-core neutron noise on its 54 pressurized water reactors during the course of over 300 fuel cycles. This feedback has been built up by processing more than 3,000 vibratory signatures acquired since the startup of its reactors. These signatures are now centralized for the whole of France in the “SINBAD” data base. Signature processing has enabled: 1. • distinguishing between mechanical phenomena and signature variation linked to unit operation: in particular, the impact on signature level of unit operating parameters such as initial fuel enrichment and burn-up rate was assessed; 2. • among the purely mechanical phenomena, pointing up slight changes in position of vessel internals and the first signs of structural wear: relaxation (in the hold-down spring and fuel rod assemblies) and wear on surfaces of contact between internals and reactor vessel were detected; 3. • lastly and most importantly, automatic recognition of the various types of vibratory behavior of internals. It was consequently possible to draw up user requirement specifications for automated monitoring of internals, which should soon be integrated in PSAD, a system which groups several reactor monitoring functions.","author":[{"family":"Trenty","given":"A."}],"citation-key":"trentyOperationalFeedbackInternal1995","container-title":"Progress in Nuclear Energy","DOI":"10.1016/0149-1970(95)00017-e","ISSN":"01491970","issue":"3-4","issued":{"date-parts":[["1995"]]},"page":"347-356","section":"347","title":"Operational feedback on internal structure vibration in 54 French PWRs during 300 fuel cycles","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/abs/pii/014919709500017E?via%3Dihub","volume":"29"},{"id":"pazsitNoiseTechniquesNuclear2010","abstract":"This chapter deals with neutron fluctuations in nuclear systems. Such neutron fluctuations, or neutron noise, fall into two categories: neutron noise in zero power systems and neutron noise in power reactors. The concepts, the theory, and the methodology of these fluctuations as well as their various applications for extracting information in a nonintrusive way about the system in question are described. A number of specific applications are described, where detection and analysis of zero power and power reactor noise make it possible to extract diagnostic information about the system by determining some parameters of the system during normal operation, or by detecting, identifying, and quantifying developing anomalies at an early stage and determining their severity. This chapter ends with an outline of future developments and actual issues in the field.","author":[{"family":"Pázsit","given":"Imre"},{"family":"Demazière","given":"Christophe"}],"citation-key":"pazsitNoiseTechniquesNuclear2010","container-title":"Handbook of Nuclear Engineering","DOI":"10.1007/978-0-387-98149-9_14","event-place":"Boston, MA","ISBN":"978-0-387-98130-7 978-0-387-98149-9","issued":{"date-parts":[["2010"]]},"page":"1629-1737","publisher":"Springer US","publisher-place":"Boston, MA","section":"Chapter 14","title":"Noise Techniques in Nuclear Systems","type":"chapter","URL":"https://link.springer.com/referenceworkentry/10.1007/978-0-387-98149-9_14"},{"id":"pazsitREFINEDMETHODSURVEILLANCE2014","abstract":"Surveillance and diagnostics of core barrel vibrations has been performed in the Swedish Ringhals PWRs for several years, with main focus on the pendular motion (beam mode). The monitoring of the beam mode showed that the amplitude of the corresponding peak in the ex-core neutron spectra increases along the cycle, and decreases after refueling. Previous investigations on the reason of this behaviour, i.e. whether it is due to the increase of the core barrel vibration amplitude or to the increase of the neutron physics coupling between vibrations and neutron noise, were not decisive. The objective of the work reported here is to clarify this question. From frequency analysis, two modes of vibration have been identi-fied in the frequency range of the beam mode. Several results coming from the trend analysis performed during recent years indicate that one of the modes is due to the core barrel motion itself and remains constant during cycle, and the other is due to the indi-vidual flow induced vibrations of the fuel elements, showing an increasing trend during the cycle. In this work, the method to separate the contributions from the two modes has been refined, and the results of this approach to the latest measurements are presented. The results confirm the origin of the two vibration modes and show constant amplitude of the core barrel motion throughout the cycle.","author":[{"family":"Pazsit","given":"Imre"},{"family":"Nylén","given":"Henrik"},{"family":"Montalvo Martín","given":"Cristina"}],"citation-key":"pazsitREFINEDMETHODSURVEILLANCE2014","issued":{"date-parts":[["2014"]]},"title":"REFINED METHOD FOR SURVEILLANCE AND DIAGNOSTICS OF THE CORE BARREL VIBRATIONS OF THE RINGHALS PWRs","type":"article-journal"},{"id":"pazsitNeutronNoiseDiagnostics2017","abstract":"Based on the theory of neutron noise arising from the vibration of a localized absorber, the possibility of rod vibration diagnostics is investigated. It is found that noise source characteristics, namely rod position and vibration trajectory and spectra, can be unfolded from measured neutron noise signals. For the localization process, the first and more difficult part of the diagnostics, a procedure is suggested whose novelty is that it is applicable in case of arbitrary vibration trajectories. Applicability of the method is investigated in numerical experiments where effects of background noise are also accounted for.","author":[{"family":"Pázsit","given":"I."},{"family":"Glöckler","given":"O."}],"citation-key":"pazsitNeutronNoiseDiagnostics2017","container-title":"Nuclear Science and Engineering","DOI":"10.13182/nse83-a27424","ISSN":"0029-5639 1943-748X","issue":"2","issued":{"date-parts":[["2017"]]},"page":"167-177","section":"167","title":"On the Neutron Noise Diagnostics of Pressurized Water Reactor Control Rod Vibrations. I. Periodic Vibrations","type":"article-journal","URL":"https://www.tandfonline.com/doi/abs/10.13182/NSE83-A27424","volume":"85"},{"id":"montalvomartinSurveillanceDiagnosticsBeam2012","abstract":"Surveillance of core barrel vibrations has been performed in the Swedish Ringhals PWRs for several years. This surveillance is focused mainly on the pendular motion of the core barrel, which is known as the beam mode. The monitoring of the beam mode has suggested that its amplitude increases along the cycle and decreases after refuelling. In the last 5 years several measurements have been taken in order to understand this behaviour. Besides, a non-linear fitting procedure has been implemented in order to better distinguish the different components of vibration. By using this fitting procedure, two modes of vibration have been identified in the frequency range of the beam mode. Several results coming from the trend analysis performed during these years indicate that one of the modes is due to the core barrel motion itself and the other is due to the individual flow induced vibrations of the fuel elements. In this work, the latest results of this monitoring are presented.","author":[{"family":"Montalvo Martín","given":"Cristina"},{"family":"Pázsit","given":"Imre"},{"family":"Nylén","given":"Henrik"}],"citation-key":"montalvomartinSurveillanceDiagnosticsBeam2012","issued":{"date-parts":[["2012"]]},"publisher":"E.T.S.I. Minas (UPM)","title":"Surveillance and diagnostics of the beam mode vibrations of the ringhals pwrs","type":"paper-conference"},{"id":"pazsitNeutronNoiseDiagnostics2017a","abstract":"In an earlier publication, using the theory of neutron fluctuations induced by a vibrating control rod, a complete formal solution of rod vibration diagnostics based on neutron noise measurements was given in terms of Fourier-transformed neutron detector time signals. The suggested procedure was checked in numerical simulation tests where only periodic vibrations could be considered. The procedure and its numerical testing are elaborated for stochastic two-dimensional vibrations. A simple stochastic theory of two-dimensional flow-induced vibrations is given; then the diagnostic method is formulated in the stochastic case, that is, in terms of neutron detector auto- and cross-power spectra. A previously suggested approximate rod localization technique is also formulated in the stochastic case. Applicability of the methods is then investigated in numerical simulation tests, using the proposed model of stochastic two-dimensional vibrations when generating neutron detector spectra that simulate measured data.","author":[{"family":"Pázsit","given":"I."},{"family":"Glöckler","given":"O."}],"citation-key":"pazsitNeutronNoiseDiagnostics2017a","container-title":"Nuclear Science and Engineering","DOI":"10.13182/nse84-4","ISSN":"0029-5639 1943-748X","issue":"1","issued":{"date-parts":[["2017"]]},"page":"77-87","section":"77","title":"On the Neutron Noise Diagnostics of Pressurized Water Reactor Control Rod Vibrations II. Stochastic Vibrations","type":"article-journal","URL":"https://www.tandfonline.com/doi/abs/10.13182/NSE84-4","volume":"88"},{"id":"arzhanovDiagnosticsCoreBarrel2003","abstract":"Diagnostics of core-barrel vibrations has traditionally been made by use of ex-vessel neutron detector signals. We suggest that in addition to the ex-core noise, also the in-core noise, induced by core barrel vibrations, be also used. This would enhance the possibilities of diagnostics where the number of the ex-core detectors is not sufficient or their positions are disadvantageous for effective diagnostics, especially for shell-mode vibrations. To this order, the theory of in-core noise induced by a fluctuating core boundary has been elaborated and applied to the diagnostics of beam and shell mode vibrations. The formulas were tested on some measurements taken in the Ringhals PWRs. The results confirm the validity of the model itself, and the possibilities for enhanced diagnostics were demonstrated. A more effective use of these novel possibilities requires more in-core detectors and/or better detector positioning.","author":[{"family":"Arzhanov","given":"V."},{"family":"Pázsit","given":"I."}],"citation-key":"arzhanovDiagnosticsCoreBarrel2003","container-title":"Progress in Nuclear Energy","DOI":"10.1016/s0149-1970(03)00023-4","ISSN":"01491970","issue":"1-4","issued":{"date-parts":[["2003",1,1]]},"page":"151-158","section":"151","title":"Diagnostics of core barrel vibrations by in-core and ex-core neutron noise","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S0149197003000234 https://www.sciencedirect.com/science/article/abs/pii/S0149197003000234?via%3Dihub","volume":"43"},{"id":"pazsitBeamModeCorebarrel2006","abstract":"Analysis of core-barrel vibrations in the Swedish Ringhals PWRs has been performed by Chalmers since the early 1990's. In the first phase of this work, between 1991 and 1998, the evaluation method has been developed such that it made a consistent comparison between different measurements possible. A trend analysis showed that the beam mode amplitudes have steadily increased between 1991 and 1998 in all three plants. This paper is to report on the second phase of the work, performed during 2005, on measurements made both before and after the summer outage 2005 in all three plants. During the summer outage, the hold-down spring in Ringhals-3 was replaced. The analysis shows that the vibration amplitudes increased in an accelerated rate between 1998 and 2005 in all three plants. In Ringhals 3, however, after the change of the hold-down spring, the beam mode amplitude has reverted to close its original level of 1991. It became also clear that the extraction of the information from the vibration peaks needs to be refined and made less subjective. A new method of algorithmic peak separation was elaborated, which supplies more information than the previous analysis; it gives also the peak width in addition to peak amplitude and peak frequency, while also supplying more accurate estimates for the latter two. (authors)","author":[{"family":"Pazsit","given":"M."},{"family":"Sunde","given":"C."},{"family":"Pazsit","given":"I."}],"citation-key":"pazsitBeamModeCorebarrel2006","event-place":"United States","issued":{"date-parts":[["2006"]]},"publisher":"American Nuclear Society - ANS; La Grange Park (United States)","publisher-place":"United States","title":"Beam mode core-barrel vibrations in the PWRs Ringhals 2-4","type":"paper-conference"},{"id":"pazsitDevelopmentsCoreBarrelMotion2017","abstract":"Core-barrel motion (CBM) surveillance and diagnostics, based on the amplitude of the peaks of the normalized auto power spectral densities (APSDs) of the ex-core neutron detectors, have been performed and continuously developed in Sweden and were applied for monitoring of the three PWR units, Ringhals 2 to 4. From 2005, multiple measurements were taken during each fuel cycle, and these revealed a periodic behavior of the 8-Hz peak of the beam-mode motion: the amplitude increases within the cycle and returns to a lower value at the beginning of the next cycle. The work reported in this paper aims to clarify the physical reason for this behavior. A combination of a mode separation method in the time domain and a nonlinear curve-fitting procedure of the frequency spectra revealed that two types of vibration phenomena contribute to the beam-mode peak. The lower frequency peak around 7 Hz in the ex-core detector APSDs corresponds to the CBM, whose amplitude does not change during the cycle. The higher frequency peak around 8 Hz arises from the individual vibrations of the fuel assemblies, and its amplitude increases monotonically during the cycle. This paper gives an account of the work that has been made to verify the above hypothesis.","author":[{"family":"Pázsit","given":"Imre"},{"family":"Montalvo","given":"Cristina"},{"family":"Nylén","given":"Henrik"},{"family":"Andersson","given":"Tell"},{"family":"Hernández-Solís","given":"Augusto"},{"family":"Cartemo","given":"Petty Bernitt"}],"citation-key":"pazsitDevelopmentsCoreBarrelMotion2017","container-title":"Nuclear Science and Engineering","DOI":"10.13182/nse15-14","ISSN":"0029-5639 1943-748X","issue":"2","issued":{"date-parts":[["2017"]]},"page":"213-227","section":"213","title":"Developments in Core-Barrel Motion Monitoring and Applications to the Ringhals PWR Units","type":"article-journal","URL":"https://www.tandfonline.com/doi/abs/10.13182/NSE15-14","volume":"182"},{"id":"pazsitDiagnosticsSurveillanceMethods2004","abstract":"This paper reviews some process signal analysis and representation methods that can be used during reactor operation such that they are suitable for real-time applicatons. All listed methods have been tested on data from operating plant. The objective is to detect and interpret changes in the plant or core status at an early stage, such that appropriate measures can be taken immediately. The methods that are discussed and demonstrated in the paper can be divided into two categories. The first is the use of fast and intelligent computing methods such as neural networks and fast wavelet transform, in combination with a diagnostic unfolding procedure which would be computationally rather demanding with traditional methods. The second type is based on direct representation of the system state through visualization of large complex data, showing the space–time behavior of the system. This latter is not associated with any unfolding procedure, it uses only a moderate signal preprocessing for filtering out redundant information, but otherwise showing the process status directly. Such methods have been made possible with the development of powerful computer visualization techniques. The potentials represented by this second alternative do not seem to have been explored fully yet in reactor diagnostics. Methods corresponding to both categories will be demonstrated and discussed in the paper.","author":[{"family":"Pázsit","given":"I."}],"citation-key":"pazsitDiagnosticsSurveillanceMethods2004","container-title":"Real-Time Systems","DOI":"10.1023/B:TIME.0000019129.88316.c7","ISSN":"0922-6443","issue":"1","issued":{"date-parts":[["2004"]]},"page":"97-113","section":"97","title":"Diagnostics and Surveillance Methods in Nuclear Systems for Real-Time Applications","type":"article-journal","URL":"https://link.springer.com/content/pdf/10.1023/B:TIME.0000019129.88316.c7.pdf","volume":"27"},{"id":"sundeCalculationNeutronNoise2017","abstract":"The subject of this paper is the calculation of the in-core neutron noise induced by the shell-mode vibrations of the core barrel. The original motivation was to investigate whether an out-of-phase behavior can exist between the in-core and ex-core (ex-vessel) detectors lying at the same azimuthal position. To this end, a two-region two-group diffusion model was used in one dimension. The noise was calculated by representing the vibrations of the core barrel by a model developed earlier to describe control rod vibrations. It was found that such an out-of-phase behavior indeed exists, although only for in-core detector positions close to the core boundary. This behavior is due to the local component of the noise, which is accounted for in a two-group treatment. The finding is in accordance with the experiment whose result prompted the present work. In addition to its effect on the phase, the local component also manifests itself by a large amplitude of the noise around the vibrating core boundary, i.e., in both the core and the reflector. The appearance and the properties of the local component of the neutron noise for core-barrel vibrations is the main finding of this paper. The results suggest that the efficiency of core-barrel vibrations can be enhanced if in addition to the ex-core detectors, the in-core detectors in the outermost fuel assemblies are used.","author":[{"family":"Sunde","given":"Carl"},{"family":"Demazière","given":"Christophe"},{"family":"Pázsit","given":"Imre"}],"citation-key":"sundeCalculationNeutronNoise2017","container-title":"Nuclear Technology","DOI":"10.13182/nt06-1","ISSN":"0029-5450 1943-7471","issue":"2","issued":{"date-parts":[["2017"]]},"page":"129-141","section":"129","title":"Calculation of the Neutron Noise Induced by Shell-Mode Core-Barrel Vibrations in a 1-D, Two-Group, Two-Region Slab Reactor Model","type":"article-journal","URL":"https://www.tandfonline.com/doi/abs/10.13182/NT06-1","volume":"154"},{"id":"woodModelingAnalysisNeutron1991","abstract":"Two applications of a noise diagnostic methodology were performed using ex-core neutron detector data from a pressurized water reactor (PWR). A feedback dynamics model of the neutron power spectral density (PSD) was derived from a low-order whole-plant physical model made stochastic using the Langevin technique. From a functional fit to plant data, the response of the dynamic system to changes in important physical parameters was evaluated by a direct sensitivity analysis. In addition, changes in monitored spectra were related to changes in physical parameters and detection thresholds using common surveillance discriminants were determined. A resonance model was developed from perturbation theory to give the ex-core neutron detector response for small in-core mechanical motions in terms of a pole-strength factor, a resonance asymmetry (or skewness) factor, a vibration damping factor, and a frequency of vibration. The mechanical motion parameters for several resonances were determined by a functional fit of the model to plant data taken at various times during a fuel cycle and were tracked to determine trends that indicated vibrational changes of reactor internals. In addition, the resonance model gave the ability to separate the resonant components of the PSD after the parameters had been identified. As a result, the behavior of several vibration peaks were monitored over a fuel cycle. 9 refs., 6 figs., 1 tab.","author":[{"family":"Wood","given":"R. T."},{"family":"Perez","given":"R. B."}],"citation-key":"woodModelingAnalysisNeutron1991","event-place":"United States","issued":{"date-parts":[["1991"]]},"publisher-place":"United States","title":"Modeling and analysis of neutron noise from an ex-core detector at a pressurized water reactor","type":"paper-conference"},{"id":"montalvoFirstEvidencePivotal2016","abstract":"The Division of Subatomic Physics and Plasma Physics (formerly Division of Nuclear Engineering) in Chalmers, Göteborg, and the Ringhals Nuclear Plant have investigated the core barrel vibrations in the Ringhals PWRs over the last 20 years. Based on the different symmetry properties of the vibration modes, a mode separation technique was developed to enhance the contributions from the different modes. Recent observations of wear at both the lower and upper core-barrel-support structures in the Ringhals PWRs indicated that vibration modes of the core barrel other than pendular (beam mode) and shell mode are likely to occur. A beam mode type movement alone is not able to explain such a wear, and therefore, it is fair to assume that the vibration mode in question is a small amplitude periodic tilting movement of the core barrel around a horizontal, diagonal pivot at the half height of the core. In this work, ex-core data taken in the Ringhals-4 PWR were analyzed in order to find evidence of such a tilting movement. First, cross spectra between various ex-core detectors were calculated and analyzed to locate the frequency range of the new vibrational mode. Then, a model based on symmetry considerations was derived in order to extract the sought mode from the spectra. The measurements were evaluated by the new mode enhancement technique. The results show that it is possible to enhance such a mode and find it in the spectra by properly combining the signals in the time domain.","author":[{"family":"Montalvo","given":"C."},{"family":"Pazsit","given":"Imre"},{"family":"Nylén","given":"H."},{"family":"Dykin","given":"Victor"}],"citation-key":"montalvoFirstEvidencePivotal2016","ISSN":"1510825738","issued":{"date-parts":[["2016"]]},"page":"2571","title":"First evidence of the pivotal motion (\"tilting mode\") of the core Barrel in the RINGHALS-4 PWR","type":"article-journal"},{"id":"hahnAUTOMATEDCYBERSECURITY","abstract":"Nuclear Power Plants (NPPs) are a complex system of coupled physics controlled by a network of Programmable Logic Controllers (PLCs). These PLCs communicate process data across the network to coordinate control actions with each other and inform the operators of process variables and control decisions. Networking the PLCs allows more effective process control and provides the operator more information which results in more efficient plant operation. This interconnectivity creates new security issues, as operators have more access to the plant controls, so will bad actors.","author":[{"family":"Hahn","given":"Andrew"},{"family":"Sandoval","given":"Daniel R"},{"family":"Fasano","given":"Raymond E"},{"family":"Lamb","given":"Christopher"}],"citation-key":"hahnAUTOMATEDCYBERSECURITY","language":"en","source":"Zotero","title":"AUTOMATED CYBER SECURITY TESTING PLATFORM FOR INDUSTRIAL CONTROL SYSTEMS","type":"article-journal"},{"id":"TypesProgrammingLanguages","accessed":{"date-parts":[["2024",1,22]]},"citation-key":"TypesProgrammingLanguages","title":"Types and Programming Languages","type":"webpage","URL":"https://web-p-ebscohost-com.pitt.idm.oclc.org/ehost/ebookviewer/ebook?sid=9aae5940-b8e1-4213-9bc3-47cea530173c%40redis&vid=0&format=EB"},{"id":"rouhlingFormalProofsControl","author":[{"family":"Rouhling","given":"Damien"}],"citation-key":"rouhlingFormalProofsControl","language":"en","source":"Zotero","title":"Formal Proofs for Control Theory and Robotics: A Case Study","type":"article-journal"},{"id":"cohenFormalProofCoq2017","abstract":"Stability analysis of dynamical systems plays an important role in the study of control techniques. LaSalle’s invariance principle is a result about the asymptotic stability of the solutions to a nonlinear system of diﬀerential equations and several extensions of this principle have been designed to ﬁt diﬀerent particular kinds of system. In this paper we present a formalization, in the Coq proof assistant, of a slightly improved version of the original principle. This is a step towards a formal veriﬁcation of dynamical systems.","accessed":{"date-parts":[["2024",1,22]]},"author":[{"family":"Cohen","given":"Cyril"},{"family":"Rouhling","given":"Damien"}],"citation-key":"cohenFormalProofCoq2017","container-title":"Interactive Theorem Proving","DOI":"10.1007/978-3-319-66107-0_10","editor":[{"family":"Ayala-Rincón","given":"Mauricio"},{"family":"Muñoz","given":"César A."}],"event-place":"Cham","ISBN":"978-3-319-66106-3 978-3-319-66107-0","issued":{"date-parts":[["2017"]]},"language":"en","page":"148-163","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"A Formal Proof in Coq of LaSalle’s Invariance Principle","type":"chapter","URL":"https://link.springer.com/10.1007/978-3-319-66107-0_10","volume":"10499"},{"id":"shulmanBasicsTypeTheory","author":[{"family":"Shulman","given":"Michael"}],"citation-key":"shulmanBasicsTypeTheory","language":"en","source":"Zotero","title":"Basics of type theory and Coq","type":"article-journal"},{"id":"rouhlingFormalisationToolsClassical2019","abstract":"In this thesis, we put a library for analysis in the Coq proof assistant to the test through a case study in control theory. We formalise a proof of stability for the inverted pendulum, a standard example in control theory. Controlling the inverted pendulum is challenging because of its non-linearity, so that this system is often used as a benchmark for new control techniques. Through this case study, we identify issues in the tools that are currently available for the formalisation of classical analysis and we develop new ones in order to achieve our formalisation goal. In particular, we try to imitate the pen-and-paper proof style thanks to new notations and inference mechanisms. This is an essential step to make formal proofs more accessible to mathematicians. We then develop a new library for classical analysis in Coq that integrates these new tools and tries to palliate the limitations of the library we tested, especially in the domain of asymptotic reasoning. We also experiment with this new library on the same formal proof and draw lessons on its strengths and weaknesses. Finally, we sketch a new methodology in order to address the limitations of our library in the particular domain of computation. We exploit a technique called refinement to refactor the methodology of proof by reflection, a technique that automates proofs through computation and also reduces the size of proof terms. We implement this methodology on the example of arithmetic reasoning in rings and discuss how this work could be used to generalise existing tools.","accessed":{"date-parts":[["2024",1,22]]},"author":[{"family":"Rouhling","given":"Damien"}],"citation-key":"rouhlingFormalisationToolsClassical2019","genre":"phdthesis","issued":{"date-parts":[["2019",9,30]]},"language":"en","publisher":"Université Côte d'Azur","source":"theses.hal.science","title":"Formalisation tools for classical analysis : a case study in control theory","title-short":"Formalisation tools for classical analysis","type":"thesis","URL":"https://theses.hal.science/tel-02333396"},{"id":"bertotCoqHurry2016","abstract":"These notes provide a quick introduction to the Coq system and show how it can be used to define logical concepts and functions and reason about them. It is designed as a tutorial, so that readers can quickly start their own experiments, learning only a few of the capabilities of the system. A much more comprehensive study is provided in [1], which also provides an extensive collection of exercises to train on.","accessed":{"date-parts":[["2024",1,22]]},"author":[{"family":"Bertot","given":"Yves"}],"citation-key":"bertotCoqHurry2016","issued":{"date-parts":[["2016",6,29]]},"language":"en","page":"49","source":"cel.hal.science","title":"Coq in a Hurry","type":"article-journal","URL":"https://cel.hal.science/inria-00001173"},{"id":"gratzerJozefgLearntt2024","abstract":"A collection of resources for learning type theory and type theory adjacent fields.","accessed":{"date-parts":[["2024",1,22]]},"author":[{"family":"gratzer","given":"daniel"}],"citation-key":"gratzerJozefgLearntt2024","issued":{"date-parts":[["2024",1,21]]},"original-date":{"date-parts":[["2015",8,3]]},"source":"GitHub","title":"jozefg/learn-tt","type":"software","URL":"https://github.com/jozefg/learn-tt"},{"id":"nekrashevychGroupsTopologicalDynamics2022","accessed":{"date-parts":[["2024",1,17]]},"author":[{"family":"Nekrashevych","given":"Volodymyr"}],"citation-key":"nekrashevychGroupsTopologicalDynamics2022","event-place":"Providence, UNITED STATES","ISBN":"978-1-4704-7119-4","issued":{"date-parts":[["2022"]]},"publisher":"American Mathematical Society","publisher-place":"Providence, UNITED STATES","source":"ProQuest Ebook Central","title":"Groups and Topological Dynamics","type":"book","URL":"http://ebookcentral.proquest.com/lib/pitt-ebooks/detail.action?docID=29731920"},{"id":"zhaoNeuralLyapunovControl2021","abstract":"We report that power system control and transient stability analysis play essential roles in secure system operation. Control of power systems typically involves highly nonlinear and complex dynamics. Most of the existing works address such problems with additional assumptions in system dynamics, leading to a requirement for a complete and general solution. This paper, therefore, proposes a novel control framework for various power system control and stability problems leveraging a learning-based approach. The proposed framework includes a two-module structure that iteratively and jointly learns the candidate Lyapunov function and control law via deep neural networks in a learning module. Meanwhile, it guides the learning procedure towards valid results satisfying Lyapunov conditions in a falsification module. The introduced termination criteria ensure provable system stability. This control framework is verified through several studies handling different types of power system control problems. The results show that the proposed framework is generalizable and can simplify the control design for complex power systems with the stability guarantee and enlarged region of attraction.","accessed":{"date-parts":[["2024",1,17]]},"author":[{"family":"Zhao","given":"Tianqiao"},{"family":"Wang","given":"Jianhui"},{"family":"Lu","given":"Xiaonan"},{"family":"Du","given":"Yuhua"}],"citation-key":"zhaoNeuralLyapunovControl2021","container-title":"IEEE Transactions on Power Systems","DOI":"10.1109/tpwrs.2021.3102857","ISSN":"0885-8950","issue":"2","issued":{"date-parts":[["2021",8,5]]},"language":"English","number":"BNL-222935-2022-JAAM","publisher":"IEEE","source":"www.osti.gov","title":"Neural Lyapunov Control for Power System Transient Stability: A Deep Learning-Based Approach","title-short":"Neural Lyapunov Control for Power System Transient Stability","type":"article-journal","URL":"https://www.osti.gov/biblio/1868519","volume":"37"},{"id":"zhouNeuralLyapunovControl2022","abstract":"Learning for control of dynamical systems with formal guarantees remains a challenging task. This paper proposes a learning framework to simultaneously stabilize an unknown nonlinear system with a neural controller and learn a neural Lyapunov function to certify a region of attraction (ROA) for the closed-loop system with provable guarantees. The algorithmic structure consists of two neural networks and a satisfiability modulo theories (SMT) solver. The first neural network is responsible for learning the unknown dynamics. The second neural network aims to identify a valid Lyapunov function and a provably stabilizing nonlinear controller. The SMT solver verifies the candidate Lyapunov function satisfies the Lyapunov conditions. We further provide theoretical guarantees of the proposed learning framework and show that the obtained Lyapunov function indeed verifies for the unknown nonlinear system under mild assumptions. We illustrate the effectiveness of the results with a few numerical experiments.","accessed":{"date-parts":[["2024",1,17]]},"author":[{"family":"Zhou","given":"Ruikun"},{"family":"Quartz","given":"Thanin"},{"family":"Sterck","given":"Hans De"},{"family":"Liu","given":"Jun"}],"citation-key":"zhouNeuralLyapunovControl2022","event-title":"Advances in Neural Information Processing Systems","issued":{"date-parts":[["2022",5,16]]},"language":"en","source":"openreview.net","title":"Neural Lyapunov Control of Unknown Nonlinear Systems with Stability Guarantees","type":"paper-conference","URL":"https://openreview.net/forum?id=QvlcRh8hd8X"},{"id":"grandeAugmentedNeuralLyapunov2023","abstract":"Machine learning-based methodologies have recently been adapted to solve control problems. The Neural Lyapunov Control (NLC) method is one such example. This approach combines Artificial Neural Networks (ANNs) with Satisfiability Modulo Theories (SMT) solvers to synthesise stabilising control laws and to prove their formal correctness. The ANNs are trained over a dataset of state-space samples to generate candidate control and Lyapunov functions, while the SMT solvers are tasked with certifying the correctness of the Lyapunov function over a continuous domain or by returning a counterexample. Despite the approach’s attractiveness, issues can occur due to subsequent calls of the SMT module at times returning similar counterexamples, which can turn out to be uninformative and may lead to dataset overfitting. Additionally, the control network weights are usually initialised with pre-computed gains from state-feedback controllers, e.g. Linear-Quadratic Regulators. To properly perform the initialisation requires user time and control expertise. In this work, we present an Augmented NLC method that mitigates these drawbacks, removes the need for the control initialisation and further improves counterexample generation. As a result, the proposed method allows the synthesis of nonlinear (as well as linear) control laws with the sole requirement being the knowledge of the system dynamics. The ANLC is tested over challenging benchmarks such as the Lorenz attractor and outperformed existing methods in terms of successful synthesis rate. The developed framework is released open-source at: https://github.com/grande-dev/Augmented-Neural-Lyapunov-Control.","accessed":{"date-parts":[["2024",1,17]]},"author":[{"family":"Grande","given":"Davide"},{"family":"Peruffo","given":"Andrea"},{"family":"Anderlini","given":"Enrico"},{"family":"Salavasidis","given":"Georgios"}],"citation-key":"grandeAugmentedNeuralLyapunov2023","container-title":"IEEE Access","DOI":"10.1109/ACCESS.2023.3291349","ISSN":"2169-3536","issued":{"date-parts":[["2023"]]},"page":"67979-67986","source":"IEEE Xplore","title":"Augmented Neural Lyapunov Control","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10171339","volume":"11"},{"id":"digennaroReductionTimedHybrid1994","abstract":"We consider a class of hybrid dynamic systems composed of interacting discrete and continuous subsystems. Of particular interest is the reduction of the coupled system to a single finite state automaton. Such a reduction has been proposed and analyzed in the literature on computer verification for certain special hybrid systems called timed automata. We use timed automata with two clocks (integrators) as a tool to explore extensions and generalizations of the reduction constructions. Several interesting new classes of reductions are presented.<>","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Di Gennaro","given":"S."},{"family":"Horn","given":"C."},{"family":"Kulkarni","given":"S.R."},{"family":"Ramadge","given":"P.J."}],"citation-key":"digennaroReductionTimedHybrid1994","container-title":"Proceedings of 1994 33rd IEEE Conference on Decision and Control","DOI":"10.1109/CDC.1994.411613","event-title":"Proceedings of 1994 33rd IEEE Conference on Decision and Control","issued":{"date-parts":[["1994",12]]},"page":"4215-4220 vol.4","source":"IEEE Xplore","title":"Reduction of timed hybrid systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/411613?casa_token=jZEjNvcldxoAAAAA:7rrnH_LmLsGug_cmuNNoeGuE6kjFX31OYZeElBL-zU8gc1FgLPuT9-qzHnsDtPR-vBGatshfXg","volume":"4"},{"id":"branickyStudiesHybridSystems1995","author":[{"family":"Branicky","given":"Michael S."}],"citation-key":"branickyStudiesHybridSystems1995","issued":{"date-parts":[["1995"]]},"publisher":"MIT","title":"Studies in Hybrid Systems:  Modeling, Analysis, and Control","type":"thesis"},{"id":"branickyUnifiedFrameworkHybrid1998","abstract":"We propose a very general framework that systematizes the notion of a hybrid system, combining differential equations and automata, governed by a hybrid controller that issues continuous-variable commands and makes logical decisions. We first identify the phenomena that arise in real-world hybrid systems. Then, we introduce a mathematical model of hybrid systems as interacting collections of dynamical systems, evolving on continuous-variable state spaces and subject to continuous controls and discrete transitions. The model captures the identified phenomena, subsumes previous models, yet retains enough structure to pose and solve meaningful control problems. We develop a theory for synthesizing hybrid controllers for hybrid plants in all optimal control framework. In particular, we demonstrate the existence of optimal (relaxed) and near-optimal (precise) controls and derive \"generalized quasi-variational inequalities\" that the associated value function satisfies. We summarize algorithms for solving these inequalities based on a generalized Bellman equation, impulse control, and linear programming.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"M.S."},{"family":"Borkar","given":"V.S."},{"family":"Mitter","given":"S.K."}],"citation-key":"branickyUnifiedFrameworkHybrid1998","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/9.654885","ISSN":"1558-2523","issue":"1","issued":{"date-parts":[["1998",1]]},"page":"31-45","source":"IEEE Xplore","title":"A unified framework for hybrid control: model and optimal control theory","title-short":"A unified framework for hybrid control","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/654885","volume":"43"},{"id":"decarloPerspectivesResultsStability2000","abstract":"This paper introduces the concept of a hybrid system and some of the challenges associated with the stability of such systems, including the issues of guaranteeing stability of switched stable systems and finding conditions for the existence of switched controllers for stabilizing switched unstable systems. In this endeavour, this paper surveys the major results in the (Lyapunov) stability of finite-dimensional hybrid systems and then discusses the stronger, more specialized results of switched linear (stable and unstable) systems. A section detailing how some of the results can be formulated as linear matrix inequalities is given. Stability analyses on the regulation of the angle of attack of an aircraft and on the PI control of a vehicle with an automatic transmission are given. Other examples are included to illustrate various results in this paper.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Decarlo","given":"R.A."},{"family":"Branicky","given":"M.S."},{"family":"Pettersson","given":"S."},{"family":"Lennartson","given":"B."}],"citation-key":"decarloPerspectivesResultsStability2000","container-title":"Proceedings of the IEEE","DOI":"10.1109/5.871309","ISSN":"1558-2256","issue":"7","issued":{"date-parts":[["2000",7]]},"page":"1069-1082","source":"IEEE Xplore","title":"Perspectives and results on the stability and stabilizability of hybrid systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/871309","volume":"88"},{"id":"branickyUnifiedFrameworkHybrid1994","abstract":"We propose a very general framework for hybrid control problems that encompasses several types of hybrid phenomena considered in the literature. A specific control problem is studied in this framework, leading to an existence result for optimal controls. The \"value function\" associated with this problem is expected to satisfy a set of \"generalized quasi-variational inequalities\".<>","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"M.S."},{"family":"Borkar","given":"V.S."},{"family":"Mitter","given":"S.K."}],"citation-key":"branickyUnifiedFrameworkHybrid1994","container-title":"Proceedings of 1994 33rd IEEE Conference on Decision and Control","DOI":"10.1109/CDC.1994.411615","event-title":"Proceedings of 1994 33rd IEEE Conference on Decision and Control","issued":{"date-parts":[["1994",12]]},"page":"4228-4234 vol.4","source":"IEEE Xplore","title":"A unified framework for hybrid control","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/411615","volume":"4"},{"id":"branickyMultipleLyapunovFunctions1998","abstract":"We introduce some analysis tools for switched and hybrid systems. We first present work on stability analysis. We introduce multiple Lyapunov functions as a tool for analyzing Lyapunov stability and use iterated function systems theory as a tool for Lagrange stability. We also discuss the case where the switched systems are indexed by an arbitrary compact set. Finally, we extend Bendixson's theorem to the case of Lipschitz continuous vector fields, allowing limit cycle analysis of a class of \"continuous switched\" systems.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"M.S."}],"citation-key":"branickyMultipleLyapunovFunctions1998","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/9.664150","ISSN":"1558-2523","issue":"4","issued":{"date-parts":[["1998",4]]},"page":"475-482","source":"IEEE Xplore","title":"Multiple Lyapunov functions and other analysis tools for switched and hybrid systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/664150","volume":"43"},{"id":"branickySolvingHybridControl2000","abstract":"Hybrid systems include both continuous dynamics and discrete events. We represent the continuous dynamics by differential equations and represent the events by a discrete transition model. We describe computational approaches to solving optimal hybrid control problems using two techniques: a fast marching level set method and behavioral programming. We review our extension of the fast marching level set method to the hybrid setting, including its formalization, a constructive proof of its correctness, approximation errors to the analog solution, and upper- and lower-bounding approximate solutions. Our work also explores an idea known as behavioral programming. We review the theoretical underpinnings and then perform some experiments using this technique to solve a specific problem in robotic assembly, the peg-in-hole problem. We demonstrate the abstraction of primitive actions into behaviors, try out several strategies for combining behaviors, and compare their optimality and computational effort vis-a-vis primitive actions.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"M.S."},{"family":"Zhang","given":"G."}],"citation-key":"branickySolvingHybridControl2000","container-title":"Proceedings of the 2000 American Control Conference. ACC (IEEE Cat. No.00CH36334)","DOI":"10.1109/ACC.2000.876685","event-title":"Proceedings of the 2000 American Control Conference. ACC (IEEE Cat. No.00CH36334)","ISSN":"0743-1619","issued":{"date-parts":[["2000",6]]},"page":"1175-1180 vol.2","source":"IEEE Xplore","title":"Solving hybrid control problems: level sets and behavioral programming","title-short":"Solving hybrid control problems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/876685","volume":"2"},{"id":"branickyAnalyzingContinuousSwitching1994","abstract":"This paper details work on ordinary differential equations that continuously switch among regimes of operation. In the first part, we develop some tools for analyzing such systems. We prove an extension of Bendixson's theorem to the case of Lipschitz continuous vector fields. We also prove a lemma dealing with the robustness of differential equations with respect to perturbations that preserve a linear part, which we call the linear robustness lemma (LRL). We then give some simple propositions that allow us to use this lemma in studying certain singular perturbation problems. In the second part, the attention focuses on example systems and their analysis. We use the tools from the first part and develop some general insights. The example systems arise from a realistic aircraft control problem. The extension of Bendixson's theorem and the LRL have applicability beyond the systems discussed in this paper.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"M.S."}],"citation-key":"branickyAnalyzingContinuousSwitching1994","container-title":"Proceedings of 1994 American Control Conference - ACC '94","DOI":"10.1109/ACC.1994.735143","event-title":"Proceedings of 1994 American Control Conference - ACC '94","issued":{"date-parts":[["1994",6]]},"page":"3110-3114 vol.3","source":"IEEE Xplore","title":"Analyzing continuous switching systems: theory and examples","title-short":"Analyzing continuous switching systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/735143","volume":"3"},{"id":"branickyTopologyHybridSystems1993","abstract":"We discuss topological issues that arise when differential equations and finite automata interact (hybrid systems). In particular, we examine topologies for achieving continuity of maps from a set of measurements of continuous dynamics to a finite set of input symbols and from a finite set of output symbols into the control space for those continuous dynamics. Finding some anomalies in completing this loop, we discuss a new view of hybrid systems that may broach them and is more in line with traditional control systems. In fact, the most widely used fuzzy control system is related to this new view and does not possess these anomalies. Indeed, we show that fuzzy control leads to continuous maps (from measurements to controls) and that all such continuous maps may be implemented via fuzzy control.<>","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"M.S."}],"citation-key":"branickyTopologyHybridSystems1993","container-title":"Proceedings of 32nd IEEE Conference on Decision and Control","DOI":"10.1109/CDC.1993.325609","event-title":"Proceedings of 32nd IEEE Conference on Decision and Control","issued":{"date-parts":[["1993",12]]},"page":"2309-2314 vol.3","source":"IEEE Xplore","title":"Topology of hybrid systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/325609"},{"id":"branickyStabilityHybridSystems1997","abstract":"This paper collects work on the stability analysis of hybrid systems. The hybrid systems considered are those that combine continuous dynamics (represented by differential or difference equations) with finite dynamics, usually thought of as being a finite automaton. We review multiple Lyapunov functions as a tool for analyzing Lyapunov stability of general hybrid systems. Background results, the author's introductory work, and subsequent extensions are covered. Specializing to hybrid systems with linear dynamics in each constituent mode and linear jump operators, we review some key theorems of Barabanov-Staroshilov (1988), and give corollaries encompassing several recently-derived \"stability by first approximation\" theorems in the literature. We also comment on the use of computational tests for stability of hybrid systems, and the general complexity. The result is a tutorial on the state of the art in theory and computation of hybrid systems stability.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"M.S."}],"citation-key":"branickyStabilityHybridSystems1997","container-title":"Proceedings of the 36th IEEE Conference on Decision and Control","DOI":"10.1109/CDC.1997.650600","event-title":"Proceedings of the 36th IEEE Conference on Decision and Control","ISSN":"0191-2216","issued":{"date-parts":[["1997",12]]},"page":"120-125 vol.1","source":"IEEE Xplore","title":"Stability of hybrid systems: state of the art","title-short":"Stability of hybrid systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/650600","volume":"1"},{"id":"branickyStabilitySwitchedHybrid1994","abstract":"This paper outlines some preliminary work on the stability analysis of switched and hybrid systems. The hybrid systems considered are those that combine continuous dynamics, represented by differential or difference equations, with finite dynamics usually thought of as being a finite automaton. Here, we concentrate on the continuous dynamics and model the finite dynamics as switching among finitely many continuous systems. We introduce multiple Lyapunov functions as a tool for analyzing Lyapunov stability of such \"switched systems\". We use iterated function systems theory as a tool for Lagrange stability. We also discuss the case where the switched systems are indexed by an arbitrary compact set.<>","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"M.S."}],"citation-key":"branickyStabilitySwitchedHybrid1994","container-title":"Proceedings of 1994 33rd IEEE Conference on Decision and Control","DOI":"10.1109/CDC.1994.411688","event-title":"Proceedings of 1994 33rd IEEE Conference on Decision and Control","issued":{"date-parts":[["1994",12]]},"page":"3498-3503 vol.4","source":"IEEE Xplore","title":"Stability of switched and hybrid systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/411688","volume":"4"},{"id":"zhaoStabilityL2gainControl2008","abstract":"This paper addresses the issues of stability, L2-gain analysis and H∞ control for switched systems via multiple Lyapunov function methods. A concept of general Lyapunov-like functions is presented. A necessary and sufficient condition for stability of switched systems is given in terms of multiple generalized Lyapunov-like functions, which enables derivation of improved stability tests, an L2-gain characterization and a design method for stabilizing switching laws. A solution to the H∞ control problem for switched systems is also provided.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Zhao","given":"Jun"},{"family":"Hill","given":"David J."}],"citation-key":"zhaoStabilityL2gainControl2008","container-title":"Automatica","container-title-short":"Automatica","DOI":"10.1016/j.automatica.2007.10.011","ISSN":"0005-1098","issue":"5","issued":{"date-parts":[["2008",5,1]]},"page":"1220-1232","source":"ScienceDirect","title":"On stability, L2-gain and H∞ control for switched systems","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S0005109807004505","volume":"44"},{"id":"hristu-varsakelisHandbookNetworkedEmbedded2005","author":[{"family":"Hristu-Varsakelis","given":"Dimitrios"},{"family":"Levine","given":"William S."}],"call-number":"629.89","citation-key":"hristu-varsakelisHandbookNetworkedEmbedded2005","collection-title":"Control engineering","event-place":"Boston","ISBN":"978-0-8176-3239-7","issued":{"date-parts":[["2005"]]},"language":"en","publisher":"Birkhäuser","publisher-place":"Boston","source":"BnF ISBN","title":"Handbook of networked and embedded control systems","type":"book"},{"id":"branickyIntroductionHybridSystems2005","abstract":"Hybrid systems arise when the continuous and the discrete meet. Combine continuous and discrete inputs, outputs, states, or dynamics, and you have a hybrid system. Particularly, hybrid systems arise from the use of ﬁnite-state logic to govern continuous physical processes (as in embedded control systems) or from topological and network constraints interacting with continuous control (as in networked control systems). This chapter provides an introduction to hybrid systems, building them up ﬁrst from the completely continuous side and then from the completely discrete side. It should be accessible to control theorists and computer scientists alike.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Branicky","given":"Michael S."}],"citation-key":"branickyIntroductionHybridSystems2005","container-title":"Handbook of Networked and Embedded Control Systems","DOI":"10.1007/0-8176-4404-0_5","editor":[{"family":"Hristu-Varsakelis","given":"Dimitrios"},{"family":"Levine","given":"William S."}],"event-place":"Boston, MA","ISBN":"978-0-8176-3239-7 978-0-8176-4404-8","issued":{"date-parts":[["2005"]]},"language":"en","page":"91-116","publisher":"Birkhäuser Boston","publisher-place":"Boston, MA","source":"DOI.org (Crossref)","title":"Introduction to Hybrid Systems","type":"chapter","URL":"http://link.springer.com/10.1007/0-8176-4404-0_5"},{"id":"ComputerArithmeticFormal2017","accessed":{"date-parts":[["2024",1,16]]},"citation-key":"ComputerArithmeticFormal2017","container-title":"Floating-Point Algorithms and Formal Proofs","DOI":"10.1016/B978-1-78548-112-3.50010-2","ISBN":"978-1-78548-112-3","issued":{"date-parts":[["2017"]]},"language":"en","page":"i-iii","publisher":"Elsevier","source":"DOI.org (Crossref)","title":"Computer Arithmetic and Formal Proofs","type":"chapter","URL":"https://linkinghub.elsevier.com/retrieve/pii/B9781785481123500102"},{"id":"boldoFlocqUnifiedLibrary2011","abstract":"Several formalizations of ﬂoating-point arithmetic have been designed for the Coq system, a generic proof assistant. Their different purposes have favored some speciﬁc applications: program veriﬁcation, high-level properties, automation. Based on our experience using and/or developing these libraries, we have built a new system that is meant to encompass the other ones in a uniﬁed framework. It offers a multi-radix and multi-precision formalization for various ﬂoating- and ﬁxed-point formats. This fresh setting has been the occasion for reevaluating known properties and generalizing them. This paper presents design decisions and examples of theorems from the Flocq system: a library easy to use, suitable for automation yet high-level and generic.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Boldo","given":"Sylvie"},{"family":"Melquiond","given":"Guillaume"}],"citation-key":"boldoFlocqUnifiedLibrary2011","container-title":"2011 IEEE 20th Symposium on Computer Arithmetic","DOI":"10.1109/ARITH.2011.40","event-place":"Tuebingen, Germany","event-title":"2011 IEEE 20th Symposium on Computer Arithmetic (ARITH)","ISBN":"978-1-4244-9457-6","issued":{"date-parts":[["2011",7]]},"language":"en","page":"243-252","publisher":"IEEE","publisher-place":"Tuebingen, Germany","source":"DOI.org (Crossref)","title":"Flocq: A Unified Library for Proving Floating-Point Algorithms in Coq","title-short":"Flocq","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/5992132/"},{"id":"martin-dorelEnablingFloatingPointArithmetic2023","abstract":"Floating-point arithmetic is a well-known and extremely efficient way of performing approximate computations over the real numbers. Although it requires some careful considerations, floating-point numbers are nowadays routinely used to prove mathematical theorems. Numerical computations have been applied in the context of formal proofs too, as illustrated by the CoqInterval library. But these computations do not benefit from the powerful floating-point units available in modern processors, since they are emulated inside the logic of the formal system. This paper experiments with the use of hardware floating-point numbers for numerically intensive proofs verified by the Coq proof assistant. This gives rise to various questions regarding the formalization, the implementation, the usability, and the level of trust. This approach has been applied to the CoqInterval and ValidSDP libraries, which demonstrates a speedup of at least one order of magnitude.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Martin-Dorel","given":"Érik"},{"family":"Melquiond","given":"Guillaume"},{"family":"Roux","given":"Pierre"}],"citation-key":"martin-dorelEnablingFloatingPointArithmetic2023","container-title":"Journal of Automated Reasoning","container-title-short":"J Autom Reasoning","DOI":"10.1007/s10817-023-09679-x","ISSN":"1573-0670","issue":"4","issued":{"date-parts":[["2023",9,16]]},"language":"en","page":"33","source":"Springer Link","title":"Enabling Floating-Point Arithmetic in the Coq Proof Assistant","type":"article-journal","URL":"https://doi.org/10.1007/s10817-023-09679-x","volume":"67"},{"id":"mahboubiFormallyVerifiedApproximations2019","abstract":"Finding an elementary form for an antiderivative is often a difficult task, so numerical integration has become a common tool when it comes to making sense of a definite integral. Some of the numerical integration methods can even be made rigorous: not only do they compute an approximation of the integral value but they also bound its inaccuracy. Yet numerical integration is still missing from the toolbox when performing formal proofs in analysis. This paper presents an efficient method for automatically computing and proving bounds on some definite integrals inside the Coq formal system. Our approach is not based on traditional quadrature methods such as Newton-Cotes formulas. Instead, it relies on computing and evaluating antiderivatives of rigorous polynomial approximations, combined with an adaptive domain splitting. Our approach also handles improper integrals, provided that a factor of the integrand belongs to a catalog of identified integrable functions. This work has been integrated to the CoqInterval library.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Mahboubi","given":"Assia"},{"family":"Melquiond","given":"Guillaume"},{"family":"Sibut-Pinote","given":"Thomas"}],"citation-key":"mahboubiFormallyVerifiedApproximations2019","container-title":"Journal of Automated Reasoning","DOI":"10.1007/s10817-018-9463-7","issue":"2","issued":{"date-parts":[["2019"]]},"language":"en","page":"281","source":"inria.hal.science","title":"Formally Verified Approximations of Definite Integrals","type":"article-journal","URL":"https://inria.hal.science/hal-01630143","volume":"62"},{"id":"normey-ricoTeachingControlBasic2023","abstract":"In this article, we discuss a novel education approach to control theory in undergraduate engineering programs. In particular, we elaborate on the inclusion of an introductory course on process control during the first years of the program, to appear right after the students undergo basic calculus and physics courses. Our novel teaching proposal comprises debating the basic elements of control theory without requiring any background on advanced mathematical frameworks from the part of the students. The methodology addresses, conceptually, the majority of the steps required for the analysis and design of simple control systems. Herein, we thoroughly detail this educational guideline, as well as tools that can be used in the classroom. Furthermore, we propose a cheap test-bench kit and an open-source numerical simulator that can be used to carry out experiments during the proposed course. Most importantly, we also assess on how the Introduction to process control course has affected the undergraduate program on Control and Automation Engineering at Universidade Federal de Santa Catarina (UFSC, Brazil). Specifically, we debate the outcomes of implementing our education approach at UFSC from 2016 to 2023, considering students' rates of success in other control courses and perspectives on how the chair helped them throughout the course of their program. Based on randomised interviews, we indicate that our educational approach has had good teaching-learning results: students tend to be more motivated for other control-related subjects, while exhibiting higher rates of success.","accessed":{"date-parts":[["2024",1,16]]},"author":[{"family":"Normey-Rico","given":"Julio Elias"},{"family":"Morato","given":"Marcelo Menezes"}],"citation-key":"normey-ricoTeachingControlBasic2023","issued":{"date-parts":[["2023",10,9]]},"language":"en","number":"arXiv:2310.06001","publisher":"arXiv","source":"arXiv.org","title":"Teaching control with Basic Maths: Introduction to Process Control course as a novel educational approach for undergraduate engineering programs","title-short":"Teaching control with Basic Maths","type":"article","URL":"http://arxiv.org/abs/2310.06001"},{"id":"FederalCybersecurityResearch2023","citation-key":"FederalCybersecurityResearch2023","issued":{"date-parts":[["2023"]]},"language":"en","source":"Zotero","title":"Federal Cybersecurity Research and Development Strategic Plan (2023)","type":"article-journal"},{"id":"faselEnsembleSINDyRobustSparse2022","abstract":"Sparse model identification enables the discovery of nonlinear dynamical systems purely from data; however, this approach is sensitive to noise, especially in the low-data limit. In this work, we leverage the statistical approach of bootstrap aggregating (bagging) to robustify the sparse identification of the nonlinear dynamics (SINDy) algorithm. First, an ensemble of SINDy models is identified from subsets of limited and noisy data. The aggregate model statistics are then used to produce inclusion probabilities of the candidate functions, which enables uncertainty quantification and probabilistic forecasts. We apply this ensemble-SINDy (E-SINDy) algorithm to several synthetic and real-world datasets and demonstrate substantial improvements to the accuracy and robustness of model discovery from extremely noisy and limited data. For example, E-SINDy uncovers partial differential equations models from data with more than twice as much measurement noise as has been previously reported. Similarly, E-SINDy learns the Lotka Volterra dynamics from remarkably limited data of yearly lynx and hare pelts collected from 1900 to 1920. E-SINDy is computationally efficient, with similar scaling as standard SINDy. Finally, we show that ensemble statistics from E-SINDy can be exploited for active learning and improved model predictive control.","accessed":{"date-parts":[["2024",1,4]]},"author":[{"family":"Fasel","given":"U."},{"family":"Kutz","given":"J. N."},{"family":"Brunton","given":"B. W."},{"family":"Brunton","given":"S. L."}],"citation-key":"faselEnsembleSINDyRobustSparse2022","container-title":"Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences","container-title-short":"Proc. R. Soc. A.","DOI":"10.1098/rspa.2021.0904","ISSN":"1364-5021, 1471-2946","issue":"2260","issued":{"date-parts":[["2022",4]]},"language":"en","page":"20210904","source":"DOI.org (Crossref)","title":"Ensemble-SINDy: Robust sparse model discovery in the low-data, high-noise limit, with active learning and control","title-short":"Ensemble-SINDy","type":"article-journal","URL":"https://royalsocietypublishing.org/doi/10.1098/rspa.2021.0904","volume":"478"},{"id":"OperatingSystemDevelopment2024","abstract":":books: Learn to write an embedded OS in Rust :crab:","accessed":{"date-parts":[["2024",1,2]]},"citation-key":"OperatingSystemDevelopment2024","genre":"Rust","issued":{"date-parts":[["2024",1,2]]},"license":"Apache-2.0","original-date":{"date-parts":[["2018",3,31]]},"publisher":"Rust Embedded","source":"GitHub","title":"Operating System development tutorials in Rust on the Raspberry Pi","type":"software","URL":"https://github.com/rust-embedded/rust-raspberrypi-OS-tutorials"},{"id":"saffordCommunicatingSciencePolicymakers2019","abstract":"Scientists can improve how they inform politicians and other policymakers on how to make decisions, say Hannah Safford and Austin Brown.","accessed":{"date-parts":[["2024",1,2]]},"author":[{"family":"Safford","given":"Hannah"},{"family":"Brown","given":"Austin"}],"citation-key":"saffordCommunicatingSciencePolicymakers2019","container-title":"Nature","DOI":"10.1038/d41586-019-02372-3","issue":"7771","issued":{"date-parts":[["2019",8,12]]},"language":"en","license":"2021 Nature","note":"Bandiera_abtest: a\nCg_type: Career Column\nSubject_term: Careers, Politics, Policy","number":"7771","page":"681-682","publisher":"Nature Publishing Group","source":"www-nature-com.pitt.idm.oclc.org","title":"Communicating science to policymakers: six strategies for success","title-short":"Communicating science to policymakers","type":"article-journal","URL":"https://www.nature.com/articles/d41586-019-02372-3","volume":"572"},{"id":"songMySmartphoneKnows2016","abstract":"Additive manufacturing, also known as 3D printing, has been increasingly applied to fabricate highly intellectual property (IP) sensitive products. However, the related IP protection issues in 3D printers are still largely underexplored. On the other hand, smartphones are equipped with rich onboard sensors and have been applied to pervasive mobile surveillance in many applications. These facts raise one critical question: is it possible that smartphones access the sidechannel signals of 3D printer and then hack the IP information? To answer this, we perform an end-to-end study on exploring smartphone-based side-channel attacks against 3D printers. Speciﬁcally, we formulate the problem of the IP side-channel attack in 3D printing. Then, we investigate the possible acoustic and magnetic side-channel attacks using the smartphone built-in sensors. Moreover, we explore a magnetic-enhanced side-channel attack model to accurately deduce the vital directional operations of 3D printer. Experimental results show that by exploiting the side-channel signals collected by smartphones, we can successfully reconstruct the physical prints and their G-code with Mean Tendency Error of 5.87% on regular designs and 9.67% on complex designs, respectively. Our study demonstrates this new and practical smartphone-based side channel attack on compromising IP information during 3D printing.","accessed":{"date-parts":[["2024",1,2]]},"author":[{"family":"Song","given":"Chen"},{"family":"Lin","given":"Feng"},{"family":"Ba","given":"Zhongjie"},{"family":"Ren","given":"Kui"},{"family":"Zhou","given":"Chi"},{"family":"Xu","given":"Wenyao"}],"citation-key":"songMySmartphoneKnows2016","container-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","DOI":"10.1145/2976749.2978300","event-place":"Vienna Austria","event-title":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","ISBN":"978-1-4503-4139-4","issued":{"date-parts":[["2016",10,24]]},"language":"en","page":"895-907","publisher":"ACM","publisher-place":"Vienna Austria","source":"DOI.org (Crossref)","title":"My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers","title-short":"My Smartphone Knows What You Print","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2976749.2978300"},{"id":"CYBERSECURITYHIGHRISKSERIES","citation-key":"CYBERSECURITYHIGHRISKSERIES","language":"en","source":"Zotero","title":"CYBERSECURITY HIGH-RISK SERIES:  Challenges in Protecting Cyber Critical Infrastructure","type":"article-journal"},{"id":"peisertSoftwareInfrastructureDevelop2023","accessed":{"date-parts":[["2023",12,19]]},"author":[{"family":"Peisert","given":"Sean"}],"citation-key":"peisertSoftwareInfrastructureDevelop2023","container-title":"IEEE Security & Privacy","container-title-short":"IEEE Secur. Privacy","DOI":"10.1109/MSEC.2023.3273492","ISSN":"1540-7993, 1558-4046","issue":"4","issued":{"date-parts":[["2023",7]]},"language":"en","page":"4-8","source":"DOI.org (Crossref)","title":"On Software Infrastructure: Develop, Prove, Profit?","title-short":"On Software Infrastructure","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10194513/","volume":"21"},{"id":"CyberSecurityPlan2010","citation-key":"CyberSecurityPlan2010","issued":{"date-parts":[["2010",4]]},"number":"NEI 08-09 [Rev. 6]","title":"Cyber Security Plan for Nuclear Power Reactors","type":"report"},{"id":"neemaCyPhyMLLanguageMETA","author":[{"family":"Neema","given":"Sandeep"},{"family":"Scott","given":"Jason"},{"family":"Bapty","given":"Ted"}],"citation-key":"neemaCyPhyMLLanguageMETA","number":"ISIS-15-104","title":"CyPhyML Language in the META Toolchain.pdf","type":"report"},{"id":"ReportCybersecurityCritical2015","citation-key":"ReportCybersecurityCritical2015","genre":"Executive Survey","issued":{"date-parts":[["2015"]]},"publisher":"Trend Micro Incorporated","title":"Report on Cybersecurity and Critical Infrastructure in the Americas","type":"report"},{"id":"foleyOperadsComplexSystem2021","abstract":"As the complexity and heterogeneity of a system grows, the challenge of specifying, documenting and synthesizing correct, machine-readable designs increases dramatically. Separation of the system into manageable parts is needed to support analysis at various levels of granularity so that the system is maintainable and adaptable over its life cycle. In this paper, we argue that operads provide an effective knowledge representation to address these challenges. Formal documentation of a syntactically correct design is built up during design synthesis, guided by semantic reasoning about design effectiveness. Throughout, the ability to decompose the system into parts and reconstitute the whole is maintained. We describe recent progress in effective modelling under this paradigm and directions for future work to systematically address scalability challenges for complex system design.","accessed":{"date-parts":[["2023",12,12]]},"author":[{"family":"Foley","given":"John D."},{"family":"Breiner","given":"Spencer"},{"family":"Subrahmanian","given":"Eswaran"},{"family":"Dusel","given":"John M."}],"citation-key":"foleyOperadsComplexSystem2021","container-title":"Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences","DOI":"10.1098/rspa.2021.0099","issue":"2250","issued":{"date-parts":[["2021",6,23]]},"page":"20210099","publisher":"Royal Society","source":"royalsocietypublishing.org (Atypon)","title":"Operads for complex system design specification, analysis and synthesis","type":"article-journal","URL":"https://royalsocietypublishing.org/doi/full/10.1098/rspa.2021.0099","volume":"477"},{"id":"EffectiveHaskell","abstract":"Put the power of  Haskell to work in your programs, learning from an engineer who uses  Haskell daily to get practical work done efficiently. Leverage powerful features like Monad Transformers and...","accessed":{"date-parts":[["2023",12,13]]},"citation-key":"EffectiveHaskell","ISBN":"9798888650400","language":"en","source":"learning.oreilly.com","title":"Effective Haskell","type":"book","URL":"https://learning.oreilly.com/library/view/effective-haskell/9798888650400/"},{"id":"LearnYouHaskell","citation-key":"LearnYouHaskell","container-title":"Learn You a Haskell for Great Good!","title":"Learn You a Haskell for Great Good!","type":"webpage","URL":"http://learnyouahaskell.com/"},{"id":"mercerSynthesizingVerifiedComponents2023","abstract":"Safety-critical systems such as avionics need to be engineered to be cyber resilient meaning that systems are able to detect and recover from attacks or safely shutdown. As there are few development tools for cyber resiliency, designers rely on guidelines and checklists, sometimes missing vulnerabilities until late in the process where remediation is expensive. Our solution is a model-based approach with cyber resilience-improving transforms that insert high-assurance components such as filters to block malicious data or monitors to detect and alarm anomalous behavior. Novel is our use of model checking and a verified compiler to specify, verify, and synthesize these components. We define code contracts as formal specifications that designers write for high-assurance components, and test contracts as tests to validate their behavior. A model checker proves whether or not code contracts satisfy test contracts in an iterative development cycle. The same model checker also proves whether or not a system with the inserted components, assuming they adhere to their code contracts, provides the desired cyber resiliency for the system. We define an algorithm to synthesize implementations for code contracts in a semantics-preserving way that is backed by a verified compiler. The entire workflow is implemented as part of the open source BriefCASE toolkit. We report on our experience using BriefCASE with a case study on a UAV system that is transformed to be cyber resilient to communication and supply chain cyber attacks. Our case study demonstrates that writing code contracts and then synthesizing correct implementations from them are feasible in real-world systems engineering for cyber resilience.","accessed":{"date-parts":[["2023",12,13]]},"author":[{"family":"Mercer","given":"Eric"},{"family":"Slind","given":"Konrad"},{"family":"Amundson","given":"Isaac"},{"family":"Cofer","given":"Darren"},{"family":"Babar","given":"Junaid"},{"family":"Hardin","given":"David"}],"citation-key":"mercerSynthesizingVerifiedComponents2023","container-title":"SOFTWARE AND SYSTEMS MODELING","container-title-short":"Softw. Syst. Model.","DOI":"10.1007/s10270-023-01096-3","event-place":"Heidelberg","ISSN":"1619-1366, 1619-1374","issue":"5","issued":{"date-parts":[["2023",10]]},"language":"English","note":"Web of Science ID: WOS:000953658900001","number-of-pages":"21","page":"1451-1471","publisher":"Springer Heidelberg","publisher-place":"Heidelberg","source":"Clarivate Analytics Web of Science","title":"Synthesizing verified components for cyber assured systems engineering","type":"article-journal","URL":"https://www.webofscience.com/api/gateway?GWVersion=2&SrcAuth=DynamicDOIArticle&SrcApp=UA&KeyAID=10.1007%2Fs10270-023-01096-3&DestApp=DOI&SrcAppSID=USW2EC0EC1PuWMCSXOYkyOwTcd6Fm&SrcJTitle=SOFTWARE+AND+SYSTEMS+MODELING&DestDOIRegistrantName=Springer-Verlag","volume":"22"},{"id":"kleinComprehensiveFormalVerification2014","abstract":"We present an in-depth coverage of the comprehensive machine-checked formal verification of seL4, a general-purpose operating system microkernel. We discuss the kernel design we used to make its verification tractable. We then describe the functional correctness proof of the kernel's C implementation and we cover further steps that transform this result into a comprehensive formal verification of the kernel: a formally verified IPC fastpath, a proof that the binary code of the kernel correctly implements the C semantics, a proof of correct access-control enforcement, a proof of information-flow noninterference, a sound worst-case execution time analysis of the binary, and an automatic initialiser for user-level systems that connects kernel-level access-control enforcement with reasoning about system behaviour. We summarise these results and show how they integrate to form a coherent overall analysis, backed by machine-checked, end-to-end theorems. The seL4 microkernel is currently not just the only general-purpose operating system kernel that is fully formally verified to this degree. It is also the only example of formal proof of this scale that is kept current as the requirements, design and implementation of the system evolve over almost a decade. We report on our experience in maintaining this evolving formally verified code base.","accessed":{"date-parts":[["2023",12,13]]},"author":[{"family":"Klein","given":"Gerwin"},{"family":"Andronick","given":"June"},{"family":"Elphinstone","given":"Kevin"},{"family":"Murray","given":"Toby"},{"family":"Sewell","given":"Thomas"},{"family":"Kolanski","given":"Rafal"},{"family":"Heiser","given":"Gernot"}],"citation-key":"kleinComprehensiveFormalVerification2014","container-title":"ACM TRANSACTIONS ON COMPUTER SYSTEMS","container-title-short":"ACM Trans. Comput. Syst.","DOI":"10.1145/2560537","event-place":"New York","ISSN":"0734-2071, 1557-7333","issue":"1","issued":{"date-parts":[["2014",2]]},"language":"English","note":"Web of Science ID: WOS:000332125400002","number-of-pages":"70","page":"2","publisher":"Assoc Computing Machinery","publisher-place":"New York","source":"Clarivate Analytics Web of Science","title":"Comprehensive Formal Verification of an OS Microkernel","type":"article-journal","URL":"https://www.webofscience.com/api/gateway?GWVersion=2&SrcAuth=DOISource&SrcApp=WOS&KeyAID=10.1145%2F2560537&DestApp=DOI&SrcAppSID=USW2EC0EC1PuWMCSXOYkyOwTcd6Fm&SrcJTitle=ACM+TRANSACTIONS+ON+COMPUTER+SYSTEMS&DestDOIRegistrantName=Association+for+Computing+Machinery","volume":"32"},{"id":"FormalMethods","citation-key":"FormalMethods","container-title":"Formal Methods","title":"Formal Methods","type":"webpage","URL":"https://users.ece.cmu.edu/~koopman/des_s99/formal_methods/#:~:text=Formal%20methods%20are%20techniques%20used,thorough%20fashion%20than%20empirical%20testing."},{"id":"LangleyFormalMethods","citation-key":"LangleyFormalMethods","container-title":"Langley Formal Methods","title":"Langley Formal Methods","type":"webpage","URL":"https://shemesh.larc.nasa.gov/fm/index.html"},{"id":"coeckePicturingQuantumProcesses2018","abstract":"We provide a self-contained introduction to quantum theory using a unique diagrammatic language. Far from simple visual aids, the diagrams we use are mathematical objects in their own right, which allow us to develop from first principles a completely rigorous treatment of ‘textbook’ quantum theory. Additionally, the diagrammatic treatment eliminates the need for the typical prerequisites of a standard course on the subject, making it suitable for a multi-disciplinary audience with no prior knowledge in physics or advanced mathematics.","author":[{"family":"Coecke","given":"Bob"},{"family":"Kissinger","given":"Aleks"}],"citation-key":"coeckePicturingQuantumProcesses2018","collection-title":"Lecture Notes in Computer Science","container-title":"Diagrammatic Representation and Inference","DOI":"10.1007/978-3-319-91376-6_6","editor":[{"family":"Chapman","given":"Peter"},{"family":"Stapleton","given":"Gem"},{"family":"Moktefi","given":"Amirouche"},{"family":"Perez-Kriz","given":"Sarah"},{"family":"Bellucci","given":"Francesco"}],"event-place":"Cham","ISBN":"978-3-319-91376-6","issued":{"date-parts":[["2018"]]},"language":"en","page":"28-31","publisher":"Springer International Publishing","publisher-place":"Cham","source":"Springer Link","title":"Picturing Quantum Processes","type":"paper-conference"},{"id":"PicturingQuantumProcesses","accessed":{"date-parts":[["2023",12,12]]},"citation-key":"PicturingQuantumProcesses","container-title":"Cambridge University Press","language":"en","title":"Picturing Quantum Processes | Quantum physics, quantum information and quantum computation","type":"webpage","URL":"https://www.cambridge.org/us/academic/subjects/physics/quantum-physics-quantum-information-and-quantum-computation/picturing-quantum-processes-first-course-quantum-theory-and-diagrammatic-reasoning, https://www.cambridge.org/us/academic/subjects/physics/quantum-physics-quantum-information-and-quantum-computation"},{"id":"chengJoyAbstractionExploration2022","abstract":"Mathematician and popular science author Eugenia Cheng is on a mission to show you that mathematics can be flexible, creative, and visual. This joyful journey through the world of abstract mathematics into category theory will demystify mathematical thought processes and help you develop your own thinking, with no formal mathematical background needed. The book brings abstract mathematical ideas down to earth using examples of social justice, current events, and everyday life – from privilege to COVID-19 to driving routes. The journey begins with the ideas and workings of abstract mathematics, after which you will gently climb toward more technical material, learning everything needed to understand category theory, and then key concepts in category theory like natural transformations, duality, and even a glimpse of ongoing research in higher-dimensional category theory. For fans of How to Bake Pi, this will help you dig deeper into mathematical concepts and build your mathematical background.","accessed":{"date-parts":[["2023",12,12]]},"author":[{"family":"Cheng","given":"Eugenia"}],"citation-key":"chengJoyAbstractionExploration2022","DOI":"10.1017/9781108769389","event-place":"Cambridge","ISBN":"978-1-108-47722-2","issued":{"date-parts":[["2022"]]},"publisher":"Cambridge University Press","publisher-place":"Cambridge","source":"Cambridge University Press","title":"The Joy of Abstraction: An Exploration of Math, Category Theory, and Life","title-short":"The Joy of Abstraction","type":"book","URL":"https://www.cambridge.org/core/books/joy-of-abstraction/00D9AFD3046A406CB85D1AFF5450E657"},{"id":"CategoryTheory2023","abstract":"Category theory is a general theory of mathematical structures and their relations that was introduced by Samuel Eilenberg and Saunders Mac Lane in the middle of the 20th century in their foundational work on algebraic topology. Category theory is used in almost all areas of mathematics. In particular, many constructions of new mathematical objects from previous ones that appear similarly in several contexts are conveniently expressed and unified in terms of categories. Examples include quotient spaces, direct products, completion, and duality.\nMany areas of computer science also rely on category theory, such as functional programming and  semantics.\nA category is formed by two sorts of objects: the objects of the category, and the morphisms, which relate two objects called the source and the target of the morphism. One often says that a morphism is an arrow that maps its source to its target. Morphisms can be composed if the target of the first morphism equals the source of the second one, and morphism composition has similar properties as function composition (associativity and existence of identity morphisms). Morphisms are often some sort of function, but this is not always the case. For example, a monoid may be viewed as a category with a single object, whose morphisms are the elements of the monoid.\nThe second fundamental concept of category theory is the concept of a functor, which plays the role of a morphism between two categories \n  \n    \n      \n        \n          C\n          \n            1\n          \n        \n      \n    \n    {\\displaystyle C_{1}}\n   and \n  \n    \n      \n        \n          C\n          \n            2\n          \n        \n        :\n      \n    \n    {\\displaystyle C_{2}:}\n   it maps objects of \n  \n    \n      \n        \n          C\n          \n            1\n          \n        \n      \n    \n    {\\displaystyle C_{1}}\n   to objects of \n  \n    \n      \n        \n          C\n          \n            2\n          \n        \n      \n    \n    {\\displaystyle C_{2}}\n   and morphisms of \n  \n    \n      \n        \n          C\n          \n            1\n          \n        \n      \n    \n    {\\displaystyle C_{1}}\n   to morphisms of \n  \n    \n      \n        \n          C\n          \n            2\n          \n        \n      \n    \n    {\\displaystyle C_{2}}\n   in such a way that sources are mapped to sources, and targets are mapped to targets (or, in the case of a contravariant functor, sources are mapped to targets and vice-versa). A third fundamental concept is a natural transformation that may be viewed as a morphism of functors.","accessed":{"date-parts":[["2023",12,12]]},"citation-key":"CategoryTheory2023","container-title":"Wikipedia","issued":{"date-parts":[["2023",12,3]]},"language":"en","license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1188056431","source":"Wikipedia","title":"Category theory","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=Category_theory&oldid=1188056431"},{"id":"AbstractJulia","citation-key":"AbstractJulia","title":"AbstractJulia","type":"webpage","URL":"https://www.algebraicjulia.org/"},{"id":"pattersonDiagrammaticViewDifferential2022","abstract":"<abstract><p>Presenting systems of differential equations in the form of diagrams has become common in certain parts of physics, especially electromagnetism and computational physics. In this work, we aim to put such use of diagrams on a firm mathematical footing, while also systematizing a broadly applicable framework to reason formally about systems of equations and their solutions. Our main mathematical tools are category-theoretic diagrams, which are well known, and morphisms between diagrams, which have been less appreciated. As an application of the diagrammatic framework, we show how complex, multiphysical systems can be modularly constructed from basic physical principles. A wealth of examples, drawn from electromagnetism, transport phenomena, fluid mechanics, and other fields, is included.</p></abstract>","accessed":{"date-parts":[["2023",12,12]]},"author":[{"family":"Patterson","given":"Evan"},{"family":"Baas","given":"Andrew"},{"family":"Hosgood","given":"Timothy"},{"family":"Fairbanks","given":"James"}],"citation-key":"pattersonDiagrammaticViewDifferential2022","container-title":"Mathematics in Engineering","container-title-short":"MINE","DOI":"10.3934/mine.2023036","ISSN":"2640-3501","issue":"2","issued":{"date-parts":[["2022"]]},"page":"1-59","source":"DOI.org (Crossref)","title":"A diagrammatic view of differential equations in physics","type":"article-journal","URL":"http://www.aimspress.com/article/doi/10.3934/mine.2023036","volume":"5"},{"id":"baezOpenPetriNets2020","abstract":"The reachability semantics for Petri nets can be studied using open Petri nets. For us an \"open\" Petri net is one with certain places designated as inputs and outputs via a cospan of sets. We can compose open Petri nets by gluing the outputs of one to the inputs of another. Open Petri nets can be treated as morphisms of a category $\\mathsf{Open}(\\mathsf{Petri})$, which becomes symmetric monoidal under disjoint union. However, since the composite of open Petri nets is defined only up to isomorphism, it is better to treat them as morphisms of a symmetric monoidal double category $\\mathbb{O}\\mathbf{pen}(\\mathsf{Petri})$. We describe two forms of semantics for open Petri nets using symmetric monoidal double functors out of $\\mathbb{O}\\mathbf{pen}(\\mathsf{Petri})$. The first, an operational semantics, gives for each open Petri net a category whose morphisms are the processes that this net can carry out. This is done in a compositional way, so that these categories can be computed on smaller subnets and then glued together. The second, a reachability semantics, simply says which markings of the outputs can be reached from a given marking of the inputs.","accessed":{"date-parts":[["2023",12,12]]},"author":[{"family":"Baez","given":"John C."},{"family":"Master","given":"Jade"}],"citation-key":"baezOpenPetriNets2020","container-title":"Mathematical Structures in Computer Science","container-title-short":"Math. Struct. Comp. Sci.","DOI":"10.1017/S0960129520000043","ISSN":"0960-1295, 1469-8072","issue":"3","issued":{"date-parts":[["2020",3]]},"page":"314-341","source":"arXiv.org","title":"Open Petri Nets","type":"article-journal","URL":"http://arxiv.org/abs/1808.05415","volume":"30"},{"id":"schweikerOperadicAnalysisDistributed2015","author":[{"family":"Schweiker","given":"Kevin"},{"family":"Varadarajan","given":"Srivatsan"},{"family":"Spivak","given":"David"},{"family":"Schultz","given":"Patrick"},{"family":"Wisnesky","given":"Ryan"},{"family":"Perez","given":"Marco"}],"citation-key":"schweikerOperadicAnalysisDistributed2015","issued":{"date-parts":[["2015"]]},"language":"en","number":"NASA/CR-2015-xxxxx","publisher":"NASA","source":"Zotero","title":"Operadic Analysis of Distributed Systems","type":"report"},{"id":"vagnerAlgebrasOpenDynamical2015","abstract":"In this paper, we use the language of operads to study open dynamical systems. More specifically, we study the algebraic nature of assembling complex dynamical systems from an interconnection of simpler ones. The syntactic architecture of such interconnections is encoded using the visual language of wiring diagrams. We define the symmetric monoidal category W, from which we may construct an operad O(W), whose objects are black boxes with input and output ports, and whose morphisms are wiring diagrams, thus prescribing the algebraic rules for interconnection. We then define two W-algebras, G and L, which associate semantic content to the structures in W. Respectively, they correspond to general and to linear systems of differential equations, in which an internal state is controlled by inputs and produces outputs. As an example, we use these algebras to formalize the classical problem of systems of tanks interconnected by pipes, and hence make explicit the algebraic relationships among systems at different levels of granularity.","accessed":{"date-parts":[["2023",12,8]]},"author":[{"family":"Vagner","given":"Dmitry"},{"family":"Spivak","given":"David I."},{"family":"Lerman","given":"Eugene"}],"citation-key":"vagnerAlgebrasOpenDynamical2015","DOI":"10.48550/arXiv.1408.1598","issued":{"date-parts":[["2015",10,2]]},"number":"arXiv:1408.1598","publisher":"arXiv","source":"arXiv.org","title":"Algebras of Open Dynamical Systems on the Operad of Wiring Diagrams","type":"article","URL":"http://arxiv.org/abs/1408.1598"},{"id":"spivakCategoryTheorySciences2014","accessed":{"date-parts":[["2023",12,7]]},"author":[{"family":"Spivak","given":"David I."}],"citation-key":"spivakCategoryTheorySciences2014","event-place":"Cambridge, UNITED STATES","ISBN":"978-0-262-32052-8","issued":{"date-parts":[["2014"]]},"publisher":"MIT Press","publisher-place":"Cambridge, UNITED STATES","source":"ProQuest Ebook Central","title":"Category Theory for the Sciences","type":"book","URL":"http://ebookcentral.proquest.com/lib/pitt-ebooks/detail.action?docID=3339883"},{"id":"spivakOperadWiringDiagrams2013","abstract":"Wiring diagrams, as seen in digital circuits, can be nested hierarchically and thus have an aspect of self-similarity. We show that wiring diagrams form the morphisms of an operad $\\mcT$, capturing this self-similarity. We discuss the algebra $\\Rel$ of mathematical relations on $\\mcT$, and in so doing use wiring diagrams as a graphical language with which to structure queries on relational databases. We give the example of circuit diagrams as a special case. We move on to show how plug-and-play devices and also recursion can be formulated in the operadic framework as well. Throughout we include many examples and figures.","accessed":{"date-parts":[["2023",12,7]]},"author":[{"family":"Spivak","given":"David I."}],"citation-key":"spivakOperadWiringDiagrams2013","DOI":"10.48550/arXiv.1305.0297","issued":{"date-parts":[["2013",5,1]]},"number":"arXiv:1305.0297","publisher":"arXiv","source":"arXiv.org","title":"The operad of wiring diagrams: formalizing a graphical language for databases, recursion, and plug-and-play circuits","title-short":"The operad of wiring diagrams","type":"article","URL":"http://arxiv.org/abs/1305.0297"},{"id":"vagnerAlgebrasOpenDynamical2015a","abstract":"In this paper, we use the language of operads to study open dynamical systems. More specifically, we study the algebraic nature of assembling complex dynamical systems from an interconnection of simpler ones. The syntactic architecture of such interconnections is encoded using the visual language of wiring diagrams. We define the symmetric monoidal category W, from which we may construct an operad O(W), whose objects are black boxes with input and output ports, and whose morphisms are wiring diagrams, thus prescribing the algebraic rules for interconnection. We then define two W-algebras, G and L, which associate semantic content to the structures in W. Respectively, they correspond to general and to linear systems of differential equations, in which an internal state is controlled by inputs and produces outputs. As an example, we use these algebras to formalize the classical problem of systems of tanks interconnected by pipes, and hence make explicit the algebraic relationships among systems at different levels of granularity.","accessed":{"date-parts":[["2023",12,7]]},"author":[{"family":"Vagner","given":"Dmitry"},{"family":"Spivak","given":"David I."},{"family":"Lerman","given":"Eugene"}],"citation-key":"vagnerAlgebrasOpenDynamical2015a","DOI":"10.48550/arXiv.1408.1598","issued":{"date-parts":[["2015",10,2]]},"number":"arXiv:1408.1598","publisher":"arXiv","source":"arXiv.org","title":"Algebras of Open Dynamical Systems on the Operad of Wiring Diagrams","type":"article","URL":"http://arxiv.org/abs/1408.1598"},{"id":"gouertArctyrEXAcceleratedEncrypted2023","abstract":"Fully Homomorphic Encryption (FHE) is a cryptographic method that guarantees the privacy and security of user data during computation. FHE algorithms can perform unlimited arithmetic computations directly on encrypted data without decrypting it. Thus, even when processed by untrusted systems, confidential data is never exposed. In this work, we develop new techniques for accelerated encrypted execution and demonstrate the significant performance advantages of our approach. Our current focus is the Fully Homomorphic Encryption over the Torus (CGGI) scheme, which is a current state-of-the-art method for evaluating arbitrary functions in the encrypted domain. CGGI represents a computation as a graph of homomorphic logic gates and each individual bit of the plaintext is transformed into a polynomial in the encrypted domain. Arithmetic on such data becomes very expensive: operations on bits become operations on entire polynomials. Therefore, evaluating even relatively simple nonlinear functions, such as a sigmoid, can take thousands of seconds on a single CPU thread. Using our novel framework for end-to-end accelerated encrypted execution called ArctyrEX, developers with no knowledge of complex FHE libraries can simply describe their computation as a C program that is evaluated over $40\\times$ faster on an NVIDIA DGX A100 and $6\\times$ faster with a single A100 relative to a 256-threaded CPU baseline.","accessed":{"date-parts":[["2023",12,6]]},"author":[{"family":"Gouert","given":"Charles"},{"family":"Joseph","given":"Vinu"},{"family":"Dalton","given":"Steven"},{"family":"Augonnet","given":"Cedric"},{"family":"Garland","given":"Michael"},{"family":"Tsoutsos","given":"Nektarios Georgios"}],"citation-key":"gouertArctyrEXAcceleratedEncrypted2023","DOI":"10.48550/arXiv.2306.11006","issued":{"date-parts":[["2023",6,19]]},"number":"arXiv:2306.11006","publisher":"arXiv","source":"arXiv.org","title":"ArctyrEX : Accelerated Encrypted Execution of General-Purpose Applications","title-short":"ArctyrEX","type":"article","URL":"http://arxiv.org/abs/2306.11006"},{"id":"jackyPyModelModelbasedTesting2011","abstract":"In unit testing, the programmer codes the test cases, and also codes assertions that check whether each test case passed. In model-based testing, the programmer codes a \"model\" that generates as many test cases as desired and also acts as the oracle that checks the cases. Model-based testing is recommended where so many test cases are needed that it is not feasible to code them all by hand. This need arises when testing behaviors that exhibit history-dependence and nondeterminism, so that many variations (data values, interleavings, etc.) should be tested for each scenario (or use case). Examples include communication protocols, web applications, control systems, and user interfaces. PyModel is a model-based testing framework in Python. PyModel supports on-the-ﬂy testing, which can generate indeﬁnitely long nonrepeating tests as the test run executes. PyModel can focus test cases on scenarios of interest by composition, a versatile technique that combines models by synchronizing shared actions and interleaving unshared actions. PyModel can guide test coverage according to programmable strategies coded by the programmer.","accessed":{"date-parts":[["2023",11,27]]},"author":[{"family":"Jacky","given":"Jonathan"}],"citation-key":"jackyPyModelModelbasedTesting2011","DOI":"10.25080/Majora-ebaa42b7-008","event-place":"Austin, Texas","event-title":"Python in Science Conference","issued":{"date-parts":[["2011"]]},"language":"en","page":"48-52","publisher-place":"Austin, Texas","source":"DOI.org (Crossref)","title":"PyModel: Model-based testing in Python","title-short":"PyModel","type":"paper-conference","URL":"https://conference.scipy.org/proceedings/scipy2011/jacky.html"},{"id":"sontagControlLyapunovFunctions1999","accessed":{"date-parts":[["2023",11,22]]},"author":[{"family":"Sontag","given":"Eduardo D."}],"citation-key":"sontagControlLyapunovFunctions1999","collection-editor":[{"family":"Dickinson","given":"B. W."},{"family":"Fettweis","given":"A."},{"family":"Massey","given":"J. L."},{"family":"Modestino","given":"J. W."},{"family":"Sontag","given":"E. D."},{"family":"Thoma","given":"M."}],"container-title":"Open Problems in Mathematical Systems and Control Theory","DOI":"10.1007/978-1-4471-0807-8_40","editor":[{"family":"Blondel","given":"Vincent"},{"family":"Sontag","given":"Eduardo D."},{"family":"Vidyasagar","given":"Mathukumalli"},{"family":"Willems","given":"Jan C."}],"event-place":"London","ISBN":"978-1-4471-1207-5 978-1-4471-0807-8","issued":{"date-parts":[["1999"]]},"page":"211-216","publisher":"Springer London","publisher-place":"London","source":"DOI.org (Crossref)","title":"Control-Lyapunov functions","type":"chapter","URL":"http://link.springer.com/10.1007/978-1-4471-0807-8_40"},{"id":"dicairanoStabilizingDynamicControllers2014","accessed":{"date-parts":[["2023",11,22]]},"author":[{"family":"Di Cairano","given":"Stefano"},{"family":"Heemels","given":"W. P. Maurice H."},{"family":"Lazar","given":"Mircea"},{"family":"Bemporad","given":"Alberto"}],"citation-key":"dicairanoStabilizingDynamicControllers2014","container-title":"IEEE Transactions on Automatic Control","container-title-short":"IEEE Trans. Automat. Contr.","DOI":"10.1109/TAC.2014.2324111","ISSN":"0018-9286, 1558-2523","issue":"10","issued":{"date-parts":[["2014",10]]},"page":"2629-2643","source":"DOI.org (Crossref)","title":"Stabilizing Dynamic Controllers for Hybrid Systems: A Hybrid Control Lyapunov Function Approach","title-short":"Stabilizing Dynamic Controllers for Hybrid Systems","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/6816126/","volume":"59"},{"id":"asarinReachabilityAnalysisNonlinear2003","accessed":{"date-parts":[["2023",11,22]]},"author":[{"family":"Asarin","given":"Eugene"},{"family":"Dang","given":"Thao"},{"family":"Girard","given":"Antoine"}],"citation-key":"asarinReachabilityAnalysisNonlinear2003","collection-editor":[{"family":"Goos","given":"Gerhard"},{"family":"Hartmanis","given":"Juris"},{"family":"Van Leeuwen","given":"Jan"}],"container-title":"Hybrid Systems: Computation and Control","DOI":"10.1007/3-540-36580-X_5","editor":[{"family":"Maler","given":"Oded"},{"family":"Pnueli","given":"Amir"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-540-00913-9 978-3-540-36580-8","issued":{"date-parts":[["2003"]]},"page":"20-35","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"Reachability Analysis of Nonlinear Systems Using Conservative Approximation","type":"chapter","URL":"http://link.springer.com/10.1007/3-540-36580-X_5","volume":"2623"},{"id":"bartosiewiczLocalPositiveReachability2016","accessed":{"date-parts":[["2023",11,22]]},"author":[{"family":"Bartosiewicz","given":"Zbigniew"}],"citation-key":"bartosiewiczLocalPositiveReachability2016","container-title":"IEEE Transactions on Automatic Control","container-title-short":"IEEE Trans. Automat. Contr.","DOI":"10.1109/TAC.2015.2511921","ISSN":"0018-9286, 1558-2523","issue":"12","issued":{"date-parts":[["2016",12]]},"page":"4217-4221","source":"DOI.org (Crossref)","title":"Local Positive Reachability of Nonlinear Continuous-Time Systems","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/7365428/","volume":"61"},{"id":"goubaultForwardInnerApproximatedReachability2017","accessed":{"date-parts":[["2023",11,22]]},"author":[{"family":"Goubault","given":"Eric"},{"family":"Putot","given":"Sylvie"}],"citation-key":"goubaultForwardInnerApproximatedReachability2017","container-title":"Proceedings of the 20th International Conference on Hybrid Systems: Computation and Control","DOI":"10.1145/3049797.3049811","event-place":"Pittsburgh Pennsylvania USA","event-title":"HSCC '17: 20th International Conference on Hybrid Systems: Computation and Control","ISBN":"978-1-4503-4590-3","issued":{"date-parts":[["2017",4,13]]},"language":"en","page":"1-10","publisher":"ACM","publisher-place":"Pittsburgh Pennsylvania USA","source":"DOI.org (Crossref)","title":"Forward Inner-Approximated Reachability of Non-Linear Continuous Systems","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3049797.3049811"},{"id":"asarinRecentProgressContinuous2006","accessed":{"date-parts":[["2023",11,22]]},"author":[{"family":"Asarin","given":"Eugene"},{"family":"Dang","given":"Thao"},{"family":"Frehse","given":"Goran"},{"family":"Girard","given":"Antoine"},{"family":"Le Guernic","given":"Colas"},{"family":"Maler","given":"Oded"}],"citation-key":"asarinRecentProgressContinuous2006","container-title":"2006 IEEE Conference on Computer Aided Control System Design, 2006 IEEE International Conference on Control Applications, 2006 IEEE International Symposium on Intelligent Control","DOI":"10.1109/CACSD-CCA-ISIC.2006.4776877","event-place":"Munich, Germany","event-title":"2006 IEEE Conference on Computer Aided Control System Design, 2006 IEEE International Conference on Control Applications, 2006 IEEE International Symposium on Intelligent Control","issued":{"date-parts":[["2006",10]]},"page":"1582-1587","publisher":"IEEE","publisher-place":"Munich, Germany","source":"DOI.org (Crossref)","title":"Recent progress in continuous and hybrid reachability analysis","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/4776877/"},{"id":"michelStabilityDynamicalSystems2008","author":[{"family":"Michel","given":"Anthony N."},{"family":"Hou","given":"Ling"},{"family":"Liu","given":"Derong"}],"citation-key":"michelStabilityDynamicalSystems2008","collection-title":"Systems & control: foundations & applications","event-place":"Boston Basel Berlin","ISBN":"978-0-8176-4486-4","issued":{"date-parts":[["2008"]]},"language":"eng","number-of-pages":"501","publisher":"Birkhäuser","publisher-place":"Boston Basel Berlin","source":"K10plus ISBN","title":"Stability of dynamical systems: continuous, discontinuous, and discrete systems","title-short":"Stability of dynamical systems","type":"book"},{"id":"lewisOptimalControl2012","author":[{"family":"Lewis","given":"Frank L."},{"family":"Vrabie","given":"Draguna L."},{"family":"Syrmos","given":"Vassilis L."}],"call-number":"QA402.3 .L487 2012","citation-key":"lewisOptimalControl2012","edition":"3rd ed","event-place":"Hoboken","ISBN":"978-0-470-63349-6","issued":{"date-parts":[["2012"]]},"number-of-pages":"540","publisher":"Wiley","publisher-place":"Hoboken","source":"Library of Congress ISBN","title":"Optimal control","type":"book"},{"id":"lionsHamiltonJacobiBellmanEquations1983","accessed":{"date-parts":[["2023",11,22]]},"author":[{"family":"Lions","given":"P. L."}],"citation-key":"lionsHamiltonJacobiBellmanEquations1983","container-title":"Acta Applicandae Mathematicae","container-title-short":"Acta Appl Math","DOI":"10.1007/BF02433840","ISSN":"0167-8019, 1572-9036","issue":"1","issued":{"date-parts":[["1983",3]]},"language":"en","page":"17-41","source":"DOI.org (Crossref)","title":"On the Hamilton-Jacobi-Bellman equations","type":"article-journal","URL":"http://link.springer.com/10.1007/BF02433840","volume":"1"},{"id":"slothVerificationContinuousDynamical2011","accessed":{"date-parts":[["2023",11,22]]},"author":[{"family":"Sloth","given":"Christoffer"},{"family":"Wisniewski","given":"Rafael"}],"citation-key":"slothVerificationContinuousDynamical2011","container-title":"Formal Methods in System Design","container-title-short":"Form Methods Syst Des","DOI":"10.1007/s10703-011-0118-0","ISSN":"0925-9856, 1572-8102","issue":"1","issued":{"date-parts":[["2011",8]]},"language":"en","page":"47-82","source":"DOI.org (Crossref)","title":"Verification of continuous dynamical systems by timed automata","type":"article-journal","URL":"http://link.springer.com/10.1007/s10703-011-0118-0","volume":"39"},{"id":"marinoPROFIBUSFormalSpecification2001","abstract":"Formal description languages, like ESTELLE [7], Language Temporary Of Ordering Speci®cation (LOTOS) [8] or Speci®cation Description Language (SDL) [9], allow us to specify complex system requirements in an ambiguities free and complete way [26]. The choice of what formal language to use in a particular system speci®cation must be taken a priori by the system designer [5]. It would be useful to have comparative information about systems described with some of these languages, to know which one would ®t better to that system. The literature published on this topic [1,14,22] compares too simple systems. This paper deals with this aspect and compares the formal speci®cation of the PROcess FIeld BUS (PROFIBUS) communications protocol in both languages LOTOS and SDL. Ó 2001 Elsevier Science B.V. All rights reserved.","author":[{"family":"Marino","given":"P"},{"family":"Nogueira","given":"J"},{"family":"Sigu","given":"C"}],"citation-key":"marinoPROFIBUSFormalSpecification2001","container-title":"Computer Networks","issued":{"date-parts":[["2001"]]},"language":"en","source":"Zotero","title":"The PROFIBUS formal specification: a comparison between two FDTs","type":"article-journal"},{"id":"prestlBMWActiveCruise2000","abstract":"With series introduction of Adaptive Cruise Control (ACC) systems, automotive industry at present makes a step towards a new category of vehicle control systems. For the first time in automotive history these systems make use of information about the surrounding traffic situation. This information i","accessed":{"date-parts":[["2023",11,20]]},"author":[{"family":"Prestl","given":"Willibald"},{"family":"Sauer","given":"Thomas"},{"family":"Steinle","given":"Joachim"},{"family":"Tschernoster","given":"Oliver"}],"citation-key":"prestlBMWActiveCruise2000","DOI":"10.4271/2000-01-0344","event-place":"Warrendale, PA","genre":"SAE Technical Paper","ISSN":"0148-7191, 2688-3627","issued":{"date-parts":[["2000",3,6]]},"language":"English","number":"2000-01-0344","publisher":"SAE International","publisher-place":"Warrendale, PA","source":"www.sae.org","title":"The BMW Active Cruise Control ACC","type":"report","URL":"https://www.sae.org/publications/technical-papers/content/2000-01-0344/"},{"id":"saeedloeiLogicbasedModelingVerification2011","abstract":"Cyber-physical systems (CPS) consist of perpetually and concurrently executing physical and computational components. The presence of physical components require the computational components to deal with continuous quantities. A formalism that can model discrete and continuous quantities together with concurrent, perpetual execution is lacking. In this paper we report on the development of a formalism based on logic programming extended with co-induction, constraints over reals, and coroutining that allows CPS to be elegantly modeled. This logic programming realization can be used for verifying interesting properties as well as generating implementations of CPS. We illustrate this formalism by applying it to elegant modeling of the reactor temperature control system. Interesting properties of the system can be veriﬁed merely by posing appropriate queries to this model. Precise parametric analysis can also be performed.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Saeedloei","given":"Neda"},{"family":"Gupta","given":"Gopal"}],"citation-key":"saeedloeiLogicbasedModelingVerification2011","container-title":"ACM SIGBED Review","container-title-short":"SIGBED Rev.","DOI":"10.1145/2000367.2000374","ISSN":"1551-3688","issue":"2","issued":{"date-parts":[["2011",6]]},"language":"en","page":"31-34","source":"DOI.org (Crossref)","title":"A logic-based modeling and verification of CPS","type":"article-journal","URL":"https://dl.acm.org/doi/10.1145/2000367.2000374","volume":"8"},{"id":"dangeloProbabilisticRobustnessAnalysis2019","abstract":"This work uses probabilistic robustness techniques to show how the stability margin of an uncertain controlled structure that operates in a harsh, potentially radioactive environment can be analyzed in order to find a less conservative destabilizing uncertainty perturbation. The uncertainty is quantified in terms of a measure on the size of the covariance matrix in a multivariate Gaussian distribution. This uncertainty is used to capture the aggregate effects on a structure’s dynamic behavior due to material changes resulting from radiation embrittlement and mechanical fatigue. A probabilistic-robust full-state feedback ℋ∞$${\\mathcal {H}_\\infty }$$controller is synthesized for a low-dimensional structural model using a technique known as scenario-based probabilistic-robust synthesis. A probabilistic-robust stability margin is defined and extracted from a stability degradation function, demonstrating that a fourfold increase in the amount of uncertainty in the model can be tolerated if the designer is willing to concede a small probability that the actively-controlled structure may be unstable for certain system configurations.","author":[{"family":"D’Angelo","given":"Christopher J."},{"family":"Cole","given":"Daniel G."},{"family":"Collinger","given":"John C."}],"citation-key":"dangeloProbabilisticRobustnessAnalysis2019","container-title":"Structural Health Monitoring, Photogrammetry & DIC, Volume 6","DOI":"10.1007/978-3-319-74476-6_17","editor":[{"family":"Niezrecki","given":"Christopher"},{"family":"Baqersad","given":"Javad"}],"event-place":"Cham","ISBN":"978-3-319-74476-6","issued":{"date-parts":[["2019"]]},"language":"en","page":"121-131","publisher":"Springer International Publishing","publisher-place":"Cham","source":"Springer Link","title":"Probabilistic Robustness Analysis of an Actively Controlled Structure that Operates in Harsh and Uncertain Environments","type":"paper-conference"},{"id":"nguyenFuzzyControlSystems2019","abstract":"More than 40 years after fuzzy logic control appeared as an effective tool to deal with complex processes, the research on fuzzy control systems has constantly evolved. Mamdani fuzzy control was originally introduced as a model-free control approach based on expert?s experience and knowledge. Due to the lack of a systematic framework to study Mamdani fuzzy systems, we have witnessed growing interest in fuzzy model-based approaches with Takagi-Sugeno fuzzy systems and singleton-type fuzzy systems (also called piecewise multiaffine systems) over the past decades. This paper reviews the key features of the three above types of fuzzy systems. Through these features, we point out the historical rationale for each type of fuzzy systems and its current research mainstreams. However, the focus is put on fuzzy model-based approaches developed via Lyapunov stability theorem and linear matrix inequality (LMI) formulations. Finally, our personal viewpoint on the perspectives and challenges of the future fuzzy control research is discussed.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Nguyen","given":"Anh-Tu"},{"family":"Taniguchi","given":"Tadanari"},{"family":"Eciolaza","given":"Luka"},{"family":"Campos","given":"Victor"},{"family":"Palhares","given":"Reinaldo"},{"family":"Sugeno","given":"Michio"}],"citation-key":"nguyenFuzzyControlSystems2019","container-title":"IEEE Computational Intelligence Magazine","DOI":"10.1109/MCI.2018.2881644","ISSN":"1556-6048","issue":"1","issued":{"date-parts":[["2019",2]]},"page":"56-68","source":"IEEE Xplore","title":"Fuzzy Control Systems: Past, Present and Future","title-short":"Fuzzy Control Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/8610273","volume":"14"},{"id":"huangFuzzyModelPredictive2000","abstract":"A fuzzy model predictive control (FMPC) approach is introduced to design a control system for a highly nonlinear process. In this approach, a process system is described by a fuzzy convolution model that consists of a number of quasi-linear fuzzy implications. In controller design, prediction errors and control energy are minimized through a two-layered iterative optimization process. At the lower layer, optimal local control policies are identified to minimize prediction errors in each subsystem. A near optimum is then identified through coordinating the subsystems to reach an overall minimum prediction error at the upper layer. The two-layered computing scheme avoids extensive online nonlinear optimization and permits the design of a controller based on linear control theory. The efficacy of the FMPC approach is demonstrated through three examples.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Huang","given":"Y.L."},{"family":"Lou","given":"H.H."},{"family":"Gong","given":"J.P."},{"family":"Edgar","given":"T.F."}],"citation-key":"huangFuzzyModelPredictive2000","container-title":"IEEE Transactions on Fuzzy Systems","DOI":"10.1109/91.890326","ISSN":"1941-0034","issue":"6","issued":{"date-parts":[["2000",12]]},"page":"665-678","source":"IEEE Xplore","title":"Fuzzy model predictive control","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/890326","volume":"8"},{"id":"taoRobustFuzzyControl2005","abstract":"A robust complexity reduced proportional-integral-derivative (PID)-like fuzzy controllers is designed for a plant with fuzzy linear model. The plant model is described with the expert's linguistic information involved. The linguistic information for the plant model is represented as fuzzy sets. In order to design a robust fuzzy controller for a plant model with fuzzy sets, an approach is developed to implement the best crisp approximation of fuzzy sets into intervals. Then, Kharitonov's Theorem is applied to construct a robust fuzzy controller for the fuzzy uncertain plant with interval model. With the linear combination of input variables as a new input variable, the complexity of the fuzzy mechanism of PID-like fuzzy controller is significantly reduced. The parameters in the robust fuzzy controller are determined to satisfy the stability conditions. The robustness of the designed fuzzy controller is discussed. Also, with the provided definition of relative robustness, the robustness of the complexity reduced fuzzy controller is compared to the classical PID controller for a second-order plant with fuzzy linear model. The simulation results are included to show the effectiveness of the designed PID-like robust fuzzy controller with the complexity reduced fuzzy mechanism.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Tao","given":"C.W."},{"family":"Taur","given":"J.S."}],"citation-key":"taoRobustFuzzyControl2005","container-title":"IEEE Transactions on Fuzzy Systems","DOI":"10.1109/TFUZZ.2004.839653","ISSN":"1941-0034","issue":"1","issued":{"date-parts":[["2005",2]]},"page":"30-41","source":"IEEE Xplore","title":"Robust fuzzy control for a plant with fuzzy linear model","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/1392998","volume":"13"},{"id":"kapinskiSimulationguidedLyapunovAnalysis2014","abstract":"Lyapunov functions are used to prove stability and to obtain performance bounds on system behaviors for nonlinear and hybrid dynamical systems, but discovering Lyapunov functions is a difficult task in general. We present a technique for discovering Lyapunov functions and barrier certificates for nonlinear and hybrid dynamical systems using a search-based approach. Our approach uses concrete executions, such as those obtained through simulation, to formulate a series of linear programming (LP) optimization problems; the solution to each LP creates a candidate Lyapunov function. Intermediate candidates are iteratively improved using a global optimizer guided by the Lie derivative of the candidate Lyapunov function. The analysis is refined using counterexamples from a Satisfiability Modulo Theories (SMT) solver. When no counterexamples are found, the soundness of the analysis is verified using an arithmetic solver. The technique can be applied to a broad class of nonlinear dynamical systems, including hybrid systems and systems with polynomial and even transcendental dynamics. We present several examples illustrating the efficacy of the technique, including two automotive powertrain control examples.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Kapinski","given":"James"},{"family":"Deshmukh","given":"Jyotirmoy V."},{"family":"Sankaranarayanan","given":"Sriram"},{"family":"Arechiga","given":"Nikos"}],"citation-key":"kapinskiSimulationguidedLyapunovAnalysis2014","collection-title":"HSCC '14","container-title":"Proceedings of the 17th international conference on Hybrid systems: computation and control","DOI":"10.1145/2562059.2562139","event-place":"New York, NY, USA","ISBN":"978-1-4503-2732-9","issued":{"date-parts":[["2014",4,15]]},"page":"133–142","publisher":"Association for Computing Machinery","publisher-place":"New York, NY, USA","source":"ACM Digital Library","title":"Simulation-guided lyapunov analysis for hybrid dynamical systems","type":"paper-conference","URL":"https://doi.org/10.1145/2562059.2562139"},{"id":"torbenAutomaticSimulationbasedTesting2023","abstract":"A methodology for automatic simulation-based testing of control systems for autonomous vessels is proposed. The work is motivated by the need for increased test coverage and formalism in the verification efforts. It aims to achieve this by formulating requirements in the formal logic Signal Temporal Logic (STL). This enables automatic evaluation of simulations against requirements using the STL robustness metric, resulting in a robustness score for requirements satisfaction. Furthermore, the proposed method uses a Gaussian Process (GP) model for estimating robustness scores including levels of uncertainty for untested cases. The GP model is updated by running simulations and observing the resulting robustness, and its estimates are used to automatically guide the test case selection toward cases with low robustness or high uncertainty. The main scientific contribution is the development of an automatic testing method which incrementally runs new simulations until the entire parameter space of the case is covered to the desired confidence level, or until a case which falsifies the requirement is identified. The methodology is demonstrated through a case study, where the test object is a Collision Avoidance (CA) system for a small high-speed vessel. STL requirements for safety distance, mission compliance, and COLREG compliance are developed. The proposed method shows promise, by both achieving verification in feasible time and identifying falsifying behaviors which would be difficult to detect manually or using brute-force methods. An additional contribution of this work is a formalization of COLREG using temporal logic, which appears to be an interesting direction for future work.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Torben","given":"Tobias Rye"},{"family":"Glomsrud","given":"Jon Arne"},{"family":"Pedersen","given":"Tom Arne"},{"family":"Utne","given":"Ingrid B"},{"family":"Sørensen","given":"Asgeir J"}],"citation-key":"torbenAutomaticSimulationbasedTesting2023","container-title":"Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability","container-title-short":"Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability","DOI":"10.1177/1748006X211069277","ISSN":"1748-006X","issue":"2","issued":{"date-parts":[["2023",4,1]]},"language":"en","page":"293-313","publisher":"SAGE Publications","source":"SAGE Journals","title":"Automatic simulation-based testing of autonomous ships using Gaussian processes and temporal logic","type":"article-journal","URL":"https://doi.org/10.1177/1748006X211069277","volume":"237"},{"id":"kapinskiSimulationguidedApproachesVerification2015","abstract":"Automotive embedded control systems are a vital aspect of modern automotive development, but the considerable complexity of these systems has made quality checking a challenging endeavor. Simulation-based checking approaches are attractive, as they often scale well with the complexity of the system design. This paper presents an overview of simulation-guided techniques that can be used to increase the confidence in the quality of an automotive powertrain control system design. We discuss the relationship between simulation-based approaches and the broader areas of verification and powertrain control design. Also, we discuss new software tools that use simulation-guided approaches to address various aspects of automotive powertrain control design verification. We conclude by considering ongoing challenges in developing new simulation-guided tools and applying them in a powertrain control development context.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Kapinski","given":"James"},{"family":"Deshmukh","given":"Jyotirmoy"},{"family":"Jin","given":"Xiaoqing"},{"family":"Ito","given":"Hisahiro"},{"family":"Butts","given":"Ken"}],"citation-key":"kapinskiSimulationguidedApproachesVerification2015","container-title":"2015 American Control Conference (ACC)","DOI":"10.1109/ACC.2015.7171968","event-title":"2015 American Control Conference (ACC)","ISSN":"2378-5861","issued":{"date-parts":[["2015",7]]},"page":"4086-4095","source":"IEEE Xplore","title":"Simulation-guided approaches for verification of automotive powertrain control systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/7171968"},{"id":"crespoComputationalFrameworkControl2010","abstract":"This paper presents a methodology for evaluating the robustness of a controller based on its ability to satisfy the design requirements. The framework proposed is generic since it allows for high-fidelity models, arbitrary control structures and arbitrary functional dependencies between the requirements and the uncertain parameters. The cornerstone of this contribution is the ability to bound the region of the uncertain parameter space where the degradation in closed-loop performance remains acceptable. The size of this bounding set, whose geometry can be prescribed according to deterministic or probabilistic uncertainty models, is a measure of robustness. The robustness metrics proposed herein are the parametric safety margin, the reliability index, the failure probability and upper bounds to this probability. The performance observed at the control verification setting, where the assumptions and approximations used for control design may no longer hold, will fully determine the proposed control assessment.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Crespo","given":"Luis G."},{"family":"Kenny","given":"Sean P."},{"family":"Giesy","given":"Daniel P."}],"citation-key":"crespoComputationalFrameworkControl2010","issued":{"date-parts":[["2010",1,1]]},"note":"NTRS Author Affiliations: National Inst. of Aerospace, NASA Langley Research Center\nNTRS Report/Patent Number: L-19786\nNTRS Document ID: 20100006918\nNTRS Research Center: Langley Research Center (LaRC)","source":"NASA NTRS","title":"A Computational Framework to Control Verification and Robustness Analysis","type":"paper-conference","URL":"https://ntrs.nasa.gov/citations/20100006918"},{"id":"aminiLearningRobustControl2020","abstract":"In this work, we present a data-driven simulation and training engine capable of learning end-to-end autonomous vehicle control policies using only sparse rewards. By leveraging real, human-collected trajectories through an environment, we render novel training data that allows virtual agents to drive along a continuum of new local trajectories consistent with the road appearance and semantics, each with a different view of the scene. We demonstrate the ability of policies learned within our simulator to generalize to and navigate in previously unseen real-world roads, without access to any human control labels during training. Our results validate the learned policy onboard a full-scale autonomous vehicle, including in previously un-encountered scenarios, such as new roads and novel, complex, near-crash situations. Our methods are scalable, leverage reinforcement learning, and apply broadly to situations requiring effective perception and robust operation in the physical world.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Amini","given":"Alexander"},{"family":"Gilitschenski","given":"Igor"},{"family":"Phillips","given":"Jacob"},{"family":"Moseyko","given":"Julia"},{"family":"Banerjee","given":"Rohan"},{"family":"Karaman","given":"Sertac"},{"family":"Rus","given":"Daniela"}],"citation-key":"aminiLearningRobustControl2020","container-title":"IEEE Robotics and Automation Letters","DOI":"10.1109/LRA.2020.2966414","ISSN":"2377-3766","issue":"2","issued":{"date-parts":[["2020",4]]},"page":"1143-1150","source":"IEEE Xplore","title":"Learning Robust Control Policies for End-to-End Autonomous Driving From Data-Driven Simulation","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/8957584","volume":"5"},{"id":"blanchiniModelFreePlantTuning2017","abstract":"Given a static plant described by a differentiable input-output function, which is completely unknown, but whose Jacobian takes values in a known polytope in the matrix space, this paper considers the problem of tuning (i.e., driving to a desired value) the output, by suitably choosing the input. It is shown that, if the polytope is robustly nonsingular (or has full rank, in the nonsquare case), then a suitable tuning scheme drives the output to the desired point. The proof exploits a Lyapunov-like function and applies a well-known game-theoretic result, concerning the existence of a saddle point for a min-max zero-sum game. When the plant output is represented in an implicit form, it is shown that the same result can be obtained, resorting to a different Lyapunov-like function. The case in which proper input or output constraints must be enforced during the transient is considered as well. Some application examples are proposed to show the effectiveness of the approach.","accessed":{"date-parts":[["2024",7,10]]},"author":[{"family":"Blanchini","given":"Franco"},{"family":"Fenu","given":"Gianfranco"},{"family":"Giordano","given":"Giulia"},{"family":"Pellegrino","given":"Felice Andrea"}],"citation-key":"blanchiniModelFreePlantTuning2017","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/TAC.2016.2616025","ISSN":"1558-2523","issue":"6","issued":{"date-parts":[["2017",6]]},"page":"2623-2634","source":"IEEE Xplore","title":"Model-Free Plant Tuning","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/7586127","volume":"62"},{"id":"FormalMethodsSafetyCritical2023","accessed":{"date-parts":[["2024",7,9]]},"citation-key":"FormalMethodsSafetyCritical2023","container-title":"MIT LIDS","issued":{"date-parts":[["2023",10,26]]},"language":"en","title":"Formal Methods for Safety-Critical Control","type":"webpage","URL":"https://lids.mit.edu/news-and-events/events/formal-methods-safety-critical-control"},{"id":"hincheyIntroductionFormalMethods2006","accessed":{"date-parts":[["2024",7,9]]},"author":[{"family":"Hinchey","given":"Michael"},{"family":"Bowen","given":"Jonathan P."},{"family":"Rouff","given":"Christopher A."}],"citation-key":"hincheyIntroductionFormalMethods2006","container-title":"Agent Technology from a Formal Perspective","DOI":"10.1007/1-84628-271-3_2","editor":[{"family":"Rouff","given":"Christopher A."},{"family":"Hinchey","given":"Michael"},{"family":"Rash","given":"James"},{"family":"Truszkowski","given":"Walter"},{"family":"Gordon-Spears","given":"Diana"}],"event-place":"London","ISBN":"978-1-85233-947-0","issued":{"date-parts":[["2006"]]},"language":"en","page":"25-64","publisher":"Springer-Verlag","publisher-place":"London","source":"DOI.org (Crossref)","title":"Introduction to Formal Methods","type":"chapter","URL":"http://link.springer.com/10.1007/1-84628-271-3_2"},{"id":"vorosIntroductionFormalMethods2004","abstract":"This chapter begins with an introduction to the main concepts of formal methods. Languages and tools for developing formal System modeis are also described, while the use of semi formal notations and their integration with formal methods is covered as well. At the end of the chapter, an overview of the current Status of formal methods in embedded System design is presented.","accessed":{"date-parts":[["2024",7,9]]},"author":[{"family":"Voros","given":"Nikolaos S."},{"family":"Mueller","given":"Wolfgang"},{"family":"Snook","given":"Colin"}],"citation-key":"vorosIntroductionFormalMethods2004","container-title":"UML-B Specification for Proven Embedded Systems Design","DOI":"10.1007/978-1-4020-2867-0_1","editor":[{"family":"Bernin","given":"Fredrik"},{"family":"Butler","given":"Michael"},{"family":"Cansell","given":"Dominique"},{"family":"Hallerstede","given":"Stefan"},{"family":"Kronlöf","given":"Klaus"},{"family":"Krupp","given":"Alexander"},{"family":"Lecomte","given":"Thierry"},{"family":"Lundell","given":"Michael"},{"family":"Lundkvist","given":"Ola"},{"family":"Marchetti","given":"Michele"},{"family":"Mueller","given":"Wolfgang"},{"family":"Oliver","given":"Ian"},{"family":"Sabatier","given":"Denis"},{"family":"Schattkowsky","given":"Tim"},{"family":"Snook","given":"Colin"},{"family":"Voros","given":"Nikolaos S."},{"family":"Zimmermann","given":"Yann"},{"family":"Mermet","given":"Jean"}],"event-place":"Boston, MA","ISBN":"978-1-4020-2867-0","issued":{"date-parts":[["2004"]]},"language":"en","page":"1-20","publisher":"Springer US","publisher-place":"Boston, MA","source":"Springer Link","title":"An Introduction to Formal Methods","type":"chapter","URL":"https://doi.org/10.1007/978-1-4020-2867-0_1"},{"id":"wooldridgeLECTUREINTRODUCTIONFORMAL","author":[{"family":"Wooldridge","given":"Mike"}],"citation-key":"wooldridgeLECTUREINTRODUCTIONFORMAL","container-title":"Software Engineering","language":"en","source":"Zotero","title":"LECTURE 6: INTRODUCTION TO FORMAL METHODS","type":"article-journal"},{"id":"FormalMethodsa","accessed":{"date-parts":[["2024",7,9]]},"citation-key":"FormalMethodsa","title":"Formal Methods","type":"webpage","URL":"https://users.ece.cmu.edu/~koopman/des_s99/formal_methods/"},{"id":"weizenbaumELIZAComputerProgram1966","accessed":{"date-parts":[["2024",7,2]]},"author":[{"family":"Weizenbaum","given":"Joseph"}],"citation-key":"weizenbaumELIZAComputerProgram1966","container-title":"Commun. ACM","DOI":"10.1145/365153.365168","ISSN":"0001-0782","issue":"1","issued":{"date-parts":[["1966",1,1]]},"page":"36–45","source":"ACM Digital Library","title":"ELIZA—a computer program for the study of natural language communication between man and machine","type":"article-journal","URL":"https://doi.org/10.1145/365153.365168","volume":"9"},{"id":"ZoteroConnectors","accessed":{"date-parts":[["2024",7,2]]},"citation-key":"ZoteroConnectors","title":"Zotero | Connectors","type":"webpage","URL":"https://www.zotero.org/download/connectors"},{"id":"ExplainableVerificationSurvey2024","abstract":"This report focuses on potential changes in software development practice and research that would help tools used for formal methods explain their output, making software practitioners more likely to trust them.","accessed":{"date-parts":[["2024",6,26]]},"citation-key":"ExplainableVerificationSurvey2024","issued":{"date-parts":[["2024",4,16]]},"language":"en","title":"Explainable Verification: Survey, Situations, and New Ideas","title-short":"Explainable Verification","type":"webpage","URL":"https://insights.sei.cmu.edu/library/explainable-verification-survey-situations-and-new-ideas/"},{"id":"berztissFormalVerificationPrograms","author":[{"family":"Berztiss","given":"Alfs T"},{"family":"Ardis","given":"Mark A"}],"citation-key":"berztissFormalVerificationPrograms","language":"en","source":"Zotero","title":"Formal Verification of Programs","type":"article-journal"},{"id":"zhangUnderstandingUncertaintyCyberPhysical2016","abstract":"Uncertainty is intrinsic in most technical systems, including Cyber-Physical Systems (CPS). Therefore, handling uncertainty in a graceful manner during the real operation of CPS is critical. Since designing, developing, and testing modern and highly sophisticated CPS is an expanding field, a step towards dealing with uncertainty is to identify, define, and classify uncertainties at various levels of CPS. This will help develop a systematic and comprehensive understanding of uncertainty. To that end, we propose a conceptual model for uncertainty specifically designed for CPS. Since the study of uncertainty in CPS development and testing is still irrelatively unexplored, this conceptual model was derived in a large part by reviewing existing work on uncertainty in other fields, including philosophy, physics, statistics, and healthcare. The conceptual model is mapped to the three logical levels of CPS: Application, Infrastructure, and Integration. It is captured using UML class diagrams, including relevant OCL constraints. To validate the conceptual model, we identified, classified, and specified uncertainties in two distinct industrial case studies.","author":[{"family":"Zhang","given":"Man"},{"family":"Selic","given":"Bran"},{"family":"Ali","given":"Shaukat"},{"family":"Yue","given":"Tao"},{"family":"Okariz","given":"Oscar"},{"family":"Norgren","given":"Roland"}],"citation-key":"zhangUnderstandingUncertaintyCyberPhysical2016","container-title":"Modelling Foundations and Applications","DOI":"10.1007/978-3-319-42061-5_16","editor":[{"family":"Wąsowski","given":"Andrzej"},{"family":"Lönn","given":"Henrik"}],"event-place":"Cham","ISBN":"978-3-319-42061-5","issued":{"date-parts":[["2016"]]},"language":"en","page":"247-264","publisher":"Springer International Publishing","publisher-place":"Cham","source":"Springer Link","title":"Understanding Uncertainty in Cyber-Physical Systems: A Conceptual Model","title-short":"Understanding Uncertainty in Cyber-Physical Systems","type":"paper-conference"},{"id":"oquendoDealingUncertaintySoftware2019","abstract":"When architecting Software-intensive Systems-of-Systems (SoS) on the Internet-of-Things (IoT), architects face two sorts of uncertainties. First, they have only limited knowledge about the operational environment where the SoS will actually be deployed. Second, the constituent systems which will compose the SoS might not be known a priori (at design-time) or their availability (at runtime) is affected by dynamic factors, due to the openness of the IoT. The consequent research question is thereby how to deal with uncertainty in the design of an SoS architecture on the IoT. To tackle this challenging issue, this paper addresses the notion of uncertainty due to partial information in SoS and proposes an enhanced SoS Architecture Description language (SosADL) for expressing SoS architectures on the IoT under uncertainty. The core SosADL is extended with concurrent constraints and the concept of digital twins coupling the physical and virtual worlds. This novel approach is supported by an integrated toolset, the SosADL Studio. Validation results demonstrate its effectiveness in an SoS architecture for platooning of self-driving vehicles.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Oquendo","given":"Flavio"}],"citation-key":"oquendoDealingUncertaintySoftware2019","container-title":"Computational Science and Its Applications – ICCSA 2019","DOI":"10.1007/978-3-030-24289-3_57","editor":[{"family":"Misra","given":"Sanjay"},{"family":"Gervasi","given":"Osvaldo"},{"family":"Murgante","given":"Beniamino"},{"family":"Stankova","given":"Elena"},{"family":"Korkhov","given":"Vladimir"},{"family":"Torre","given":"Carmelo"},{"family":"Rocha","given":"Ana Maria A.C."},{"family":"Taniar","given":"David"},{"family":"Apduhan","given":"Bernady O."},{"family":"Tarantino","given":"Eufemia"}],"event-place":"Cham","ISBN":"978-3-030-24288-6 978-3-030-24289-3","issued":{"date-parts":[["2019"]]},"language":"en","page":"770-786","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Dealing with Uncertainty in Software Architecture on the Internet-of-Things with Digital Twins","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-030-24289-3_57","volume":"11619"},{"id":"kochunasDigitalTwinConcepts2021","abstract":"Digital Twins (DTs) are receiving considerable attention from multiple disciplines. Much of the literature at this time is dedicated to the conceptualization of digital twins, and associated enabling technologies and challenges. In this paper, we consider these propositions for the speciﬁc application of nuclear power. Our review ﬁnds that the current DT concepts are amenable to nuclear power systems, but beneﬁt from some modiﬁcations and enhancements. Further, some areas of the existing modeling and simulation infrastructure around nuclear power systems are adaptable to DT development, while more recent efforts in advanced modeling and simulation are less suitable at this time. For nuclear power applications, DT development should rely ﬁrst on mechanistic model-based methods to leverage the extensive experience and understanding of these systems. Model-free techniques can then be adopted to selectively, and correctively, augment limitations in the model-based approaches. Challenges to the realization of a DT are also discussed, with some being unique to nuclear engineering, however most are broader. A challenging aspect we discuss in detail for DTs is the incorporation of uncertainty quantiﬁcation (UQ). Forward UQ enables the propagation of uncertainty from the digital representations to predict behavior of the physical asset. Similarly, inverse UQ allows for the incorporation of data from new measurements obtained from the physical asset back into the DT. Optimization under uncertainty facilitates decision support through the formal methods of optimal experimental design and design optimization that maximize information gain, or performance, of the physical asset in an uncertain environment.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Kochunas","given":"Brendan"},{"family":"Huan","given":"Xun"}],"citation-key":"kochunasDigitalTwinConcepts2021","container-title":"Energies","container-title-short":"Energies","DOI":"10.3390/en14144235","ISSN":"1996-1073","issue":"14","issued":{"date-parts":[["2021",7,14]]},"language":"en","page":"4235","source":"DOI.org (Crossref)","title":"Digital Twin Concepts with Uncertainty for Nuclear Power Applications","type":"article-journal","URL":"https://www.mdpi.com/1996-1073/14/14/4235","volume":"14"},{"id":"RevModPhys","accessed":{"date-parts":[["2024",5,21]]},"citation-key":"RevModPhys","title":"Rev. Mod. Phys. 83, 943 (2011) - Bayesian inference in physics","type":"webpage","URL":"https://journals.aps.org/rmp/abstract/10.1103/RevModPhys.83.943"},{"id":"kennedyBayesianCalibrationComputer2001","abstract":"We consider prediction and uncertainty analysis for systems which are approximated using complex mathematical models. Such models, implemented as computer codes, are often generic in the sense that by a suitable choice of some of the model's input parameters the code can be used to predict the behaviour of the system in a variety of specific applications. However, in any specific application the values of necessary parameters may be unknown. In this case, physical observations of the system in the specific context are used to learn about the unknown parameters. The process of fitting the model to the observed data by adjusting the parameters is known as calibration. Calibration is typically effected by ad hoc fitting, and after calibration the model is used, with the fitted input values, to predict the future behaviour of the system. We present a Bayesian calibration technique which improves on this traditional approach in two respects. First, the predictions allow for all sources of uncertainty, including the remaining uncertainty over the fitted parameters. Second, they attempt to correct for any inadequacy of the model which is revealed by a discrepancy between the observed data and the model predictions from even the best-fitting parameter values. The method is illustrated by using data from a nuclear radiation release at Tomsk, and from a more complex simulated nuclear accident exercise.","accessed":{"date-parts":[["2024",5,21]]},"author":[{"family":"Kennedy","given":"Marc C."},{"family":"O'Hagan","given":"Anthony"}],"citation-key":"kennedyBayesianCalibrationComputer2001","container-title":"Journal of the Royal Statistical Society Series B: Statistical Methodology","container-title-short":"Journal of the Royal Statistical Society Series B: Statistical Methodology","DOI":"10.1111/1467-9868.00294","ISSN":"1369-7412","issue":"3","issued":{"date-parts":[["2001",9,1]]},"page":"425-464","source":"Silverchair","title":"Bayesian Calibration of Computer Models","type":"article-journal","URL":"https://doi.org/10.1111/1467-9868.00294","volume":"63"},{"id":"oberkampfVerificationValidationPredictive2004","abstract":"Developers of computer codes, analysts who use the codes, and decision makers who rely on the results of the analyses face a critical question: How should confidence in modeling and simulation be critically assessed? Verification and validation (V&amp;V) of computational simulations are the primary methods for building and quantifying this confidence. Briefly, verification is the assessment of the accuracy of the solution to a computational model. Validation is the assessment of the accuracy of a computational simulation by comparison with experimental data. In verification, the relationship of the simulation to the real world is not an issue. In validation, the relationship between computation and the real world, ie, experimental data, is the issue. This paper presents our viewpoint of the state of the art in V&amp;V in computational physics. (In this paper we refer to all fields of computational engineering and physics, eg, computational fluid dynamics, computational solid mechanics, structural dynamics, shock wave physics, computational chemistry, etc, as computational physics.) We describe our view of the framework in which predictive capability relies on V&amp;V, as well as other factors that affect predictive capability. Our opinions about the research needs and management issues in V&amp;V are very practical: What methods and techniques need to be developed and what changes in the views of management need to occur to increase the usefulness, reliability, and impact of computational physics for decision making about engineering systems? We review the state of the art in V&amp;V over a wide range of topics, for example, prioritization of V&amp;V activities using the Phenomena Identification and Ranking Table (PIRT), code verification, software quality assurance (SQA), numerical error estimation, hierarchical experiments for validation, characteristics of validation experiments, the need to perform nondeterministic computational simulations in comparisons with experimental data, and validation metrics. We then provide an extensive discussion of V&amp;V research and implementation issues that we believe must be addressed for V&amp;V to be more effective in improving confidence in computational predictive capability. Some of the research topics addressed are development of improved procedures for the use of the PIRT for prioritizing V&amp;V activities, the method of manufactured solutions for code verification, development and use of hierarchical validation diagrams, and the construction and use of validation metrics incorporating statistical measures. Some of the implementation topics addressed are the needed management initiatives to better align and team computationalists and experimentalists in conducting validation activities, the perspective of commercial software companies, the key role of analysts and decision makers as code customers, obstacles to the improved effectiveness of V&amp;V, effects of cost and schedule constraints on practical applications in industrial settings, and the role of engineering standards committees in documenting best practices for V&amp;V. There are 207 references cited in this review article.","accessed":{"date-parts":[["2024",5,21]]},"author":[{"family":"Oberkampf","given":"William L"},{"family":"Trucano","given":"Timothy G"},{"family":"Hirsch","given":"Charles"}],"citation-key":"oberkampfVerificationValidationPredictive2004","container-title":"Applied Mechanics Reviews","container-title-short":"Applied Mechanics Reviews","DOI":"10.1115/1.1767847","ISSN":"0003-6900","issue":"5","issued":{"date-parts":[["2004",12,21]]},"page":"345-384","source":"Silverchair","title":"Verification, validation, and predictive capability in computational engineering and physics","type":"article-journal","URL":"https://doi.org/10.1115/1.1767847","volume":"57"},{"id":"DigitalTwins","abstract":"Digital Twins","accessed":{"date-parts":[["2024",5,21]]},"citation-key":"DigitalTwins","container-title":"NRC Web","language":"en-US","title":"Digital Twins","type":"webpage","URL":"https://www.nrc.gov/reactors/power/digital-twins.html"},{"id":"hadiControlCOVID19System2021","accessed":{"date-parts":[["2024",5,20]]},"author":[{"family":"Hadi","given":"Musadaq A."},{"family":"Ali","given":"Hazem I."}],"citation-key":"hadiControlCOVID19System2021","container-title":"Biomedical Signal Processing and Control","container-title-short":"Biomedical Signal Processing and Control","DOI":"10.1016/j.bspc.2020.102317","ISSN":"17468094","issued":{"date-parts":[["2021",2]]},"language":"en","license":"https://www.elsevier.com/tdm/userlicense/1.0/","page":"102317","source":"DOI.org (Crossref)","title":"Control of COVID-19 system using a novel nonlinear robust control algorithm","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1746809420304341","volume":"64"},{"id":"wangAdaptiveCriticNonlinear2017","accessed":{"date-parts":[["2024",5,20]]},"author":[{"family":"Wang","given":"Ding"},{"family":"He","given":"Haibo"},{"family":"Liu","given":"Derong"}],"citation-key":"wangAdaptiveCriticNonlinear2017","container-title":"IEEE Transactions on Cybernetics","container-title-short":"IEEE Trans. Cybern.","DOI":"10.1109/TCYB.2017.2712188","ISSN":"2168-2267, 2168-2275","issue":"10","issued":{"date-parts":[["2017",10]]},"license":"https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html","page":"3429-3451","source":"DOI.org (Crossref)","title":"Adaptive Critic Nonlinear Robust Control: A Survey","title-short":"Adaptive Critic Nonlinear Robust Control","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/7967695/","volume":"47"},{"id":"durethConditionalDiffusionbasedMicrostructure2023","accessed":{"date-parts":[["2024",5,20]]},"author":[{"family":"Düreth","given":"Christian"},{"family":"Seibert","given":"Paul"},{"family":"Rücker","given":"Dennis"},{"family":"Handford","given":"Stephanie"},{"family":"Kästner","given":"Markus"},{"family":"Gude","given":"Maik"}],"citation-key":"durethConditionalDiffusionbasedMicrostructure2023","container-title":"Materials Today Communications","container-title-short":"Materials Today Communications","DOI":"10.1016/j.mtcomm.2023.105608","ISSN":"23524928","issued":{"date-parts":[["2023",6]]},"language":"en","page":"105608","source":"DOI.org (Crossref)","title":"Conditional diffusion-based microstructure reconstruction","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S2352492823002982","volume":"35"},{"id":"kongDiffWaveVersatileDiffusion2020","abstract":"In this work, we propose DiffWave, a versatile diffusion probabilistic model for conditional and unconditional waveform generation. The model is non-autoregressive, and converts the white noise signal into structured waveform through a Markov chain with a constant number of steps at synthesis. It is efficiently trained by optimizing a variant of variational bound on the data likelihood. DiffWave produces high-fidelity audios in different waveform generation tasks, including neural vocoding conditioned on mel spectrogram, class-conditional generation, and unconditional generation. We demonstrate that DiffWave matches a strong WaveNet vocoder in terms of speech quality (MOS: 4.44 versus 4.43), while synthesizing orders of magnitude faster. In particular, it significantly outperforms autoregressive and GAN-based waveform models in the challenging unconditional generation task in terms of audio quality and sample diversity from various automatic and human evaluations.","accessed":{"date-parts":[["2024",5,20]]},"author":[{"family":"Kong","given":"Zhifeng"},{"family":"Ping","given":"Wei"},{"family":"Huang","given":"Jiaji"},{"family":"Zhao","given":"Kexin"},{"family":"Catanzaro","given":"Bryan"}],"citation-key":"kongDiffWaveVersatileDiffusion2020","DOI":"10.48550/ARXIV.2009.09761","issued":{"date-parts":[["2020"]]},"license":"arXiv.org perpetual, non-exclusive license","publisher":"arXiv","source":"DOI.org (Datacite)","title":"DiffWave: A Versatile Diffusion Model for Audio Synthesis","title-short":"DiffWave","type":"article","URL":"https://arxiv.org/abs/2009.09761","version":"3"},{"id":"wangDiffuseBotBreedingSoft2023","author":[{"family":"Wang","given":"Tsun-Hsuan Johnson"},{"family":"Zheng","given":"Juntian"},{"family":"Ma","given":"Pingchuan"},{"family":"Du","given":"Yilun"},{"family":"Kim","given":"Byungchul"},{"family":"Spielberg","given":"Andrew"},{"family":"Tenenbaum","given":"Josh"},{"family":"Gan","given":"Chuang"},{"family":"Rus","given":"Daniela"}],"citation-key":"wangDiffuseBotBreedingSoft2023","container-title":"Advances in Neural Information Processing Systems","editor":[{"family":"Oh","given":"A."},{"family":"Naumann","given":"T."},{"family":"Globerson","given":"A."},{"family":"Saenko","given":"K."},{"family":"Hardt","given":"M."},{"family":"Levine","given":"S."}],"issued":{"date-parts":[["2023"]]},"page":"44398–44423","publisher":"Curran Associates, Inc.","title":"DiffuseBot: Breeding Soft Robots With Physics-Augmented Generative Diffusion Models","type":"paper-conference","URL":"https://proceedings.neurips.cc/paper_files/paper/2023/file/8b1008098947ad59144c18a78337f937-Paper-Conference.pdf","volume":"36"},{"id":"liSyntheticLagrangianTurbulence2024","abstract":"Abstract\n            Lagrangian turbulence lies at the core of numerous applied and fundamental problems related to the physics of dispersion and mixing in engineering, biofluids, the atmosphere, oceans and astrophysics. Despite exceptional theoretical, numerical and experimental efforts conducted over the past 30 years, no existing models are capable of faithfully reproducing statistical and topological properties exhibited by particle trajectories in turbulence. We propose a machine learning approach, based on a state-of-the-art diffusion model, to generate single-particle trajectories in three-dimensional turbulence at high Reynolds numbers, thereby bypassing the need for direct numerical simulations or experiments to obtain reliable Lagrangian data. Our model demonstrates the ability to reproduce most statistical benchmarks across time scales, including the fat-tail distribution for velocity increments, the anomalous power law and the increased intermittency around the dissipative scale. Slight deviations are observed below the dissipative scale, particularly in the acceleration and flatness statistics. Surprisingly, the model exhibits strong generalizability for extreme events, producing events of higher intensity and rarity that still match the realistic statistics. This paves the way for producing synthetic high-quality datasets for pretraining various downstream applications of Lagrangian turbulence.","accessed":{"date-parts":[["2024",5,20]]},"author":[{"family":"Li","given":"T."},{"family":"Biferale","given":"L."},{"family":"Bonaccorso","given":"F."},{"family":"Scarpolini","given":"M. A."},{"family":"Buzzicotti","given":"M."}],"citation-key":"liSyntheticLagrangianTurbulence2024","container-title":"Nature Machine Intelligence","container-title-short":"Nat Mach Intell","DOI":"10.1038/s42256-024-00810-0","ISSN":"2522-5839","issue":"4","issued":{"date-parts":[["2024",4,17]]},"language":"en","page":"393-403","source":"DOI.org (Crossref)","title":"Synthetic Lagrangian turbulence by generative diffusion models","type":"article-journal","URL":"https://www.nature.com/articles/s42256-024-00810-0","volume":"6"},{"id":"esmaeiliEnhancingDigitalRock2024","accessed":{"date-parts":[["2024",5,20]]},"author":[{"family":"Esmaeili","given":"Mohammad"}],"citation-key":"esmaeiliEnhancingDigitalRock2024","container-title":"Neurocomputing","container-title-short":"Neurocomputing","DOI":"10.1016/j.neucom.2024.127676","ISSN":"09252312","issued":{"date-parts":[["2024",6]]},"language":"en","page":"127676","source":"DOI.org (Crossref)","title":"Enhancing digital rock analysis through generative artificial intelligence: Diffusion models","title-short":"Enhancing digital rock analysis through generative artificial intelligence","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0925231224004478","volume":"587"},{"id":"yangDiffusionModelsComprehensive2024","abstract":"Diffusion models have emerged as a powerful new family of deep generative models with record-breaking performance in many applications, including image synthesis, video generation, and molecule design. In this survey, we provide an overview of the rapidly expanding body of work on diffusion models, categorizing the research into three key areas: efficient sampling, improved likelihood estimation, and handling data with special structures. We also discuss the potential for combining diffusion models with other generative models for enhanced results. We further review the wide-ranging applications of diffusion models in fields spanning from computer vision, natural language processing, temporal data modeling, to interdisciplinary applications in other scientific disciplines. This survey aims to provide a contextualized, in-depth look at the state of diffusion models, identifying the key areas of focus and pointing to potential areas for further exploration. Github:\n              https://github.com/YangLing0818/Diffusion-Models-Papers-Survey-Taxonomy","accessed":{"date-parts":[["2024",5,20]]},"author":[{"family":"Yang","given":"Ling"},{"family":"Zhang","given":"Zhilong"},{"family":"Song","given":"Yang"},{"family":"Hong","given":"Shenda"},{"family":"Xu","given":"Runsheng"},{"family":"Zhao","given":"Yue"},{"family":"Zhang","given":"Wentao"},{"family":"Cui","given":"Bin"},{"family":"Yang","given":"Ming-Hsuan"}],"citation-key":"yangDiffusionModelsComprehensive2024","container-title":"ACM Computing Surveys","container-title-short":"ACM Comput. Surv.","DOI":"10.1145/3626235","ISSN":"0360-0300, 1557-7341","issue":"4","issued":{"date-parts":[["2024",4,30]]},"language":"en","page":"1-39","source":"DOI.org (Crossref)","title":"Diffusion Models: A Comprehensive Survey of Methods and Applications","title-short":"Diffusion Models","type":"article-journal","URL":"https://dl.acm.org/doi/10.1145/3626235","volume":"56"},{"id":"jagvaralUnifiedFrameworkDiffusion2024","abstract":"Diffusion-based generative models represent the current state-of-the-art for image generation. However, standard diffusion models are based on Euclidean geometry and do not translate directly to manifold-valued data. In this work, we develop extensions of both score-based generative models (SGMs) and Denoising Diffusion Probabilistic Models (DDPMs) to the Lie group of 3D rotations, SO(3). SO(3) is of particular interest in many disciplines such as robotics, biochemistry and astronomy/cosmology science. Contrary to more general Riemannian manifolds, SO(3) admits a tractable solution to heat diffusion, and allows us to implement efficient training of diffusion models. We apply both SO(3) DDPMs and SGMs to synthetic densities on SO(3) and demonstrate state-of-the-art results. Additionally, we demonstrate the practicality of our model on pose estimation tasks and in predicting correlated galaxy orientations for astrophysics/cosmology.","accessed":{"date-parts":[["2024",5,20]]},"author":[{"family":"Jagvaral","given":"Yesukhei"},{"family":"Lanusse","given":"Francois"},{"family":"Mandelbaum","given":"Rachel"}],"citation-key":"jagvaralUnifiedFrameworkDiffusion2024","container-title":"Proceedings of the AAAI Conference on Artificial Intelligence","container-title-short":"AAAI","DOI":"10.1609/aaai.v38i11.29171","ISSN":"2374-3468, 2159-5399","issue":"11","issued":{"date-parts":[["2024",3,24]]},"page":"12754-12762","source":"DOI.org (Crossref)","title":"Unified Framework for Diffusion Generative Models in SO(3): Applications in Computer Vision and Astrophysics","title-short":"Unified Framework for Diffusion Generative Models in SO(3)","type":"article-journal","URL":"https://ojs.aaai.org/index.php/AAAI/article/view/29171","volume":"38"},{"id":"avigadFORMALSYSTEMEUCLID2009","abstract":"We present a formal system, E, which provides a faithful model of the proofs in Euclid’s Elements, including the use of diagrammatic reasoning.","accessed":{"date-parts":[["2024",5,16]]},"author":[{"family":"Avigad","given":"Jeremy"},{"family":"Dean","given":"Edward"},{"family":"Mumma","given":"John"}],"citation-key":"avigadFORMALSYSTEMEUCLID2009","container-title":"The Review of Symbolic Logic","container-title-short":"The Review of Symbolic Logic","DOI":"10.1017/S1755020309990098","ISSN":"1755-0203, 1755-0211","issue":"4","issued":{"date-parts":[["2009",12]]},"language":"en","license":"https://www.cambridge.org/core/terms","page":"700-768","source":"DOI.org (Crossref)","title":"A FORMAL SYSTEM FOR EUCLID’S <i>ELEMENTS</i>","type":"article-journal","URL":"https://www.cambridge.org/core/product/identifier/S1755020309990098/type/journal_article","volume":"2"},{"id":"nipkowConcreteSemanticsIsabelle2014","accessed":{"date-parts":[["2024",5,3]]},"author":[{"family":"Nipkow","given":"Tobias"},{"family":"Klein","given":"Gerwin"}],"citation-key":"nipkowConcreteSemanticsIsabelle2014","DOI":"10.1007/978-3-319-10542-0","event-place":"Cham","ISBN":"978-3-319-10541-3 978-3-319-10542-0","issued":{"date-parts":[["2014"]]},"language":"en","license":"https://www.springernature.com/gp/researchers/text-and-data-mining","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Concrete Semantics: With Isabelle/HOL","title-short":"Concrete Semantics","type":"book","URL":"https://link.springer.com/10.1007/978-3-319-10542-0"},{"id":"BackBuildingBlocks","accessed":{"date-parts":[["2024",4,30]]},"citation-key":"BackBuildingBlocks","title":"Back to the Building Blocks:  A Path toward Secure and Measurable Software","type":"report","URL":"https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf"},{"id":"nemouchiFormallyVerifiedZTA2023","abstract":"The clean energy transformation led to the integration of distributed energy resources on a top of the grid, and so a substantial increase in the complexity of power grids infrastructure and the underlying operational technology environment. Operational technology environments are becoming a system of systems, integrating heterogeneous devices which are software/hardware intensive, have ever increasing demands to exploit advances in commodity of software/hardware infrastructures, and this for good reasons – improving energy systems requirements such as cybersecurity and resilience. In such a setting, system requirements at different levels mix, thus undesirable outcomes will surely happen. The use of formal methods will remove ambiguity, increase automation and provide high levels of assurance and reliability. In this paper, we contribute a methodology and a framework for the system level verification of zero trust architecture requirements in operational technology environments. We define a formal specification for the core functionalities of operational technology environments, the corresponding invariants, and security proofs. Of particular note is our modular approach for the formal verification of asynchronous interactions in operational technology environments. The formal specification and the proofs have been mechanized using the interactive theorem proving environment Isabelle/HOL.","author":[{"family":"Nemouchi","given":"Yakoub"},{"family":"Etigowni","given":"Sriharsha"},{"family":"Zolan","given":"Alexander"},{"family":"Macwan","given":"Richard"}],"citation-key":"nemouchiFormallyVerifiedZTA2023","container-title":"Renewable Energy","issued":{"date-parts":[["2023"]]},"language":"en","source":"Zotero","title":"Formally Verified ZTA Requirements for OT/ICS Environments with Isabelle/HOL: Preprint","type":"article-journal"},{"id":"IsabelleUTP","abstract":"Isabelle/UTP is a collection of tools, built on top of the Isabelle/HOL proof assistant, for building practical verification tools. It applies the principles of Hoare and He's Unifying Theories of Programming semantic framework to support formal semantics for a host of heterogeneous languages and","accessed":{"date-parts":[["2024",4,29]]},"citation-key":"IsabelleUTP","language":"en-US","title":"Isabelle/UTP","type":"webpage","URL":"https://isabelle-utp.york.ac.uk/"},{"id":"nemouchiFormallyVerifiedZTA2023a","abstract":"The clean energy transformation led to the integration of distributed energy resources on a top of the grid, and so a substantial increase in the complexity of power grids infrastructure and the underlying operational technology environment. Operational technology environments are becoming a system of systems, integrating heterogeneous devices which are software/hardware intensive, have ever increasing demands to exploit advances in commodity of software/hardware infrastructures, and this for good reasons - improving energy systems requirements such as cybersecurity and resilience. In such a setting, system requirements at different levels mix, thus undesirable outcomes will surely happen. The use of formal methods will remove ambiguity, increase automation and provide high levels of assurance and reliability. In this paper, we contribute a methodology and a framework for the system level verification of zero trust architecture requirements in operational technology environments. We define a formal specification for the core functionalities of operational technology environments, the corresponding invariants, and security proofs. Of particular note is our modular approach for the formal verification of asynchronous interactions in operational technology environments. The formal specification and the proofs have been mechanized using the interactive theorem proving environment Isabelle/HOL.","accessed":{"date-parts":[["2024",4,29]]},"author":[{"family":"Nemouchi","given":"Yakoub"},{"family":"Etigowni","given":"Sriharsha"},{"family":"Zolan","given":"Alexander"},{"family":"Macwan","given":"Richard"}],"citation-key":"nemouchiFormallyVerifiedZTA2023a","issued":{"date-parts":[["2023",11,29]]},"language":"English","number":"NREL/CP-5R00-86154","publisher":"National Renewable Energy Laboratory (NREL), Golden, CO (United States)","source":"www.osti.gov","title":"Formally Verified ZTA Requirements for OT/ICS Environments with Isabelle/HOL: Preprint","title-short":"Formally Verified ZTA Requirements for OT/ICS Environments with Isabelle/HOL","type":"report","URL":"https://www.osti.gov/biblio/2228660"},{"id":"heunenConvenientCategoryHigherOrder2017","abstract":"Higher-order probabilistic programming languages allow programmers to write sophisticated models in machine learning and statistics in a succinct and structured way, but step outside the standard measure-theoretic formalization of probability theory. Programs may use both higher-order functions and continuous distributions, or even define a probability distribution on functions. But standard probability theory does not handle higher-order functions well: the category of measurable spaces is not cartesian closed. Here we introduce quasi-Borel spaces. We show that these spaces: form a new formalization of probability theory replacing measurable spaces; form a cartesian closed category and so support higher-order functions; form a well-pointed category and so support good proof principles for equational reasoning; and support continuous probability distributions. We demonstrate the use of quasi-Borel spaces for higher-order functions and probability by: showing that a well-known construction of probability theory involving random functions gains a cleaner expression; and generalizing de Finetti's theorem, that is a crucial theorem in probability theory, to quasi-Borel spaces.","accessed":{"date-parts":[["2024",4,21]]},"author":[{"family":"Heunen","given":"Chris"},{"family":"Kammar","given":"Ohad"},{"family":"Staton","given":"Sam"},{"family":"Yang","given":"Hongseok"}],"citation-key":"heunenConvenientCategoryHigherOrder2017","container-title":"2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)","DOI":"10.1109/LICS.2017.8005137","issued":{"date-parts":[["2017",6]]},"page":"1-12","source":"arXiv.org","title":"A Convenient Category for Higher-Order Probability Theory","type":"paper-conference","URL":"http://arxiv.org/abs/1701.02547"},{"id":"ImpossibleAsylum","accessed":{"date-parts":[["2024",4,21]]},"citation-key":"ImpossibleAsylum","ISSN":"0002-9890","language":"en","title":"An Impossible Asylum","type":"webpage","URL":"https://www.tandfonline.com/doi/epdf/10.1080/00029890.2023.2176668?needAccess=true"},{"id":"powellOPTIMIZINGSIMULATORMERGINGSIMULATION","abstract":"There has long been a competition between simulation and optimization in the modeling of problems in transportation and logistics, machine scheduling and similar highdimensional problems in operations research. Simulation strives to model operations, often using rule-based logic. Optimization strives to ﬁnd the best possible solution, minimizing costs or maximizing proﬁts. In this tutorial, we show how these two modeling technologies can be brought together, combining the ﬂexibility of simulation with the intelligence of optimization.","author":[{"family":"Powell","given":"Warren B"}],"citation-key":"powellOPTIMIZINGSIMULATORMERGINGSIMULATION","language":"en","source":"Zotero","title":"THE OPTIMIZING-SIMULATOR: MERGING SIMULATION AND OPTIMIZATION USING APPROXIMATE DYNAMIC PROGRAMMING","type":"article-journal"},{"id":"busoniuApproximateDynamicProgramming2010","abstract":"Dynamic Programming (DP) and Reinforcement Learning (RL) can be used to address problems from a variety of ﬁelds, including automatic control, artiﬁcial intelligence, operations research, and economy. Many problems in these ﬁelds are described by continuous variables, whereas DP and RL can ﬁnd exact solutions only in the discrete case. Therefore, approximation is essential in practical DP and RL. This chapter provides an in-depth review of the literature on approximate DP and RL in large or continuous-space, inﬁnite-horizon problems. Value iteration, policy iteration, and policy search approaches are presented in turn. Model-based (DP) as well as online and batch model-free (RL) algorithms are discussed. We review theoretical guarantees on the approximate solutions produced by these algorithms. Numerical examples illustrate the behavior of several representative algorithms in practice. Techniques to automatically derive value function approximators are discussed, and a comparison between value iteration, policy iteration, and policy search is provided. The chapter closes with a discussion of open issues and promising research directions in approximate DP and RL.","accessed":{"date-parts":[["2024",4,20]]},"author":[{"family":"Buşoniu","given":"Lucian"},{"family":"De Schutter","given":"Bart"},{"family":"Babuška","given":"Robert"}],"citation-key":"busoniuApproximateDynamicProgramming2010","collection-editor":[{"family":"Kacprzyk","given":"Janusz"}],"container-title":"Interactive Collaborative Information Systems","DOI":"10.1007/978-3-642-11688-9_1","editor":[{"family":"Babuška","given":"Robert"},{"family":"Groen","given":"Frans C. A."}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-642-11687-2 978-3-642-11688-9","issued":{"date-parts":[["2010"]]},"language":"en","page":"3-44","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"Approximate Dynamic Programming and Reinforcement Learning","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-642-11688-9_1","volume":"281"},{"id":"heiserSeL4MicrokernelIntroduction","author":[{"family":"Heiser","given":"Gernot"}],"citation-key":"heiserSeL4MicrokernelIntroduction","language":"en","source":"Zotero","title":"The seL4 Microkernel – An Introduction","type":"article-journal"},{"id":"Cryptol","accessed":{"date-parts":[["2024",4,4]]},"citation-key":"Cryptol","title":"Cryptol","type":"webpage","URL":"https://cryptol.net/"},{"id":"newmanWidespreadLogicController","abstract":"More than 120 models of Siemens' S7-1500 PLCs contain a serious vulnerability—and no fix is on the way.","accessed":{"date-parts":[["2024",4,4]]},"author":[{"family":"Newman","given":"Lily Hay"}],"citation-key":"newmanWidespreadLogicController","container-title":"Wired","ISSN":"1059-1028","language":"en-US","section":"tags","source":"www.wired.com","title":"A Widespread Logic Controller Flaw Raises the Specter of Stuxnet","type":"article-magazine","URL":"https://www.wired.com/story/siemens-s7-1500-logic-controller-flaw/"},{"id":"CNVerifyingSystems","accessed":{"date-parts":[["2024",4,4]]},"citation-key":"CNVerifyingSystems","title":"CN: Verifying Systems C Code with Separation-Logic Refinement Types","type":"webpage","URL":"https://www.cl.cam.ac.uk/~cp526/popl23.html"},{"id":"VideoConferencingWeb","abstract":"Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Zoom is a publicly traded company headquartered in San Jose, CA.","accessed":{"date-parts":[["2024",4,1]]},"citation-key":"VideoConferencingWeb","container-title":"Zoom","language":"en-US","title":"Video Conferencing, Web Conferencing, Webinars, Screen Sharing","type":"webpage","URL":"https://georgetown.zoom.us/rec/play/d46bqL1PaidLX23hjxCYCGO_xrFquiewA1TEhUpinGY4MW7ZjB1A_W1zZ7fdGuCMvPXmbo_-jog37dk.ELIjMzJjJmWhidCo"},{"id":"thalerProofsArgumentsZeroKnowledge","author":[{"family":"Thaler","given":"Justin"}],"citation-key":"thalerProofsArgumentsZeroKnowledge","language":"en","source":"Zotero","title":"Proofs, Arguments, and Zero-Knowledge","type":"article-journal"},{"id":"ProofsArgumentsZeroKnowledge","accessed":{"date-parts":[["2024",4,1]]},"citation-key":"ProofsArgumentsZeroKnowledge","title":"Proofs, Arguments, and Zero-Knowledge","type":"webpage","URL":"https://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.html"},{"id":"GraduateCourseApplied","accessed":{"date-parts":[["2024",4,1]]},"citation-key":"GraduateCourseApplied","title":"A Graduate Course in Applied Cryptography","type":"webpage","URL":"https://toc.cryptobook.us/"},{"id":"joExplorationZeroKnowledgeProofs","author":[{"family":"Jo","given":"Terrence"}],"citation-key":"joExplorationZeroKnowledgeProofs","language":"en","source":"Zotero","title":"An Exploration of Zero-Knowledge Proofs and zk-SNARKs","type":"article-journal"},{"id":"SNARKZKJargon","accessed":{"date-parts":[["2024",4,1]]},"citation-key":"SNARKZKJargon","title":"SNARK - ZK Jargon Decoder","type":"webpage","URL":"https://nmohnblatt.github.io/zk-jargon-decoder/definitions/snark.html"},{"id":"micaliCompactCertificatesCollective2020","abstract":"We introduce compact certificate schemes, which allow any party to take\na large number of signatures on a message M, by many signers of different\nweights, and compress them to a much shorter certificate. This certificate\nconvinces the verifiers that signers with sufficient total weight signed\nM, even though the verifier will not see---let alone verify---all of the\nsignatures. Thus, for example, a compact certificate can be used to prove\nthat parties who jointly have a sufficient total account balance have\nattested to a given block in a blockchain.\n\nAfter defining compact certificates, we demonstrate an efficient compact\ncertificate scheme. We then show how to implement such a scheme in\na decentralized setting over an unreliable network and in the presence\nof adversarial parties who wish to disrupt certificate creation. Our\nevaluation shows that compact certificates are 50-280× smaller\nand 300-4000× cheaper to verify than a natural baseline approach.","accessed":{"date-parts":[["2024",4,1]]},"archive":"Cryptology ePrint Archive","author":[{"family":"Micali","given":"Silvio"},{"family":"Reyzin","given":"Leonid"},{"family":"Vlachos","given":"Georgios"},{"family":"Wahby","given":"Riad S."},{"family":"Zeldovich","given":"Nickolai"}],"citation-key":"micaliCompactCertificatesCollective2020","issued":{"date-parts":[["2020"]]},"note":"Publication info: Published elsewhere. IEEE S&P 2021","number":"2020/1568","source":"Cryptology ePrint Archive (eprint.iacr.org)","title":"Compact Certificates of Collective Knowledge","type":"article","URL":"https://eprint.iacr.org/2020/1568"},{"id":"golovnevBrakedownLineartimeFieldagnostic2021","abstract":"This paper introduces Brakedown, the first built system that provides linear-time SNARKs for NP, meaning the prover incurs O(N) finite field operations to prove the satisfiability of an N-sized R1CS instance. Brakedown’s prover is faster, both concretely and asymptotically, than prior SNARK implementations. Brakedown does not require a trusted setup and is plausibly post-quantum secure. Furthermore, it is compatible with arbitrary finite fields of sufficient size; this property is new amongst implemented arguments with sublinear proof sizes.\n\nTo design Brakedown, we observe that recent work of Bootle, Chiesa, and Groth (BCG, TCC 2020) provides a polynomial commitment scheme that, when combined with the linear-time interactive proof system of Spartan (CRYPTO 2020), yields linear-time IOPs and SNARKs for R1CS (a similar theoretical result was previously established by BCG, but our approach is conceptually simpler, and crucial for achieving high-speed SNARKs). A core ingredient in the polynomial commitment scheme that we distill from BCG is a linear-time encodable code. Existing constructions of such codes are believed to be impractical. Nonetheless, we design and engineer a new one that is practical in our context.\n\nWe also implement a variant of Brakedown that uses Reed-Solomon codes instead of our linear-time encodable codes; we refer to this variant as Shockwave. Shockwave is not a linear-time SNARK, but it provides shorter proofs and lower verification times than Brakedown (it also provides a faster prover than prior plausibly post-quantum SNARKs).","accessed":{"date-parts":[["2024",4,1]]},"archive":"Cryptology ePrint Archive","author":[{"family":"Golovnev","given":"Alexander"},{"family":"Lee","given":"Jonathan"},{"family":"Setty","given":"Srinath"},{"family":"Thaler","given":"Justin"},{"family":"Wahby","given":"Riad S."}],"citation-key":"golovnevBrakedownLineartimeFieldagnostic2021","issued":{"date-parts":[["2021"]]},"note":"Publication info: A minor revision of an IACR publication in CRYPTO 2023","number":"2021/1043","source":"Cryptology ePrint Archive (eprint.iacr.org)","title":"Brakedown: Linear-time and field-agnostic SNARKs for R1CS","title-short":"Brakedown","type":"article","URL":"https://eprint.iacr.org/2021/1043"},{"id":"mouraLeanTheoremProver2021","abstract":"Lean 4 is a reimplementation of the Lean interactive theorem prover (ITP) in Lean itself. It addresses many shortcomings of the previous versions and contains many new features. Lean 4 is fully extensible: users can modify and extend the parser, elaborator, tactics, decision procedures, pretty printer, and code generator. The new system has a hygienic macro system custom-built for ITPs. It contains a new typeclass resolution procedure based on tabled resolution, addressing signiﬁcant performance problems reported by the growing user base. Lean 4 is also an eﬃcient functional programming language based on a novel programming paradigm called functional but in-place. Eﬃcient code generation is crucial for Lean users because many write custom proof automation procedures in Lean itself.","accessed":{"date-parts":[["2024",3,28]]},"author":[{"family":"Moura","given":"Leonardo De"},{"family":"Ullrich","given":"Sebastian"}],"citation-key":"mouraLeanTheoremProver2021","container-title":"Automated Deduction – CADE 28","DOI":"10.1007/978-3-030-79876-5_37","editor":[{"family":"Platzer","given":"André"},{"family":"Sutcliffe","given":"Geoff"}],"event-place":"Cham","ISBN":"978-3-030-79875-8 978-3-030-79876-5","issued":{"date-parts":[["2021"]]},"language":"en","page":"625-635","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"The Lean 4 Theorem Prover and Programming Language","type":"chapter","URL":"https://link.springer.com/10.1007/978-3-030-79876-5_37","volume":"12699"},{"id":"aranhaHELIOPOLISVerifiableComputation2023","abstract":"Homomorphic encryption (HE) enables computation on encrypted data, which in turn facilitates the outsourcing of computation on private data. However, HE offers no guarantee that the returned result was honestly computed by the cloud. In order to have such guarantee, it is necessary to add verifiable computation (VC) into the system. \n\nThe most efficient recent works in VC over HE focus on verifying operations on the ciphertext space of the HE scheme, which usually lacks the algebraic structure that would make it compatible with existing VC systems. For example, multiplication of ciphertexts in the current most efficient HE schemes requires non-algebraic operations such as real division and rounding. Therefore, existing works for VC over HE have to either give up on those efficient HE schemes, or incur a large overhead (an amount of constraints proportional to the ciphertext ring's size) in order to emulate these non-algebraic operations.\n\nIn this work, we move away from that paradigm by placing the verification checks in the plaintext space of HE, all while the prover remains computing on ciphertexts. We achieve this by introducing a general transformation for Interactive Oracle Proofs (IOPs) to work over HE, whose result we denote as HE-IOPs. We apply this same transformation to the FRI [Ben-Sasson et al., ICALP 2018] IOP of proximity and we show how to compile HE-Reed Solomon-encoded IOPs and HE-$\\delta$-correlated-IOPs with HE-FRI into HE-IOPs.\n\nFurthermore, our construction is compatible with a prover that provides input in zero-knowledge, and only relies on building blocks\nthat are plausibly quantum-safe.\n\nAligning the security parameters of HE and FRI is a difficult task for which we introduce several optimizations. We demonstrate their efficiency with a proof-of-concept implementation in Python and show that, for an encrypted Reed Solomon codeword with degree bound $2^{11}$ and rate $1/16$ in a (plaintext) field of size $2^{256}$, we can run FRI's commit phase in just 43 minutes on a single thread on a c6i.metal instance (which could be reduced to less than a minute in a multi-threaded implementation in a large server). Verification takes less than 0.2 seconds, and, based on micro-benchmarks of the employed techniques, we show it could be up to 100 times faster in a fully optimized implementation.","accessed":{"date-parts":[["2024",3,28]]},"archive":"Cryptology ePrint Archive","author":[{"family":"Aranha","given":"Diego F."},{"family":"Costache","given":"Anamaria"},{"family":"Guimarães","given":"Antonio"},{"family":"Soria-Vazquez","given":"Eduardo"}],"citation-key":"aranhaHELIOPOLISVerifiableComputation2023","issued":{"date-parts":[["2023"]]},"note":"Publication info: Preprint.","number":"2023/1949","source":"Cryptology ePrint Archive (eprint.iacr.org)","title":"HELIOPOLIS: Verifiable Computation over Homomorphically Encrypted Data from Interactive Oracle Proofs is Practical","title-short":"HELIOPOLIS","type":"article","URL":"https://eprint.iacr.org/2023/1949"},{"id":"CompfilesREADMEMd","accessed":{"date-parts":[["2024",3,28]]},"citation-key":"CompfilesREADMEMd","title":"compfiles/README.md at main · dwrensha/compfiles","type":"webpage","URL":"https://github.com/dwrensha/compfiles/blob/main/README.md"},{"id":"demouraLeanTheoremProver","abstract":"Lean 4 is a reimplementation of the Lean interactive theorem prover (ITP) in Lean itself. It addresses many shortcomings of the previous versions and contains many new features. Lean 4 is fully extensible: users can modify and extend the parser, elaborator, tactics, decision procedures, pretty printer, and code generator. The new system has a hygienic macro system custom-built for ITPs. It contains a new typeclass resolution procedure based on tabled resolution, addressing signiﬁcant performance problems reported by the growing user base. Lean 4 is also an eﬃcient functional programming language based on a novel programming paradigm called functional but in-place. Eﬃcient code generation is crucial for Lean users because many write custom proof automation procedures in Lean itself.","author":[{"family":"Moura","given":"Leonardo","non-dropping-particle":"de"},{"family":"Ullrich","given":"Sebastian"}],"citation-key":"demouraLeanTheoremProver","language":"en","source":"Zotero","title":"The Lean 4 Theorem Prover and Programming Language (System Description)","type":"article-journal"},{"id":"CybersecurityEmergingEngineering","accessed":{"date-parts":[["2024",3,27]]},"citation-key":"CybersecurityEmergingEngineering","title":"Cybersecurity in Emerging Engineering Systems | Academics","type":"webpage","URL":"https://www.academics.pitt.edu/programs/cybersecurity-emerging-engineering-systems"},{"id":"leroyFormalCertificationCompiler2006","abstract":"This paper reports on the development and formal certification (proof of semantic preservation) of a compiler from Cminor (a C-like imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a certified compiler is useful in the context of formal methods applied to the certification of critical software: the certification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well.","accessed":{"date-parts":[["2024",3,25]]},"author":[{"family":"Leroy","given":"Xavier"}],"citation-key":"leroyFormalCertificationCompiler2006","collection-title":"POPL '06","container-title":"Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages","DOI":"10.1145/1111037.1111042","event-place":"New York, NY, USA","ISBN":"978-1-59593-027-9","issued":{"date-parts":[["2006",1,11]]},"page":"42–54","publisher":"Association for Computing Machinery","publisher-place":"New York, NY, USA","source":"ACM Digital Library","title":"Formal certification of a compiler back-end or: programming a compiler with a proof assistant","title-short":"Formal certification of a compiler back-end or","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/1111037.1111042"},{"id":"carneiroLean4LeanFormalizedMetatheory2024","abstract":"In this paper we present a new \"external verifier\" for the Lean theorem prover, written in Lean itself. This is the first complete verifier for Lean 4 other than the reference implementation in C++ used by Lean itself, and our new verifier is competitive with the original, running between 20% and 50% slower and usable to verify all of Lean's mathlib library, forming an additional step in Lean's aim to self-host the full elaborator and compiler. Moreover, because the verifier is written in a language which admits formal verification, it is possible to state and prove properties about the kernel itself, and we report on some initial steps taken in this direction to formalize the Lean type theory abstractly and show that the kernel correctly implements this theory, to eliminate the possibility of implementation bugs in the kernel and increase the trustworthiness of proofs conducted in it. This work is still ongoing but we plan to use this project to help justify any future changes to the kernel and type theory and ensure unsoundness does not sneak in through either the abstract theory or implementation bugs.","accessed":{"date-parts":[["2024",3,25]]},"author":[{"family":"Carneiro","given":"Mario"}],"citation-key":"carneiroLean4LeanFormalizedMetatheory2024","issued":{"date-parts":[["2024",3,20]]},"number":"arXiv:2403.14064","publisher":"arXiv","source":"arXiv.org","title":"Lean4Lean: Towards a formalized metatheory for the Lean theorem prover","title-short":"Lean4Lean","type":"article","URL":"http://arxiv.org/abs/2403.14064","version":"1"},{"id":"AllLeanBooks","abstract":"Respecting traditions of the city I&#39;m currently in\nThis could have been a classic &quot;Awesome Lean&quot; repo (like this), however I&#39;d much prefer reading subjective o...","accessed":{"date-parts":[["2024",3,20]]},"citation-key":"AllLeanBooks","language":"en","title":"All Lean Books And Where To Find Them","type":"webpage","URL":"https://lakesare.brick.do/all-lean-books-and-where-to-find-them-x2nYwjM3AwBQ"},{"id":"AllLeanBooksa","abstract":"Respecting traditions of the city I&#39;m currently in\nThis could have been a classic &quot;Awesome Lean&quot; repo (like this), however I&#39;d much prefer reading subjective o...","accessed":{"date-parts":[["2024",3,20]]},"citation-key":"AllLeanBooksa","language":"en","title":"All Lean Books And Where To Find Them","type":"webpage","URL":"https://lakesare.brick.do/all-lean-books-and-where-to-find-them-x2nYwjM3AwBQ"},{"id":"LeanGameServer","accessed":{"date-parts":[["2024",3,20]]},"citation-key":"LeanGameServer","title":"Lean Game Server","type":"webpage","URL":"https://adam.math.hhu.de/"},{"id":"MizarHomePage","accessed":{"date-parts":[["2024",3,20]]},"citation-key":"MizarHomePage","title":"Mizar Home Page","type":"webpage","URL":"http://mizar.org/"},{"id":"immlerNumericalAnalysisOrdinary2012","abstract":"Many ordinary differential equations (ODEs) do not have a closed solution, therefore approximating them is an important problem in numerical analysis. This work formalizes a method to approximate solutions of ODEs in Isabelle/HOL.","author":[{"family":"Immler","given":"Fabian"},{"family":"Hölzl","given":"Johannes"}],"citation-key":"immlerNumericalAnalysisOrdinary2012","container-title":"Interactive Theorem Proving","DOI":"10.1007/978-3-642-32347-8_26","editor":[{"family":"Beringer","given":"Lennart"},{"family":"Felty","given":"Amy"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-642-32347-8","issued":{"date-parts":[["2012"]]},"language":"en","page":"377-392","publisher":"Springer","publisher-place":"Berlin, Heidelberg","source":"Springer Link","title":"Numerical Analysis of Ordinary Differential Equations in Isabelle/HOL","type":"paper-conference"},{"id":"boldoWaveEquationNumerical2013","abstract":"We formally prove correct a C program that implements a numerical scheme for the resolution of the one-dimensional acoustic wave equation. Such an implementation introduces errors at several levels: the numerical scheme introduces method errors, and floating-point computations lead to round-off errors. We annotate this C program to specify both method error and round-off error. We use Frama-C to generate theorems that guarantee the soundness of the code. We discharge these theorems using SMT solvers, Gappa, and Coq. This involves a large Coq development to prove the adequacy of the C program to the numerical scheme and to bound errors. To our knowledge, this is the first time such a numerical analysis program is fully machine-checked.","accessed":{"date-parts":[["2024",3,19]]},"author":[{"family":"Boldo","given":"Sylvie"},{"family":"Clément","given":"François"},{"family":"Filliâtre","given":"Jean-Christophe"},{"family":"Mayero","given":"Micaela"},{"family":"Melquiond","given":"Guillaume"},{"family":"Weis","given":"Pierre"}],"citation-key":"boldoWaveEquationNumerical2013","container-title":"Journal of Automated Reasoning","container-title-short":"J Autom Reasoning","DOI":"10.1007/s10817-012-9255-4","ISSN":"1573-0670","issue":"4","issued":{"date-parts":[["2013",4,1]]},"language":"en","page":"423-456","source":"Springer Link","title":"Wave Equation Numerical Resolution: A Comprehensive Mechanized Proof of a C Program","title-short":"Wave Equation Numerical Resolution","type":"article-journal","URL":"https://doi.org/10.1007/s10817-012-9255-4","volume":"50"},{"id":"boldoWaveEquationNumerical2013a","abstract":"We formally prove correct a C program that implements a numerical scheme for the resolution of the one-dimensional acoustic wave equation. Such an implementation introduces errors at several levels: the numerical scheme introduces method errors, and floating-point computations lead to round-off errors. We annotate this C program to specify both method error and round-off error. We use Frama-C to generate theorems that guarantee the soundness of the code. We discharge these theorems using SMT solvers, Gappa, and Coq. This involves a large Coq development to prove the adequacy of the C program to the numerical scheme and to bound errors. To our knowledge, this is the first time such a numerical analysis program is fully machine-checked.","accessed":{"date-parts":[["2024",3,19]]},"author":[{"family":"Boldo","given":"Sylvie"},{"family":"Clément","given":"François"},{"family":"Filliâtre","given":"Jean-Christophe"},{"family":"Mayero","given":"Micaela"},{"family":"Melquiond","given":"Guillaume"},{"family":"Weis","given":"Pierre"}],"citation-key":"boldoWaveEquationNumerical2013a","container-title":"Journal of Automated Reasoning","container-title-short":"J Autom Reasoning","DOI":"10.1007/s10817-012-9255-4","ISSN":"1573-0670","issue":"4","issued":{"date-parts":[["2013",4,1]]},"language":"en","page":"423-456","source":"Springer Link","title":"Wave Equation Numerical Resolution: A Comprehensive Mechanized Proof of a C Program","title-short":"Wave Equation Numerical Resolution","type":"article-journal","URL":"https://doi.org/10.1007/s10817-012-9255-4","volume":"50"},{"id":"PrototypeVerificationSystem2022","abstract":"The Prototype Verification System (PVS) is a specification language integrated with support tools and an automated theorem prover, developed at the Computer Science Laboratory of SRI International in Menlo Park, California. \nPVS is based on a kernel consisting of an extension of Church's theory of types with dependent types, and is fundamentally a classical typed higher-order logic. The base types include uninterpreted types that may be introduced by the user, and built-in types such as the booleans, integers, reals, and the ordinals.  Type-constructors include functions, sets, tuples, records, enumerations, and abstract data types. Predicate subtypes and dependent types can be used to introduce constraints; these constrained types may incur proof obligations (called type-correctness conditions or TCCs) during typechecking.  PVS specifications are organized into parameterized theories.\nThe system is implemented in Common Lisp, and is released under the GNU General Public License (GPL).","accessed":{"date-parts":[["2024",3,19]]},"citation-key":"PrototypeVerificationSystem2022","container-title":"Wikipedia","issued":{"date-parts":[["2022",12,15]]},"language":"en","license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1127497212","source":"Wikipedia","title":"Prototype Verification System","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=Prototype_Verification_System&oldid=1127497212"},{"id":"mitraFormalizedTheoryVerifying2008","abstract":"Correctness of many hybrid and distributed systems require stability and convergence guarantees. Unlike the standard induction principle for verifying invariance, a theory for verifying stability or convergence of automata is currently not available. In this paper, we formalize one such theory proposed by Tsitsiklis [27]. We build on the existing PVS metatheory for untimed, timed, and hybrid input/output automata, and incorporate the concepts about fairness, stability, Lyapunov-like functions, and convergence. The resulting theory provides two sets of sufficient conditions, which when instantiated and verified for particular automata, guarantee convergence and stability, respectively.","author":[{"family":"Mitra","given":"Sayan"},{"family":"Chandy","given":"K. Mani"}],"citation-key":"mitraFormalizedTheoryVerifying2008","container-title":"Theorem Proving in Higher Order Logics","DOI":"10.1007/978-3-540-71067-7_20","editor":[{"family":"Mohamed","given":"Otmane Ait"},{"family":"Muñoz","given":"César"},{"family":"Tahar","given":"Sofiène"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-540-71067-7","issued":{"date-parts":[["2008"]]},"language":"en","page":"230-245","publisher":"Springer","publisher-place":"Berlin, Heidelberg","source":"Springer Link","title":"A Formalized Theory for Verifying Stability and Convergence of Automata in PVS","type":"paper-conference"},{"id":"herencia-zapanaPVSLinearAlgebra2012","abstract":"The problem of ensuring control software properties hold on their actual implementation is rarely tackled. While stability proofs are widely used on models, they are never carried to the code. Using program verification techniques requires express these properties at the level of the code but also to have theorem provers that can manipulate the proof elements. We propose to address this challenge by following two phases: first we introduce a way to express stability proofs as C code annotations; second, we propose a PVS linear algebra library that is able to manipulate quadratic invariants, i.e., ellipsoids. Our framework achieves the translation of stability properties expressed on the code to the representation of an associated proof obligation (PO) in PVS. Our library allows us to discharge these POs within PVS.","author":[{"family":"Herencia-Zapana","given":"Heber"},{"family":"Jobredeaux","given":"Romain"},{"family":"Owre","given":"Sam"},{"family":"Garoche","given":"Pierre-Loïc"},{"family":"Feron","given":"Eric"},{"family":"Perez","given":"Gilberto"},{"family":"Ascariz","given":"Pablo"}],"citation-key":"herencia-zapanaPVSLinearAlgebra2012","container-title":"NASA Formal Methods","DOI":"10.1007/978-3-642-28891-3_15","editor":[{"family":"Goodloe","given":"Alwyn E."},{"family":"Person","given":"Suzette"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-642-28891-3","issued":{"date-parts":[["2012"]]},"language":"en","page":"147-161","publisher":"Springer","publisher-place":"Berlin, Heidelberg","source":"Springer Link","title":"PVS Linear Algebra Libraries for Verification of Control Software Algorithms in C/ACSL","type":"paper-conference"},{"id":"chanFormalVerificationStability","author":[{"family":"Chan","given":"Matthew"},{"family":"Ricketts","given":"Daniel"},{"family":"Lerner","given":"Sorin"},{"family":"Malecha","given":"Gregory"}],"citation-key":"chanFormalVerificationStability","language":"en","source":"Zotero","title":"Formal Veriﬁcation of Stability Properties of Cyber-physical Systems","type":"article-journal"},{"id":"malechaFoundationalVerificationCyberphysical2016","abstract":"The safety-critical aspects of cyber-physical systems motivate the need for rigorous analysis of these systems. In the literature this work is often done using idealized models of systems where the analysis can be carried out using high-level reasoning techniques such as Lyapunov functions and model checking. In this paper we present VERIDRONE, a foundational framework for reasoning about cyber-physical systems at all levels from high-level models to C code that implements the system. VERIDRONE is a library within the Coq proof assistant enabling us to build on its foundational implementation, its interactive development environments, and its wealth of libraries capturing interesting theories ranging from real numbers and differential equations to verified compilers and floating point numbers. These features make proof assistants in general, and Coq in particular, a powerful platform for unifying foundational results about safety-critical systems and ensuring interesting properties at all levels of the stack.","accessed":{"date-parts":[["2024",3,19]]},"author":[{"family":"Malecha","given":"Gregory"},{"family":"Ricketts","given":"Daniel"},{"family":"Alvarez","given":"Mario M."},{"family":"Lerner","given":"Sorin"}],"citation-key":"malechaFoundationalVerificationCyberphysical2016","container-title":"2016 Science of Security for Cyber-Physical Systems Workshop (SOSCYPS)","DOI":"10.1109/SOSCYPS.2016.7580000","event-title":"2016 Science of Security for Cyber-Physical Systems Workshop (SOSCYPS)","issued":{"date-parts":[["2016",4]]},"page":"1-5","source":"IEEE Xplore","title":"Towards foundational verification of cyber-physical systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/7580000"},{"id":"anandROSCoqRobotsPowered2015","abstract":"We present ROSCoq, a framework for developing certified Coq programs for robots. ROSCoq subsystems communicate using messages, as they do in the Robot Operating System (ROS). We extend the logic of events to enable holistic reasoning about the cyber-physical behavior of robotic systems. The behavior of the physical world (e.g. Newton’s laws) and associated devices (e.g. sensors, actuators) are specified axiomatically. For reasoning about physics we use and extend CoRN’s theory of constructive real analysis. Instead of floating points, our Coq programs use CoRN’s exact, yet fast computations on reals, thus enabling accurate reasoning about such computations.","author":[{"family":"Anand","given":"Abhishek"},{"family":"Knepper","given":"Ross"}],"citation-key":"anandROSCoqRobotsPowered2015","container-title":"Interactive Theorem Proving","DOI":"10.1007/978-3-319-22102-1_3","editor":[{"family":"Urban","given":"Christian"},{"family":"Zhang","given":"Xingyuan"}],"event-place":"Cham","ISBN":"978-3-319-22102-1","issued":{"date-parts":[["2015"]]},"language":"en","page":"34-50","publisher":"Springer International Publishing","publisher-place":"Cham","source":"Springer Link","title":"ROSCoq: Robots Powered by Constructive Reals","title-short":"ROSCoq","type":"paper-conference"},{"id":"fultonKeYmaeraAxiomaticTactical2015","abstract":"KeYmaera X is a theorem prover for differential dynamic logic (), a logic for specifying and verifying properties of hybrid systems. Reasoning about complicated hybrid systems models requires support for sophisticated proof techniques, efficient computation, and a user interface that crystallizes salient properties of the system. KeYmaera X allows users to specify custom proof search techniques as tactics, execute these tactics in parallel, and interface with partial proofs via an extensible user interface.","author":[{"family":"Fulton","given":"Nathan"},{"family":"Mitsch","given":"Stefan"},{"family":"Quesel","given":"Jan-David"},{"family":"Völp","given":"Marcus"},{"family":"Platzer","given":"André"}],"citation-key":"fultonKeYmaeraAxiomaticTactical2015","container-title":"Automated Deduction - CADE-25","DOI":"10.1007/978-3-319-21401-6_36","editor":[{"family":"Felty","given":"Amy P."},{"family":"Middeldorp","given":"Aart"}],"event-place":"Cham","ISBN":"978-3-319-21401-6","issued":{"date-parts":[["2015"]]},"language":"en","page":"527-538","publisher":"Springer International Publishing","publisher-place":"Cham","source":"Springer Link","title":"KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems","title-short":"KeYmaera X","type":"paper-conference"},{"id":"platzerKeYmaeraHybridTheorem2008","abstract":"KeYmaera is a hybrid verification tool for hybrid systems that combines deductive, real algebraic, and computer algebraic prover technologies. It is an automated and interactive theorem prover for a natural specification and verification logic for hybrid systems. KeYmaera supports differential dynamic logic, which is a real-valued first-order dynamic logic for hybrid programs, a program notation for hybrid automata. For automating the verification process, KeYmaera implements a generalized free-variable sequent calculus and automatic proof strategies that decompose the hybrid system specification symbolically. To overcome the complexity of real arithmetic, we integrate real quantifier elimination following an iterative background closure strategy. Our tool is particularly suitable for verifying parametric hybrid systems and has been used successfully for verifying collision avoidance in case studies from train control and air traffic management.","author":[{"family":"Platzer","given":"André"},{"family":"Quesel","given":"Jan-David"}],"citation-key":"platzerKeYmaeraHybridTheorem2008","container-title":"Automated Reasoning","DOI":"10.1007/978-3-540-71070-7_15","editor":[{"family":"Armando","given":"Alessandro"},{"family":"Baumgartner","given":"Peter"},{"family":"Dowek","given":"Gilles"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-540-71070-7","issued":{"date-parts":[["2008"]]},"language":"en","page":"171-178","publisher":"Springer","publisher-place":"Berlin, Heidelberg","source":"Springer Link","title":"KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description)","title-short":"KeYmaera","type":"paper-conference"},{"id":"gonthierSmallScaleReflection2016","abstract":"This is the user manual of Ssreflect, a set of extensions to the proof scripting language of the Coq proof assistant. While these extensions were developed to support a particular proof methodology - small-scale reflection - most of them actually are of a quite general nature, improving the functionality of Coq in basic areas such as script layout and structuring, proof context management, and rewriting. Consequently, and in spite of the title of this document, most of the extensions described here should be of interest for all Coq users, whether they embrace small-scale reflection or not.","accessed":{"date-parts":[["2024",3,18]]},"author":[{"family":"Gonthier","given":"Georges"},{"family":"Mahboubi","given":"Assia"},{"family":"Tassi","given":"Enrico"}],"citation-key":"gonthierSmallScaleReflection2016","genre":"report","issued":{"date-parts":[["2016"]]},"language":"en","publisher":"Inria Saclay Ile de France","source":"inria.hal.science","title":"A Small Scale Reflection Extension for the Coq system","type":"thesis","URL":"https://inria.hal.science/inria-00258384"},{"id":"kaysDigitalTwinNew2024","abstract":"In studying the agendas of conferences and listening to research institutes or consultants, a new phrase has arisen in recent years: the digital twin. Assuming an answer to some everyday challenges, this topic made me curious. There are many interpretations and definitions of a digital twin in the research as well as the professional community. Depending on the individual focus, people assume that a digital twin is a dynamic model of a power grid, an energy management system simulation of a high-voltage dc converter station, or a 3D model of substations, and so on. In general, it is seen as a digital representation of the reality. My own picture of a digital twin got sharper after spending time on research and listening to interesting talks and presentations.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Kays","given":"Jan"}],"citation-key":"kaysDigitalTwinNew2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3328292","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"90-92","source":"IEEE Xplore","title":"The digital twin: New species, evolution, or revolution? [In my view]","title-short":"The digital twin","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398573/","volume":"22"},{"id":"kohlerCloudBasedDigitalTwin2024","abstract":"The increase in decentralized fluctuating feed-in at low-, medium-, and high-voltage levels associated with the expansion of renewable energies and the emergence of new volatile loads and storage systems is increasingly influencing the overall system behavior of the energy supply and therefore requires a more proactive role for the distribution system operator (DSO). Low and medium grid voltage levels in particular have a pivotal role here, as a significant part of renewable energy feed-in, and almost any new volatile loads, such as heat pumps and electric vehicles, are connected on these levels. Thus far, especially on the low-voltage level, most grid operators encounter a lack of transparency and controllability. It is essential for the integration of renewable energies and volatile loads to have information on power flows and power quality. Hence, massive investments in grid, measurement, and telecontrol infrastructure would be necessary. Using intelligent software technology for grid management can significantly decrease these necessary investments.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Köhler","given":"Christian"},{"family":"Kersten","given":"René"},{"family":"Schöpf","given":"Michael"}],"citation-key":"kohlerCloudBasedDigitalTwin2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3336255","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"72-80","source":"IEEE Xplore","title":"Cloud-Based Digital Twin for Distribution Grids: What Is Already Available Today","title-short":"Cloud-Based Digital Twin for Distribution Grids","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398568/","volume":"22"},{"id":"srivastavaDigitalTwinsServing2024","abstract":"Today’s critical infrastructure systems are more interconnected and dependent on the electric power grid. This interdependence means that disruptions in one system can have far-reaching consequences across many others. This is particularly evident when a cyberattack in the power grid leads to widespread outages and disrupts essential societal services. To prevent such disasters, it is crucial that proactive actions are taken to secure our power grid control centers and digital substations. This is where digital twins (DTs) play an important role: By creating virtual replicas of cyberphysical assets and processes, DTs allow system operators to anticipate and address potential vulnerabilities in our cybersecurity defenses before they can be exploited. As such, a DT can be considered as a key contributor to safeguard the power system against cyberattacks. This article examines the potential future benefits of DTs in enabling a cybersecure and resilient power grid, explores multiple use cases, and proposes a path forward.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Srivastava","given":"Anurag"},{"family":"Liu","given":"Chen-Ching"},{"family":"Stefanov","given":"Alexandru"},{"family":"Basumallik","given":"Sagnik"},{"family":"Hussain","given":"Mohammed M."},{"family":"Somda","given":"Baza"},{"family":"Rajkumar","given":"Vetrivel S."}],"citation-key":"srivastavaDigitalTwinsServing2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3325196","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"61-71","source":"IEEE Xplore","title":"Digital Twins Serving Cybersecurity: More Than a Model: Cybersecurity as a Future Benefit of Digital Twins 2","title-short":"Digital Twins Serving Cybersecurity","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398550/","volume":"22"},{"id":"palenskyCosimulatingIntegratedEnergy2024","abstract":"Energy system integration promises in-creased resiliency and the unlocking of synergies, while also contributing to our goal of decarbonization. It is enabled by both old and new technologies, glued together with data and digital services. Hydrolyzers, heat pumps, distributed renewable generation, smart buildings, and the digital grid edge are all currently the subject of integration with the power system and the energy sector at large. To plan and operate such a multidisciplinary and multisectoral system properly, insight, tools, and expertise are all needed. This is exactly where the state of the art fails to deliver: tools for integrated energy systems (IESs) are still in their infancy, and many times, even academia treats these sectors separately, producing experts in each of them but not across.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Palensky","given":"Peter"},{"family":"Mancarella","given":"Pierluigi"},{"family":"Hardy","given":"Trevor"},{"family":"Cvetkovic","given":"Milos"}],"citation-key":"palenskyCosimulatingIntegratedEnergy2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3324886","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"52-60","source":"IEEE Xplore","title":"Cosimulating Integrated Energy Systems With Heterogeneous Digital Twins: Matching a Connected World","title-short":"Cosimulating Integrated Energy Systems With Heterogeneous Digital Twins","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398554/","volume":"22"},{"id":"wuDigitalTwinsMicrogrids2024","abstract":"The need for affordable, reliable, sustainable, and modern energy is now more important than ever because of the climate crisis. Climate change will push up to 130 million people into poverty over the next 10 years and continue to cause more unpredictable natural disasters, such as cyclones, flooding, earthquakes, landslides, tsunamis, and volcanic eruptions. Power outages do not occur only in remote rural areas but also in developed countries, lasting for several hours and even a couple of days, due to the extreme weather in recent years. Microgrids, as a flexible architecture capable of integrating local distributed energy resources (DERs), can satisfy wide-ranging demands via their variable solutions, from off-grid to on-grid applications.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Wu","given":"Ying"},{"family":"Guerrero","given":"Josep M."},{"family":"Wu","given":"Yanpeng"},{"family":"Bazmohammadi","given":"Najmeh"},{"family":"Vasquez","given":"Juan C."},{"family":"Cabrera","given":"Andrea Justo"},{"family":"Lu","given":"Ning"}],"citation-key":"wuDigitalTwinsMicrogrids2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3324296","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"35-42","source":"IEEE Xplore","title":"Digital Twins for Microgrids: Opening a New Dimension in the Power System","title-short":"Digital Twins for Microgrids","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398548/","volume":"22"},{"id":"brosinskyFortunateDecisionThat2024","abstract":"Power system operation is gaining complexity due to the changes imposed by the energy transition. Especially, the increased share of intermittent and decentralized renewable generation units in the energy mix, an increased uncertainty regarding the supply of energy, and the predominantly market-driven cross-region and cross-border transport of electricity impose new challenges on the operation of power systems in Europe. In particular, power system operators must facilitate higher utilization of the grid capacity and coordinate more with neighboring transmission system operators (TSOs) and distribution system operators (DSOs). To deal with these new challenges, there is a pressing need to improve the observability and controllability of key system parameters to safeguard the reliability of power systems. Furthermore, the aforementioned developments and challenges go hand in hand with the need to improve the system resilience from the cybersecurity and system stability points of view. In the future, these challenges cannot be met without innovation towards intelligent decision support systems and assistant functions, which allow a look ahead combined with fast response and proactive actions. Here, the rather novel digital twin (DT) concept in combination with data-driven (i.e., machine learning) applications can be purposefully applied.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Brosinsky","given":"Christoph"},{"family":"Naglič","given":"Matija"},{"family":"Lehnhoff","given":"Sebastian"},{"family":"Krebs","given":"Rainer"},{"family":"Westermann","given":"Dirk"}],"citation-key":"brosinskyFortunateDecisionThat2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3330120","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"24-34","source":"IEEE Xplore","title":"A Fortunate Decision That You Can Trust: Digital Twins as Enablers for the Next Generation of Energy Management Systems and Sophisticated Operator Assistance Systems","title-short":"A Fortunate Decision That You Can Trust","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398577/","volume":"22"},{"id":"wagnerDigitalTwinsPower2024","abstract":"The term “digital twin” was already introduced by Michael Grieves in 2002 (see Grieves, 2016), and after about 20 years the concept has found its way into the energy sector on a broader base. The first applications of digital twins were for product lifecycle management within the aerospace industry at NASA. After this initial implementation of digital twinning, the digital twin technique for lifecycle management was supplemented by networkability. Since then digital twins have been widely embraced by many industrial stakeholders, allowing machines and processes to optimize their production. Today this development is considered as the fourth industrial revolution (Industry 4.0).","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Wagner","given":"Timo"},{"family":"Kittl","given":"Chris"},{"family":"Jakob","given":"Joshua"},{"family":"Hiry","given":"Johannes"},{"family":"Häger","given":"Ulf"}],"citation-key":"wagnerDigitalTwinsPower2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3328581","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"16-23","source":"IEEE Xplore","title":"Digital Twins in Power Systems: A Proposal for a Definition","title-short":"Digital Twins in Power Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398557/","volume":"22"},{"id":"vanderveenSelfOrganizationCyberphysicalEnergy2024","abstract":"Due to the energy transition, energy systems need to become more agile, effective, and efficient. More situational awareness and direct responses to changes in the flow of energy are required, especially for electrical energy systems, where demand and supply must be balanced continuously and the power quality must be preserved. This change can be achieved by adding extra sensors, actuators, and information and communication technology (ICT) to collect and analyze data and to make decisions. The addition of ICT results in evolution toward a cyberphysical energy system (CPES), where physical and computational components are integrated to monitor and control physical energy processes.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Veen","given":"Aliene","non-dropping-particle":"van der"},{"family":"Leeuwen","given":"Coen","non-dropping-particle":"van"},{"family":"Helmholt","given":"Kristian A."}],"citation-key":"vanderveenSelfOrganizationCyberphysicalEnergy2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3327065","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"43-51","source":"IEEE Xplore","title":"Self-Organization in Cyberphysical Energy Systems: Seven Practical Steps to Agent-Based and Digital Twin-Supported Voltage Control","title-short":"Self-Organization in Cyberphysical Energy Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398556/","volume":"22"},{"id":"goncalvesFormalVerificationAADL2017","abstract":"Cyber-Physical Systems (CPS) are known to be highly complex systems which can be applied to a variety of different environments, covering both civil and military application domains. As CPS are typically complex systems, its design process requires strong guarantees that the speciﬁed functional and nonfunctional properties are satisﬁed on the designed application. Model-Driven Engineering (MDE) and high-level speciﬁcation languages are a valuable asset to help the design and evaluation of such complex systems. However, when looking at the existing MDE tool-support, it is observed that there is still little support for the automated integration of formal veriﬁcation techniques in these tools. Given that formal veriﬁcation is necessary to ensure the levels of reliability required by safety critical CPS, this paper presents an approach that aims to integrate the Model Checking technique in the CPS design process for the purpose of correctly analyzing temporal and safety characteristics. A tool named ECPS Veriﬁer was designed to support the model checking integration into the design process, providing the generation of timed automata models from high-levels speciﬁcations in AADL. The proposed method is illustrated by means of the design of an Unmanned Aerial Vehicle, from where we derive the timed automata models to be analyzed in the UPPAAL tool.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Goncalves","given":"Fernando Silvano"},{"family":"Pereira","given":"David"},{"family":"Tovar","given":"Eduardo"},{"family":"Becker","given":"Leandro Buss"}],"citation-key":"goncalvesFormalVerificationAADL2017","container-title":"2017 VII Brazilian Symposium on Computing Systems Engineering (SBESC)","DOI":"10.1109/SBESC.2017.22","event-place":"Curitiba","event-title":"2017 VII Brazilian Symposium on Computing Systems Engineering (SBESC)","ISBN":"978-1-5386-3590-2","issued":{"date-parts":[["2017",11]]},"language":"en","page":"117-124","publisher":"IEEE","publisher-place":"Curitiba","source":"DOI.org (Crossref)","title":"Formal Verification of AADL Models Using UPPAAL","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/8116568/"},{"id":"gallois-wongCoqFormalizationDigital2018","abstract":"Digital filters are small iterative algorithms, used as basic bricks in signal processing (filters) and control theory (controllers). They receive as input a stream of values, and output another stream of values, computed from their internal state and from the previous inputs. These systems can be found in communication, aeronautics, automotive, robotics, etc. As the application domain may be critical, we aim at providing a formal guarantee of the good behavior of these algorithms in time-domain. In particular, we formally proved in Coq some error analysis theorems about digital filters, namely the Worst-Case Peak Gain theorem and the existence of a filter characterizing the difference between the exact filter and the implemented one. Moreover, the digital signal processing literature provides us with many equivalent algorithms, called realizations. We formally defined and proved the equivalence of several realizations (Direct Forms and State-Space).","author":[{"family":"Gallois-Wong","given":"Diane"},{"family":"Boldo","given":"Sylvie"},{"family":"Hilaire","given":"Thibault"}],"citation-key":"gallois-wongCoqFormalizationDigital2018","collection-title":"Lecture Notes in Computer Science","container-title":"Intelligent Computer Mathematics","DOI":"10.1007/978-3-319-96812-4_8","editor":[{"family":"Rabe","given":"Florian"},{"family":"Farmer","given":"William M."},{"family":"Passmore","given":"Grant O."},{"family":"Youssef","given":"Abdou"}],"event-place":"Cham","ISBN":"978-3-319-96812-4","issued":{"date-parts":[["2018"]]},"language":"en","page":"87-103","publisher":"Springer International Publishing","publisher-place":"Cham","source":"Springer Link","title":"A Coq Formalization of Digital Filters","type":"paper-conference"},{"id":"askarpourFormalMethodsDesigning2019","abstract":"Cyber-Physical Systems (CPS) are increasingly applied in critical contexts, where they have to support safe and secure operations, often subject to stringent timing requirements. Typical examples are scenarios involving automated living or working spaces in which humans operate, or human-robot collaborations (HRC) in modern manufacturing. Formal methods have been traditionally investigated to support modeling and veriﬁcation of critical systems. In this paper, we review some of the main new challenges arising in the application of formal methods to modeling and veriﬁcation of CPS. We do that by presenting two case studies (emergency response in a smart city and a smart manufacturing system), reﬂecting past work of the authors, from which some general lessons are distilled.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Askarpour","given":"Mehrnoosh"},{"family":"Ghezzi","given":"Carlo"},{"family":"Mandrioli","given":"Dino"},{"family":"Rossi","given":"Matteo"},{"family":"Tsigkanos","given":"Christos"}],"citation-key":"askarpourFormalMethodsDesigning2019","container-title":"From Software Engineering to Formal Methods and Tools, and Back","DOI":"10.1007/978-3-030-30985-5_8","editor":[{"family":"Ter Beek","given":"Maurice H."},{"family":"Fantechi","given":"Alessandro"},{"family":"Semini","given":"Laura"}],"event-place":"Cham","ISBN":"978-3-030-30984-8 978-3-030-30985-5","issued":{"date-parts":[["2019"]]},"language":"en","page":"110-130","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Formal Methods in Designing Critical Cyber-Physical Systems","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-030-30985-5_8","volume":"11865"},{"id":"newellTranslationIEC6113132018","abstract":"The trip computers for the two reactor shutdown systems of the Ontario Power Generation (OPG) Darlington Nuclear Power Generating Station are being refurbished due to hardware obsolescence. For one of the systems, the general purpose computer originally used is being replaced by a programmable logic controller (PLC). The trip computer application software has been rewritten using function block diagrams (FBDs), a commonly used PLC programming language deﬁned in the IEC 61131-3 standard. The replacement project’s quality assurance program requires that formal veriﬁcation be performed to compare the FBDs against a formal software requirements speciﬁcation written using tabular expressions (TEs). The PVS theorem proving tool is used in formal veriﬁcation. Custom tools developed for OPG are used to translate TEs and FBDs into PVS code. In this paper, we present a method to rigorously translate the graphical FBD language to a mathematical model in PVS using an abstract syntax to represent the FBD constructs. We use an example from the replacement project to demonstrate the use of the model to translate a FBD module into a PVS speciﬁcation. We then extend that example to demonstrate the method’s applicability to a Simulink-based design.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Newell","given":"Josh"},{"family":"Pang","given":"Linna"},{"family":"Tremaine","given":"David"},{"family":"Wassyng","given":"Alan"},{"family":"Lawford","given":"Mark"}],"citation-key":"newellTranslationIEC6113132018","container-title":"Journal of Automated Reasoning","container-title-short":"J Autom Reasoning","DOI":"10.1007/s10817-017-9415-7","ISSN":"0168-7433, 1573-0670","issue":"1","issued":{"date-parts":[["2018",1]]},"language":"en","page":"63-84","source":"DOI.org (Crossref)","title":"Translation of IEC 61131-3 Function Block Diagrams to PVS for Formal Verification with Real-Time Nuclear Application","type":"article-journal","URL":"http://link.springer.com/10.1007/s10817-017-9415-7","volume":"60"},{"id":"kimNuDEFormalMethodbased2017","abstract":"NuDE 2.0 (Nuclear Development Environment 2.0) is a formal-method-based software development, verification and safety analysis environment for safety-critical digital I&Cs implemented with programmable logic controller (PLC) and field-programmable gate array (FPGA). It simultaneously develops PLC/FPGA software implementations from one requirement/design specification and also helps most of the development, verification, and safety analysis to be performed mechanically and in sequence. The NuDE 2.0 now consists of 25 CASE tools and also includes an in-depth solution for indirect commercial off-the-shelf (COTS) software dedication of new FPGA-based digital I&Cs. We expect that the NuDE 2.0 will be widely used as a means of diversifying software design/implementation and model-based software development methodology.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Kim","given":"Eui-Sub"},{"family":"Lee","given":"Dong-Ah"},{"family":"Jung","given":"Sejin"},{"family":"Yoo","given":"Junbeom"},{"family":"Choi","given":"Jong-Gyun"},{"family":"Lee","given":"Jang-Soo"}],"citation-key":"kimNuDEFormalMethodbased2017","container-title":"Journal of Computing Science and Engineering","container-title-short":"Journal of Computing Science and Engineering","DOI":"10.5626/JCSE.2017.11.1.9","ISSN":"1976-4677","issue":"1","issued":{"date-parts":[["2017",3,30]]},"language":"en","page":"9-23","source":"DOI.org (Crossref)","title":"NuDE 2.0: A Formal Method-based Software Development, Verification and Safety Analysis Environment for Digital I&Cs in NPPs","title-short":"NuDE 2.0","type":"article-journal","URL":"http://koreascience.or.kr/journal/view.jsp?kj=E1EIKI&py=2017&vnc=v11n1&sp=9","volume":"11"},{"id":"zahidSystematicMappingSemiformal2022","abstract":"The requirements engineering of Industrial Cyber-Physical Systems is extremely challenging due to large system sizes, component heterogeneity, involvement of multi-discipline stakeholders and machines, and continuous evolution. Formal and semi-formal languages, techniques, tools and frameworks can assist by providing repeatable and rigorous structures for eliciting, specifying, analysing, verifying and maintaining requirements. Various approaches have been proposed, but a contemporary and comprehensive study providing a landscape of the state-of-the-art is currently missing. This article reports a systematic mapping study covering 93 primary studies published between 2009 and October 2020. We categorise surveyed studies by current research directions in the use of semi-formal and formal methods for Requirements Engineering phases for Industrial Cyber-Physical Systems. We also identify gaps in current research and develop a novel conceptual model capturing the relationship between available formalisms and Requirements Engineering activities. We ﬁnd that extensive work has been carried out on the formal analysis and veriﬁcation of safety and timings requirements. However, the use of semi-formal notations, works on key phases like requirements elicitation and management, and the adoption of industrial standards are largely missing. Moreover, we ﬁnd no literature providing methods to handle privacy and trust requirements, which have become critical concerns in this area.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Zahid","given":"Farzana"},{"family":"Tanveer","given":"Awais"},{"family":"Kuo","given":"Matthew M. Y."},{"family":"Sinha","given":"Roopak"}],"citation-key":"zahidSystematicMappingSemiformal2022","container-title":"Journal of Intelligent Manufacturing","container-title-short":"J Intell Manuf","DOI":"10.1007/s10845-021-01753-8","ISSN":"0956-5515, 1572-8145","issue":"6","issued":{"date-parts":[["2022",8]]},"language":"en","page":"1603-1638","source":"DOI.org (Crossref)","title":"A systematic mapping of semi-formal and formal methods in requirements engineering of industrial Cyber-Physical systems","type":"article-journal","URL":"https://link.springer.com/10.1007/s10845-021-01753-8","volume":"33"},{"id":"Guide_to_the_Systems_Engineering_Body_of_KnowledgePdf","citation-key":"Guide_to_the_Systems_Engineering_Body_of_KnowledgePdf","title":"Guide_to_the_Systems_Engineering_Body_of_Knowledge.pdf","type":"document"},{"id":"coferSecureMathematicallyAssuredComposition2017","abstract":"The Secure Mathematically-Assured Composition of Control Models project (SMACCM) has developed new tools for building UAV software that is provably secure against many classes of cyber-attack. The goal of the project is to provide verifiable security; that is, system designs which provide the highest levels of confidence in their security based upon verifiable evidence. The SMACCM team has developed system architecture models, software components for mission and control functions, and operating system software, all of which are mathematically analyzed to ensure key security properties.","author":[{"family":"Cofer","given":"Darren"},{"family":"Backes","given":"John"},{"family":"Gacek","given":"Andrew"},{"family":"DaCosta","given":"Daniel"},{"family":"Whalen","given":"Michael"},{"family":"Kuz","given":"Ihor"},{"family":"Klein","given":"Gerwin"},{"family":"Heiser","given":"Gernot"},{"family":"Pike","given":"Lee"},{"family":"Foltzer","given":"Adam"},{"family":"Podhradsky","given":"Michal"},{"family":"Stuart","given":"Douglas"},{"family":"Grahan","given":"Jason"},{"family":"Wilson","given":"Brett"}],"citation-key":"coferSecureMathematicallyAssuredComposition2017","genre":"Final Technical Report","issued":{"date-parts":[["2017"]]},"number":"AFRL-RI-RS-TR-2017-176","title":"Secure Mathematically-Assured Composition of Control Models","type":"report"},{"id":"lernerUsingHighlevelSynthesis2014","abstract":"Industrial control systems (ICSes) have the conﬂicting requirements of security and network access. In the event of large-scale hostilities, factories and infrastructure would more likely be targeted by computer viruses than the bomber squadrons used in WWII. ICS zero-day exploits are now a commodity sold on brokerages to interested parties including nations. We mitigate these threats not by bolstering perimeter security, but rather by assuming that potentially all layers of ICS software have already been compromised and are capable of launching a latent attack while reporting normal system status to human operators. In our approach, application-speciﬁc conﬁgurable hardware is the ﬁnal authority for scrutinizing controller commands and process sensors, and can monitor and override operations at the lowest (I/O pin) level of a conﬁgurable system-on-chip platform. The process speciﬁcations, stability-preserving backup controller, and switchover logic are speciﬁed and formally veriﬁed as C code, and synthesized into hardware to resist software reconﬁguration attacks. To provide greater assurance that the backup controller can be invoked before the physical process becomes unstable, copies of the production controller task and plant model are accelerated to preview the controller’s behavior in the near future.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Lerner","given":"Lee W."},{"family":"Franklin","given":"Zane R."},{"family":"Baumann","given":"William T."},{"family":"Patterson","given":"Cameron D."}],"citation-key":"lernerUsingHighlevelSynthesis2014","container-title":"Proceedings of the 2014 ACM/SIGDA international symposium on Field-programmable gate arrays","DOI":"10.1145/2554688.2554759","event-place":"Monterey California USA","event-title":"FPGA'14: The 2014 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays","ISBN":"978-1-4503-2671-1","issued":{"date-parts":[["2014",2,26]]},"language":"en","page":"209-212","publisher":"ACM","publisher-place":"Monterey California USA","source":"DOI.org (Crossref)","title":"Using high-level synthesis and formal analysis to predict and preempt attacks on industrial control systems","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2554688.2554759"},{"id":"rocchettoFormalSecurityAnalysis2017","abstract":"We discuss the use of formal modeling to discover potential attacks on Cyber-Physical systems, in particular Industrial Control Systems. We propose a general approach to achieve that goal considering physical-layer interactions, time and state discretization of the physical process and logic, and the use of suitable attacker proﬁles. We then apply the approach to model a real-world water treatment testbed using ASLan++ and analyze the resulting transition system using CL-AtSe, identifying four attack classes.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Rocchetto","given":"Marco"},{"family":"Tippenhauer","given":"Nils Ole"}],"citation-key":"rocchettoFormalSecurityAnalysis2017","container-title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","DOI":"10.1145/3052973.3053024","event-place":"Abu Dhabi United Arab Emirates","event-title":"ASIA CCS '17: ACM Asia Conference on Computer and Communications Security","ISBN":"978-1-4503-4944-4","issued":{"date-parts":[["2017",4,2]]},"language":"en","page":"114-126","publisher":"ACM","publisher-place":"Abu Dhabi United Arab Emirates","source":"DOI.org (Crossref)","title":"Towards Formal Security Analysis of Industrial Control Systems","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3052973.3053024"},{"id":"fisherHACMSProgramUsing2017","abstract":"For decades, formal methods have offered the promise of verified software that does not have exploitable bugs. Until recently, however, it has not been possible to verify software of sufficient complexity to be useful. Recently, that situation has changed. SeL4 is an open-source operating system microkernel efficient enough to be used in a wide range of practical applications. Its designers proved it to be fully functionally correct, ensuring the absence of buffer overflows, null pointer exceptions, use-after-free errors, etc., and guaranteeing integrity and confidentiality. The CompCert Verifying C Compiler maps source C programs to provably equivalent assembly language, ensuring the absence of exploitable bugs in the compiler. A number of factors have enabled this revolution, including faster processors, increased automation, more extensive infrastructure, specialized logics and the decision to co-develop code and correctness proofs rather than verify existing artefacts. In this paper, we explore the promise and limitations of current formal-methods techniques. We discuss these issues in the context of DARPA’s HACMS program, which had as its goal the creation of high-assurance software for vehicles, including quadcopters, helicopters and automobiles.\n            This article is part of the themed issue ‘Verified trustworthy software systems’.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Fisher","given":"Kathleen"},{"family":"Launchbury","given":"John"},{"family":"Richards","given":"Raymond"}],"citation-key":"fisherHACMSProgramUsing2017","container-title":"Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences","container-title-short":"Phil. Trans. R. Soc. A.","DOI":"10.1098/rsta.2015.0401","ISSN":"1364-503X, 1471-2962","issue":"2104","issued":{"date-parts":[["2017",10,13]]},"language":"en","page":"20150401","source":"DOI.org (Crossref)","title":"The HACMS program: using formal methods to eliminate exploitable bugs","title-short":"The HACMS program","type":"article-journal","URL":"https://royalsocietypublishing.org/doi/10.1098/rsta.2015.0401","volume":"375"},{"id":"siddavatamTestingValidationModbus2017","abstract":"Cyber-Physical Systems (CPS’s) evident representation is Supervisory Control, and Data Acquisition(SCADA). As SCADA is being refurbished with advanced computing and communication technologies, the risk involved in adopting/updating to new technology needs to be validated and veriﬁed thoroughly. One of the greatest challenges is security testing of protocols. All CPS systems being live and attached to physical process can not be scheduled for penetration testing and veriﬁcation. This paper presents design and implementation of industrial compliant SCADA test bed, the formal analysis of semantics and security of Modbus/TCP protocol using Coloured Petri Nets(CPN) tool. A novel method is proposed to diﬀerentiate attack vector by identifying inﬂuential nodes using formal concept analysis. Modbus/TCP conceptualized attack from analysis is tested and veriﬁed on the test bed.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Siddavatam","given":"Irfan A."},{"family":"Parekh","given":"Sachin"},{"family":"Shah","given":"Tanay"},{"family":"Kazi","given":"Faruk"}],"citation-key":"siddavatamTestingValidationModbus2017","container-title":"Scalable Computing: Practice and Experience","container-title-short":"SCPE","DOI":"10.12694/scpe.v18i4.1331","ISSN":"1895-1767","issue":"4","issued":{"date-parts":[["2017",11,24]]},"language":"en","page":"313-330","source":"DOI.org (Crossref)","title":"Testing and Validation of Modbus/TCP Protocol for Secure SCADA Communication in CPS using Formal Methods","type":"article-journal","URL":"http://www.scpe.org/index.php/scpe/article/view/1331","volume":"18"},{"id":"amoahSecurityAnalysisNonaggressive2014","abstract":"Distributed Network Protocol Version 3 (DNP3) is the de-facto communication protocol for power grids. Standardbased interoperability among devices has made the protocol useful to other infrastructures such as water, sewage, oil and gas. DNP3 is designed to facilitate interaction between master stations and outstations. In this paper, we apply a formal modelling methodology called Coloured Petri Nets (CPN) to create an executable model representation of DNP3 protocol. The model facilitates the analysis of the protocol to ensure that the protocol will behave as expected. Also, we illustrate how to verify and validate the behaviour of the protocol, using the CPN model and the corresponding state space tool to determine if there are insecure states. With this approach, we were able to identify a Denial of Service (DoS) attack against the DNP3 protocol.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Amoah","given":"Raphael"},{"family":"Suriadi","given":"Suriadi"},{"family":"Camtepe","given":"Seyit"},{"family":"Foo","given":"Ernest"}],"citation-key":"amoahSecurityAnalysisNonaggressive2014","container-title":"2014 IEEE International Conference on Communications (ICC)","DOI":"10.1109/ICC.2014.6883422","event-place":"Sydney, NSW","event-title":"ICC 2014 - 2014 IEEE International Conference on Communications","ISBN":"978-1-4799-2003-7","issued":{"date-parts":[["2014",6]]},"language":"en","page":"827-833","publisher":"IEEE","publisher-place":"Sydney, NSW","source":"DOI.org (Crossref)","title":"Security analysis of the non-aggressive challenge response of the DNP3 protocol using a CPN model","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/6883422/"},{"id":"amoahSecuringDNP3Broadcast2016","abstract":"The Distributed Network Protocol version 3 (DNP3) provides Secure Authentication (DNP3-SA) as the mechanism to authenticate unicast messages from a master station to its outstations in supervisory control and data acquisition systems. In large-scale systems, it may be necessary to broadcast a critical request from a master station to multiple outstations at once. The DNP3 protocol standard describes the use of broadcast communication; however, it does not specify its security. This paper is the ﬁrst to present DNP3 Secure Authentication for Broadcast (DNP3-SAB), a new lightweight security scheme for broadcast mode communication. This scheme is based on hash chain and only makes use of the existing cryptographic primitives speciﬁed in DNP3-SA. The scheme integrates itself into the DNP3-SA key update process. The proposed scheme is modeled, validated, and veriﬁed using colored Petri Nets against the most common protocol attacks such as modiﬁcation, injection, and replay. Performance analysis on our scheme and the existing DNP3-SA modes (NACR and AGM) shows that DNP3-SAB reduces the communication overhead signiﬁcantly at the cost of an increase with a constant term in processing and storage overhead. This beneﬁt is maintained even when DNP3-SAB is under attack.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Amoah","given":"Raphael"},{"family":"Camtepe","given":"Seyit"},{"family":"Foo","given":"Ernest"}],"citation-key":"amoahSecuringDNP3Broadcast2016","container-title":"IEEE Transactions on Industrial Informatics","container-title-short":"IEEE Trans. Ind. Inf.","DOI":"10.1109/TII.2016.2587883","ISSN":"1551-3203, 1941-0050","issue":"4","issued":{"date-parts":[["2016",8]]},"language":"en","page":"1474-1485","source":"DOI.org (Crossref)","title":"Securing DNP3 Broadcast Communications in SCADA Systems","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/7506334/","volume":"12"},{"id":"liuSecurebyConstructionSynthesisCyberPhysical2022","abstract":"Correct-by-construction synthesis is a cornerstone of the conﬂuence of formal methods and control theory towards designing safety-critical systems. Instead of following the time-tested, albeit laborious (re)design-verify-validate loop, correct-by-construction methodology advocates the use of continual reﬁnements of formal requirements—connected by chains of formal proofs—to build a system that assures the correctness by design. A remarkable progress has been made in scaling the scope of applicability of correct-byconstruction synthesis—with a focus on cyber-physical systems that tie discrete-event control with continuous environment—to enlarge control systems by combining symbolic approaches with principled state-space reduction techniques. Unfortunately, in the security-critical control systems, the security properties are veriﬁed ex post facto the design process in a way that undermines the correct-by-construction paradigm. We posit that, to truly realize the dream of correct-by-construction synthesis for security-critical systems, security considerations must take center-stage with the safety considerations. Moreover, catalyzed by the recent progress on the opacity sub-classes of security properties and the notion of hyperproperties capable of combining security with safety properties, we believe that the time is ripe for the research community to holistically target the challenge of secure-by-construction synthesis. This paper details our vision by highlighting the recent progress and open challenges that may serve as bricks for providing a solid foundation for secure-by-construction synthesis of cyber-physical systems.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Liu","given":"Siyuan"},{"family":"Trivedi","given":"Ashutosh"},{"family":"Yin","given":"Xiang"},{"family":"Zamani","given":"Majid"}],"citation-key":"liuSecurebyConstructionSynthesisCyberPhysical2022","issued":{"date-parts":[["2022",2,14]]},"language":"en","number":"arXiv:2202.06677","publisher":"arXiv","source":"arXiv.org","title":"Secure-by-Construction Synthesis of Cyber-Physical Systems","type":"article","URL":"http://arxiv.org/abs/2202.06677"},{"id":"mercaldoRealTimeSCADAAttack2019","abstract":"SCADA control systems use programmable logic controller to interface with critical machines. SCADA systems are used in critical infrastructures, for instance, to control smart grid, oil pipelines, water distribution and chemical manufacturing plants: an attacker taking control of a SCADA system could cause various damages, both to the infrastructure but also to people (for instance, adding chemical substances into a water distribution systems). In this paper we propose a method to detect attacks targeting SCADA systems. We exploit model checking, in detail we model logs from SCADA systems into a network of timed automata and, through timed temporal logic, we characterize the behaviour of a SCADA system under attack. Experiments performed on a SCADA water distribution system conﬁrmed the effectiveness of the proposed method.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Mercaldo","given":"Francesco"},{"family":"Martinelli","given":"Fabio"},{"family":"Santone","given":"Antonella"}],"citation-key":"mercaldoRealTimeSCADAAttack2019","container-title":"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","DOI":"10.1109/WETICE.2019.00057","event-place":"Napoli, Italy","event-title":"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","ISBN":"978-1-72810-676-2","issued":{"date-parts":[["2019",6]]},"language":"en","page":"231-236","publisher":"IEEE","publisher-place":"Napoli, Italy","source":"DOI.org (Crossref)","title":"Real-Time SCADA Attack Detection by Means of Formal Methods","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/8795430/"},{"id":"bhurkeMethodsFormalAnalysis2021","abstract":"Industrial Control System (ICS) used in critical infrastructure like energy sector, oil and natural gas, chemical processing, waste water treatment etc. are of great importance since it serves to a larger population and hence termed as National Critical Infrastructure (NCI). Security of such infrastructures is essential from physical as well as from cyber point of view. Traditional approach for the security was only physical consisting of creating SOP, access control, physical verification, etc. But due past cyber disturbing events like Stuxnet, Blackenergy-3, Turkey pipeline explosion, Havex, New York dam attack, etc. it is realized that the network security of the connected devices within the infrastructure is also of same importance. Various researches in this field have helped to make the NCI immune to a certain extent as well as resilient against cyber-attacks. One such approach is using Formal Analysis for performing security analysis of the communication protocols used in ICS domain. In this paper a compressive review of all available methods for formal analysis along with CPN modelling is done for analysis of valid as well as invalid states of HART protocol. The Modelling shows various states that the protocol can take during one transaction of communication. Further this analysis can be extended for other Fieldbus protocols for security analysis.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Bhurke","given":"Anish Uday"},{"family":"Kazi","given":"Faruk"}],"citation-key":"bhurkeMethodsFormalAnalysis2021","container-title":"2021 Asian Conference on Innovation in Technology (ASIANCON)","DOI":"10.1109/ASIANCON51346.2021.9544603","event-place":"PUNE, India","event-title":"2021 Asian Conference on Innovation in Technology (ASIANCON)","ISBN":"978-1-72818-402-9","issued":{"date-parts":[["2021",8,27]]},"language":"en","page":"1-7","publisher":"IEEE","publisher-place":"PUNE, India","source":"DOI.org (Crossref)","title":"Methods of Formal Analysis for ICS Protocols and HART - IP CPN modelling","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/9544603/"},{"id":"hailesellasieIntrusionDetectionPLCBased2018","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Hailesellasie","given":"Muluken"},{"family":"Hasan","given":"Syed Rafay"}],"citation-key":"hailesellasieIntrusionDetectionPLCBased2018","container-title":"Journal of Hardware and Systems Security","container-title-short":"J Hardw Syst Secur","DOI":"10.1007/s41635-017-0017-y","ISSN":"2509-3428, 2509-3436","issue":"1","issued":{"date-parts":[["2018",3]]},"language":"en","page":"1-14","source":"DOI.org (Crossref)","title":"Intrusion Detection in PLC-Based Industrial Control Systems Using Formal Verification Approach in Conjunction with Graphs","type":"article-journal","URL":"http://link.springer.com/10.1007/s41635-017-0017-y","volume":"2"},{"id":"rysavyImprovingSecuritySCADA2013","abstract":"Modern SCADA networks are connected to both the companys enterprise network and the Internet. Because these industrial systems often control critical processes the cybersecurity requirements become a priority for their design.","author":[{"family":"Rysavy","given":"Ondrej"},{"family":"Rab","given":"Jaroslav"},{"family":"Sveda","given":"Miroslav"}],"citation-key":"rysavyImprovingSecuritySCADA2013","issued":{"date-parts":[["2013"]]},"language":"en","source":"Zotero","title":"Improving security in SCADA systems through firewall policy analysis","type":"article-journal"},{"id":"garciaHyPLCHybridProgrammable2019","abstract":"Programmable Logic Controllers (PLCs) provide a prominent choice of implementation platform for safety-critical industrial control systems. Formal verification provides ways of establishing correctness guarantees, which can be quite important for such safety-critical applications. But since PLC code does not include an analytic model of the system plant, their verification is limited to discrete properties. In this paper, we, thus, start the other way around with hybrid programs that include continuous plant models in addition to discrete control algorithms. Correctness properties of hybrid programs can be formally verified in the theorem prover KeYmaera X that implements differential dynamic logic, dL, for hybrid programs. After verifying the hybrid program, we now present an approach for translating hybrid programs into PLC code. The new HyPLC tool implements this translation of discrete control code of verified hybrid program models to PLC controller code and, vice versa, the translation of existing PLC code into the discrete control actions for a hybrid program given an additional input of the continuous dynamics of the system to be verified. This approach allows for the generation of real controller code while preserving, by compilation, the correctness of a valid and verified hybrid program. PLCs are common cyber-physical interfaces for safety-critical industrial control applications, and HyPLC serves as a pragmatic tool for bridging formal verification of complex cyber-physical systems at the algorithmic level of hybrid programs with the execution layer of concrete PLC implementations.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Garcia","given":"Luis"},{"family":"Mitsch","given":"Stefan"},{"family":"Platzer","given":"André"}],"citation-key":"garciaHyPLCHybridProgrammable2019","container-title":"Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems","DOI":"10.1145/3302509.3311036","event-place":"Montreal Quebec Canada","event-title":"ICCPS '19: ACM/IEEE 10th International Conference on Cyber-Physical Systems","ISBN":"978-1-4503-6285-6","issued":{"date-parts":[["2019",4,16]]},"language":"en","page":"47-56","publisher":"ACM","publisher-place":"Montreal Quebec Canada","source":"DOI.org (Crossref)","title":"HyPLC: hybrid programmable logic controller program translation for verification","title-short":"HyPLC","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3302509.3311036"},{"id":"dreierFormallyPracticallyVerifying2019","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Dreier","given":"Jannik"},{"family":"Puys","given":"Maxime"},{"family":"Potet","given":"Marie-Laure"},{"family":"Lafourcade","given":"Pascal"},{"family":"Roch","given":"Jean-Louis"}],"citation-key":"dreierFormallyPracticallyVerifying2019","container-title":"Computers & Security","container-title-short":"Computers & Security","DOI":"10.1016/j.cose.2018.09.018","ISSN":"01674048","issued":{"date-parts":[["2019",9]]},"language":"en","page":"453-470","source":"DOI.org (Crossref)","title":"Formally and practically verifying flow properties in industrial systems","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S016740481831441X","volume":"86"},{"id":"cheminodFormalVulnerabilityAnalysis2011","abstract":"As ﬁeldbus networks are becoming accessible from the Internet, security mechanisms to grant access only to authorized users and to protect data are becoming essential. This paper proposes a formally based approach to the analysis of such systems, both at the security protocols level and at the system architecture level. This multilevel analysis allows the evaluation of the effects of an attack on the overall system, due to security problems that affect the underlying security protocols. A case study on a typical ﬁeldbus security system validates the approach.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Cheminod","given":"Manuel"},{"family":"Pironti","given":"Alfredo"},{"family":"Sisto","given":"Riccardo"}],"citation-key":"cheminodFormalVulnerabilityAnalysis2011","container-title":"IEEE Transactions on Industrial Informatics","container-title-short":"IEEE Trans. Ind. Inf.","DOI":"10.1109/TII.2010.2099233","ISSN":"1551-3203, 1941-0050","issue":"1","issued":{"date-parts":[["2011",2]]},"language":"en","page":"30-40","source":"DOI.org (Crossref)","title":"Formal Vulnerability Analysis of a Security System for Remote Fieldbus Access","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/5685603/","volume":"7"},{"id":"obeidFormalVerificationSecurity2019","abstract":"Information security was initially required in speciﬁc applications, however, nowadays, most companies and even individuals are interested in securing their information assets. The new requirement can be costly, especially with the high demand on security solutions and security experts. Security patterns are reusable security solutions that prove to be eﬃcient and can help developers achieve some security goals without the need for expertise in the security domain. Some security pattern combinations can be beneﬁcial while others are inconsistent. Model checking can be used to verify the production of combining multiple security patterns with an architecture. Supervisory control and data acquisition (SCADA) systems control many of our critical industrial infrastructures. Due to their limitations, and their augmented connectivity, SCADA systems have many unresolved security issues. In this paper, we demonstrate how we can automatically generate a secure SCADA model based on an insecure one and how to verify the generated model.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Obeid","given":"Fadi"},{"family":"Dhaussy","given":"Philippe"}],"citation-key":"obeidFormalVerificationSecurity2019","container-title":"Computing and Informatics","container-title-short":"cai","DOI":"10.31577/cai_2019_5_1149","ISSN":"2585-8807","issue":"5","issued":{"date-parts":[["2019"]]},"language":"en","page":"1149-1180","source":"DOI.org (Crossref)","title":"Formal Verification of Security Pattern Composition: Application to SCADA","title-short":"Formal Verification of Security Pattern Composition","type":"article-journal","URL":"http://www.cai.sk/ojs/index.php/cai/article/view/2019_5_1149","volume":"38"},{"id":"kottlerFormalVerificationLadder2017","abstract":"Programmable logic controllers (PLCs) are heavyduty computers used to control industrial systems. For many years these systems were physically separated from any other network making attacks extremely difﬁcult. However, these increasingly connected systems have not improved much in terms of security, leaving them vulnerable to attacks. This paper attempts to show that ladder logic programs for PLCs can be modeled in NuSMV and veriﬁed using computational tree logic (CTL) speciﬁcations. This paper also shows how simple changes to the ladder logic program can cause catastrophic damage to the PLC system. This intruded code can be difﬁcult to detect by looking at the ladder logic program because the change is so small. However, the intruded code can be modeled in NuSMV and identiﬁed by properly written CTL speciﬁcations.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Kottler","given":"Sam"},{"family":"Khayamy","given":"Mehdy"},{"family":"Hasan","given":"Syed Rafay"},{"family":"Elkeelany","given":"Omar"}],"citation-key":"kottlerFormalVerificationLadder2017","container-title":"SoutheastCon 2017","DOI":"10.1109/SECON.2017.7925390","event-place":"Concord, NC, USA","event-title":"SoutheastCon 2017","ISBN":"978-1-5386-1539-3","issued":{"date-parts":[["2017",3]]},"language":"en","page":"1-5","publisher":"IEEE","publisher-place":"Concord, NC, USA","source":"DOI.org (Crossref)","title":"Formal verification of ladder logic programs using NuSMV","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7925390/"},{"id":"galvaoFormalVerificationFocused2019","abstract":"The main goal of this paper is present a review and discussion about the option of using plant models in formal veriﬁcation techniques. Relevant works in the ﬁeld considering different approaches are reviewed and the importance of choosing the level of detail correctly is discussed. Although exists few works about this topic, the studies revealed the necessity and importance to consider the plant model in formal veriﬁcation.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Galvão","given":"Joel"},{"family":"Oliveira","given":"Cedrico"},{"family":"Lopes","given":"Helena"},{"family":"Tiainen","given":"Laura"}],"citation-key":"galvaoFormalVerificationFocused2019","container-title":"Innovation, Engineering and Entrepreneurship","DOI":"10.1007/978-3-319-91334-6_18","editor":[{"family":"Machado","given":"José"},{"family":"Soares","given":"Filomena"},{"family":"Veiga","given":"Germano"}],"event-place":"Cham","ISBN":"978-3-319-91333-9 978-3-319-91334-6","issued":{"date-parts":[["2019"]]},"language":"en","page":"124-131","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Formal Verification: Focused on the Verification Using a Plant Model","title-short":"Formal Verification","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-91334-6_18","volume":"505"},{"id":"nigamFormalSecurityVerification2019","abstract":"Without appropriate counter-measures, cyber-attacks can exploit the increased system connectivity provided by Industry 4.0 (I4.0) to cause catastrophic events, by, e.g., injecting or tampering with messages. The solution supported by standards, such as, OPC-UA, is to sign or encrypt messages. However, given the limited resources of devices, instead of encrypting all messages in the network, it is better to encrypt only the messages that if tampered with or injected, could lead to undesired conﬁgurations. This paper describes the use of formal veriﬁcation to analyse the security of I4.0 applications. We formalize in Rewriting Logic, I4.0 applications and systems, i.e., networked sets of devices, and a symbolic intruder model. Our formalization can be executed by the tool Maude to automate such security analysis, e.g., determine which messages are sufﬁcient to sign in order avoid injection and tampering attacks.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Nigam","given":"Vivek"},{"family":"Talcott","given":"Carolyn"}],"citation-key":"nigamFormalSecurityVerification2019","container-title":"2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)","DOI":"10.1109/ETFA.2019.8869428","event-place":"Zaragoza, Spain","event-title":"2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)","ISBN":"978-1-72810-303-7","issued":{"date-parts":[["2019",9]]},"language":"en","page":"1043-1050","publisher":"IEEE","publisher-place":"Zaragoza, Spain","source":"DOI.org (Crossref)","title":"Formal Security Verification of Industry 4.0 Applications","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/8869428/"},{"id":"nardoneFormalSecurityAssessment2016","abstract":"Critical infrastructures as water treatment, power distribution, or telecommunications, provide daily services essential to our lifestyle. Any service discontinuity can have a high impact into our society and even into our safety. Thus, security of these systems against intentional threats must be guaranteed. However, many of these systems are based on protocols initially designed to operate on closed, unroutable networks, making them an easy target for cybercriminals. In this regard, Modbus is a widely adopted protocol in control systems. Modbus protocol, however, lacks for security properties and is vulnerable to plenty of attacks (as spooﬁng, ﬂooding, or replay, to name a few). In this paper, we propose a formal modeling of Modbus protocol using an extension of hierarchical state-machines that is automatically transformed to a Promela model. This model allows us to ﬁnd counterexamples of security properties by model-checking. In particular, the original contribution of this paper is the formal demonstration of the existence of man-inthe-middle attacks in Modbus-based systems. Our approach also allows to formally evaluate security properties in future extensions of Modbus protocols.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Nardone","given":"Roberto"},{"family":"Rodriguez","given":"Ricardo J."},{"family":"Marrone","given":"Stefano"}],"citation-key":"nardoneFormalSecurityAssessment2016","container-title":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","DOI":"10.1109/ICITST.2016.7856685","event-place":"Barcelona, Spain","event-title":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","ISBN":"978-1-908320-73-5","issued":{"date-parts":[["2016",12]]},"language":"en","page":"142-147","publisher":"IEEE","publisher-place":"Barcelona, Spain","source":"DOI.org (Crossref)","title":"Formal security assessment of Modbus protocol","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7856685/"},{"id":"poschmannExperienceFormalMethods1997","abstract":"This paper presents our experience using the formal description technique Estelle for the protocol development cycle in the area of real-time industrial communication systems. A s a real world application the PROFIBUS parts FMS and DP of the European fieldbus standard were completely implemented using formal models. These implementations are successfully used in industrial applications and embedded systems. Our development method, results, and experiences during the development process are discussed in the paper. A closed, tool based method is the overall aim concerning the development life cycle to support the requirement definition as well as the implementation of the product code with final testing, To meet these needs, our approach defines some assumptions and constraints using the syntactic and semantic model of the specif cation language Estelle, aspects of the modelling process concerning the architecture, handling data abstraction and encapsulation of the specification language vs. real-time data pow in the product code implementation, synchronous vs. asynchronous communications to local intefaces (e.g. physical layer or partly data link layer ASIC) and dealing with special local events like timeoutsr and interrupts in the specification and in the real-time execution environment. The paper discusses advantages and also critical points using the formal way of the protocol development cycle. In theory, it is quite clear that formal description techniques enhance quality. Therefore, we discuss this approach under the user’s point of view.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Poschmann","given":"A."},{"family":"Hahniche","given":"J."},{"family":"Deicke","given":"P."},{"family":"Neumann","given":"P."}],"citation-key":"poschmannExperienceFormalMethods1997","container-title":"Proceedings 1997 IEEE International Workshop on Factory Communication Systems. WFCS'97","DOI":"10.1109/WFCS.1997.634310","event-place":"Barcelona, Spain","event-title":"1997 IEEE International Workshop on Factory Communication Systems. WFCS'97","ISBN":"978-0-7803-4182-1","issued":{"date-parts":[["1997"]]},"language":"en","page":"277-286","publisher":"IEEE","publisher-place":"Barcelona, Spain","source":"DOI.org (Crossref)","title":"Experience with formal methods implementing the PROFIBUS FMS and DP protocol for industrial applications","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/634310/"},{"id":"platzerDifferentialDynamicLogic2008","abstract":"Hybrid systems are models for complex physical systems and are deﬁned as dynamical systems with interacting discrete transitions and continuous evolutions along differential equations. With the goal of developing a theoretical and practical foundation for deductive veriﬁcation of hybrid systems, we introduce a dynamic logic for hybrid programs, which is a program notation for hybrid systems. As a veriﬁcation technique that is suitable for automation, we introduce a free variable proof calculus with a novel combination of real-valued free variables and Skolemisation for lifting quantiﬁer elimination for real arithmetic to dynamic logic. The calculus is compositional, i.e., it reduces properties of hybrid programs to properties of their parts. Our main result proves that this calculus axiomatises the transition behaviour of hybrid systems completely relative to differential equations. In a case study with cooperating trafﬁc agents of the European Train Control System, we further show that our calculus is well-suited for verifying realistic hybrid systems with parametric system dynamics.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Platzer","given":"André"}],"citation-key":"platzerDifferentialDynamicLogic2008","container-title":"Journal of Automated Reasoning","container-title-short":"J Autom Reasoning","DOI":"10.1007/s10817-008-9103-8","ISSN":"0168-7433, 1573-0670","issue":"2","issued":{"date-parts":[["2008",8]]},"language":"en","page":"143-189","source":"DOI.org (Crossref)","title":"Differential Dynamic Logic for Hybrid Systems","type":"article-journal","URL":"https://link.springer.com/10.1007/s10817-008-9103-8","volume":"41"},{"id":"dutertreFormalModelingAnalysis2007","abstract":"Modbus is a communication protocol that is widely used in SCADA systems and distributed control applications. This paper presents formal speciﬁcations of Modbus developed using PVS, a generic theorem prover; and SAL, a toolset for the automatic analysis of state-transition systems. Both formalizations are based on the Modbus Application Protocol, which speciﬁes the format of Modbus request and response messages. This formal modeling eﬀort is the ﬁrst step in the development of automated methods for systematic and extensive testing of Modbus devices.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Dutertre","given":"Bruno"}],"citation-key":"dutertreFormalModelingAnalysis2007","container-title":"Critical Infrastructure Protection","DOI":"10.1007/978-0-387-75462-8_14","editor":[{"family":"Goetz","given":"Eric"},{"family":"Shenoi","given":"Sujeet"}],"event-place":"Boston, MA","ISBN":"978-0-387-75461-1","issued":{"date-parts":[["2007"]]},"language":"en","page":"189-204","publisher":"Springer US","publisher-place":"Boston, MA","source":"DOI.org (Crossref)","title":"Formal Modeling and Analysis of the Modbus Protocol","type":"chapter","URL":"http://link.springer.com/10.1007/978-0-387-75462-8_14","volume":"253"},{"id":"amoahFormalModellingAnalysis2016","abstract":"Supervisory Control and Data Acquisition (SCADA) systems are one of the key foundations of smart grids. The Distributed Network Protocol version 3 (DNP3) is a standard SCADA protocol designed to facilitate communications in substations and smart grid nodes. The protocol is embedded with a security mechanism called Secure Authentication (DNP3-SA). This mechanism ensures that end-to-end communication security is provided in substations. This paper presents a formal model for the behavioural analysis of DNP3-SA using Coloured Petri Nets (CPN). Our DNP3-SA CPN model is capable of testing and verifying various attack scenarios: modiﬁcation, replay and spooﬁng, combined complex attack and mitigation strategies. Using the model has revealed a previously unidentiﬁed ﬂaw in the DNP3-SA protocol that can be exploited by an attacker that has access to the network interconnecting DNP3 devices. An attacker can launch a successful attack on an outstation without possessing the pre-shared keys by replaying a previously authenticated command with arbitrary parameters. We propose an update to the DNP3-SA protocol that removes the ﬂaw and prevents such attacks. The update is validated and veriﬁed using our CPN model proving the effectiveness of the model and importance of the formal protocol analysis.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Amoah","given":"Raphael"},{"family":"Camtepe","given":"Seyit"},{"family":"Foo","given":"Ernest"}],"citation-key":"amoahFormalModellingAnalysis2016","container-title":"Journal of Network and Computer Applications","container-title-short":"Journal of Network and Computer Applications","DOI":"10.1016/j.jnca.2015.05.015","ISSN":"10848045","issued":{"date-parts":[["2016",1]]},"language":"en","page":"345-360","source":"DOI.org (Crossref)","title":"Formal modelling and analysis of DNP3 secure authentication","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1084804515001228","volume":"59"},{"id":"puysFormalAnalysisSecurity2016","abstract":"Industrial systems are publicly the target of cyberattacks since Stuxnet [1]. Nowadays they are increasingly communicating over insecure media such as Internet. Due to their interaction with the real world, it is crucial to prove the security of their protocols. In this paper, we formally study the security of one of the most used industrial protocols: OPC-UA. Using ProVerif, a well known cryptographic protocol veriﬁcation tool, we are able to check secrecy and authentication properties. We ﬁnd several attacks on the protocols and provide countermeasures.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Puys","given":"Maxime"},{"family":"Potet","given":"Marie-Laure"},{"family":"Lafourcade","given":"Pascal"}],"citation-key":"puysFormalAnalysisSecurity2016","container-title":"Computer Safety, Reliability, and Security","DOI":"10.1007/978-3-319-45477-1_6","editor":[{"family":"Skavhaug","given":"Amund"},{"family":"Guiochet","given":"Jérémie"},{"family":"Bitsch","given":"Friedemann"}],"event-place":"Cham","ISBN":"978-3-319-45476-4 978-3-319-45477-1","issued":{"date-parts":[["2016"]]},"language":"en","page":"67-75","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Formal Analysis of Security Properties on the OPC-UA SCADA Protocol","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-45477-1_6","volume":"9922"},{"id":"zonouzDetectingIndustrialControl2014","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Zonouz","given":"Saman"},{"family":"Rrushi","given":"Julian"},{"family":"McLaughlin","given":"Stephen"}],"citation-key":"zonouzDetectingIndustrialControl2014","container-title":"IEEE Security & Privacy","container-title-short":"IEEE Secur. Privacy","DOI":"10.1109/MSP.2014.113","ISSN":"1540-7993, 1558-4046","issue":"6","issued":{"date-parts":[["2014",11]]},"language":"en","page":"40-47","source":"DOI.org (Crossref)","title":"Detecting Industrial Control Malware Using Automated PLC Code Analytics","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/7006408/","volume":"12"},{"id":"marinoDesignWorldFIPIndustrial1999","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Marino","given":"P."},{"family":"Poza","given":"F."},{"family":"Dominguez","given":"M.A."},{"family":"Nogueira","given":"J.B."}],"citation-key":"marinoDesignWorldFIPIndustrial1999","container-title":"ISIE '99. Proceedings of the IEEE International Symposium on Industrial Electronics (Cat. No.99TH8465)","DOI":"10.1109/ISIE.1999.796924","event-place":"Bled, Slovenia","event-title":"ISIE '99. IEEE International Symposium on Industrial Electronics","ISBN":"978-0-7803-5662-7","issued":{"date-parts":[["1999"]]},"language":"en","page":"1427-1432","publisher":"IEEE","publisher-place":"Bled, Slovenia","source":"DOI.org (Crossref)","title":"Design of WorldFIP's industrial communication systems based on formal methods","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/796924/","volume":"3"},{"id":"rocchettoCPDYExtendingDolevYao2016","abstract":"We propose extensions to the Dolev-Yao attacker model to make it suitable for arguments about security of Cyber-Physical Systems. The Dolev-Yao attacker model uses a set of rules to deﬁne potential actions by an attacker with respect to messages (i.e. information) exchanged between parties during a protocol execution. As the traditional Dolev-Yao model considers only information (exchanged over a channel controlled by the attacker), the model cannot directly be used to argue about the security of cyber-physical systems where physicallayer interactions are possible. Our Dolev-Yao extension, called CyberPhysical Dolev-Yao (CPDY), allows additional orthogonal interaction channels between the parties. In particular, such orthogonal channels can be used to model physical-layer mechanical, chemical, or electrical interactions between components. In addition, we discuss the inclusion of physical properties such as location or distance in the rule set. We present an example set of additional rules for the Dolev-Yao attacker, using those we are able to formally discover physical attacks that previously could only be found by empirical methods or detailed physical process models.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Rocchetto","given":"Marco"},{"family":"Tippenhauer","given":"Nils Ole"}],"citation-key":"rocchettoCPDYExtendingDolevYao2016","container-title":"Formal Methods and Software Engineering","DOI":"10.1007/978-3-319-47846-3_12","editor":[{"family":"Ogata","given":"Kazuhiro"},{"family":"Lawford","given":"Mark"},{"family":"Liu","given":"Shaoying"}],"event-place":"Cham","ISBN":"978-3-319-47845-6 978-3-319-47846-3","issued":{"date-parts":[["2016"]]},"language":"en","page":"175-192","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"CPDY: Extending the Dolev-Yao Attacker with Physical-Layer Interactions","title-short":"CPDY","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-47846-3_12","volume":"10009"},{"id":"darvasFormalVerificationSafety2016","abstract":"Programmable Logic Controllers (PLCs) are widely used in the industry for various industrial automation tasks. Besides non-safety applications, the usage of PLCs became accepted in safety-critical installations, where the cost of failure is high. In these cases the used hardware is special (so-called fail-safe or safety PLCs), but also the software needs special considerations. Formal veriﬁcation is a method that can help to develop high-quality software for critical tasks. However, such method should be adapted to the special needs of the safety PLCs, that are often particular compared to the normal PLC development domain. In this paper we propose two complementary solutions for the formal veriﬁcation of safety-critical PLC programs based on model checking and equivalence checking using formal speciﬁcation. Furthermore, a case study is presented, demonstrating our approach.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Darvas","given":"Dániel"},{"family":"Majzik","given":"István"},{"family":"Blanco Viñuela","given":"Enrique"}],"citation-key":"darvasFormalVerificationSafety2016","container-title":"Integrated Formal Methods","DOI":"10.1007/978-3-319-33693-0_32","editor":[{"family":"Ábrahám","given":"Erika"},{"family":"Huisman","given":"Marieke"}],"event-place":"Cham","ISBN":"978-3-319-33692-3 978-3-319-33693-0","issued":{"date-parts":[["2016"]]},"language":"en","page":"508-522","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Formal Verification of Safety PLC Based Control Software","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-33693-0_32","volume":"9681"},{"id":"rauschFormalVerificationPLC1998","abstract":"This paper presents an approach to the verification of programs for programmablelogic controllers(PLCs) using SMV, a softwqe package for formal verification of state transition systems. Binary PLC programs are converted directly into SMV modules that retain the variable names and execution sequences of the original programs. The system being controlled is modeled by a C/E system block diagram which is also transformed into a set of SMV modules, retaining the structure of the block diagram model. SMV allows the engineer to verify the behavior of the control program over all possible operating conditions. Mechanisms are discussed for representing correctly the concurrent execution of the PLC programs and the plant model using SMV primitives. The SMV approach to PLC program verification is illustrated with an example.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Rausch","given":"M."},{"family":"Krogh","given":"B.H."}],"citation-key":"rauschFormalVerificationPLC1998","container-title":"Proceedings of the 1998 American Control Conference. ACC (IEEE Cat. No.98CH36207)","DOI":"10.1109/ACC.1998.694666","event-place":"Philadelphia, PA, USA","event-title":"Proceedings of the 1998 American Control Conference (ACC)","ISBN":"978-0-7803-4530-0","issued":{"date-parts":[["1998"]]},"language":"en","page":"234-238 vol.1","publisher":"IEEE","publisher-place":"Philadelphia, PA, USA","source":"DOI.org (Crossref)","title":"Formal verification of PLC programs","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/694666/"},{"id":"tsukadaToolchainModelChecking2016","abstract":"This paper proposes a new model checking method to detect falsification on control system software. In the previous study, we have examined a method which detects illegal rewriting for control system software via Petri Net and Kalman Decomposition (KD). In this paper, in order to divert this method to model checking, we consider a new toolchain with the existing model checker SPIN. Specifically, we develop a tool that translates Petri Net into Promela (modeling language of SPIN) and clarify that KD allows us to generate Linear Temporal Logic (LTL) formulas for SPIN automatically. In addition, we give a simple example of applying SPIN to Petri Net models before and after falsification.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Tsukada","given":"Kento"},{"family":"Sawada","given":"Kenji"},{"family":"Shin","given":"Seiichi"}],"citation-key":"tsukadaToolchainModelChecking2016","container-title":"2016 IEEE International Conference on Automation Science and Engineering (CASE)","DOI":"10.1109/COASE.2016.7743421","event-place":"Fort Worth, TX, USA","event-title":"2016 IEEE International Conference on Automation Science and Engineering (CASE)","ISBN":"978-1-5090-2409-4","issued":{"date-parts":[["2016",8]]},"language":"en","page":"300-305","publisher":"IEEE","publisher-place":"Fort Worth, TX, USA","source":"DOI.org (Crossref)","title":"A toolchain on model checking SPIN via Kalman Decomposition for control system software","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7743421/"},{"id":"kulikSurveyPracticalFormal2021","abstract":"In today’s world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal veriﬁcation, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking and lightweight FM. To allow the diﬀerent uses of FM to be compared, we deﬁne a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety critical systems and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends and directions of research within this ﬁeld.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Kulik","given":"Tomas"},{"family":"Dongol","given":"Brijesh"},{"family":"Larsen","given":"Peter Gorm"},{"family":"Macedo","given":"Hugo Daniel"},{"family":"Schneider","given":"Steve"},{"family":"Tran-Jørgensen","given":"Peter Würtz Vinther"},{"family":"Woodcock","given":"Jim"}],"citation-key":"kulikSurveyPracticalFormal2021","issued":{"date-parts":[["2021",9,3]]},"language":"en","number":"arXiv:2109.01362","publisher":"arXiv","source":"arXiv.org","title":"A Survey of Practical Formal Methods for Security","type":"article","URL":"http://arxiv.org/abs/2109.01362"},{"id":"SystemizationKnowledgeGuidelines","abstract":"Journal of Systems Research","accessed":{"date-parts":[["2023",10,4]]},"citation-key":"SystemizationKnowledgeGuidelines","language":"en","title":"Systemization of Knowledge guidelines","title-short":"http","type":"webpage","URL":"http://jsys.org/type_SoK/"},{"id":"wardellMethodRevealingAddressing2016","abstract":"Several cyber-attacks on the cyber-physical systems (CPS) that monitor and control critical infrastructure were publically announced over the last few years. Almost without exception, the proposed security solutions focus on preventing unauthorized access to the industrial control systems (ICS) at various levels – the defense in depth approach. While useful, it does not address the problem of making the systems more capable of responding to the malicious actions of an attacker once they have gained access to the system. The first step in making an ICS more resilient to an attacker is identifying the cyber security vulnerabilities the attacker can use during system design. This paper presents a method that reveals cyber security vulnerabilities in ICS through the formal modeling of the system and malicious agents. The inclusion of the malicious agent in the analysis of an existing systems identifies security vulnerabilities that are missed in traditional functional model checking.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Wardell","given":"Dean C."},{"family":"Mills","given":"Robert F."},{"family":"Peterson","given":"Gilbert L."},{"family":"Oxley","given":"Mark E."}],"citation-key":"wardellMethodRevealingAddressing2016","container-title":"Procedia Computer Science","container-title-short":"Procedia Computer Science","DOI":"10.1016/j.procs.2016.09.289","ISSN":"18770509","issued":{"date-parts":[["2016"]]},"language":"en","page":"24-31","source":"DOI.org (Crossref)","title":"A Method for Revealing and Addressing Security Vulnerabilities in Cyber-physical Systems by Modeling Malicious Agent Interactions with Formal Verification","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1877050916324619","volume":"95"},{"id":"kunzFormalMethodologyAccomplishing2017","abstract":"Reliability is extremely important for control systems of energy distribution and generation. The IEC 61850 standard speciﬁes an open architecture and communication protocols for such applications. The standard deﬁnes an open control architecture for networked control systems composed by intelligent electronic devices, stating some requirements that must be accomplished when developing reliable controllers for such systems. In this paper, we present a systematic and formal methodology to be adopted to achieve the correct implementation of the communication requirements of this standard. The methodology consists in ﬁve steps: modeling of real-time communication requirements deﬁned by the standard; simulation of the obtained model; formal veriﬁcation of the model, improved in the previous step; translation of the global model (simulated and veriﬁed) into the input language of the real controller; and ﬁnally, application of conformance testing technique to the computational routine implemented in the real controller. Presented research deals with the proposition of a strategy to synthesize and validate models of systems developed under IEC61850 real-time requirements (GOOSE and SMV) through simple operational conditions cases that, once validated, can be used in performance and conformance testing of more complex systems. The proposed methodology allows designers to synthesize reliable systems under IEC61850 real-time communication requirements.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Kunz","given":"Guilherme"},{"family":"Machado","given":"Jose"},{"family":"Perondi","given":"Eduardo"},{"family":"Vyatkin","given":"Valeriy"}],"citation-key":"kunzFormalMethodologyAccomplishing2017","container-title":"IEEE Transactions on Industrial Electronics","container-title-short":"IEEE Trans. Ind. Electron.","DOI":"10.1109/TIE.2017.2682042","ISSN":"0278-0046, 1557-9948","issue":"8","issued":{"date-parts":[["2017",8]]},"language":"en","page":"6582-6590","source":"DOI.org (Crossref)","title":"A Formal Methodology for Accomplishing IEC 61850 Real-Time Communication Requirements","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/7878522/","volume":"64"},{"id":"rysavyFormalAuthorizationFramework2012","abstract":"In this paper, we propose an application of a formal authorization framework for deﬁning and enforcing security policies in SCADA systems. Current generation of SCADA systems are built as open networked systems often connected to public networks. Thus the security becomes an important issue, which needs to be properly addressed in these systems. The knowledge gained from securing networked computer based systems may help to develop security measures for SCADA systems too. Among such methods, a policy based security methods are the most applied. The contribution of this paper consists of an overview of security issues related to SCADA systems and a proposal to use a logic-based authorization framework in this environment for achieving scalable and efﬁcient authentication.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Rysavy","given":"Ondrej"},{"family":"Rab","given":"Jaroslav"},{"family":"Halfar","given":"Patrik"},{"family":"Sveda","given":"Mirsolav"}],"citation-key":"rysavyFormalAuthorizationFramework2012","container-title":"2012 IEEE 19th International Conference and Workshops on Engineering of Computer-Based Systems","DOI":"10.1109/ECBS.2012.4","event-place":"Novi Sad, Serbia","event-title":"2012 19th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS)","ISBN":"978-1-4673-0912-7 978-0-7695-4664-3","issued":{"date-parts":[["2012",4]]},"language":"en","page":"298-302","publisher":"IEEE","publisher-place":"Novi Sad, Serbia","source":"DOI.org (Crossref)","title":"A Formal Authorization Framework for Networked SCADA Systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/6195199/"},{"id":"CyberPhysicalSystems","citation-key":"CyberPhysicalSystems","title":"Cyber physical systems security limitations issues and future trends.pdf","type":"document"},{"id":"khanIDEAIntrusionDetection2021","abstract":"We propose a novel framework called IDEA that exploits electromagnetic (EM) side-channel signals to detect malicious activity on embedded and cyber-physical systems (CPS). IDEA first records EM emanations from an uncompromised reference device to establish a baseline of reference EM patterns. IDEA then monitors the target device's EM emanations. When the observed EM emanations deviate from the reference patterns, IDEA reports this as an anomalous or malicious activity. IDEA does not require any resource or infrastructure on, or any modification to, the monitored system itself. In fact, IDEA is isolated from the target device, and monitors the device without any physical contact. We evaluate IDEA by monitoring the target device while it is executing embedded applications with malicious code injections such as Distributed Denial of Service (DDoS), Ransomware and code modification. We further implement a control-flow hijack attack, an advanced persistent threat, and a firmware modification on three CPSs: an embedded medical device called SyringePump, an industrial Proportional-Integral-Derivative (PID) Controller, and a Robotic Arm, using a popular embedded system, Arduino UNO. The results demonstrate that IDEA can detect different attacks with excellent accuracy (AUC > 99.5%, and 100 percent detection with less than 1 percent false positives) from distances up to 3 m.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Khan","given":"Haider Adnan"},{"family":"Sehatbakhsh","given":"Nader"},{"family":"Nguyen","given":"Luong N."},{"family":"Callan","given":"Robert L."},{"family":"Yeredor","given":"Arie"},{"family":"Prvulovic","given":"Milos"},{"family":"Zajić","given":"Alenka"}],"citation-key":"khanIDEAIntrusionDetection2021","container-title":"IEEE Transactions on Dependable and Secure Computing","DOI":"10.1109/TDSC.2019.2932736","ISSN":"1941-0018","issue":"3","issued":{"date-parts":[["2021",5]]},"page":"1150-1163","source":"IEEE Xplore","title":"IDEA: Intrusion Detection through Electromagnetic-Signal Analysis for Critical Embedded and Cyber-Physical Systems","title-short":"IDEA","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/8786207?casa_token=QhKm6TQJknAAAAAA:mnt3qtOGbc0DatEXNTOzKkA5HfPk4JctZOjFAx2mF5xcuEsJFY4E3-vQ6-3maSAsIAsfG9il2Q","volume":"18"},{"id":"guanDistributedAttackDetection2018","abstract":"This paper is concerned with the problem of joint distributed attack detection and distributed secure estimation for a networked cyber-physical system under physical and cyber attacks. The system is monitored by a wireless sensor network, in which a group of sensors is spatially distributed and the sensors' measurements are broadcast to remote estimators via a wireless network medium. A malicious adversary simultaneously launches a false data injection attack at the physical system layer to intentionally modify the system's state and jamming attacks at the cyber layer to block the wireless transmission channels between sensors and remote estimators. The sensors' measurements can be randomly dropped with mathematical probability if the corresponding transmission channels are deliberately jammed by the adversary. Resilient attack detection estimators are delicately constructed to provide locally reliable state estimations and detect the false data injection attack. Then, criteria for analyzing the estimation performance and designing the desired estimators are derived to guarantee the solvability of the problem. Finally, the effectiveness of the proposed approach is shown through an illustrative example.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Guan","given":"Yanpeng"},{"family":"Ge","given":"Xiaohua"}],"citation-key":"guanDistributedAttackDetection2018","container-title":"IEEE Transactions on Signal and Information Processing over Networks","DOI":"10.1109/TSIPN.2017.2749959","ISSN":"2373-776X","issue":"1","issued":{"date-parts":[["2018",3]]},"page":"48-59","source":"IEEE Xplore","title":"Distributed Attack Detection and Secure Estimation of Networked Cyber-Physical Systems Against False Data Injection Attacks and Jamming Attacks","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/8027127?casa_token=rllSka8MB9EAAAAA:vYDGy1ij41XuemTklUypRHekLdb8acjX_43kZZK_vxStbIOULex18bLWs9nPGjECIzNIQOMosQ","volume":"4"},{"id":"uluagacSensoryChannelThreats2014","abstract":"Cyber-Physical Systems (CPS) is a relatively novel computing paradigm where there is a tight integration of communications, computation, and the physical environment. An important component of the CPS devices is the sensors they use to interact with each other and the physical world around them. With CPS applications, engineers monitor the structural health of highways and bridges, farmers check the health of their crops, and ecologists observe wildlife in their natural habitat. Nonetheless, current security models consider protecting only networking components of the CPS devices utilizing traditional security mechanisms (e.g., an intrusion detection system for the data that traverse the network protocol stacks). The protection mechanisms are not sufficient to protect CPS devices from threats emanating from sensory channels. Using sensory channels (e.g., light, temperature, infrared), an adversary can successfully attack systems. Specifically, the adversary can (1) trigger existing malware, (2) transfer malware, or (3) combine malicious use of different sensory channels to increase the impact of the attack on CPS devices. In this work, we focus on these novel sensory channel threats to CPS devices and applications. We first note how sensory channel threats are an emerging area for the CPS world. Then, we analyze the performance various sensory channel threats. Moreover, using an iRobot Create as our CPS platform, we exploit simple vulnerable programs on iRobot through its infrared channel. Finally, we introduce the design of a novel sensory channel aware intrusion detection system as a protection mechanism against the sensory channel threats for CPS devices.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Uluagac","given":"A. Selcuk"},{"family":"Subramanian","given":"Venkatachalam"},{"family":"Beyah","given":"Raheem"}],"citation-key":"uluagacSensoryChannelThreats2014","container-title":"2014 IEEE Conference on Communications and Network Security","DOI":"10.1109/CNS.2014.6997498","event-title":"2014 IEEE Conference on Communications and Network Security","issued":{"date-parts":[["2014",10]]},"page":"301-309","source":"IEEE Xplore","title":"Sensory channel threats to Cyber Physical Systems: A wake-up call","title-short":"Sensory channel threats to Cyber Physical Systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/6997498?casa_token=eDetTaSM9l8AAAAA:XBYe2w66DUfoi3YO8RYukrB0ZlkaI_z5-WW17tczR2njEgix6AyGvZSqsX0cnaes2IMgFIgxmQ"},{"id":"guoDetectionStealthyFalse2022","abstract":"This paper, from the view of a defender, addresses the security problem of cyber-physical systems (CPSs) subject to stealthy false data injection (FDI) attacks that cannot be detected by a residual-based anomaly detector without other defensive measures. To detect such a class of FDI attacks, a stochastic coding scheme, which codes the sensor measurement with a Gaussian stochastic signal at the sensor side, is proposed to assist an anomaly detector to expose the FDI attack. In order to ensure the system performance in the normal operational context, a decoder is adopted to decode the coded sensor measurement when received at the controller side. With this detection scheme, the residual under the attack can be significantly different from that in the normal situation, and thus trigger an alarm. The design condition of the coding signal covariance is derived to meet the constraints of false alarm rate and attack detection rate. To minimize the trace of the coding signal covariance, the design problem of the coding signal is converted into a constraint non-convex optimization problem, and an estimation-optimization iteration algorithm is presented to obtain a numerical solution of the coding signal covariance. A numerical example is given to verify the effectiveness of the proposed scheme.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Guo","given":"Haibin"},{"family":"Pang","given":"Zhonghua"},{"family":"Sun","given":"Jian"},{"family":"Li","given":"Jun"}],"citation-key":"guoDetectionStealthyFalse2022","container-title":"Journal of Systems Science and Complexity","container-title-short":"J Syst Sci Complex","DOI":"10.1007/s11424-022-1005-z","ISSN":"1559-7067","issue":"5","issued":{"date-parts":[["2022",10,1]]},"language":"en","page":"1668-1684","source":"Springer Link","title":"Detection of Stealthy False Data Injection Attacks Against Cyber-Physical Systems: A Stochastic Coding Scheme","title-short":"Detection of Stealthy False Data Injection Attacks Against Cyber-Physical Systems","type":"article-journal","URL":"https://doi.org/10.1007/s11424-022-1005-z","volume":"35"},{"id":"chattopadhyaySecurityAutonomousVehicle2017","abstract":"Security of (semi)-autonomous vehicles is a growing concern due to, first, the growing reliance of car functionalities on diverse (semi)-autonomous systems; second, the increased exposure of the such functionalities to potential attackers; third, the interaction of a single vehicle with myriads of other smart systems in an modern urban traffic infrastructure. In this paper, we review the security objectives of Autonomous Vehicle (AV) and argue that AV is a kind of Cyber-Physical System (CPS) for control and operations of the vehicle. We attempt to identify the core issues of securing an AV by modeling an AV as a special kind of CPS, which tend to be implemented by a complex interconnected embedded system hardware. Subsequently, the technical challenges of AV security are identified.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Chattopadhyay","given":"Anupam"},{"family":"Lam","given":"Kwok-Yan"}],"citation-key":"chattopadhyaySecurityAutonomousVehicle2017","container-title":"2017 7th International Symposium on Embedded Computing and System Design (ISED)","DOI":"10.1109/ISED.2017.8303906","event-title":"2017 7th International Symposium on Embedded Computing and System Design (ISED)","ISSN":"2473-9413","issued":{"date-parts":[["2017",12]]},"page":"1-6","source":"IEEE Xplore","title":"Security of autonomous vehicle as a cyber-physical system","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/8303906?casa_token=iDWWXJEJpdQAAAAA:VIFwVpPaz4yT1ijG0OXWzSfrdOt5TpKejLYqj6GVW3EyO92bkjH82vri-s6QNCrHa_LL_ct8wg"},{"id":"luDetectionIdentificationSparse2023","abstract":"This article investigates the attack detection and identification problem for cyber-physical systems under sparse sensor attacks. A novel candidate set construction algorithm, where only partial combinations of different channels are checked, is proposed to efficiently generate the candidate set containing all the possible sets of corrupted channels under stealthy attacks. Besides, through introducing a unified attack model that precisely characterizes the attack performance and stealthiness, necessary and sufficient conditions for the existence of undetectable/unidentifiable attacks are proposed. Based on the obtained conditions, a novel attack detection and identification strategy is proposed. Compared with the existing methods focusing only on the measurements, more attacks can be detected/identified through introducing side information and the reliability of detector is enhanced through making full use of the attack performance analysis result. Finally, a numerical simulation is provided to illustrate the correctness and effectiveness of the proposed conditions and methods.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Lu","given":"An-Yang"},{"family":"Yang","given":"Guang-Hong"}],"citation-key":"luDetectionIdentificationSparse2023","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/TAC.2022.3218545","ISSN":"1558-2523","issue":"9","issued":{"date-parts":[["2023",9]]},"page":"5349-5364","source":"IEEE Xplore","title":"Detection and Identification of Sparse Sensor Attacks in Cyber-Physical Systems With Side Information","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/9933841?casa_token=GQHa-q6eXQcAAAAA:k-CtF5gsoXIEF9Lo2AQEp-j-9Xr2kaweVGewjVYZk9qyJi21C_roFNSL8HC3AqemtGve_y83LA","volume":"68"},{"id":"wolfSafetySecurityCyberPhysical2018","abstract":"Safety and security have traditionally been distinct problems in engineering and computer science. The introduction of computing elements to create cyber-physical systems (CPSs) has opened up a vast new range of potential problems that do not always show up on the radar of traditional engineers. Security, in contrast, is traditionally viewed as a data or communications security problem to be handled by computer scientists and/or computer engineers. Advances in CPSs and the Internet-of-Things (IoT) requires us to take a unified view of safety and security. This paper defines a safety/security threat model for CPSs and IoT systems and surveys emerging techniques which improve the safety and security of CPSs and IoT systems.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Wolf","given":"Marilyn"},{"family":"Serpanos","given":"Dimitrios"}],"citation-key":"wolfSafetySecurityCyberPhysical2018","container-title":"Proceedings of the IEEE","DOI":"10.1109/JPROC.2017.2781198","ISSN":"1558-2256","issue":"1","issued":{"date-parts":[["2018",1]]},"page":"9-20","source":"IEEE Xplore","title":"Safety and Security in Cyber-Physical Systems and Internet-of-Things Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/8232537?casa_token=twgboow2ylwAAAAA:f3ATPxSmH1AMq9hxerfDl0j3khT6t-mgIuG9acsuTRPpMwDlVfB-49fTxtTHMLA4xdE0D9o_Dw","volume":"106"},{"id":"vijayakumaranReliableNextGeneration2020","abstract":"Architectural changes are happening in the modern industries due to the adaption and the deployment of „Internet of Things (IoT)‟ for monitoring and controlling various devices remotely from the external world. The most predominant place where the IoT technology makes the most sense is the industrial automation processes in smart industries (Industry 4.0). In this paper, a reliable „Next Generation Cyber Security Architecture (NCSA)‟ is presented for Industrial IoT (IIoT) environment that detects and thwarts cybersecurity threats and vulnerabilities. It helps to automate the processes of exchanging real-time critical information between devices without any human intervention. It proposes an analytical framework that can be used to protect entities and network traffics involved in the IIoT wireless communication. It incorporates an automated cyber-defense authentication mechanism that detects and prevents security attacks when a network session has been established. The defense mechanism accomplishes the required level of security protection in the network by generating an identity token which is cryptographically encrypted and verified by a virtual gateway system. The proposed NCSA improves security in the IIoT environment and reduces operational management cost.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Vijayakumaran","given":"C."},{"family":"Muthusenthil","given":"B."},{"family":"Manickavasagam","given":"B."}],"citation-key":"vijayakumaranReliableNextGeneration2020","container-title":"International Journal of Electrical and Computer Engineering (IJECE)","container-title-short":"IJECE","DOI":"10.11591/ijece.v10i1.pp387-395","ISSN":"2088-8708, 2088-8708","issue":"1","issued":{"date-parts":[["2020",2,1]]},"language":"en","page":"387","source":"DOI.org (Crossref)","title":"A reliable next generation cyber security architecture for industrial internet of things environment","type":"article-journal","URL":"http://ijece.iaescore.com/index.php/IJECE/article/view/18300","volume":"10"},{"id":"tangeSystematicSurveyIndustrial2020","abstract":"A key application of the Internet of Things (IoT) paradigm lies within industrial contexts. Indeed, the emerging Industrial Internet of Things (IIoT), commonly referred to as Industry 4.0, promises to revolutionize production and manufacturing through the use of large numbers of networked embedded sensing devices, and the combination of emerging computing technologies, such as Fog/Cloud Computing and Artiﬁcial Intelligence. The IIoT is characterized by an increased degree of inter-connectivity, which not only creates opportunities for the industries that adopt it, but also for cyber-criminals. Indeed, IoT security currently represents one of the major obstacles that prevent the widespread adoption of IIoT technology. Unsurprisingly, such concerns led to an exponential growth of published research over the last few years. To get an overview of the ﬁeld, we deem it important to systematically survey the academic literature so far, and distill from it various security requirements as well as their popularity. This paper consists of two contributions: our primary contribution is a systematic review of the literature over the period 2011-2019 on IIoT Security, focusing in particular on the security requirements of the IIoT. Our secondary contribution is a reﬂection on how the relatively new paradigm of Fog computing can be leveraged to address these requirements, and thus improve the security of the IIoT.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Tange","given":"Koen"},{"family":"De Donno","given":"Michele"},{"family":"Fafoutis","given":"Xenofon"},{"family":"Dragoni","given":"Nicola"}],"citation-key":"tangeSystematicSurveyIndustrial2020","container-title":"IEEE Communications Surveys & Tutorials","container-title-short":"IEEE Commun. Surv. Tutorials","DOI":"10.1109/COMST.2020.3011208","ISSN":"1553-877X, 2373-745X","issue":"4","issued":{"season":4,"date-parts":[[2020]]},"language":"en","page":"2489-2520","source":"DOI.org (Crossref)","title":"A Systematic Survey of Industrial Internet of Things Security: Requirements and Fog Computing Opportunities","title-short":"A Systematic Survey of Industrial Internet of Things Security","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9146364/","volume":"22"},{"id":"coralloCybersecurityAwarenessContext2022","abstract":"Cybersecurity is one of the main challenges faced by companies in the context of the Industrial Internet of Things (IIoT), in which a number of smart devices associated with machines, computers and people are networked and communicate with each other. In this connected industrial scenario, personnel need to be aware of cybersecurity issues in order to prevent or minimise the occurrence of cybersecurity incidents and corporate data breaches, and thus to make companies resilient to cyber-attacks. In addition, the recent increase in smart working due to the COVID-19 pandemic means that the need for cybersecurity awareness is more relevant than ever.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Corallo","given":"Angelo"},{"family":"Lazoi","given":"Mariangela"},{"family":"Lezzi","given":"Marianna"},{"family":"Luperto","given":"Angela"}],"citation-key":"coralloCybersecurityAwarenessContext2022","container-title":"Computers in Industry","container-title-short":"Computers in Industry","DOI":"10.1016/j.compind.2022.103614","ISSN":"01663615","issued":{"date-parts":[["2022",5]]},"language":"en","page":"103614","source":"DOI.org (Crossref)","title":"Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review","title-short":"Cybersecurity awareness in the context of the Industrial Internet of Things","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0166361522000094","volume":"137"},{"id":"sisinniIndustrialInternetThings2018","abstract":"Internet of Things (IoT) is an emerging domain that promises ubiquitous connection to the Internet, turning common objects into connected devices. The IoT paradigm is changing the way people interact with things around them. It paves the way for creating pervasively connected infrastructures to support innovative services and promises better ﬂexibility and efﬁciency. Such advantages are attractive not only for consumer applications, but also for the industrial domain. Over the last few years, we have been witnessing the IoT paradigm making its way into the industry marketplace with purposely designed solutions. In this paper, we clarify the concepts of IoT, Industrial IoT, and Industry 4.0. We highlight the opportunities brought in by this paradigm shift as well as the challenges for its realization. In particular, we focus on the challenges associated with the need of energy efﬁciency, real-time performance, coexistence, interoperability, and security and privacy. We also provide a systematic overview of the state-of-the-art research efforts and potential research directions to solve Industrial IoT challenges.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Sisinni","given":"Emiliano"},{"family":"Saifullah","given":"Abusayeed"},{"family":"Han","given":"Song"},{"family":"Jennehag","given":"Ulf"},{"family":"Gidlund","given":"Mikael"}],"citation-key":"sisinniIndustrialInternetThings2018","container-title":"IEEE Transactions on Industrial Informatics","container-title-short":"IEEE Trans. Ind. Inf.","DOI":"10.1109/TII.2018.2852491","ISSN":"1551-3203, 1941-0050","issue":"11","issued":{"date-parts":[["2018",11]]},"language":"en","page":"4724-4734","source":"DOI.org (Crossref)","title":"Industrial Internet of Things: Challenges, Opportunities, and Directions","title-short":"Industrial Internet of Things","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8401919/","volume":"14"},{"id":"babuSecurityIssuesSCADA2017","abstract":"Ongoing research and developments in modern information and communication technologies have revolutionized the design of industrial control systems (ICS). There is a major domain transition from traditional electromechanical systems to network based digital systems, which has indeed created a powerful interface between state-of the-art computing technologies/paradigms and physical processes sought to be controlled. ICS play a critical role in the industrial and manufacturing sector. Major infrastructures like petrochemical industries, waste water treatment facilities, nuclear power plants, pharmaceuticals, food and beverage industries etc. cannot run properly without ICS. Real-time processing, reliability and advanced distributed intelligence are some of the core characteristics of ICS which are incorporated with the help of state-of-the-art internet communication and computing technologies. The complex embedded coupling of hardware and software components such as actuators, sensors and the physical processes are all monitored and manipulated by the communication and network protocol based controllers like supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLC), distributed control systems (DCS) etc. The integration of these technologies makes the access to ICS from the external world much easier. On the other hand, this has led to many critical cyber-security issues also. These issues are of such a nature that they may sometimes pose a serious threat to the safety of humans and the environment as well. Unless managed properly, these can have adverse implications for the national economy also, in terms of production losses. In this paper, we attempt to give a comprehensive review of the unique aspects of cyber-security issues in ICS. Specifically, we delve upon the issues of security assessment and architectural reviewing of ICS. We also give a brief survey on different threat attacks on ICS.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Babu","given":"Bijoy"},{"family":"Ijyas","given":"Thafasal"},{"literal":"Muneer P."},{"family":"Varghese","given":"Justin"}],"citation-key":"babuSecurityIssuesSCADA2017","container-title":"2017 2nd International Conference on Anti-Cyber Crimes (ICACC)","DOI":"10.1109/Anti-Cybercrime.2017.7905261","event-place":"Abha, Saudi Arabia","event-title":"2017 2nd International Conference on Anti-Cyber Crimes (ICACC)","ISBN":"978-1-5090-5814-3","issued":{"date-parts":[["2017",3]]},"language":"en","page":"47-51","publisher":"IEEE","publisher-place":"Abha, Saudi Arabia","source":"DOI.org (Crossref)","title":"Security issues in SCADA based industrial control systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7905261/"},{"id":"gawandSecuringCyberPhysical2017","abstract":"In industrial plants such as nuclear power plants, system operations are performed by embedded controllers orchestrated by Supervisory Control and Data Acquisition (SCADA) software. A targeted attack (also termed a control aware attack) on the controller/SCADA software can lead a control system to operate in an unsafe mode or sometimes to complete shutdown of the plant. Such malware attacks can result in tremendous cost to the organization for recovery, cleanup, and maintenance activity. SCADA systems in operational mode generate huge log ﬁles. These ﬁles are useful in analysis of the plant behavior and diagnostics during an ongoing attack. However, they are bulky and difﬁcult for manual inspection. Data mining techniques such as least squares approximation and computational methods can be used in the analysis of logs and to take proactive actions when required. This paper explores methodologies and algorithms so as to develop an effective monitoring scheme against control aware cyber attacks. It also explains soft computation techniques such as the computational geometric method and least squares approximation that can be effective in monitor design. This paper provides insights into diagnostic monitoring of its effectiveness by attack simulations on a four-tank model and using computation techniques to diagnose it. Cyber security of instrumentation and control systems used in nuclear power plants is of paramount importance and hence could be a possible target of such applications.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Gawand","given":"Hemangi Laxman"},{"family":"Bhattacharjee","given":"A.K."},{"family":"Roy","given":"Kallol"}],"citation-key":"gawandSecuringCyberPhysical2017","container-title":"Nuclear Engineering and Technology","container-title-short":"Nuclear Engineering and Technology","DOI":"10.1016/j.net.2016.10.009","ISSN":"17385733","issue":"3","issued":{"date-parts":[["2017",4]]},"language":"en","page":"484-494","source":"DOI.org (Crossref)","title":"Securing a Cyber Physical System in Nuclear Power Plants Using Least Square Approximation and Computational Geometric Approach","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1738573316302881","volume":"49"},{"id":"poreskyCyberSecurityNuclear","author":[{"family":"Poresky","given":"Christopher"},{"family":"Andreades","given":"Charalampos"},{"family":"Kendrick","given":"James"},{"family":"Peterson","given":"Per"}],"citation-key":"poreskyCyberSecurityNuclear","language":"en","page":"15","source":"Zotero","title":"Cyber Security in Nuclear Power Plants","type":"article-journal"},{"id":"kimCyberAttackTaxonomy2020","abstract":"With the development of digital instrumentation and control (I&C) devices, cyber security at nuclear power plants (NPPs) has become a hot issue. The Stuxnet, which destroyed Iran's uranium enrichment facility in 2010, suggests that NPPs could even lead to an accident involving the release of radioactive materials cyber-attacks.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Kim","given":"Seungmin"},{"family":"Heo","given":"Gyunyoung"},{"family":"Zio","given":"Enrico"},{"family":"Shin","given":"Jinsoo"},{"family":"Song","given":"Jae-gu"}],"citation-key":"kimCyberAttackTaxonomy2020","container-title":"Nuclear Engineering and Technology","container-title-short":"Nuclear Engineering and Technology","DOI":"10.1016/j.net.2019.11.001","ISSN":"17385733","issue":"5","issued":{"date-parts":[["2020",5]]},"language":"en","page":"995-1001","source":"DOI.org (Crossref)","title":"Cyber attack taxonomy for digital environment in nuclear power plants","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1738573319305443","volume":"52"},{"id":"xuNuclearPowerPlants2017","accessed":{"date-parts":[["2022",9,30]]},"citation-key":"xuNuclearPowerPlants2017","collection-title":"Lecture Notes in Electrical Engineering","DOI":"10.1007/978-981-10-3361-2","editor":[{"family":"Xu","given":"Yang"}],"event-place":"Singapore","ISBN":"978-981-10-3360-5 978-981-10-3361-2","issued":{"date-parts":[["2017"]]},"language":"en","publisher":"Springer Singapore","publisher-place":"Singapore","source":"DOI.org (Crossref)","title":"Nuclear Power Plants: Innovative Technologies for Instrumentation and Control Systems: International Symposium on Software Reliability, Industrial Safety, Cyber Security and Physical Protection of Nuclear Power Plant","title-short":"Nuclear Power Plants","type":"book","URL":"http://link.springer.com/10.1007/978-981-10-3361-2","volume":"400"},{"id":"masoodAssessmentCyberSecurity","abstract":"Nuclear power plants play an important role in electricity production for many countries. They supply power to industries, centers, government facilities, and residential areas. Yet, upon review, several cases reveal that even a small-scale attack on a nuclear power plant could lead to catastrophic consequences for a country’s citizens, economy, infrastructure, and security. In recent years, there has been increased attention to the area of nuclear cybersecurity due to attacks or incidents designed to disrupt NPP operations. In spite of this rise of nuclear-related cyber attacks, the security for NPPs has not been holistically addressed. Literature review reveals the lack of a comprehensive information security framework to secure nuclear power plants from internal and external threats.","author":[{"family":"Masood","given":"Rahat"}],"citation-key":"masoodAssessmentCyberSecurity","language":"en","page":"43","source":"Zotero","title":"Assessment of Cyber Security Challenges in Nuclear Power Plants","type":"article-journal"},{"id":"petersonOverviewMethodologiesCybersecurity2019","abstract":"Cyber-attacks against critical energy infrastructure have gone from possible to eventual to actual. With electrical generation sources in the United States changing under a wide range of pressures, the current ﬂeet of nuclear power plants in the United States provides a reliable and sustainable source of electrical generation capacity. However, in order to extend the lifetime of the ﬂeet, modernization upgrades to digital instrumentation and control systems are required. While this produces many opportunities for increased eﬃciency, it introduces a new level of complexity for securing and reliably operating reactors in the presence cyberthreats. The United States Nuclear Regulatory Commission recently began urging stronger cybersecurity eﬀorts at nuclear power plants. As upgrades at nuclear power plants begin, the implementation of digital instrumentation and control systems to monitor and run the power plant introduces new vulnerabilities that must be addressed. This necessitates a more modern discussion of risk. Within this context, we critically review past cyber-vulnerability incidents at nuclear installations and other critical facilities. We then analyze challenges to vulnerabilities within the context of modernization of the current nuclear ﬂeet and propose future research directions needed to resolve these issues.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Peterson","given":"John"},{"family":"Haney","given":"Michael"},{"family":"Borrelli","given":"R.A."}],"citation-key":"petersonOverviewMethodologiesCybersecurity2019","container-title":"Nuclear Engineering and Design","container-title-short":"Nuclear Engineering and Design","DOI":"10.1016/j.nucengdes.2019.02.025","ISSN":"00295493","issued":{"date-parts":[["2019",5]]},"language":"en","page":"75-84","source":"DOI.org (Crossref)","title":"An overview of methodologies for cybersecurity vulnerability assessments conducted in nuclear power plants","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0029549319300330","volume":"346"},{"id":"pliatsiosSurveySCADASystems2020","abstract":"Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Pliatsios","given":"Dimitrios"},{"family":"Sarigiannidis","given":"Panagiotis"},{"family":"Lagkas","given":"Thomas"},{"family":"Sarigiannidis","given":"Antonios G."}],"citation-key":"pliatsiosSurveySCADASystems2020","container-title":"IEEE Communications Surveys & Tutorials","container-title-short":"IEEE Commun. Surv. Tutorials","DOI":"10.1109/COMST.2020.2987688","ISSN":"1553-877X, 2373-745X","issue":"3","issued":{"season":3,"date-parts":[[2020]]},"language":"en","page":"1942-1976","source":"DOI.org (Crossref)","title":"A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics","title-short":"A Survey on SCADA Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9066892/","volume":"22"},{"id":"antoniniSecurityChallengesBuilding2014","abstract":"Cyber-Physical Systems (CPSs) are systems in which software and hardware entities monitor and manage physical devices using communication channels. They have become ubiquitous in many domains including health monitoring, smart vehicles and energy efﬁciency as in smart buildings and smart grid operations. The introduction of a digital control system and a communication channel, to exchange data with the physical system, increases the chance of vulnerabilities in the overall system. This paper presents the state-of-the-art of the security vulnerabilities of such systems as well as the possible methods to mitigate/reduce such threats. We will describe recent promising solutions to guarantee conﬁdentiality and authentication of the transported data in building automation network domains, and present ideas to analyze and formally verify the control commands issued by the (possibly compromised) control network computers for execution on SCADA system actuators. The purpose of the latter approach is to prevent malicious parties from injecting malicious commands and potentially driving the underlying physical system into an unsafe state.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Antonini","given":"Alessio"},{"family":"Barenghi","given":"Alessandro"},{"family":"Pelosi","given":"Gerardo"},{"family":"Zonouz","given":"Saman"}],"citation-key":"antoniniSecurityChallengesBuilding2014","container-title":"2014 International Carnahan Conference on Security Technology (ICCST)","DOI":"10.1109/CCST.2014.6986996","event-place":"Rome, Italy","event-title":"2014 International Carnahan Conference on Security Technology (ICCST)","ISBN":"978-1-4799-3532-1 978-1-4799-3530-7","issued":{"date-parts":[["2014",10]]},"language":"en","page":"1-6","publisher":"IEEE","publisher-place":"Rome, Italy","source":"DOI.org (Crossref)","title":"Security challenges in building automation and SCADA","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/6986996/"},{"id":"edmondsSECURITYANALYSISMULTILAYER","abstract":"The layering of protocols in critical infrastructure networks – exempliﬁed by Modbus TCP in the oil and gas sector and SS7oIP in the telecommunications sector – raises important security issues. The individual protocol stacks, e.g., Modbus and SS7, have certain vulnerabilities, and transporting these protocols using carrier protocols, e.g., TCP/IP, brings into play the vulnerabilities of the carrier protocols. Moreover, the layering produces unintended inter-protocol interactions and, possibly, new vulnerabilities. This paper describes a formal methodology for evaluating the security of multilayer SCADA protocols. The methodology, involving the analysis of peer-to-peer communications and multilayer protocol interactions, is discussed in the context of Modbus TCP, the predominant protocol used for oil and gas pipeline operations.","author":[{"family":"Edmonds","given":"Janica"},{"family":"Papa","given":"Mauricio"},{"family":"Shenoi","given":"Sujeet"}],"citation-key":"edmondsSECURITYANALYSISMULTILAYER","container-title":"CRITICAL INFRASTRUCTURE PROTECTION","language":"en","page":"17","source":"Zotero","title":"SECURITY ANALYSIS OF MULTILAYER SCADA PROTOCOLS: A MODBUS TCP CASE STUDY","type":"article-journal"},{"id":"fanOverviewCybersecurityIndustrial2015","abstract":"With the development of information technology, the network connection of industrial control system (ICS) and information technology (IT) is becoming more and more closely. What’s more, the security issues of traditional IT systems in industrial control system are also more prominent. Early industrial control system mainly uses physical isolation approach to protect security. In this paper, we review the characteristics and reference models of industrial control system and analyze the current security status of industrial control system. Moreover, we propose a defense-in-depth system, security policies of active protection and passive monitoring for these security issues. Besides, we also discuss the key technologies and summarize the full text.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Fan","given":"Xiaohe"},{"family":"Fan","given":"Kefeng"},{"family":"Wang","given":"Yong"},{"family":"Zhou","given":"Ruikang"}],"citation-key":"fanOverviewCybersecurityIndustrial2015","container-title":"2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC)","DOI":"10.1109/SSIC.2015.7245324","event-place":"Shanghai, China","event-title":"2015 International Conference on Cyber Security of Smart cities, Industrial Control System and Communications (SSIC)","ISBN":"978-1-4673-7977-9","issued":{"date-parts":[["2015",8]]},"language":"en","page":"1-7","publisher":"IEEE","publisher-place":"Shanghai, China","source":"DOI.org (Crossref)","title":"Overview of cyber-security of industrial control system","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7245324/"},{"id":"kayanCybersecurityIndustrialCyberPhysical2022","abstract":"Industrial cyber-physical systems\n              (\n              ICPSs\n              ) manage critical infrastructures by controlling the processes based on the “physics” data gathered by edge sensor networks. Recent innovations in ubiquitous computing and communication technologies have prompted the rapid integration of highly interconnected systems to ICPSs. Hence, the “security by obscurity” principle provided by air-gapping is no longer followed. As the interconnectivity in ICPSs increases, so does the attack surface. Industrial vulnerability assessment reports have shown that a variety of new vulnerabilities have occurred due to this transition. Although there are existing surveys in this context, very little is mentioned regarding the outputs of these reports. While these reports show that the most exploited vulnerabilities occur due to weak boundary protection, these vulnerabilities also occur due to limited or ill-defined security policies. However, current literature focuses on\n              intrusion detection systems\n              (\n              IDSs\n              ),\n              network traffic analysis\n              (\n              NTA\n              ) methods, or anomaly detection techniques. Hence, finding a solution for the problems mentioned in these reports is relatively hard. We bridge this gap by defining and reviewing ICPSs from a cybersecurity perspective. In particular, multi-dimensional adaptive attack taxonomy is presented and utilized for evaluating real-life ICPS cyber incidents. Finally, we identify the general shortcomings and highlight the points that cause a gap in existing literature while defining future research directions.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Kayan","given":"Hakan"},{"family":"Nunes","given":"Matthew"},{"family":"Rana","given":"Omer"},{"family":"Burnap","given":"Pete"},{"family":"Perera","given":"Charith"}],"citation-key":"kayanCybersecurityIndustrialCyberPhysical2022","container-title":"ACM Computing Surveys","container-title-short":"ACM Comput. Surv.","DOI":"10.1145/3510410","ISSN":"0360-0300, 1557-7341","issue":"11s","issued":{"date-parts":[["2022",1,31]]},"language":"en","page":"1-35","source":"DOI.org (Crossref)","title":"Cybersecurity of Industrial Cyber-Physical Systems: A Review","title-short":"Cybersecurity of Industrial Cyber-Physical Systems","type":"article-journal","URL":"https://dl.acm.org/doi/10.1145/3510410","volume":"54"},{"id":"guanStabilityBasedControllerDesign2021","abstract":"A cloud control system (CCS) is inherently uncertain due to the dynamic services and resources in cloud computing. In this paper, an approach of modeling and controller design for CCS is proposed that considers the uncertainties existing in the controlled plant, network, and controller simultaneously; then, a general framework for modeling and controlling uncertain control systems is constructed. First, a typical CCS structure is presented, and the uncertainties in the CCS are analyzed and decomposed. On this basis, a generalized uncertain state-space model is established, which includes the interval controlled plant and the stochastic network, considering the time-delay and packet loss. Meanwhile, the cloud controller model with interval parameters and stochastic time-delay is designed, which includes the state observer and control law. Then, based on the Lyapunov stability theorem and the linear matrix inequality (LMI) method, a stability criterion for obtaining the parameters of the cloud controller is proposed, in which all the results are expressed in the form of the LMI. Finally, simulation results show the effectiveness and generalization performance of the designed cloud controller.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Guan","given":"Shouping"},{"family":"Niu","given":"Senlin"}],"citation-key":"guanStabilityBasedControllerDesign2021","container-title":"IEEE Access","container-title-short":"IEEE Access","DOI":"10.1109/ACCESS.2021.3059766","ISSN":"2169-3536","issued":{"date-parts":[["2021"]]},"language":"en","page":"29056-29070","source":"DOI.org (Crossref)","title":"Stability-Based Controller Design of Cloud Control System With Uncertainties","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9354804/","volume":"9"},{"id":"daiIndustrialEdgeComputing2019","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Dai","given":"Wenbin"},{"family":"Nishi","given":"Hiroaki"},{"family":"Vyatkin","given":"Valeriy"},{"family":"Huang","given":"Victor"},{"family":"Shi","given":"Yang"},{"family":"Guan","given":"Xinping"}],"citation-key":"daiIndustrialEdgeComputing2019","container-title":"IEEE Industrial Electronics Magazine","container-title-short":"EEE Ind. Electron. Mag.","DOI":"10.1109/MIE.2019.2943283","ISSN":"1932-4529, 1941-0115","issue":"4","issued":{"date-parts":[["2019",12]]},"language":"en","page":"48-56","source":"DOI.org (Crossref)","title":"Industrial Edge Computing: Enabling Embedded Intelligence","title-short":"Industrial Edge Computing","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8941000/","volume":"13"},{"id":"maExploringEdgeComputing2020","abstract":"Industrial automation traditionally relies on local controllers implemented on microcontrollers or programmable logic controllers. With the emergence of edge computing, however, industrial automation evolves into a distributed two-tier computing architecture comprising local controllers and edge servers that communicate over wireless networks. Compared to local controllers, edge servers provide larger computing capacity at the cost of data loss over wireless networks. This article presents switching multitier control (SMC) to exploit edge computing for industrial control. SMC dynamically optimizes control performance by switching between local and edge controllers in response to changing network conditions. SMC employs a data-driven approach to derive switching policies based on classiﬁcation models trained based on simulations while guaranteeing system stability based on an extended Simplex approach tailored for two-tier platforms. To evaluate the performance of industrial control over edge computing platforms, we have developed WCPS-EC, a real-time hybrid simulator that integrates simulated plants, real computing platforms, and real or simulated wireless networks. In a case study of an industrial robotic control system, SMC signiﬁcantly outperformed both a local controller and an edge controller in face of varying data loss in a wireless network.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Ma","given":"Yehan"},{"family":"Lu","given":"Chenyang"},{"family":"Sinopoli","given":"Bruno"},{"family":"Zeng","given":"Shen"}],"citation-key":"maExploringEdgeComputing2020","container-title":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","container-title-short":"IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.","DOI":"10.1109/TCAD.2020.3012648","ISSN":"0278-0070, 1937-4151","issue":"11","issued":{"date-parts":[["2020",11]]},"language":"en","page":"3506-3518","source":"DOI.org (Crossref)","title":"Exploring Edge Computing for Multitier Industrial Control","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9211472/","volume":"39"},{"id":"villalongaCloudBasedIndustrialCyber2020","abstract":"Nowadays, reconﬁguration and adaptation by means of optimal re-parameterization in Industrial Cyber–Physical Systems (ICPSs) is one of the bottlenecks for the digital transformation of the manufacturing industry. This article proposes a cloud-to-edge-based ICPS equipped with machine learning techniques. The proposed reasoning module includes a learning procedure based on two reinforcement learning techniques, running in parallel, for updating both the data-conditioning and processing strategy and the prediction model. The presented solution distributes computational resources and analytic engines in multiple layers and independent modules, increasing the smartness and the autonomy for monitoring and control the behavior at the shop ﬂoor level. The suitability of the proposed solution, evaluated in a pilot line, is endorsed by fast time response (i.e., 0.01 s at the edge level) and the appropriate setting of optimal operational parameters for guaranteeing the desired quality surface roughness during macro- and micro-milling operations.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Villalonga","given":"Alberto"},{"family":"Beruvides","given":"Gerardo"},{"family":"Castano","given":"Fernando"},{"family":"Haber","given":"Rodolfo E."}],"citation-key":"villalongaCloudBasedIndustrialCyber2020","container-title":"IEEE Transactions on Industrial Informatics","container-title-short":"IEEE Trans. Ind. Inf.","DOI":"10.1109/TII.2020.2971057","ISSN":"1551-3203, 1941-0050","issue":"9","issued":{"date-parts":[["2020",9]]},"language":"en","page":"5975-5984","source":"DOI.org (Crossref)","title":"Cloud-Based Industrial Cyber–Physical System for Data-Driven Reasoning: A Review and Use Case on an Industry 4.0 Pilot Line","title-short":"Cloud-Based Industrial Cyber–Physical System for Data-Driven Reasoning","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8978483/","volume":"16"},{"id":"xuSurveyIndustrialInternet2018","abstract":"The vision of Industry 4.0, otherwise known as the fourth industrial revolution, is the integration of massively deployed smart computing and network technologies in industrial production and manufacturing settings for the purposes of automation, reliability, and control, implicating the development of an Industrial Internet of Things (I-IoT). Speciﬁcally, I-IoT is devoted to adopting the IoT to enable the interconnection of anything, anywhere, and at any time in the manufacturing system context to improve the productivity, efﬁciency, safety, and intelligence. As an emerging technology, I-IoT has distinct properties and requirements that distinguish it from consumer IoT, including the unique types of smart devices incorporated, network technologies and quality-of-service requirements, and strict needs of command and control. To more clearly understand the complexities of I-IoT and its distinct needs and to present a uniﬁed assessment of the technology from a systems’ perspective, in this paper, we comprehensively survey the body of existing research on I-IoT. Particularly, we ﬁrst present the I-IoT architecture, I-IoT applications (i.e., factory automation and process automation), and their characteristics. We then consider existing research efforts from the three key system aspects of control, networking, and computing. Regarding control, we ﬁrst categorize industrial control systems and then present recent and relevant research efforts. Next, considering networking, we propose a three-dimensional framework to explore the existing research space and investigate the adoption of some representative networking technologies, including 5G, machine-tomachine communication, and software-deﬁned networking. Similarly, concerning computing, we again propose a second three-dimensional framework that explores the problem space of computing in I-IoT and investigate the cloud, edge, and hybrid cloud and edge computing platforms. Finally, we outline particular challenges and future research needs in control, networking, and computing systems, as well as for the adoption of machine learning in an I-IoT context.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Xu","given":"Hansong"},{"family":"Yu","given":"Wei"},{"family":"Griffith","given":"David"},{"family":"Golmie","given":"Nada"}],"citation-key":"xuSurveyIndustrialInternet2018","container-title":"IEEE Access","container-title-short":"IEEE Access","DOI":"10.1109/ACCESS.2018.2884906","ISSN":"2169-3536","issued":{"date-parts":[["2018"]]},"language":"en","page":"78238-78259","source":"DOI.org (Crossref)","title":"A Survey on Industrial Internet of Things: A Cyber-Physical Systems Perspective","title-short":"A Survey on Industrial Internet of Things","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8558534/","volume":"6"},{"id":"caoSurveyEdgeEdgeCloud2021","abstract":"In recent years, the investigations on cyberphysical systems (CPS) have become increasingly popular in both academia and industry. A primary obstruction against the booming deployment of CPS applications lies in how to process and manage large amounts of generated data for decision making. To tackle this predicament, researchers advocate the idea of coupling edge computing, or edge-cloud computing into the design of CPS. However, this coupling process raises a diversity of challenges to the quality-of-services (QoS) of CPS applications. In this article, we present a survey on edge computing or edge-cloud computing assisted CPS designs from the QoS optimization perspective. We ﬁrst discuss critical challenges in service latency, energy consumption, security, privacy, and reliability during the integration of CPS with edge computing or edge-cloud computing. Afterwards, we give an overview on the state-of-the-art works tackling different challenges for QoS optimization, and present a systematic classiﬁcation during outlining literature for highlighting their similarities and differences. We ﬁnally summarize the experiences learned from surveyed works and envision future research directions on edge computing or edge-cloud computing assisted CPS optimization.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Cao","given":"Kun"},{"family":"Hu","given":"Shiyan"},{"family":"Shi","given":"Yang"},{"family":"Colombo","given":"Armando"},{"family":"Karnouskos","given":"Stamatis"},{"family":"Li","given":"Xin"}],"citation-key":"caoSurveyEdgeEdgeCloud2021","container-title":"IEEE Transactions on Industrial Informatics","container-title-short":"IEEE Trans. Ind. Inf.","DOI":"10.1109/TII.2021.3073066","ISSN":"1551-3203, 1941-0050","issue":"11","issued":{"date-parts":[["2021",11]]},"language":"en","page":"7806-7819","source":"DOI.org (Crossref)","title":"A Survey on Edge and Edge-Cloud Computing Assisted Cyber-Physical Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9403939/","volume":"17"},{"id":"huangCyberphysicalSystemSecurity2015","abstract":"Cyber-physical systems (CPSs) are integrations of networks, computation and physical processes, where embedded computing devices continually sense, monitor, and control the physical processes through networks. Networked industrial processes combining internet, real-time computer control systems and industrial processes together are typical CPSs. With the increasingly frequent cyber-attack, security issues have gradually become key problems for CPSs. In this paper, a cyber-physical system security protection approach for networked industrial processes, i.e., industrial CPSs, is proposed. In this approach, attacks are handled layer by layer from general information technology (IT) security protection, to active protection, then to intrusion tolerance and physical security protection. The intrusion tolerance implemented in real-time control systems is the most critical layer because the real time control system directly aﬀects the physical layer. This novel intrusion tolerance scheme with a closed loop defense framework takes into account the special requirements of industrial CPSs. To illustrate the eﬀectiveness of the CPS security protection approach, a networked water level control system is described as a case study in the architecture analysis and design language (AADL) environment. Simulation results show that 3 types of injected attacks can be quickly defended by using the proposed protection approach.","accessed":{"date-parts":[["2022",9,30]]},"author":[{"family":"Huang","given":"Shuang"},{"family":"Zhou","given":"Chun-Jie"},{"family":"Yang","given":"Shuang-Hua"},{"family":"Qin","given":"Yuan-Qing"}],"citation-key":"huangCyberphysicalSystemSecurity2015","container-title":"International Journal of Automation and Computing","container-title-short":"Int. J. Autom. Comput.","DOI":"10.1007/s11633-015-0923-9","ISSN":"1476-8186, 1751-8520","issue":"6","issued":{"date-parts":[["2015",12]]},"language":"en","page":"567-578","source":"DOI.org (Crossref)","title":"Cyber-physical system security for networked industrial processes","type":"article-journal","URL":"http://link.springer.com/10.1007/s11633-015-0923-9","volume":"12"},{"id":"ogataFormalMethodsSoftware2016","accessed":{"date-parts":[["2022",9,30]]},"citation-key":"ogataFormalMethodsSoftware2016","collection-title":"Lecture Notes in Computer Science","DOI":"10.1007/978-3-319-47846-3","editor":[{"family":"Ogata","given":"Kazuhiro"},{"family":"Lawford","given":"Mark"},{"family":"Liu","given":"Shaoying"}],"event-place":"Cham","ISBN":"978-3-319-47845-6 978-3-319-47846-3","issued":{"date-parts":[["2016"]]},"language":"en","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Formal Methods and Software Engineering: 18th International Conference on Formal Engineering Methods, ICFEM 2016, Tokyo, Japan, November 14-18, 2016, Proceedings","title-short":"Formal Methods and Software Engineering","type":"book","URL":"http://link.springer.com/10.1007/978-3-319-47846-3","volume":"10009"},{"id":"sadraddiniFormalMethodsAdaptive2017","abstract":"We develop a method to control discrete-time systems with constant but initially unknown parameters from linear temporal logic (LTL) specifications. We introduce the notions of (non-deterministic) parametric and adaptive transition systems and show how to use tools from formal methods to compute adaptive control strategies for finite systems. For infinite systems, we first compute abstractions in the form of parametric finite quotient transition systems and then apply the techniques for finite systems. Unlike traditional adaptive control techniques, our method is correct-by-design, does not require a reference model, and can handle a much wider range of systems and specifications. Illustrative examples are included.","author":[{"family":"Sadraddini","given":"Sadra"},{"family":"Belta","given":"Calin"}],"citation-key":"sadraddiniFormalMethodsAdaptive2017","container-title":"2017 IEEE 56th Annual Conference on Decision and Control (CDC)","DOI":"10.1109/CDC.2017.8263906","event-title":"2017 IEEE 56th Annual Conference on Decision and Control (CDC)","issued":{"date-parts":[["2017",12]]},"page":"1782-1787","source":"IEEE Xplore","title":"Formal methods for adaptive control of dynamical systems","type":"paper-conference"},{"id":"teigeTwoDecadesFormal2021","abstract":"Over the last two decades, we at BTC Embedded Systems have collected experience with various applications of formal methods in our products together with our industrial partners and customers. In this paper, we give an overview of these fields of applications.","author":[{"family":"Teige","given":"Tino"},{"family":"Eggers","given":"Andreas"},{"family":"Scheibler","given":"Karsten"},{"family":"Stasch","given":"Matthias"},{"family":"Brockmeyer","given":"Udo"},{"family":"Holberg","given":"Hans J."},{"family":"Bienmüller","given":"Tom"}],"citation-key":"teigeTwoDecadesFormal2021","collection-title":"Lecture Notes in Computer Science","container-title":"Formal Methods","DOI":"10.1007/978-3-030-90870-6_40","editor":[{"family":"Huisman","given":"Marieke"},{"family":"Păsăreanu","given":"Corina"},{"family":"Zhan","given":"Naijun"}],"event-place":"Cham","ISBN":"978-3-030-90870-6","issued":{"date-parts":[["2021"]]},"language":"en","page":"725-729","publisher":"Springer International Publishing","publisher-place":"Cham","source":"Springer Link","title":"Two Decades of Formal Methods in Industrial Products at BTC Embedded Systems","type":"paper-conference"},{"id":"zimmermanMakingFormalMethods2000","abstract":"Despite their potential, formal methods have had difficulty gaining acceptance in the industrial sector. Some complaints are based on supposed impracticality: many consider formal methods to be an approach to system specification and analysis that requires a large learning time. Contributing to this scepticism is the fact that some types of formal methods have not yet been proven to handle systems of realistic complexity. To learn more about how to design formal specification languages that can be used for complex systems and require minimal training, we developed a formal specification of an English language specification of the vertical flight control system similar to that found in the MD-11. This paper describes the lessons learned from this experience.","author":[{"family":"Zimmerman","given":"M."},{"family":"Rodriguez","given":"M."},{"family":"Ingram","given":"B."},{"family":"Katahira","given":"M."},{"family":"Villepin","given":"M.","non-dropping-particle":"de"},{"family":"Leveson","given":"N."}],"citation-key":"zimmermanMakingFormalMethods2000","container-title":"19th DASC. 19th Digital Avionics Systems Conference. Proceedings (Cat. No.00CH37126)","DOI":"10.1109/DASC.2000.886879","event-title":"19th DASC. 19th Digital Avionics Systems Conference. Proceedings (Cat. No.00CH37126)","issued":{"date-parts":[["2000",10]]},"page":"1B2/1-1B2/8 vol.1","source":"IEEE Xplore","title":"Making formal methods practical","type":"paper-conference","volume":"1"},{"id":"jasimFormalProofsFeedback2017","abstract":"Control theory can establish properties of systems which hold with all signals within the system and hence cannot be proven by simulation. The most basic of such property is the stability of a control subsystem or the overall system. Other examples are statements on robust control performance in the face of dynamical uncertainties and disturbances in sensing and actuation. Until now these theories were developed and checked for their correctness by control scientist manually using their mathematical knowledge. With the emergence of formal methods, there is now the possibility to derive and prove robust control theory by symbolic computation on computers. There is a demand for this approach from industry for the verification of practical control systems with concrete numerical values where the applicability of a control theorem is specialised to an application with given numerical boundaries of parameter variations. The paper gives an overview of the challenges of the area and illustrates them on a computer-based formal proof of the Small-gain theorem and conclusions are drawn from these initial experiences.","author":[{"family":"Jasim","given":"Omar A."},{"family":"Veres","given":"Sandor M."}],"citation-key":"jasimFormalProofsFeedback2017","container-title":"2017 21st International Conference on System Theory, Control and Computing (ICSTCC)","DOI":"10.1109/ICSTCC.2017.8107009","event-title":"2017 21st International Conference on System Theory, Control and Computing (ICSTCC)","issued":{"date-parts":[["2017",10]]},"page":"43-48","source":"IEEE Xplore","title":"Towards formal proofs of feedback control theory","type":"paper-conference"},{"id":"MissionAccomplishedIntroduction","accessed":{"date-parts":[["2022",6,20]]},"citation-key":"MissionAccomplishedIntroduction","title":"Mission Accomplished: An Introduction to Formal Methods in Mobile Robot Motion Planning and Control | Unmanned Systems","type":"webpage","URL":"https://www.worldscientific.com/doi/abs/10.1142/S2301385014300029"},{"id":"beltaFormalMethodsControl2019","abstract":"In control theory, complicated dynamics such as systems of (nonlinear) differential equations are controlled mostly to achieve stability. This fundamental property, which can be with respect to a desired operating point or a prescribed trajectory, is often linked with optimality, which requires minimizing a certain cost along the trajectories of a stable system. In formal verification (model checking), simple systems, such as finite-state transition graphs that model computer programs or digital circuits, are checked against rich specifications given as formulas of temporal logics. The formal synthesis problem, in which the goal is to synthesize or control a finite system from a temporal logic specification, has recently received increased interest. In this article, we review some recent results on the connection between optimal control and formal synthesis. Specifically, we focus on the following problem: Given a cost and a correctness temporal logic specification for a dynamical system, generate an optimal control strategy that satisfies the specification. We first provide a short overview of automata-based methods, in which the dynamics of the system are mapped to a finite abstraction that is then controlled using an automaton corresponding to the specification. We then provide a detailed overview of a class of methods that rely on mapping the specification and the dynamics to constraints of an optimization problem. We discuss advantages and limitations of these two types of approaches and suggest directions for future research.","accessed":{"date-parts":[["2022",6,20]]},"author":[{"family":"Belta","given":"Calin"},{"family":"Sadraddini","given":"Sadra"}],"citation-key":"beltaFormalMethodsControl2019","container-title":"Annual Review of Control, Robotics, and Autonomous Systems","DOI":"10.1146/annurev-control-053018-023717","issue":"1","issued":{"date-parts":[["2019"]]},"page":"115-140","source":"Annual Reviews","title":"Formal Methods for Control Synthesis: An Optimization Perspective","title-short":"Formal Methods for Control Synthesis","type":"article-journal","URL":"https://doi.org/10.1146/annurev-control-053018-023717","volume":"2"},{"id":"rouhlingFormalProofCoq2018","abstract":"Control theory provides techniques to design controllers, or control functions, for dynamical systems with inputs, so as to grant a particular behaviour of such a system. The inverted pendulum is a classic system in control theory: it is used as a benchmark for nonlinear control techniques and is a model for several other systems with various applications. We formalized in the Coq proof assistant the proof of soundness of a control function for the inverted pendulum. This is a first step towards the formal verification of more complex systems for which safety may be critical.","accessed":{"date-parts":[["2022",6,20]]},"author":[{"family":"Rouhling","given":"Damien"}],"citation-key":"rouhlingFormalProofCoq2018","collection-title":"CPP 2018","container-title":"Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs","DOI":"10.1145/3167101","event-place":"New York, NY, USA","ISBN":"978-1-4503-5586-5","issued":{"date-parts":[["2018",1,8]]},"page":"28–41","publisher":"Association for Computing Machinery","publisher-place":"New York, NY, USA","source":"ACM Digital Library","title":"A formal proof in Coq of a control function for the inverted pendulum","type":"paper-conference","URL":"https://doi.org/10.1145/3167101"},{"id":"CybersecurityCapabilityMaturity","citation-key":"CybersecurityCapabilityMaturity","language":"en","page":"35","source":"Zotero","title":"Cybersecurity Capability Maturity Model                                                                                                    White Paper","type":"article-journal"},{"id":"yaoQualityUncertaintyQuantification2019","abstract":"Bayesian Neural Networks (BNNs) place priors over the parameters in a neural network. Inference in BNNs, however, is difficult; all inference methods for BNNs are approximate. In this work, we empirically compare the quality of predictive uncertainty estimates for 10 common inference methods on both regression and classification tasks. Our experiments demonstrate that commonly used metrics (e.g. test log-likelihood) can be misleading. Our experiments also indicate that inference innovations designed to capture structure in the posterior do not necessarily produce high quality posterior approximations.","accessed":{"date-parts":[["2022",5,5]]},"author":[{"family":"Yao","given":"Jiayu"},{"family":"Pan","given":"Weiwei"},{"family":"Ghosh","given":"Soumya"},{"family":"Doshi-Velez","given":"Finale"}],"citation-key":"yaoQualityUncertaintyQuantification2019","container-title":"arXiv:1906.09686 [cs, stat]","issued":{"date-parts":[["2019",6,23]]},"source":"arXiv.org","title":"Quality of Uncertainty Quantification for Bayesian Neural Network Inference","type":"article-journal","URL":"http://arxiv.org/abs/1906.09686"},{"id":"kabirNeuralNetworkBasedUncertainty2018","abstract":"Uncertainty quantification plays a critical role in the process of decision making and optimization in many fields of science and engineering. The field has gained an overwhelming attention among researchers in recent years resulting in an arsenal of different methods. Probabilistic forecasting and in particular prediction intervals (PIs) are one of the techniques most widely used in the literature for uncertainty quantification. Researchers have reported studies of uncertainty quantification in critical applications such as medical diagnostics, bioinformatics, renewable energies, and power grids. The purpose of this survey paper is to comprehensively study neural network-based methods for construction of prediction intervals. It will cover how PIs are constructed, optimized, and applied for decision-making in presence of uncertainties. Also, different criteria for unbiased PI evaluation are investigated. The paper also provides some guidelines for further research in the field of neural network-based uncertainty quantification.","author":[{"family":"Kabir","given":"H. M. Dipu"},{"family":"Khosravi","given":"Abbas"},{"family":"Hosen","given":"Mohammad Anwar"},{"family":"Nahavandi","given":"Saeid"}],"citation-key":"kabirNeuralNetworkBasedUncertainty2018","container-title":"IEEE Access","DOI":"10.1109/ACCESS.2018.2836917","ISSN":"2169-3536","issued":{"date-parts":[["2018"]]},"page":"36218-36234","source":"IEEE Xplore","title":"Neural Network-Based Uncertainty Quantification: A Survey of Methodologies and Applications","title-short":"Neural Network-Based Uncertainty Quantification","type":"article-journal","volume":"6"},{"id":"allisonSpecialIssueArtificial2022","abstract":"Artificial intelligence (AI) has had a strong presence in engineering design for decades, and while theory, methods, and tools for engineering design have advanced significantly during this time, many grand challenges remain. Modern advancements in AI, including new strategies for capturing, storing, and analyzing data, have the potential to revolutionize engineering design processes in a variety of ways. The purpose of this special issue is to consolidate recent research activities that utilize existing or new AI methods to advance engineering design knowledge and capabilities.During the conception of this special issue, we identified three core interfaces between the research domains of engineering design and AI: (1) leveraging AI methods directly in engineering design methods, (2) creating new AI capabilities that are inspired by unique challenges that arise in engineering design, and (3) creating and analyzing design methods that are tailored for the design of engineering systems where the systems themselves utilize AI, such as autonomous vehicles. The diverse body of research articles that now comprise this special issue gravitate toward the first of these themes: advancing engineering design capability through the use of AI. While these articles are an exciting contribution to the design research literature, significant opportunities exist for more fully exploring the remaining two interfaces, ideally through more unified interdisciplinary efforts. During the process of synthesizing this editorial, we recognized a fourth interface between engineering design and AI: specifically, investigating how AI could be used as an increasingly powerful tool for conducting engineering design research, such as AI tools that are used directly in research activities (e.g., experiment planning or gathering information from human designers) and that are not necessarily part of the designed system or the design method.","accessed":{"date-parts":[["2022",5,2]]},"citation-key":"allisonSpecialIssueArtificial2022","container-title":"Journal of Mechanical Design","container-title-short":"Journal of Mechanical Design","DOI":"10.1115/1.4053111","editor":[{"family":"Allison","given":"James T."},{"family":"Cardin","given":"Michel-Alexandre"},{"family":"McComb","given":"Chris"},{"family":"Ren","given":"Max Yi"},{"family":"Selva","given":"Daniel"},{"family":"Tucker","given":"Conrad"},{"family":"Witherell","given":"Paul"},{"family":"Zhao","given":"Yaoyao Fiona"}],"ISSN":"1050-0472","issue":"2","issued":{"date-parts":[["2022",1,11]]},"source":"Silverchair","title":"Special Issue: Artificial Intelligence and Engineering Design","title-short":"Special Issue","type":"article-journal","URL":"https://doi.org/10.1115/1.4053111","volume":"144"},{"id":"DyanmicDeceptionIndustrial","citation-key":"DyanmicDeceptionIndustrial","publisher":"Attivo Networks","title":"Dyanmic Deception for Industrial Automation and Control Systems","type":"document","URL":"https://attivonetworks.com/documentation/Attivo_Networks-Energy_Whitepaper.pdf"},{"id":"leeIntroductionEmbeddedSystems2017","author":[{"family":"Lee","given":"Edward A."},{"family":"Seshia","given":"Sanjit A."}],"call-number":"TK7895.E42 L445 2017","citation-key":"leeIntroductionEmbeddedSystems2017","edition":"Second edition","event-place":"Cambridge, Massachuetts","ISBN":"978-0-262-53381-2","issued":{"date-parts":[["2017"]]},"language":"en","number-of-pages":"537","publisher":"MIT Press","publisher-place":"Cambridge, Massachuetts","source":"Library of Congress ISBN","title":"Introduction to embedded systems: a cyber-physical systems approach","title-short":"Introduction to embedded systems","type":"book"},{"id":"gentonClassesKernelsMachine2001","abstract":"In this paper, we present classes of kernels for machine learning from a statistics perspective. Indeed, kernels are positive definite functions and thus also covariances. After discussing key properties of kernels, as well as a new formula to construct kernels, we present several important classes of kernels: anisotropic stationary kernels, isotropic stationary kernels, compactly supported kernels, locally stationary kernels, nonstationary kernels, and separable nonstationary kernels. Compactly supported kernels and separable nonstationary kernels are of prime interest because they provide a computational reduction for kernel-based methods. We describe the spectral representation of the various classes of kernels and conclude with a discussion on the characterization of nonlinear maps that reduce nonstationary kernels to either stationarity or local stationarity.","accessed":{"date-parts":[["2022",4,28]]},"author":[{"family":"Genton","given":"Marc G."}],"citation-key":"gentonClassesKernelsMachine2001","container-title":"Journal of Machine Learning Research","ISSN":"ISSN 1533-7928","issue":"Dec","issued":{"date-parts":[["2001"]]},"page":"299-312","source":"www.jmlr.org","title":"Classes of Kernels for Machine Learning: A Statistics Perspective","title-short":"Classes of Kernels for Machine Learning","type":"article-journal","URL":"https://www.jmlr.org/papers/v2/genton01a","volume":"2"},{"id":"julierUnscentedFilteringNonlinear2004","author":[{"family":"Julier","given":"S.J."},{"family":"Uhlmann","given":"J.K."}],"citation-key":"julierUnscentedFilteringNonlinear2004","container-title":"Proceedings of the IEEE","container-title-short":"Proceedings of the IEEE","DOI":"10.1109/jproc.2003.823141","ISSN":"0018-9219","issue":"3","issued":{"date-parts":[["2004"]]},"page":"401-422","publisher":"Institute of Electrical and Electronics Engineers (IEEE)","title":"Unscented Filtering and Nonlinear Estimation","type":"article-journal","URL":"https://dx.doi.org/10.1109/jproc.2003.823141","volume":"92"},{"id":"NOTES","citation-key":"NOTES","title":"NOTES","type":"document"},{"id":"bukkapatnamForecastingEvolutionNonlinear2010","abstract":"An approach based on combining nonparametric Gaussian process (GP) modeling with certain local topological considerations is presented for prediction (one-step look ahead) of complex physical systems that exhibit nonlinear and nonstationary dynamics. The key idea here is to partition system trajectories into multiple near-stationary segments by aligning the boundaries of the partitions with those of the piecewise affine projections of the underlying dynamic system, and deriving nonparametric prediction models within each segment. Such an alignment is achieved through the consideration of recurrence and other local topological properties of the underlying system. This approach was applied for state and performance forecasting in Lorenz system under different levels of induced noise and nonstationarity, synthetic heart-rate signals, and a real-world time-series from an industrial operation known to exhibit highly nonlinear and nonstationary dynamics. The results show that local Gaussian process can significantly outperform not just classical system identification, neural network and nonparametric models, but also the sequential Bayesian Monte Carlo methods in terms of prediction accuracy and computational speed.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Bukkapatnam","given":"Satish T. S."},{"family":"Cheng","given":"Changqing"}],"citation-key":"bukkapatnamForecastingEvolutionNonlinear2010","container-title":"Physical Review E","container-title-short":"Phys. Rev. E","DOI":"10.1103/PhysRevE.82.056206","issue":"5","issued":{"date-parts":[["2010",11,15]]},"page":"056206","publisher":"American Physical Society","source":"APS","title":"Forecasting the evolution of nonlinear and nonstationary systems using recurrence-based local Gaussian process models","type":"article-journal","URL":"https://link.aps.org/doi/10.1103/PhysRevE.82.056206","volume":"82"},{"id":"koGPBayesFiltersBayesianFiltering2009","abstract":"Bayesian filtering is a general framework for recursively estimating the state of a dynamical system. Key components of each Bayes filter are probabilistic prediction and observation models. This paper shows how non-parametric Gaussian process (GP) regression can be used for learning such models from training data. We also show how Gaussian process models can be integrated into different versions of Bayes filters, namely particle filters and extended and unscented Kalman filters. The resulting GP-BayesFilters can have several advantages over standard (parametric) filters. Most importantly, GP-BayesFilters do not require an accurate, parametric model of the system. Given enough training data, they enable improved tracking accuracy compared to parametric models, and they degrade gracefully with increased model uncertainty. These advantages stem from the fact that GPs consider both the noise in the system and the uncertainty in the model. If an approximate parametric model is available, it can be incorporated into the GP, resulting in further performance improvements. In experiments, we show different properties of GP-BayesFilters using data collected with an autonomous micro-blimp as well as synthetic data.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Ko","given":"Jonathan"},{"family":"Fox","given":"Dieter"}],"citation-key":"koGPBayesFiltersBayesianFiltering2009","container-title":"Autonomous Robots","container-title-short":"Auton Robot","DOI":"10.1007/s10514-009-9119-x","ISSN":"1573-7527","issue":"1","issued":{"date-parts":[["2009",7,1]]},"language":"en","page":"75-90","source":"Springer Link","title":"GP-BayesFilters: Bayesian filtering using Gaussian process prediction and observation models","title-short":"GP-BayesFilters","type":"article-journal","URL":"https://doi.org/10.1007/s10514-009-9119-x","volume":"27"},{"id":"tothBayesianLearningSequential2020","abstract":"We develop a Bayesian approach to learning from sequential data by using Gaussian processes (GPs) with so-called signature kernels as covariance functions. This allows to make sequences of different length comparable and to rely on strong theoretical results from stochastic analysis. Signatures capture sequential structure with tensors that can scale unfavourably in sequence length and state space dimension. To deal with this, we introduce a sparse variational approach with inducing tensors. We then combine the resulting GP with LSTMs and GRUs to build larger models that leverage the strengths of each of these approaches and benchmark the resulting GPs on multivariate time series (TS) classification datasets.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Toth","given":"Csaba"},{"family":"Oberhauser","given":"Harald"}],"citation-key":"tothBayesianLearningSequential2020","container-title":"Proceedings of the 37th International Conference on Machine Learning","event-title":"International Conference on Machine Learning","ISSN":"2640-3498","issued":{"date-parts":[["2020",11,21]]},"language":"en","page":"9548-9560","publisher":"PMLR","source":"proceedings.mlr.press","title":"Bayesian Learning from Sequential Data using Gaussian Processes with Signature Covariances","type":"paper-conference","URL":"https://proceedings.mlr.press/v119/toth20a.html"},{"id":"osborneBayesianGaussianProcesses2010","abstract":"We develop a family of Bayesian algorithms built around Gaussian processes for various problems posed by sensor networks. We ﬁrstly introduce an iterative Gaussian process for multi-sensor inference problems, and show how our algorithm is able to cope with data that may be noisy, missing, delayed and/or correlated. Our algorithm can also eﬀectively manage data that features changepoints, such as sensor faults. Extensions to our algorithm allow us to tackle some of the decision problems faced in sensor networks, including observation scheduling. Along these lines, we also propose a general method of global optimisation, Gaussian process global optimisation (GPGO), and demonstrate how it may be used for sensor placement.","author":[{"family":"Osborne","given":"Michael"}],"citation-key":"osborneBayesianGaussianProcesses2010","genre":"Ph.D. disseration","issued":{"date-parts":[["2010"]]},"language":"en","publisher":"University of Oxford","source":"Zotero","title":"Bayesian Gaussian Processes for Sequential Prediction, Optimisation and Quadrature","type":"thesis"},{"id":"xiaoHyperparameterSelectionGaussian2015","abstract":"Gaussian processes (GPs) provide predicted outputs with a full conditional statistical description, which can be used to establish conﬁdence intervals and to set hyperparameters. This characteristic provides GPs with competitive or better performance in various applications. However, the speciﬁcity of one-class classiﬁcation (OCC) makes GPs unable to select suitable hyperparameters in their traditional way. This brief proposes to select hyperparameters for GP OCC using the prediction difference between edge and interior positive training samples. Experiments on 2-D artiﬁcial and University of California benchmark data sets verify the effectiveness of this method.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Xiao","given":"Yingchao"},{"family":"Wang","given":"Huangang"},{"family":"Xu","given":"Wenli"}],"citation-key":"xiaoHyperparameterSelectionGaussian2015","container-title":"IEEE Transactions on Neural Networks and Learning Systems","container-title-short":"IEEE Trans. Neural Netw. Learning Syst.","DOI":"10.1109/TNNLS.2014.2363457","ISSN":"2162-237X, 2162-2388","issue":"9","issued":{"date-parts":[["2015",9]]},"language":"en","page":"2182-2187","source":"DOI.org (Crossref)","title":"Hyperparameter Selection for Gaussian Process One-Class Classification","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/6940303","volume":"26"},{"id":"sultanMomentsGeneralizedComplex1994","author":[{"family":"Sultan","given":"Shagufta A"},{"family":"Tracy","given":"Derrick S"}],"citation-key":"sultanMomentsGeneralizedComplex1994","container-title":"Int. J. Math. Statist. Sci.","issue":"2","issued":{"date-parts":[["1994"]]},"language":"en","page":"217--239","source":"Zotero","title":"Moments of the Generalized Complex Matrix-Variate Normal Distribution","type":"article-journal","volume":"3"},{"id":"scholkopfLearningKernelsSupport2002","abstract":"A comprehensive introduction to Support Vector Machines and related kernel methods. In the 1990s, a new type of learning algorithm was developed, based on results from statistical learning theory: the Support Vector Machine (SVM). This gave rise to a new class of theoretically elegant learning machines that use a central concept of SVMs---kernels--for a number of learning tasks. Kernel machines provide a modular framework that can be adapted to different tasks and domains by the choice of the kernel function and the base algorithm. They are replacing neural networks in a variety of fields, including engineering, information retrieval, and bioinformatics. Learning with Kernels provides an introduction to SVMs and related kernel methods. Although the book begins with the basics, it also includes the latest research. It provides all of the concepts necessary to enable a reader equipped with some basic mathematical knowledge to enter the world of machine learning using theoretically well-founded yet easy-to-use kernel algorithms and to understand and apply the powerful algorithms that have been developed over the last few years.","author":[{"family":"Schölkopf","given":"Bernhard"},{"family":"Schölkopf","given":"Director of the Max Planck Institute for Intelligent in Tübingen Germany Professor for Machine Lea Bernhard"},{"family":"Smola","given":"Alexander J."},{"family":"Bach","given":"Francis"},{"family":"Schölkopf","given":"rnhard"},{"family":"Scholkopf","given":"Managing Director of the Max Planck Institute for Biological Cybernetics in Tubingen Germany Profe Bernhard"}],"citation-key":"scholkopfLearningKernelsSupport2002","ISBN":"978-0-262-19475-4","issued":{"date-parts":[["2002"]]},"language":"en","number-of-pages":"658","publisher":"MIT Press","source":"Google Books","title":"Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond","title-short":"Learning with Kernels","type":"book"},{"id":"smolaLearningKernels1998","abstract":"The present thesis can take its place among the numerous doctoral theses and other publications that are currently revolutionizing the area of machine learning. The author's basic concern is with kernel-based methods and in particular Support Vector algorithms for regression estimation for the solution of inverse, often ill- posed problems. However, Alexander Smola's thesis stands out from many of the other publications in this field. This is due in part to the author's profound theoretical penetration of his subject-matter, but also and in particular to the wealth of detailed results he has included. Especially neat and of particular relevance are the algorithmic extensions of Support Vector Machines, which can be combined as building blocks, thus markedly improving the Support Vectors. Of substantial interest is also the very elegant unsupervised method for nonlinear feature extraction, which applies the kernel-based method to classical Principal Component Analysis (kernel PCA). And although only designed to illustrate the theoretical results, the practical applications the author gives us from the area of high-energy physics and time-series analysis are highly convincing. In many respects the thesis is groundbreaking, but it is likely to soon become a frequently cited work for numerous innovative applications from the field of statistical machine learning and for improving our theoretical understanding of Support Vector Machines.","author":[{"family":"Smola","given":"Alexander Johannes"}],"citation-key":"smolaLearningKernels1998","issued":{"date-parts":[["1998"]]},"source":"CiteSeer","title":"Learning with Kernels","type":"document"},{"id":"rasmussenAdvancesGaussianProcesses2006","author":[{"family":"Rasmussen","given":"Carl Edward"}],"citation-key":"rasmussenAdvancesGaussianProcesses2006","issued":{"date-parts":[["2006"]]},"language":"en","title":"Advances in Gaussian Processes - Tutorial at NIPS 2006 in Vancouver","type":"speech"},{"id":"rasmussenGaussianProcessesMachine2006","author":[{"family":"Rasmussen","given":"Carl Edward"},{"family":"Williams","given":"Christopher K. I."}],"call-number":"QA274.4 .R37 2006","citation-key":"rasmussenGaussianProcessesMachine2006","collection-title":"Adaptive computation and machine learning","event-place":"Cambridge, Mass","ISBN":"978-0-262-18253-9","issued":{"date-parts":[["2006"]]},"language":"en","note":"OCLC: ocm61285753","number-of-pages":"248","publisher":"MIT Press","publisher-place":"Cambridge, Mass","source":"Library of Congress ISBN","title":"Gaussian processes for machine learning","type":"book"},{"id":"perez-cruzGaussianProcessesNonlinear2013","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Perez-Cruz","given":"Fernando"},{"family":"Van Vaerenbergh","given":"Steven"},{"family":"Murillo-Fuentes","given":"Juan Jose"},{"family":"Lazaro-Gredilla","given":"Miguel"},{"family":"Santamaria","given":"Ignacio"}],"citation-key":"perez-cruzGaussianProcessesNonlinear2013","container-title":"IEEE Signal Processing Magazine","container-title-short":"IEEE Signal Process. Mag.","DOI":"10.1109/MSP.2013.2250352","ISSN":"1053-5888","issue":"4","issued":{"date-parts":[["2013",7]]},"language":"en","page":"40-50","source":"DOI.org (Crossref)","title":"Gaussian Processes for Nonlinear Signal Processing: An Overview of Recent Advances","title-short":"Gaussian Processes for Nonlinear Signal Processing","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/6530761/","volume":"30"},{"id":"poloniQuadraticVectorEquations2013","abstract":"We study in a uniﬁed fashion several quadratic vector and matrix equations with nonnegativity hypotheses, by seeing them as special cases of the general problem M x = a + b(x, x), where a and the unknown x are componentwise nonnegative vectors, M is a nonsingular M-matrix, and b is a bilinear map from pairs of nonnegative vectors to nonnegative vectors. Speciﬁc cases of this equation have been studied extensively in the past by several authors, and include unilateral matrix equations from queuing problems [Bini, Latouche, Meini, 2005], nonsymmetric algebraic Riccati equations [Guo, Laub, 2000], and quadratic matrix equations encountered in neutron transport theory [Lu, 2005]. We present a uniﬁed approach which treats the common aspects of their theoretical properties and basic iterative solution algorithms. This has interesting consequences: in some cases, we are able to derive in full generality theorems and proofs appeared in literature only for special cases of the problem; this broader view highlights the role of hypotheses such as the strict positivity of the minimal solution. In an example, we adapt an algorithm derived for one equation of the class to another, with computational advantage with respect to the existing methods. We discuss possible research lines, including the relationship among Newton-type methods and the cyclic reduction algorithm for unilateral quadratic equations.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Poloni","given":"Federico"}],"citation-key":"poloniQuadraticVectorEquations2013","container-title":"Linear Algebra and its Applications","container-title-short":"Linear Algebra and its Applications","DOI":"10.1016/j.laa.2011.05.036","ISSN":"00243795","issue":"4","issued":{"date-parts":[["2013",2]]},"language":"en","page":"1627-1644","source":"arXiv.org","title":"Quadratic Vector Equations","type":"article-journal","URL":"http://arxiv.org/abs/1004.1500","volume":"438"},{"id":"ohaganBayesianAnalysisComputer2006","abstract":"The Bayesian approach to quantifying, analysing and reducing uncertainty in the application of complex process models is attracting increasing attention amongst users of such models. The range and power of the Bayesian methods is growing and there is already a sizeable literature on these methods. However, most of it is in specialist statistical journals. The purpose of this tutorial is to introduce the more general reader to the Bayesian approach.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"O’Hagan","given":"A."}],"citation-key":"ohaganBayesianAnalysisComputer2006","container-title":"Reliability Engineering & System Safety","container-title-short":"Reliability Engineering & System Safety","DOI":"10.1016/j.ress.2005.11.025","ISSN":"09518320","issue":"10-11","issued":{"date-parts":[["2006",10]]},"language":"en","page":"1290-1300","source":"DOI.org (Crossref)","title":"Bayesian analysis of computer code outputs: A tutorial","title-short":"Bayesian analysis of computer code outputs","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0951832005002383","volume":"91"},{"id":"mattosLatentAutoregressiveGaussian2016","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Mattos","given":"César Lincoln C."},{"family":"Damianou","given":"Andreas"},{"family":"Barreto","given":"Guilherme A."},{"family":"Lawrence","given":"Neil D."}],"citation-key":"mattosLatentAutoregressiveGaussian2016","container-title":"IFAC-PapersOnLine","container-title-short":"IFAC-PapersOnLine","DOI":"10.1016/j.ifacol.2016.07.353","ISSN":"24058963","issue":"7","issued":{"date-parts":[["2016"]]},"language":"en","page":"1121-1126","source":"DOI.org (Crossref)","title":"Latent Autoregressive Gaussian Processes Models for Robust System Identification","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S2405896316305602","volume":"49"},{"id":"kemmlerOneclassClassificationGaussian2013","abstract":"Detecting instances of unknown categories is an important task for a multitude of problems such as object recognition, event detection, and defect localization. This article investigates the use of Gaussian process (GP) priors for this area of research. Focusing on the task of one-class classiﬁcation, we analyze different measures derived from GP regression and approximate GP classiﬁcation. We also study important theoretical connections to other approaches and discuss their underlying assumptions. Experiments are performed using a large number of datasets and different image kernel functions. Our ﬁndings show that our approaches can outperform the well-known support vector data description approach indicating the high potential of Gaussian processes for one-class classiﬁcation. Furthermore, we show the suitability of our methods in the area of attribute prediction, defect localization, bacteria recognition, and background subtraction. These applications and experiments highlight the easy applicability of our method as well as its state-of-the-art performance compared to established methods. & 2013 Elsevier Ltd. All rights reserved.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Kemmler","given":"Michael"},{"family":"Rodner","given":"Erik"},{"family":"Wacker","given":"Esther-Sabrina"},{"family":"Denzler","given":"Joachim"}],"citation-key":"kemmlerOneclassClassificationGaussian2013","container-title":"Pattern Recognition","container-title-short":"Pattern Recognition","DOI":"10.1016/j.patcog.2013.06.005","ISSN":"00313203","issue":"12","issued":{"date-parts":[["2013",12]]},"language":"en","page":"3507-3518","source":"DOI.org (Crossref)","title":"One-class classification with Gaussian processes","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0031320313002574","volume":"46"},{"id":"ghasemiBayesianApproachData2016","abstract":"In this paper, we address the problem of data description using a Bayesian framework. The goal of data description is to draw a boundary around objects of a certain class of interest to discriminate that class from the rest of the feature space. Data description is also known as one-class learning and has a wide range of applications. The proposed approach uses a Bayesian framework to precisely compute the class boundary and therefore can utilize domain information in form of prior knowledge in the framework. It can also operate in the kernel space and therefore recognize arbitrary boundary shapes. Moreover, the proposed method can utilize unlabeled data in order to improve accuracy of discrimination.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Ghasemi","given":"Alireza"},{"family":"Rabiee","given":"Hamid R."},{"family":"Manzuri","given":"Mohammad T."},{"family":"Rohban","given":"M. H."}],"citation-key":"ghasemiBayesianApproachData2016","container-title":"arXiv:1602.07507 [cs]","issued":{"date-parts":[["2016",2,24]]},"language":"en","source":"arXiv.org","title":"A Bayesian Approach to the Data Description Problem","type":"article-journal","URL":"http://arxiv.org/abs/1602.07507"},{"id":"fayGaussianProcessModels2017","abstract":"This paper presents a ubiquitous thermal comfort preference learning study in a noisy environment. We introduce Gaussian Process models into this ﬁeld and show they are ideal, allowing rejection of outliers, deadband samples, and produce excellent estimates of a users preference function. In addition, informative combinations of users preferences becomes possible, some of which demonstrate well deﬁned maxima ideal for control signals. Interestingly, while those users studied have diﬀering preferences, their hyperparameters are concentrated allowing priors for new users. In addition, we present an active learning algorithm which estimates when to poll users to maximise the information returned.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Fay","given":"Damien"},{"family":"O’Toole","given":"Liam"},{"family":"Brown","given":"Kenneth N."}],"citation-key":"fayGaussianProcessModels2017","container-title":"Pervasive and Mobile Computing","container-title-short":"Pervasive and Mobile Computing","DOI":"10.1016/j.pmcj.2016.08.012","ISSN":"15741192","issued":{"date-parts":[["2017",8]]},"language":"en","page":"135-158","source":"DOI.org (Crossref)","title":"Gaussian Process models for ubiquitous user comfort preference sampling; global priors, active sampling and outlier rejection","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1574119216301651","volume":"39"},{"id":"dahlinParticleFilterbasedGaussian2014","abstract":"We propose a novel method for maximum-likelihood-based parameter inference in nonlinear and/or non-Gaussian state space models. The method is an iterative procedure with three steps. At each iteration a particle ﬁlter is used to estimate the value of the loglikelihood function at the current parameter iterate. Using these log-likelihood estimates, a surrogate objective function is created by utilizing a Gaussian process model. Finally, we use a heuristic procedure to obtain a revised parameter iterate, providing an automatic trade-oﬀ between exploration and exploitation of the surrogate model. The method is proﬁled on two state space models with good performance both considering accuracy and computational cost.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Dahlin","given":"Johan"},{"family":"Lindsten","given":"Fredrik"}],"citation-key":"dahlinParticleFilterbasedGaussian2014","container-title":"IFAC Proceedings Volumes","container-title-short":"IFAC Proceedings Volumes","DOI":"10.3182/20140824-6-ZA-1003.00278","ISSN":"14746670","issue":"3","issued":{"date-parts":[["2014"]]},"language":"en","page":"8675-8680","source":"DOI.org (Crossref)","title":"Particle filter-based Gaussian process optimisation for parameter inference","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1474667016429824","volume":"47"},{"id":"frickerProbabilisticUncertaintyAnalysis2011","abstract":"This paper introduces methods for probabilistic uncertainty analysis of a frequency response function (FRF) of a structure obtained via a finite element (FE) model. The methods are applicable to computationally expensive FE models, making use of a Bayesian metamodel known as an emulator. The emulator produces fast predictions of the FE model output, but also accounts for the additional uncertainty induced by only having a limited number of model evaluations. Two approaches to the probabilistic uncertainty analysis of FRFs are developed. The first considers the uncertainty in the response at discrete frequencies, giving pointwise uncertainty intervals. The second considers the uncertainty in an entire FRF across a frequency range, giving an uncertainty envelope function. The methods are demonstrated and compared to alternative approaches in a practical case study.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Fricker","given":"Thomas E."},{"family":"Oakley","given":"Jeremy E."},{"family":"Sims","given":"Neil D."},{"family":"Worden","given":"Keith"}],"citation-key":"frickerProbabilisticUncertaintyAnalysis2011","container-title":"Mechanical Systems and Signal Processing","container-title-short":"Mechanical Systems and Signal Processing","DOI":"10.1016/j.ymssp.2011.06.013","ISSN":"0888-3270","issue":"8","issued":{"date-parts":[["2011",11,1]]},"language":"en","page":"2962-2975","source":"ScienceDirect","title":"Probabilistic uncertainty analysis of an FRF of a structure using a Gaussian process emulator","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S0888327011002354","volume":"25"},{"id":"vazquezMultiOutputSuppportVector2003","abstract":"Support vector regression builds a model of a process that depends on a set of factors. It traditionally considers one output at a time, which means that advantage cannot be taken ofthe correlations that may exist between outputs. The purpose of this paper is to show how the body of knowledge accumulated by geostatisticians on Kriging and its extensions over the last 40 years can help extend support vector regression to the multi-output case and provides guidance for the choice of a suitable kernel for a given application, a recurrent, fundamental and largely open question.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Vazquez","given":"Emmanuel"},{"family":"Walter","given":"Eric"}],"citation-key":"vazquezMultiOutputSuppportVector2003","collection-title":"13th IFAC Symposium on System Identification (SYSID 2003), Rotterdam, The Netherlands, 27-29 August, 2003","container-title":"IFAC Proceedings Volumes","container-title-short":"IFAC Proceedings Volumes","DOI":"10.1016/S1474-6670(17)35018-8","ISSN":"1474-6670","issue":"16","issued":{"date-parts":[["2003",9,1]]},"language":"en","page":"1783-1788","source":"ScienceDirect","title":"Multi-Output Suppport Vector Regression","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S1474667017350188","volume":"36"},{"id":"roustantDiceKrigingDiceOptimTwo2012","abstract":"We present two recently released R packages, DiceKriging and DiceOptim, for the approximation and the optimization of expensive-to-evaluate deterministic functions. Following a self-contained mini tutorial on Kriging-based approximation and optimization, the functionalities of both packages are detailed and demonstrated in two distinct sections. In particular, the versatility of DiceKriging with respect to trend and noise speciﬁcations, covariance parameter estimation, as well as conditional and unconditional simulations are illustrated on the basis of several reproducible numerical experiments. We then put to the fore the implementation of sequential and parallel optimization strategies relying on the expected improvement criterion on the occasion of DiceOptim’s presentation. An appendix is dedicated to complementary mathematical and computational details.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Roustant","given":"Olivier"},{"family":"Ginsbourger","given":"David"},{"family":"Deville","given":"Yves"}],"citation-key":"roustantDiceKrigingDiceOptimTwo2012","container-title":"Journal of Statistical Software","container-title-short":"J. Stat. Soft.","DOI":"10.18637/jss.v051.i01","ISSN":"1548-7660","issue":"1","issued":{"date-parts":[["2012"]]},"language":"en","source":"DOI.org (Crossref)","title":"DiceKriging, DiceOptim: Two R Packages for the Analysis of Computer Experiments by Kriging-Based Metamodeling and Optimization","title-short":"<b>DiceKriging</b> , <b>DiceOptim</b>","type":"article-journal","URL":"http://www.jstatsoft.org/v51/i01/","volume":"51"},{"id":"aronszajnTheoryReproducingKernels1950","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Aronszajn","given":"N."}],"citation-key":"aronszajnTheoryReproducingKernels1950","container-title":"Transactions of the American Mathematical Society","container-title-short":"Trans. Amer. Math. Soc.","DOI":"10.1090/S0002-9947-1950-0051437-7","ISSN":"0002-9947, 1088-6850","issue":"3","issued":{"date-parts":[["1950"]]},"language":"en","page":"337-404","source":"DOI.org (Crossref)","title":"Theory of reproducing kernels","type":"article-journal","URL":"https://www.ams.org/tran/1950-068-03/S0002-9947-1950-0051437-7/","volume":"68"},{"id":"gramacySurrogatesGaussianProcess2020","abstract":"\"Surrogates: a graduate textbook, or professional handbook, on topics at the interface between machine learning, spatial statistics, computer simulation, meta-modeling (i.e., emulation), design of experiments, and optimization. Experimentation through simulation, \"human out-of-the-loop\" statistical support (focusing on the science), management of dynamic processes, online and real-time analysis, automation, and practical application are at the forefront. Topics include: Gaussian process (GP) regression for flexible nonparametric and nonlinear modeling. Applications to uncertainty quantification, sensitivity analysis, calibration of computer models to field data, sequential design/active learning and (blackbox/Bayesian) optimization under uncertainty. Advanced topics include treed partitioning, local GP approximation, modeling of simulation experiments (e.g., agent-based models) with coupled nonlinear mean and variance (heteroskedastic) models. Treatment appreciates historical response surface methodology (RSM) and canonical examples, but emphasizes contemporary methods and implementation in R at modern scale. Rmarkdown facilitates a fully reproducible tour, complete with motivation from, application to, and illustration with, compelling real-data examples. Presentation targets numerically competent practitioners in engineering, physical, and biological sciences. Writing is statistical in form, but the subjects are not about statistics. Rather, they're about prediction and synthesis under uncertainty; about visualization and information, design and decision making, computing and clean code\"--","author":[{"family":"Gramacy","given":"Robert B."}],"call-number":"QA274.4","citation-key":"gramacySurrogatesGaussianProcess2020","event-place":"Boca Raton","ISBN":"978-0-367-81549-3","issued":{"date-parts":[["2020"]]},"number-of-pages":"1","publisher":"CRC Press, Taylor & Francis Group","publisher-place":"Boca Raton","source":"Library of Congress ISBN","title":"Surrogates: Gaussian process modeling, design, and optimization for the applied sciences","title-short":"Surrogates","type":"book"},{"id":"alvarezConvolvedGaussianProcess2011","abstract":"In this thesis we address the problem of modeling correlated outputs using Gaussian process priors. Applications of modeling correlated outputs include the joint prediction of pollutant metals in geostatistics and multitask learning in machine learning. Defining a Gaussian process prior for correlated outputs translates into specifying a suitable covariance function that captures dependencies between the different output variables. Classical models for obtaining such a covariance function include the linear model of coregionalization and process convolutions. We propose a general framework for developing multiple output covariance functions by performing convolutions between smoothing kernels particular to each output and covariance functions that are common to all outputs. Both the linear model of coregionalization and the process convolutions turn out to be special cases of this framework. Practical aspects of the proposed methodology are studied in this thesis. They involve the use of domain-specific knowledge for defining relevant smoothing kernels, efficient approximations for reducing computational complexity and a novel method for establishing a general class of nonstationary covariances with applications in robotics and motion capture data.Reprints of the publications that appear at the end of this document, report case studies and experimental results in sensor networks, geostatistics and motion capture data that illustrate the performance of the different methods proposed.","accessed":{"date-parts":[["2022",4,18]]},"author":[{"family":"Alvarez","given":"Mauricio A."}],"citation-key":"alvarezConvolvedGaussianProcess2011","event-place":"England","genre":"Ph.D.","ISBN":"9781073277582","issued":{"date-parts":[["2011"]]},"language":"English","license":"Database copyright ProQuest LLC; ProQuest does not claim copyright in the individual underlying works.","number-of-pages":"225","publisher":"The University of Manchester (United Kingdom)","publisher-place":"England","source":"ProQuest","title":"Convolved Gaussian process priors for multivariate regression with applications to dynamical systems","type":"thesis","URL":"https://www.proquest.com/docview/1782840564/abstract/9A1A9FA2918E4C98PQ/1"},{"id":"abadiApproximateCalculationRoots2016","abstract":"Finding the root of nonlinear algebraic equations is an issue usually found in engineering and sciences. This article presents a new method for the approximate calculation of the roots of a one-variable function through Monte Carlo Method. This method is actually based on the production of a random number in the target range of the root. Finally, some examples with acceptable error are provided to prove the efficiency of this method.","author":[{"family":"Abadi","given":"Vahid Mirzaei Mahmoud"},{"family":"Bahnamriri","given":"Shila Banari"}],"citation-key":"abadiApproximateCalculationRoots2016","container-title":"International Journal of Mathematics and Computational Science","issue":"3","issued":{"date-parts":[["2016"]]},"language":"en","page":"64--68","source":"Zotero","title":"The Approximate Calculation of the Roots of Algebraic Equation Through Monte Carlo Method","type":"article-journal","volume":"2"},{"id":"picinbonoSecondorderComplexRandom1996","abstract":"We formulate as a deconvolution problem the causalhoncausal non-Gaussian multichannel autoregressive (AR) parameter estimation problem. The super exponential aljporithm presented in a recent paper by Shalvi and Weinstein is generalized to the vector case. We present an adaptive implementation that is very attractive since it is higher order statistics (HOS) based b u t does not present the high comlputational complexity of methods proposed up to now.","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Picinbono","given":"B."}],"citation-key":"picinbonoSecondorderComplexRandom1996","container-title":"IEEE Transactions on Signal Processing","container-title-short":"IEEE Trans. Signal Process.","DOI":"10.1109/78.539051","ISSN":"1053587X","issue":"10","issued":{"literal":"Oct./1996"},"language":"en","page":"2637-2640","source":"DOI.org (Crossref)","title":"Second-order complex random vectors and normal distributions","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/539051/","volume":"44"},{"id":"goodmanStatisticalAnalysisBased1963","accessed":{"date-parts":[["2022",4,21]]},"author":[{"family":"Goodman","given":"N. R."}],"citation-key":"goodmanStatisticalAnalysisBased1963","container-title":"The Annals of Mathematical Statistics","container-title-short":"Ann. Math. Statist.","DOI":"10.1214/aoms/1177704250","ISSN":"0003-4851","issue":"1","issued":{"date-parts":[["1963",3]]},"language":"en","page":"152-177","source":"DOI.org (Crossref)","title":"Statistical Analysis Based on a Certain Multivariate Complex Gaussian Distribution (An Introduction)","type":"article-journal","URL":"http://projecteuclid.org/euclid.aoms/1177704250","volume":"34"},{"id":"alvarezLatentForceModels2009","abstract":"Purely data driven approaches for machine learning present difficulties when data is scarce relative to the complexity of the model or when the model is forced to extrapolate. On the other hand, purely mechanistic approaches  need to identify and specify all the interactions in the problem at hand (which  may not be feasible) and still leave the issue of how to parameterize the system. In this paper, we present a hybrid approach using Gaussian processes and differential equations to combine data driven modeling with a physical model of the system. We show how different, physically-inspired, kernel functions  can be developed through sensible, simple, mechanistic assumptions about the underlying system. The versatility of our approach is illustrated with three case studies from computational biology, motion capture and geostatistics.","accessed":{"date-parts":[["2022",4,20]]},"author":[{"family":"Álvarez","given":"Mauricio"},{"family":"Luengo","given":"David"},{"family":"Lawrence","given":"Neil D."}],"citation-key":"alvarezLatentForceModels2009","container-title":"Proceedings of the Twelth International Conference on Artificial Intelligence and Statistics","event-title":"Artificial Intelligence and Statistics","ISSN":"1938-7228","issued":{"date-parts":[["2009",4,15]]},"language":"en","page":"9-16","publisher":"PMLR","source":"proceedings.mlr.press","title":"Latent Force Models","type":"paper-conference","URL":"https://proceedings.mlr.press/v5/alvarez09a.html"},{"id":"caponnettoUniversalMultiTaskKernels2008","abstract":"In this paper we are concerned with reproducing kernel Hilbert spaces HK of functions from an input space into a Hilbert space Y, an environment appropriate for multi-task learning. The reproducing kernel K associated to HK has its values as operators on Y. Our primary goal here is to derive conditions which ensure that the kernel K is universal. This means that on every compact subset of the input space, every continuous function with values in Y can be uniformly approximated by sections of the kernel. We provide various characterizations of universal kernels and highlight them with several concrete examples of some practical importance. Our analysis uses basic principles of functional analysis and especially the useful notion of vector measures which we describe in sufficient detail to clarify our results.","author":[{"family":"Caponnetto","given":"Andrea"},{"family":"Micchelli","given":"Charles A."},{"family":"Pontil","given":"Massimiliano"},{"family":"Ying","given":"Yiming"}],"citation-key":"caponnettoUniversalMultiTaskKernels2008","container-title":"The Journal of Machine Learning Research","container-title-short":"J. Mach. Learn. Res.","ISSN":"1532-4435","issued":{"date-parts":[["2008",6,1]]},"page":"1615–1646","source":"6/1/2008","title":"Universal Multi-Task Kernels","type":"article-journal","volume":"9"},{"id":"borchaniSurveyMultioutputRegression2015","abstract":"In recent years, a plethora of approaches have been proposed to deal with the increasingly challenging task of multi-output regression. This study provides a survey on state-of-the-art multi-output regression methods, that are categorized as problem transformation and algorithm adaptation methods. In addition, we present the mostly used performance evaluation measures, publicly available data sets for multi-output regression real-world problems, as well as open-source software frameworks. WIREs Data Mining Knowl Discov 2015, 5:216–233. doi: 10.1002/widm.1157 This article is categorized under: Technologies > Machine Learning","accessed":{"date-parts":[["2022",4,20]]},"author":[{"family":"Borchani","given":"Hanen"},{"family":"Varando","given":"Gherardo"},{"family":"Bielza","given":"Concha"},{"family":"Larrañaga","given":"Pedro"}],"citation-key":"borchaniSurveyMultioutputRegression2015","container-title":"WIREs Data Mining and Knowledge Discovery","DOI":"10.1002/widm.1157","ISSN":"1942-4795","issue":"5","issued":{"date-parts":[["2015"]]},"language":"en","page":"216-233","source":"Wiley Online Library","title":"A survey on multi-output regression","type":"article-journal","URL":"https://onlinelibrary.wiley.com/doi/abs/10.1002/widm.1157","volume":"5"},{"id":"micchelliLearningVectorValuedFunctions2005","abstract":"In this letter, we provide a study of learning in a Hilbert space of vector-valued functions. We motivate the need for extending learning theory of scalar-valued functions by practical considerations and establish some basic results for learning vector-valued functions that should prove useful in applications. Specifically, we allow an output space Y to be a Hilbert space, and we consider a reproducing kernel Hilbert space of functions whose values lie in Y. In this setting, we derive the form of the minimal norm interpolant to a finite set of data and apply it to study some regularization functionals that are important in learning theory. We consider specific examples of such functionals corresponding to multiple-output regularization networks and support vector machines, for both regression and classification. Finally, we provide classes of operator-valued kernels of the dot product and translation-invariant type.","accessed":{"date-parts":[["2022",4,20]]},"author":[{"family":"Micchelli","given":"Charles A."},{"family":"Pontil","given":"Massimiliano"}],"citation-key":"micchelliLearningVectorValuedFunctions2005","container-title":"Neural Computation","container-title-short":"Neural Computation","DOI":"10.1162/0899766052530802","ISSN":"0899-7667, 1530-888X","issue":"1","issued":{"date-parts":[["2005",1,1]]},"language":"en","page":"177-204","source":"DOI.org (Crossref)","title":"On Learning Vector-Valued Functions","type":"article-journal","URL":"https://direct.mit.edu/neco/article/17/1/177-204/6909","volume":"17"},{"id":"hastieElementsStatisticalLearning2009","abstract":"During the past decade there has been an explosion in computation and information technology. With it have come vast amounts of data in a variety of fields such as medicine, biology, finance, and marketing. The challenge of understanding these data has led to the development of new tools in the field of statistics, and spawned new areas such as data mining, machine learning, and bioinformatics. Many of these tools have common underpinnings but are often expressed with different terminology. This book describes the important ideas in these areas in a common conceptual framework. While the approach is statistical, the emphasis is on concepts rather than mathematics. Many examples are given, with a liberal use of color graphics. It is a valuable resource for statisticians and anyone interested in data mining in science or industry. The book's coverage is broad, from supervised learning (prediction) to unsupervised learning. The many topics include neural networks, support vector machines, classification trees and boosting---the first comprehensive treatment of this topic in any book. This major new edition features many topics not covered in the original, including graphical models, random forests, ensemble methods, least angle regression and path algorithms for the lasso, non-negative matrix factorization, and spectral clustering. There is also a chapter on methods for ``wide'' data (p bigger than n), including multiple testing and false discovery rates. Trevor Hastie, Robert Tibshirani, and Jerome Friedman are professors of statistics at Stanford University. They are prominent researchers in this area: Hastie and Tibshirani developed generalized additive models and wrote a popular book of that title. Hastie co-developed much of the statistical modeling software and environment in R/S-PLUS and invented principal curves and surfaces. Tibshirani proposed the lasso and is co-author of the very successful An Introduction to the Bootstrap. Friedman is the co-inventor of many data-mining tools including CART, MARS, projection pursuit and gradient boosting.","author":[{"family":"Hastie","given":"Trevor"}],"citation-key":"hastieElementsStatisticalLearning2009","collection-title":"Springer Series in Statistics","contributor":[{"family":"Tibshirani","given":"Robert"},{"family":"Friedman","given":"Jerome"}],"DOI":"10.1007/978-0-387-84858-7","edition":"2nd ed. 2009.","event-place":"New York, NY","ISBN":"978-0-387-84858-7","issued":{"date-parts":[["2009"]]},"language":"eng","number-of-pages":"757","publisher":"Springer New York","publisher-place":"New York, NY","source":"pitt.primo.exlibrisgroup.com","title":"The Elements of Statistical Learning Data Mining, Inference, and Prediction, Second Edition","type":"book"},{"id":"sarkkaGaussianProcessLatent2019","abstract":"This paper is concerned with learning and stochastic control in physical systems that contain unknown input signals. These unknown signals are modeled as Gaussian processes (GP) with certain parameterized covariance structures. The resulting latent force models can be seen as hybrid models that contain a first-principle physical model part and a nonparametric GP model part. We briefly review the statistical inference and learning methods for this kind of models, introduce stochastic control methodology for these models, and provide new theoretical observability and controllability results for them.","accessed":{"date-parts":[["2022",4,18]]},"author":[{"family":"Sarkka","given":"Simo"},{"family":"Alvarez","given":"Mauricio A."},{"family":"Lawrence","given":"Neil D."}],"citation-key":"sarkkaGaussianProcessLatent2019","container-title":"Ieee Transactions on Automatic Control","container-title-short":"IEEE Trans. Autom. Control","DOI":"10.1109/TAC.2018.2874749","event-place":"Piscataway","ISSN":"0018-9286","issue":"7","issued":{"date-parts":[["2019",7]]},"language":"English","note":"WOS:000473489700027","page":"2953-2960","publisher":"Ieee-Inst Electrical Electronics Engineers Inc","publisher-place":"Piscataway","source":"Web of Science Nextgen","title":"Gaussian Process Latent Force Models for Learning and Stochastic Control of Physical Systems","type":"article-journal","URL":"https://www.webofscience.com/wos/author/record/677259?state=%7B%22siloSearchWarning%22:false,%22collection%22:%22woscc%22%7D","volume":"64"},{"id":"ramirezDynamicSystemIdentification2021","abstract":"Non-parametric system identification with Gaussian processes for underwater vehicles is explored in this research with the purpose of modelling autonomous underwater vehicle (AUV) dynamics with a low amount of data. Multi-output Gaussian processes and their aptitude for modelling the dynamic system of an underactuated AUV without losing the relationships between tied outputs are used. The simulation of a first-principle model of a Remus 100 AUV is employed to capture data for the training and validation of the multi-output Gaussian processes. The metric and required procedure to carry out multi-output Gaussian processes for AUV with 6 degrees of freedom (DoF) is also shown in this paper. Multi-output Gaussian processes compared with the popular technique of recurrent neural network show that multi-output Gaussian processes manage to surpass RNN for non-parametric dynamic system identification in underwater vehicles with highly coupled DoF with the added benefit of providing the measurement of confidence.","accessed":{"date-parts":[["2022",4,18]]},"author":[{"family":"Ramirez","given":"Wilmer Ariza"},{"family":"Kocijan","given":"Jus"},{"family":"Leong","given":"Zhi Quan"},{"family":"Nguyen","given":"Hung Duc"},{"family":"Jayasinghe","given":"Shantha Gamini"}],"citation-key":"ramirezDynamicSystemIdentification2021","container-title":"International Journal of Automation and Computing","container-title-short":"Int. J. Autom. Comput.","DOI":"10.1007/s11633-021-1308-x","event-place":"London","ISSN":"1476-8186","issue":"5","issued":{"date-parts":[["2021",10]]},"language":"English","note":"WOS:000673001900001","page":"681-693","publisher":"Springernature","publisher-place":"London","source":"Web of Science Nextgen","title":"Dynamic System Identification of Underwater Vehicles Using Multi-Output Gaussian Processes","type":"article-journal","URL":"https://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcAuth=DynamicDOIArticle&SrcApp=UA&KeyAID=10.1007%2Fs11633-021-1308-x&DestApp=DOI&SrcAppSID=USW2EC0B9Be3QMZ9xhmtqgGcprgqa&SrcJTitle=INTERNATIONAL+JOURNAL+OF+AUTOMATION+AND+COMPUTING&DestDOIRegistrantName=Springer-Verlag","volume":"18"},{"id":"alvarezComputationallyEfficientConvolved2011","abstract":"Recently there has been an increasing interest in regression methods that deal with multiple outputs. This has been motivated partly by frameworks like multitask learning, multisensor networks or structured output data. From a Gaussian processes perspective, the problem reduces to specifying an appropriate covariance function that, whilst being positive semi-definite, captures the dependencies between all the data points and across all the outputs. One approach to account for non-trivial correlations between outputs employs convolution processes. Under a latent function interpretation of the convolution transform we establish dependencies between output variables. The main drawbacks of this approach are the associated computational and storage demands. In this paper we address these issues. We present different efficient approximations for dependent output Gaussian processes constructed through the convolution formalism. We exploit the conditional independencies present naturally in the model. This leads to a form of the covariance similar in spirit to the so called PITC and FITC approximations for a single output. We show experimental results with synthetic and real data, in particular, we show results in school exams score prediction, pollution prediction and gene expression data.","accessed":{"date-parts":[["2022",4,18]]},"author":[{"family":"Alvarez","given":"Mauricio A."},{"family":"Lawrence","given":"Neil D."}],"citation-key":"alvarezComputationallyEfficientConvolved2011","container-title":"Journal of Machine Learning Research","container-title-short":"J. Mach. Learn. Res.","event-place":"Brookline","ISSN":"1532-4435","issued":{"date-parts":[["2011",5]]},"language":"English","note":"WOS:000292304000002","page":"1459-1500","publisher":"Microtome Publ","publisher-place":"Brookline","source":"Web of Science Nextgen","title":"Computationally Efficient Convolved Multiple Output Gaussian Processes","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/full-record/WOS:000292304000002","volume":"12"},{"id":"alvarezKernelsVectorValuedFunctions2012","abstract":"Kernel methods are among the most popular techniques in machine learning. From a frequentist/discriminative perspective they play a central role in regularization theory as they provide a natural choice for the hypotheses space and the regularization functional through the notion of reproducing kernel Hilbert spaces. From a Bayesian/generative perspective they are the key in the context of Gaussian processes, where the kernel function is also known as the covariance function. Traditionally, kernel methods have been used in supervised learning problem with scalar outputs and indeed there has been a considerable amount of work devoted to designing and learning kernels. More recently there has been an increasing interest in methods that deal with multiple outputs, motivated partly by frameworks like multitask learning. In this paper, we review different methods to design or learn valid kernel functions for multiple outputs, paying particular attention to the connection between probabilistic and functional methods.","accessed":{"date-parts":[["2022",4,18]]},"author":[{"family":"Alvarez","given":"Mauricio A."},{"family":"Rosasco","given":"Lorenzo"},{"family":"Lawrence","given":"Neil D."}],"citation-key":"alvarezKernelsVectorValuedFunctions2012","container-title":"arXiv:1106.6251 [cs, math, stat]","issued":{"date-parts":[["2012",4,16]]},"source":"arXiv.org","title":"Kernels for Vector-Valued Functions: a Review","title-short":"Kernels for Vector-Valued Functions","type":"article-journal","URL":"http://arxiv.org/abs/1106.6251","version":"2"},{"id":"lozadaLetterReportTLRRES","author":[{"family":"Lozada","given":"Gascot"}],"citation-key":"lozadaLetterReportTLRRES","language":"en","page":"42","source":"Zotero","title":"Letter Report - TLR-RES/DE/REB-2021-17, Technical Challenges and Gaps in Digital Twin Enabling Technologies for Nuclear Reactor Applications","type":"article-journal"},{"id":"CyberSecurityDigital","abstract":"What is a Digital Twin in Cyber Security?The term refers to a digital replica of assets, systems and devices that can be used for various purposes.","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"CyberSecurityDigital","container-title":"Haruspex","language":"en-US","title":"Cyber Security Digital Twin","type":"post-weblog","URL":"https://www.haruspexsecurity.com/cyber-security-digital-twin/"},{"id":"five-worst","abstract":"Power Technology investigates the five biggest cyberattacks to the power sector that took place in the last five years on a global scale.","accessed":{"date-parts":[["2022",3,22]]},"citation-key":"five-worst","container-title":"Power Technology","issued":{"date-parts":[["2020",4,2]]},"language":"en-US","title":"The five worst cyberattacks against the power industry since 2014","type":"post-weblog","URL":"https://www.power-technology.com/features/the-five-worst-cyberattacks-against-the-power-industry-since2014/"},{"id":"MysteriousNewRansomware","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"MysteriousNewRansomware","title":"Mysterious New Ransomware Targets Industrial Control Systems | WIRED","type":"webpage","URL":"https://www.wired.com/story/ekans-ransomware-industrial-control-systems/"},{"id":"RussiansWhoPose","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"RussiansWhoPose","title":"Russians Who Pose Election Threat Have Hacked Nuclear Plants and Power Grid - The New York Times","type":"webpage","URL":"https://www.nytimes.com/2020/10/23/us/politics/energetic-bear-russian-hackers.html?action=click&module=Well&pgtype=Homepage&section=Politics"},{"id":"RansomwareAttackShuts","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"RansomwareAttackShuts","title":"Ransomware Attack Shuts Down Colonial Pipeline : NPR","type":"webpage","URL":"https://www.npr.org/2021/05/08/995040240/cybersecurity-attack-shuts-down-a-top-u-s-gasoline-pipeline"},{"id":"RansomwareAttackLeads","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"RansomwareAttackLeads","title":"Ransomware attack leads to shutdown of major U.S. pipeline system - The Washington Post","type":"webpage","URL":"https://www.washingtonpost.com/business/2021/05/08/cyber-attack-colonial-pipeline/"},{"id":"goodinHowVPNVulnerability2021","abstract":"Patching in industrial settings is hard. Ransomware shutting down production is harder.","accessed":{"date-parts":[["2022",4,2]]},"author":[{"family":"Goodin","given":"Dan"}],"citation-key":"goodinHowVPNVulnerability2021","container-title":"Ars Technica","issued":{"date-parts":[["2021",4,7]]},"language":"en-us","title":"How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants","type":"webpage","URL":"https://arstechnica.com/information-technology/2021/04/ransomware-shuts-down-production-at-two-manufacturing-plants/"},{"id":"HackExposesVulnerability2021","abstract":"ST. PETERSBURG, Fla. (AP) — A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders...","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"HackExposesVulnerability2021","container-title":"AP NEWS","issued":{"date-parts":[["2021",4,20]]},"language":"en","section":"Water utilities","title":"Hack exposes vulnerability of cash-strapped US water plants","type":"webpage","URL":"https://apnews.com/article/business-water-utilities-florida-coronavirus-pandemic-utilities-e783b0f1ca2af02f19f5a308d44e6abb"},{"id":"sommerville-videosMaroochyWaterBreach05:35:03UTC","accessed":{"date-parts":[["2022",4,2]]},"author":[{"family":"sommerville-videos","given":""}],"citation-key":"sommerville-videosMaroochyWaterBreach05:35:03UTC","issued":{"literal":"05:35:03 UTC"},"title":"Maroochy water breach","type":"speech","URL":"https://www.slideshare.net/sommerville-videos/maroochy-water-breach"},{"id":"HackExposesVulnerability","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"HackExposesVulnerability","title":"Hack exposes vulnerability of cash-strapped US water plants | AP News","type":"webpage","URL":"https://apnews.com/article/business-water-utilities-florida-coronavirus-pandemic-utilities-e783b0f1ca2af02f19f5a308d44e6abb"},{"id":"HackerTriedPoison","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"HackerTriedPoison","title":"A hacker tried to poison the water supply in Oldsmar, Florida, police said - The Washington Post","type":"webpage","URL":"https://www.washingtonpost.com/nation/2021/02/09/oldsmar-water-supply-hack-florida/"},{"id":"StuxnetOriginsSCADA2020","abstract":"Many understand this growing threat to industrial control systems but don’t know the origins of a key attack vector.","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"StuxnetOriginsSCADA2020","issued":{"date-parts":[["2020",12,8]]},"language":"en-US","section":"Cybersecurity","title":"Stuxnet and Beyond: The Origins of SCADA and Vulnerabilities to Critical Infrastructure - HS Today","title-short":"Stuxnet and Beyond","type":"post-weblog","URL":"https://www.hstoday.us/federal-pages/dhs/stuxnet-and-beyond-the-origins-of-scada-and-vulnerabilities-to-critical-infrastructure/"},{"id":"calc","abstract":"The calc package reimplements the LATEX commands \\setcounter, \\addtocounter, \\setlength, and \\addtolength. Instead of a simple value, these commands now accept an infix notation expression.","author":[{"family":"Thorup","given":"Kresten Krab"},{"family":"Jensen","given":"Frank"},{"family":"Rowley","given":"Chris"}],"citation-key":"calc","language":"en","page":"17","source":"Zotero","title":"The calc package Infix notation arithmetic in LaTeX","type":"article-journal"},{"id":"latex-primer","citation-key":"latex-primer","title":"LaTeX Primer","type":"document"},{"id":"amsldoc","citation-key":"amsldoc","title":"AMS LaTeX Documentation","type":"document"},{"id":"beamer","citation-key":"beamer","title":"beamer User Guide","type":"document"},{"id":"tcolorbox","citation-key":"tcolorbox","title":"tcolorbox Package","type":"document"},{"id":"geometry","citation-key":"geometry","title":"geometry Package","type":"document"},{"id":"tikz","citation-key":"tikz","title":"TikZ Manual","type":"document"},{"id":"siunitx","abstract":"Physical quantities have both numbers and units, and each physical quantity should be expressed as the product of a number and a unit. Typesetting physical quantities requires care to ensure that the combined mathematical meaning of the number–unit combination is clear. In particular, the SI units system lays down a consistent set of units with rules on how these are to be used. However, different countries and publishers have differing conventions on the exact appearance of numbers (and units).","author":[{"family":"Wright","given":"Joseph"}],"citation-key":"siunitx","language":"en","page":"98","source":"Zotero","title":"siunitx — A comprehensive (SI) units package","type":"article-journal"},{"id":"standalone","abstract":"The standalone bundle allows users to easily place picture environments or other material in own source ﬁles and compile these on their own or as part of a main document. A special standalone class is provided for use with such ﬁles, which by default crops the resulting output ﬁle to the content. The standalone package enables the user to simply load the standalone ﬁles using \\input inside a main document.","author":[{"family":"Scharrer","given":"Martin"}],"citation-key":"standalone","language":"en","page":"29","source":"Zotero","title":"standalone Package","type":"article-journal"},{"id":"tables-tips","author":[{"family":"Robson","given":"Adrian P"}],"citation-key":"tables-tips","language":"en","page":"16","source":"Zotero","title":"LaTeX Table Hints and Tips","type":"article-journal"},{"id":"biblatex-cheat","author":[{"family":"Rees","given":"Clea F"}],"citation-key":"biblatex-cheat","language":"en","page":"2","source":"Zotero","title":"Biblatex Cheat Sheet","type":"article-journal"},{"id":"symb","abstract":"This document lists 5913 symbols and the corresponding LATEX commands that produce them. Some of these symbols are guaranteed to be available in every LATEX 2ε system; others require fonts and packages that may not accompany a given distribution and that therefore need to be installed. All of the fonts and packages used to prepare this document—as well as this document itself—are freely available from the Comprehensive TEX Archive Network (http://www.ctan.org/).","author":[{"family":"Pakin","given":"Scott"}],"citation-key":"symb","language":"en","page":"164","source":"Zotero","title":"The Comprehensive LaTeX Symbol List","type":"article-journal"},{"id":"pdfpages","abstract":"This package simpliﬁes the insertion of external multi-page PDF or PS documents. It supports pdfTeX, VTeX, and XeTeX.","author":[{"family":"Matthias","given":"Andreas"}],"citation-key":"pdfpages","language":"en","page":"12","source":"Zotero","title":"pdfpages Package","type":"article-journal"},{"id":"booktabs","author":[{"family":"Fear","given":"Simon"}],"citation-key":"booktabs","language":"en","page":"17","source":"Zotero","title":"booktabs: quality tables in LATEX","type":"article-journal"},{"id":"natbib","abstract":"The natbib package is a reimplementation of the LATEX \\cite command, to work with both author–year and numerical citations. It is compatible with the standard bibliographic style ﬁles, such as plain.bst, as well as with those for harvard, apalike, chicago, astron, authordate, and of course natbib.","author":[{"family":"Daly","given":"Patrick W"}],"citation-key":"natbib","language":"en","page":"26","source":"Zotero","title":"natbib","type":"article-journal"},{"id":"enumitem","author":[{"family":"Bezos","given":"Javier"}],"citation-key":"enumitem","language":"en","page":"23","source":"Zotero","title":"Customizing lists with the enumitem package","type":"article-journal"},{"id":"titlesec","author":[{"family":"Bezos","given":"Javier"}],"citation-key":"titlesec","language":"en","page":"24","source":"Zotero","title":"titlesec, titleps and titletoc Packages","type":"article-journal"},{"id":"grayIndustryuniversityProjectsCenters1986","author":[{"family":"Gray","given":"D. O."},{"family":"Johnson","given":"E. C."},{"family":"Gidley","given":"T. R."}],"citation-key":"grayIndustryuniversityProjectsCenters1986","container-title":"Evaluation Review","issued":{"date-parts":[["1986"]]},"page":"776–793","title":"Industry-university projects and centers: An empirical comparison of two federally-funded models of cooperative science","type":"article-journal","volume":"10"},{"id":"IBM","citation-key":"IBM","issued":{"literal":"date accessed 03/24/2022"},"type":"document","URL":"https://www.ibm.com/topics/what-is-a-digital-twin"},{"id":"GE","citation-key":"GE","issued":{"literal":"date accessed 03/24/2022"},"type":"document","URL":"https://www.ge.com/digital/applications/digital-twin"},{"id":"PAPUC","author":[{"literal":"Michael Holko, Director, Office of Cybersecurity Compliance and Oversight, Pennsylvania Public Unitily Commission"}],"citation-key":"PAPUC","issued":{"date-parts":[["2022",2,25]]},"type":"document","URL":"https://www.puc.pa.gov/media/1825/russian-cyber-threats-critical-infrastructure.pdf"},{"id":"IFO-report","citation-key":"IFO-report","issued":{"date-parts":[["2022",3]]},"publisher":"Independent Fiscal Office","title":"Pennsylvania electricity update","type":"report"},{"id":"ETA-report","citation-key":"ETA-report","issued":{"date-parts":[["2021",8]]},"publisher":"Center for Workforce Information & Analysis","title":"Economic review of pennsylvania","type":"report"},{"id":"DOE-TRL","author":[{"literal":"Office of Project Management Oversight & Assessments"}],"citation-key":"DOE-TRL","issued":{"date-parts":[["2011"]]},"number":"DOE G 413.3-4A","publisher":"U.S. Department of Energy","title":"Technology readiness assessment guide","type":"report"},{"id":"Cyber-X","citation-key":"Cyber-X","issued":{"date-parts":[["2020",8],["2022",2]]},"type":"document"},{"id":"NSF","citation-key":"NSF","issued":{"date-parts":[["2016",3,4]]},"type":"document"},{"id":"CESER-Blueprint","author":[{"literal":"Office of Cybersecurity, Energy Security, and Emergency Response"}],"citation-key":"CESER-Blueprint","issued":{"date-parts":[["2021",1]]},"publisher":"U.S. Dept. of Energy","title":"CESER blueprint","type":"report"},{"id":"GRID-Institute","author":[{"literal":"GRID Institute"}],"citation-key":"GRID-Institute","issued":{"literal":"Date accessed 11/2021"},"type":"document","URL":"http://grid.pitt.edu/"},{"id":"PJM-map","author":[{"literal":"PJM Corp."}],"citation-key":"PJM-map","issued":{"literal":"Date accessed 11/2021"},"type":"document","URL":"https://www.pjm.com/library/~/media/about-pjm/pjm-zones.ashx"},{"id":"NYT-colonial","author":[{"family":"Krauss","given":"Clifford"}],"citation-key":"NYT-colonial","container-title":"The New York Times","issued":{"literal":"date accessed 02/13/2022"},"title":"Colonial Pipeline chief says an oversight let hackers into its system","type":"article-journal","URL":"https://www.nytimes.com/2021/06/08/business/colonial-pipeline-hack.html"},{"id":"WaPo-water","author":[{"family":"Montgomery","given":"Mark"},{"family":"Ravich","given":"Samantha F."}],"citation-key":"WaPo-water","container-title":"The Washington Post","issued":{"literal":"date accesssed 02/13/2022"},"title":"The cybersecurity risk to our water supply is real. We need to prepare","type":"article-journal","URL":"https://www.washingtonpost.com/opinions/2022/01/03/cybersecurity-risk-water-supply/"},{"id":"dci-map","author":[{"literal":"Economic Innovation Group"}],"citation-key":"dci-map","issued":{"literal":"Date accessed 11/2021"},"type":"document","URL":"https://eig.org/dci/interactive-map"},{"id":"PA-profile","citation-key":"PA-profile","issued":{"literal":"accessed 02/13/2022"},"publisher":"U.S. Energy Information Administration","title":"Pennsylvania state energy profile","type":"document","URL":"https://www.eia.gov/state/?sid=PA"},{"id":"OT-def","citation-key":"OT-def","issued":{"date-parts":[["2021"]]},"type":"document"},{"id":"IT-def","citation-key":"IT-def","issued":{"date-parts":[["2021"]]},"type":"document"},{"id":"CPS-def","citation-key":"CPS-def","type":"document"},{"id":"urazayevDistributedEnergyManagement2019","abstract":"At present, the transition from the traditional scheme of energy supply organization to new technologies and practices, implying decentralization, digitalization and intellectualization systems of energy-saving with the active involvement of consumers in the generation and management of all types of energy resources, is becoming increasingly relevant. According to forecasts of experts given in the study “Distributed energy in Russia: potential for development”, the architecture of a distributed energy (DE) system being created will include the following elements: manageable interfaces, “routers of energy”, and platforms of management and services. Most of the platform solutions being created include only a part of the elements from the list above. Existing solutions in the field of DE are based on algorithms that do not provide the flexibility of decision-making and the proper level of security. The purpose of our work is to develop the concept of the intelligent management system of DE facilities. The principle of modular programming using the kernel expansion method was taken as a basis for the development of the concept. The proposed intelligent management system operates in real-time and allows implementing new algorithms and methods of control of the power system, including the management of its active elements. The subsequent development of the project includes the development of the architecture of the software platform and the implementation of the management system of DE facilities. Using the results of the work will increase the efficiency of management of DE facilities.","author":[{"family":"Urazayev","given":"Damir"},{"family":"Bragin","given":"Dmitriy"},{"family":"Zykov","given":"Dmitriy"},{"family":"Hafizov","given":"Rashit"},{"family":"Pospelova","given":"Irina"},{"family":"Shelupanov","given":"Alexander"}],"citation-key":"urazayevDistributedEnergyManagement2019","container-title":"2019 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)","DOI":"10.1109/SIBIRCON48586.2019.8958118","event-title":"2019 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)","issued":{"date-parts":[["2019",10]]},"page":"0685-0689","source":"IEEE Xplore","title":"Distributed Energy Management System with the Use of Digital Twin","type":"paper-conference"},{"id":"krishnamurthyGeneralisedResilienceModels2020","abstract":"This study presents a generalised critical infrastructures resilience model for extreme events with a focus on power grids. Infrastructures are modelled as three domains – physical, cyber, and human. Each domain is described with respect to the services it provides. Each domain is represented by geometric graphs for each service it provides. The resilience models use geometric graphs with each graph's nodes and edges characterised based on relevant attributes. This study also discusses various applied aspects related to resilience models including the impact of changing operating environment, human-driven processes, such as logistics, and service buffers. Due to their stated particular importance in the U.S. Presidential Policy Directive 21, particular attention is placed on the power infrastructure and its impact on the public communication infrastructures as a main critical load. This study focuses on the multi-time scale power system operation to capture cascading outages within, and subsequently to its dependent infrastructure – the public communication system (e.g. wireless or ‘cellular’ communication networks) as a main critical load. This study illustrates the merits of the proposed models in calculating resilience in extreme events and derives physical domain representation for electric and communication systems using cell tower and substation data from the USA.","accessed":{"date-parts":[["2022",3,25]]},"author":[{"family":"Krishnamurthy","given":"Vaidyanathan"},{"family":"Huang","given":"Bing"},{"family":"Kwasinski","given":"Alexis"},{"family":"Pierce","given":"Evan"},{"family":"Baldick","given":"Ross"}],"citation-key":"krishnamurthyGeneralisedResilienceModels2020","container-title":"IET Smart Grid","DOI":"10.1049/iet-stg.2019.0170","ISSN":"2515-2947","issue":"2","issued":{"date-parts":[["2020"]]},"language":"en","page":"194-206","source":"Wiley Online Library","title":"Generalised resilience models for power systems and dependent infrastructure during extreme events","type":"article-journal","URL":"https://onlinelibrary.wiley.com/doi/abs/10.1049/iet-stg.2019.0170","volume":"3"},{"id":"kwasinskiGeneralizedIntegratedFramework2017","abstract":"This paper presents a quantitative framework for modeling electric power and communications infrastructures resilience. While in the past, resilience models applied to these infrastructures have focused on technological aspects, a fundamental novel aspect of the herein presented framework is the integral inclusion of models for human-driven processes, such as logistics, that influences recovery speed. Another fundamental novel aspect of the presented modeling framework is the generalized representation of dependencies and the characterization of the role that service buffers, such as energy storage, have on representing dependencies of associated services. Infrastructure system models combine three interconnected domains, each mathematically represented by at least one graph: a physical domain, a human/organizational domain, and a cyber domain. Each of the graphs that form the proposed framework represent the provision of a service. Thus, modeling of functional dependencies is inherently part of the developed models.","author":[{"family":"Kwasinski","given":"Alexis"},{"family":"Krishnamurthy","given":"Vaidyanathan"}],"citation-key":"kwasinskiGeneralizedIntegratedFramework2017","container-title":"2017 IEEE International Telecommunications Energy Conference (IN℡EC)","DOI":"10.1109/INTLEC.2017.8211686","event-title":"2017 IEEE International Telecommunications Energy Conference (IN℡EC)","ISSN":"0275-0473","issued":{"date-parts":[["2017",10]]},"page":"99-106","source":"IEEE Xplore","title":"Generalized integrated framework for modelling communications and electric power infrastructure resilience","type":"paper-conference"},{"id":"zhouDigitalTwinFramework2019","abstract":"Digital twin (DT) framework is introduced in the context of application for power grid online analysis. In the development process of a new power grid real-time online analysis system, an online analysis digital twin (OADT) has been implemented to realize the new online analysis architecture. The OADT approach is presented and its prominent features are discussed. The presentation, discussion, and performance testing are based on a large-scale grid network model (40K+ buses), exported directly from the EMS system of an actual power grid. A plan to apply the OADT approach to digitize power grid dispatching rules is also outlined.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Zhou","given":"Mike"},{"family":"Yan","given":"Jianfeng"},{"family":"Feng","given":"Donghao"}],"citation-key":"zhouDigitalTwinFramework2019","container-title":"Csee Journal of Power and Energy Systems","container-title-short":"CSEE J. Power Energy Syst.","DOI":"10.17775/CSEEJPES.2018.01460","event-place":"Beijing","ISSN":"2096-0042","issue":"3","issued":{"date-parts":[["2019",9]]},"language":"English","note":"WOS:000511344100012","page":"391-398","publisher":"China Electric Power Research Inst","publisher-place":"Beijing","source":"Web of Science Nextgen","title":"Digital Twin Framework and Its Application to Power Grid Online Analysis","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1?markedListId=List%202","volume":"5"},{"id":"medeirosFaultIntrusionTolerant2011","accessed":{"date-parts":[["2022",3,31]]},"author":[{"family":"Medeiros","given":"Nuno André Carnido"}],"citation-key":"medeirosFaultIntrusionTolerant2011","genre":"Master's thesis","issued":{"date-parts":[["2011"]]},"language":"eng","license":"openAccess","note":"Accepted: 2013-07-16T11:03:46Z","publisher":"University of Lisbon","source":"repositorio.ul.pt","title":"A fault - and intrusion - tolerant architecture for EDP Distribuição SCADA system","type":"thesis","URL":"https://repositorio.ul.pt/handle/10451/8812"},{"id":"babayNetworkAttackResilientIntrusionTolerantSCADA2018","abstract":"As key components of the power grid infrastructure, Supervisory Control and Data Acquisition (SCADA) systems are likely to be targeted by nation-state-level attackers willing to invest considerable resources to disrupt the power grid. We present Spire, the first intrusion-tolerant SCADA system that is resilient to both system-level compromises and sophisticated network-level attacks and compromises. We develop a novel architecture that distributes the SCADA system management across three or more active sites to ensure continuous availability in the presence of simultaneous intrusions and network attacks. A wide-area deployment of Spire, using two control centers and two data centers spanning 250 miles, delivered nearly 99.999% of all SCADA updates initiated over a 30-hour period within 100ms. This demonstrates that Spire can meet the latency requirements of SCADA for the power grid.","author":[{"family":"Babay","given":"Amy"},{"family":"Tantillo","given":"Thomas"},{"family":"Aron","given":"Trevor"},{"family":"Platania","given":"Marco"},{"family":"Amir","given":"Yair"}],"citation-key":"babayNetworkAttackResilientIntrusionTolerantSCADA2018","container-title":"2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","DOI":"10.1109/DSN.2018.00036","event-title":"2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","ISSN":"2158-3927","issued":{"date-parts":[["2018",6]]},"page":"255-266","source":"IEEE Xplore","title":"Network-Attack-Resilient Intrusion-Tolerant {SCADA} for the Power Grid","type":"paper-conference"},{"id":"nogueiraIntrusionTolerantEclipseSCADA2017","abstract":"The paper describes an open-source SCADA system that was enhanced with intrusion-tolerant capabilities, focusing on the aspects related to the challenges that were addressed and the architecture of the solution. Some preliminary performance results are also included.","author":[{"family":"Nogueira","given":"André"},{"family":"Bessani","given":"Alysson"},{"family":"Neves","given":"Nuno"}],"citation-key":"nogueiraIntrusionTolerantEclipseSCADA2017","event-place":"Vienna, Austria","event-title":"Symposium on Innovative Smart Grid Cybersecurity Solutions","issued":{"date-parts":[["2017"]]},"language":"en","page":"2","publisher-place":"Vienna, Austria","source":"Zotero","title":"Intrusion-Tolerant Eclipse SCADA","type":"paper-conference"},{"id":"zhaoByzantineFaultTolerance2008","abstract":"The stability of the electric power grid is crucial to every nation's security and well-being. As revealed by a number of large-scale blackout incidents in North America, the data communication infrastructure for power grid is in urgent need of transformation to modern technology. It has been shown by extensive research work that such blackout could have been avoided if there were more prompt information sharing and coordination among the power grid monitoring and control systems. In this paper, we point out the need for Byzantine fault tolerance and investigate the feasibility of applying Byzantine fault tolerance technology to ensure high degree of reliability and security of power grid monitoring and control. Our empirical study demonstrated that Byzantine fault tolerant monitoring and control can easily sustain the 60 Hz sampling rate needed for supervisory control and data acquisition (SCADA) operations with sub-millisecond response time under the local-area network environment. Byzantine fault tolerant monitoring and control is also feasible under the wide-area network environment for power grid applications that demand sub-second reaction time.","author":[{"family":"Zhao","given":"Wenbing"},{"family":"Villaseca","given":"F. Eugenio"}],"citation-key":"zhaoByzantineFaultTolerance2008","container-title":"2008 International Conference on Embedded Software and Systems","DOI":"10.1109/ICESS.2008.13","event-title":"2008 International Conference on Embedded Software and Systems","issued":{"date-parts":[["2008",7]]},"page":"129-135","source":"IEEE Xplore","title":"Byzantine Fault Tolerance for Electric Power Grid Monitoring and Control","type":"paper-conference"},{"id":"kirschSurvivableSCADAIntrusionTolerant2014","abstract":"Providers of critical infrastructure services strive to maintain the high availability of their SCADA systems. This paper reports on our experience designing, architecting, and evaluating the first survivable SCADA system-one that is able to ensure correct behavior with minimal performance degradation even during cyber attacks that compromise part of the system. We describe the challenges we faced when integrating modern intrusion-tolerant protocols with a conventional SCADA architecture and present the techniques we developed to overcome these challenges. The results illustrate that our survivable SCADA system not only functions correctly in the face of a cyber attack, but that it also processes in excess of 20 000 messages per second with a latency of less than 30 ms, making it suitable for even large-scale deployments managing thousands of remote terminal units.","author":[{"family":"Kirsch","given":"Jonathan"},{"family":"Goose","given":"Stuart"},{"family":"Amir","given":"Yair"},{"family":"Wei","given":"Dong"},{"family":"Skare","given":"Paul"}],"citation-key":"kirschSurvivableSCADAIntrusionTolerant2014","container-title":"IEEE Transactions on Smart Grid","DOI":"10.1109/TSG.2013.2269541","ISSN":"1949-3061","issue":"1","issued":{"date-parts":[["2014",1]]},"page":"60-70","source":"IEEE Xplore","title":"Survivable SCADA Via Intrusion-Tolerant Replication","type":"article-journal","volume":"5"},{"id":"yildizEfficiencyHydrogenProduction2006","abstract":"Nuclear energy can be used as the primary energy source in centralized hydrogen production through high-temperature thermochemical processes, water electrolysis, or high-temperature steam electrolysis. Energy efﬁciency is important in providing hydrogen economically and in a climate friendly manner. High operating temperatures are needed for more efﬁcient thermochemical and electrochemical hydrogen production using nuclear energy. Therefore, high-temperature reactors, such as the gas-cooled, molten-salt-cooled and liquid-metal-cooled reactor technologies, are the candidates for use in hydrogen production. Several candidate technologies that span the range from well developed to conceptual are compared in our analysis. Among these alternatives, high-temperature steam electrolysis (HTSE) coupled to an advanced gas reactor cooled by supercritical CO2 (S-CO2) and equipped with a supercritical CO2 power conversion cycle has the potential to provide higher energy efﬁciency at a lower temperature range than the other alternatives.","accessed":{"date-parts":[["2022",3,30]]},"author":[{"family":"Yildiz","given":"B"},{"family":"Kazimi","given":"M"}],"citation-key":"yildizEfficiencyHydrogenProduction2006","container-title":"International Journal of Hydrogen Energy","container-title-short":"International Journal of Hydrogen Energy","DOI":"10.1016/j.ijhydene.2005.02.009","ISSN":"03603199","issue":"1","issued":{"date-parts":[["2006",1]]},"language":"en","page":"77-92","source":"DOI.org (Crossref)","title":"Efficiency of hydrogen production systems using alternative nuclear energy technologies","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0360319905000583","volume":"31"},{"id":"frickTechnoeconomicAssessmentHydrogen2022","abstract":"Increased electricity production from renewable energy resources, coupled with low natural gas (NG) prices, has caused existing light-water reactors (LWRs) to experience diminishing returns from the electricity market. This reduction in revenue is forcing LWRs to consider alternative revenue streams, such as introduction hydrogen production or desalination, to remain profitable. This paper performs a technoeconomic assessment (TEA) regarding the viability of retrofitting existing pressurized-water reactors (PWRs) to produce green hydrogen (H2) via high-temperature steam electrolysis (HTSE). Such an integration would allow nuclear facilities to expand into additional markets that may be more profitable in the long term and eliminate CO2 emissions from the hydrogen production process. To accommodate such an integration, a detailed single market levelized cost of hydrogen (LCOH) and multimarket analyses were conducted of HTSE process operation, requirements, costing, and flex­ ibility. Alongside this costing analysis, market analyses were conducted on the electric and hydrogen markets in the PJM interconnect.","accessed":{"date-parts":[["2022",3,30]]},"author":[{"family":"Frick","given":"Konor"},{"family":"Wendt","given":"Daniel"},{"family":"Talbot","given":"Paul"},{"family":"Rabiti","given":"Cristian"},{"family":"Boardman","given":"Richard"}],"citation-key":"frickTechnoeconomicAssessmentHydrogen2022","container-title":"Applied Energy","container-title-short":"Applied Energy","DOI":"10.1016/j.apenergy.2021.118044","ISSN":"03062619","issued":{"date-parts":[["2022",1]]},"language":"en","page":"118044","source":"DOI.org (Crossref)","title":"Technoeconomic assessment of hydrogen cogeneration via high temperature steam electrolysis with a light-water reactor","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0306261921013386","volume":"306"},{"id":"brockApplicationReinforcementLearning2021","abstract":"With the proliferation of advanced metering infrastructure (AMI), more real-time data is available to electric utilities and consumers. Such high volumes of data facilitate innovative electricity rate structures beyond flat-rate and time-of-use (TOU) tariffs. One such innovation is real-time pricing (RTP), in which the wholesale market-clearing price is passed directly to the consumer on an hour-by-hour basis. While rare, RTP exists in parts of the United States and has been observed to reduce electric bills. Although these reductions are largely incidental, RTP may represent an opportunity for large-scale peak shaving, demand response, and economic efficiency when paired with intelligent control systems. Algorithms controlling flexible loads and energy storage have been deployed for demand response elsewhere in the literature, but few studies have investigated these algorithms in an RTP environment. If properly optimized, the dynamic between RTP and intelligent control has the potential to counteract the unwelcome spikes and dips of demand driven by growing penetration of distributed renewable generation and electric vehicles (EV). This paper presents a simple reinforcement learning (RL) application for optimal battery control subject to an RTP signal.","accessed":{"date-parts":[["2022",3,25]]},"author":[{"family":"Brock","given":"Eli"},{"family":"Bruckstein","given":"Lauren"},{"family":"Connor","given":"Patrick"},{"family":"Nguyen","given":"Sabrina"},{"family":"Kerestes","given":"Robert"},{"family":"Abdelhakim","given":"Mai"}],"citation-key":"brockApplicationReinforcementLearning2021","container-title":"arXiv:2111.11367 [cs, eess]","issued":{"date-parts":[["2021",11,22]]},"source":"arXiv.org","title":"An application of reinforcement learning to residential energy storage under real-time pricing","type":"article-journal","URL":"http://arxiv.org/abs/2111.11367"},{"id":"nguyenSurveyPaperDigital2021","abstract":"Digital twins are introduced as a solution for various power distribution system applications and security. Power distribution systems engineers lack the capability of knowing the real time status of the system and potential vulnerabilities that can harm it. The digital twin's ability to perform real time calculations and analyses make them a unique tool that can strengthen our understanding of current functions within the power grid, mitigate threats, and perform analyses to improve decision making. The goal of this paper is to introduce digital twins and demonstrate how their application in power systems can help improve efficiency, reliability, and functionality.","author":[{"family":"Nguyen","given":"Sabrina"},{"family":"Abdelhakim","given":"Mai"},{"family":"Kerestes","given":"Robert"}],"citation-key":"nguyenSurveyPaperDigital2021","container-title":"2021 IEEE Power Energy Society General Meeting (PESGM)","DOI":"10.1109/PESGM46819.2021.9638011","event-title":"2021 IEEE Power Energy Society General Meeting (PESGM)","ISSN":"1944-9933","issued":{"date-parts":[["2021",7]]},"page":"01-05","source":"IEEE Xplore","title":"Survey Paper of Digital Twins and their Integration into Electric Power Systems","type":"paper-conference"},{"id":"dragos2020","abstract":"Today we published our 2020 ICS Cybersecurity Year in Review report, an annual analysis of Industrial Control System (ICS)/Operational Technology (OT) focused cyber threats, vulnerabilities, assessments, and incident response insights. The ICS/OT community has long struggled with a lack of public insights into these types of problem areas. It is Dragos’s goal to share the observations and lessons learned with the industrial community for data-driven analysis and...","accessed":{"date-parts":[["2022",3,25]]},"citation-key":"dragos2020","issued":{"date-parts":[["2021",2,24]]},"language":"en-US","title":"2020 ICS Cybersecurity Year in Review | Dragos","type":"webpage","URL":"https://www.dragos.com/blog/industry-news/2020-ics-cybersecurity-year-in-review/"},{"id":"nsa2020","accessed":{"date-parts":[["2022",3,25]]},"citation-key":"nsa2020","title":"NSA Cybersecurity 2020 Year in Review","type":"webpage","URL":"https://media.defense.gov/2021/Jan/08/2002561651/-1/-1/0/NSA%20CYBERSECURITY%202020%20YEAR%20IN%20REVIEW.PDF/NSA%20CYBERSECURITY%202020%20YEAR%20IN%20REVIEW.PDF"},{"id":"nccic2017","accessed":{"date-parts":[["2022",3,25]]},"citation-key":"nccic2017","issued":{"date-parts":[["2017"]]},"title":"NCCIC Year in Review 2017","type":"webpage","URL":"https://www.cisa.gov/uscert/sites/default/files/Annual_Reports/NCCIC_Year_in_Review_2017_Final.pdf"},{"id":"ElectricityGridModernization","accessed":{"date-parts":[["2022",3,22]]},"citation-key":"ElectricityGridModernization","title":"Electricity Grid Modernization:  Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed","type":"report","URL":"https://www.gao.gov/assets/gao-11-117.pdf"},{"id":"W32StuxnetDossier","accessed":{"date-parts":[["2022",3,22]]},"citation-key":"W32StuxnetDossier","title":"W32.Stuxnet Dossier","type":"report","URL":"https://pax0r.com/hh/stuxnet/Symantec-Stuxnet-Update-Feb-2011.pdf"},{"id":"international2007iaea","citation-key":"international2007iaea","collection-number":"1557","collection-title":"TECDOC series","event-place":"Vienna","ISBN":"978-92-0-105107-3","issued":{"date-parts":[["2007"]]},"publisher":"INTERNATIONAL ATOMIC ENERGY AGENCY","publisher-place":"Vienna","title":"Assessment and management of ageing of major nuclear power plant components important to safety: PWR vessel internals","type":"book","URL":"https://www.iaea.org/publications/7740/assessment-and-management-of-ageing-of-major-nuclear-power-plant-components-important-to-safety-pwr-vessel-internals"},{"id":"krauseCybersecurityPowerGrids2021","abstract":"Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, and identify further opportunities to strengthen cybersecurity in interconnected power grids.","accessed":{"date-parts":[["2022",3,22]]},"author":[{"family":"Krause","given":"Tim"},{"family":"Ernst","given":"Raphael"},{"family":"Klaer","given":"Benedikt"},{"family":"Hacker","given":"Immanuel"},{"family":"Henze","given":"Martin"}],"citation-key":"krauseCybersecurityPowerGrids2021","container-title":"Sensors","container-title-short":"Sensors","DOI":"10.3390/s21186225","ISSN":"1424-8220","issue":"18","issued":{"date-parts":[["2021",9,16]]},"page":"6225","source":"arXiv.org","title":"Cybersecurity in Power Grids: Challenges and Opportunities","title-short":"Cybersecurity in Power Grids","type":"article-journal","URL":"http://arxiv.org/abs/2105.00013","volume":"21"},{"id":"turkCyberIncidentsInvolving2005","abstract":"The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Management Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).","accessed":{"date-parts":[["2022",3,22]]},"author":[{"family":"Turk","given":"Robert J."}],"citation-key":"turkCyberIncidentsInvolving2005","DOI":"10.2172/911775","issued":{"date-parts":[["2005",10,1]]},"language":"English","number":"INL/EXT-05-00671","publisher":"Idaho National Lab. (INL), Idaho Falls, ID (United States)","source":"www.osti.gov","title":"Cyber Incidents Involving Control Systems","type":"report","URL":"https://www.osti.gov/biblio/911775"},{"id":"narayananDeterringAttacksPower2020","abstract":"The U.S. Department of Defense (DoD) increasingly relies on electric power to accomplish critical missions. This report explores two approaches for deterring attacks against the U.S. power grid in a world of increasing cyber aggression: deterrence by denial and deterrence by cost imposition. It is a first step in developing frameworks and context to support DoD decisionmaking in this area.","accessed":{"date-parts":[["2022",3,22]]},"author":[{"family":"Narayanan","given":"Anu"},{"family":"Welburn","given":"Jonathan W."},{"family":"Miller","given":"Benjamin M."},{"family":"Li","given":"Sheng Tao"},{"family":"Clark-Ginsberg","given":"Aaron"}],"citation-key":"narayananDeterringAttacksPower2020","issued":{"date-parts":[["2020",1,6]]},"language":"en","publisher":"RAND Corporation","source":"www.rand.org","title":"Deterring Attacks Against the Power Grid: Two Approaches for the U.S. Department of Defense","title-short":"Deterring Attacks Against the Power Grid","type":"report","URL":"https://www.rand.org/pubs/research_reports/RR3187.html"},{"id":"jiangIndustrialApplicationsDigital2021","abstract":"A digital twin (DT) is classically defined as the virtual replica of a real-world product, system, being, communities, even cities that are continuously updated with data from its physical counterpart, as well as its environment. It bridges the virtual cyberspace with the physical entities and, as such, is considered to be the pillar of Industry 4.0 and the innovation backbone of the future. A DT is created and used throughout the whole life cycle of the entity it replicates, from cradle to grave, so to speak. This article focuses on the present state of the art of DTs, concentrating on the use of DTs in industry in the context of smart manufacturing, especially from the point of view of plantwide optimization. The main capabilities of DTs (mirroring, shadowing and threading) are discussed in this context. The article concludes with a perspective on the future. This article is part of the theme issue 'Towards symbiotic autonomous systems'.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Jiang","given":"Yuchen"},{"family":"Yin","given":"Shen"},{"family":"Li","given":"Kuan"},{"family":"Luo","given":"Hao"},{"family":"Kaynak","given":"Okyay"}],"citation-key":"jiangIndustrialApplicationsDigital2021","container-title":"Philosophical Transactions of the Royal Society a-Mathematical Physical and Engineering Sciences","container-title-short":"Philos. Trans. R. Soc. A-Math. Phys. Eng. Sci.","DOI":"10.1098/rsta.2020.0360","event-place":"London","ISSN":"1364-503X","issue":"2207","issued":{"date-parts":[["2021",10,4]]},"language":"English","note":"WOS:000685707500016","page":"20200360","publisher":"Royal Soc","publisher-place":"London","source":"Web of Science Nextgen","title":"Industrial applications of digital twins","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"379"},{"id":"brosinskyEmbeddedDigitalTwins2020","abstract":"Emerging real-time applications in information technology, and operational technology enable new innovative concepts to design and operate cyber-physical systems. A promising approach, which has been discovered recently as key technology by several industries is the Digital Twin (DT) concept. A DT connects the virtual representation of a physical object, system or process by available information and sensor data streams, which allows to gather new information about the system it mirrors by applying analytic functions. Thereby the DT technology can help to fill sensor data gaps, e. g., to support anomaly detection, and to predict future operating conditions and system states. This paper discusses a dynamic power system DT as a cornerstone instance of a new generation of EMS, and a prospective new EMS architecture, to support the increasingly complex operation of electric power systems. Unlike in traditional offline power system models, the parameters are updated dynamically using measurement information from the supervisory control and data acquisition (SCADA) and a wide area monitoring system (WAMS) to tune the model. This allows to derive a highly accurate virtual representation of the mirrored physical objects. A simulation engine, the Digital Dynamic Mirror (DDM) is introduced, in order to be able to reproduce the state of a reference network in real-time. The validation of the approach is carried out by a case study. In a closed loop within EMS applications, the DDM can help to assess contingency mitigation strategies, thus it can support the decision-making process under variable system conditions. The next generation of control centre Energy Management System (EMS) can benefit from this development by augmentation of the dynamic observability, and the rise of operator situation awareness.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Brosinsky","given":"Christoph"},{"family":"Krebs","given":"Rainer"},{"family":"Westermann","given":"Dirk"}],"citation-key":"brosinskyEmbeddedDigitalTwins2020","container-title":"At-Automatisierungstechnik","container-title-short":"AT-Autom.","DOI":"10.1515/auto-2020-0086","event-place":"Berlin","ISSN":"0178-2312","issue":"9","issued":{"date-parts":[["2020",9]]},"language":"English","note":"WOS:000565120800005","page":"750-764","publisher":"Walter De Gruyter Gmbh","publisher-place":"Berlin","source":"Web of Science Nextgen","title":"Embedded Digital Twins in future energy management systems: paving the way for automated grid control","title-short":"Embedded Digital Twins in future energy management systems","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1?markedListId=List%202","volume":"68"},{"id":"juarezDigitalTwinsReview2021","abstract":"With the arises of Industry 4.0, numerous concepts have emerged; one of the main concepts is the digital twin (DT). DT is being widely used nowadays, however, as there are several uses in the existing literature; the understanding of the concept and its functioning can be diffuse. The main goal of this paper is to provide a review of the existing literature to clarify the concept, operation, and main characteristics of DT, to introduce the most current operating, communication, and usage trends related to this technology, and to present the performance of the synergy between DT and multi-agent system (MAS) technologies through a computer science approach.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Juarez","given":"Maria G."},{"family":"Botti","given":"Vicente J."},{"family":"Giret","given":"Adriana S."}],"citation-key":"juarezDigitalTwinsReview2021","container-title":"Journal of Computing and Information Science in Engineering","container-title-short":"J. Comput. Inf. Sci. Eng.","DOI":"10.1115/1.4050244","event-place":"New York","ISSN":"1530-9827","issue":"3","issued":{"date-parts":[["2021",6,1]]},"language":"English","note":"WOS:000651510900012","page":"030802","publisher":"Asme","publisher-place":"New York","source":"Web of Science Nextgen","title":"Digital Twins: Review and Challenges","title-short":"Digital Twins","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"21"},{"id":"taoDigitalTwinIndustry2019","abstract":"Digital twin (DT) is one of the most promising enabling technologies for realizing smart manufacturing and Industry 4.0. DTs are characterized by the seamless integration between the cyber and physical spaces. The importance of DTs is increasingly recognized by both academia and industry. It has been almost 15 years since the concept of the DT was initially proposed. To date, many DT applications have been successfully implemented in different industries, including product design, production, prognostics and health management, and some other fields. However, at present, no paper has focused on the review of DT applications in industry. In an effort to understand the development and application of DTs in industry, this paper thoroughly reviews the state-of-the-art of the DT research concerning the key components of DTs, the current development of DTs, and the major DT applications in industry. This paper also outlines the current challenges and some possible directions for future work.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Tao","given":"Fei"},{"family":"Zhan","given":"He"},{"family":"Liu","given":"Ang"},{"family":"Nee","given":"A. Y. C."}],"citation-key":"taoDigitalTwinIndustry2019","container-title":"Ieee Transactions on Industrial Informatics","container-title-short":"IEEE Trans. Ind. Inform.","DOI":"10.1109/TII.2018.2873186","event-place":"Piscataway","ISSN":"1551-3203","issue":"4","issued":{"date-parts":[["2019",4]]},"language":"English","note":"WOS:000467095500054","page":"2405-2415","publisher":"Ieee-Inst Electrical Electronics Engineers Inc","publisher-place":"Piscataway","source":"Web of Science Nextgen","title":"Digital Twin in Industry: State-of-the-Art","title-short":"Digital Twin in Industry","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"15"},{"id":"bakerCrossfireCriticalInfrastructure2009","author":[{"family":"Baker","given":"Stewart Abercrombie"},{"family":"Waterman","given":"Shaun"},{"family":"Ivanov","given":"George"}],"citation-key":"bakerCrossfireCriticalInfrastructure2009","issued":{"date-parts":[["2009"]]},"publisher":"McAfee, Incorporated","source":"Google Scholar","title":"In the crossfire: Critical infrastructure in the age of cyber war","title-short":"In the crossfire","type":"book"},{"id":"pillitteriGuidelinesSmartGrid2014","abstract":"This three-volume report, Guidelines for Smart Grid Cybersecurity, presents an analytical framework that organizations can use to develop effective cybersecurit","accessed":{"date-parts":[["2022",3,22]]},"author":[{"family":"Pillitteri","given":"Victoria Y."},{"family":"Brewer","given":"Tanya L."}],"citation-key":"pillitteriGuidelinesSmartGrid2014","issued":{"date-parts":[["2014",9,25]]},"language":"en","note":"Last Modified: 2018-11-10T10:11-05:00","source":"www.nist.gov","title":"Guidelines for Smart Grid Cybersecurity","type":"article-journal","URL":"https://www.nist.gov/publications/guidelines-smart-grid-cybersecurity"},{"id":"netlSystemsViewModern2007","author":[{"family":"NETL","given":"US"}],"citation-key":"netlSystemsViewModern2007","container-title":"White Paper, Jan","issued":{"date-parts":[["2007"]]},"source":"Google Scholar","title":"A systems view of the modern grid","type":"article-journal"},{"id":"sunCyberSecurityPower2018","abstract":"The integration of computing and communication capabilities with the power grid has led to numerous vulnerabilities in the cyber-physical system (CPS). This cyber security threat can significantly impact the physical infrastructure, economy, and society. In traditional IT environments, there are already abundant attack cases demonstrating that unauthorized users have the capability to access and manipulate sensitive data from a protected network domain. Electric power grids have also heavily adopted information technology (IT) to perform real-time control, monitoring, and maintenance tasks. In 2015, a sophisticated cyber attack targeted Ukrainian's power grid causing wide area power outages. It highlights the importance of investment on cyber security against intruders. This paper provides a state-of-the-art survey of the most relevant cyber security studies in power systems. It reviews research that demonstrates cyber security risks and constructs solutions to enhance the security of a power grid. To achieve this goal, this paper covers: (1) a survey of the state-of-the-art smart grid technologies, (2) power industry practices and standards, (3) solutions that address cyber security issues, (4) a review of existing CPS testbeds for cyber security research, and (5) unsolved cyber security problems. Power grid cyber security research has been conducted at Washington State University (WSU) with a hardware-in-a-loop CPS testbed. A demonstration is provided to show how the proposed defense systems can be deployed to protect a power grid against cyber intruders.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Sun","given":"Chih-Che"},{"family":"Hahn","given":"Adam"},{"family":"Liu","given":"Chen-Ching"}],"citation-key":"sunCyberSecurityPower2018","container-title":"International Journal of Electrical Power \\& Energy Systems","container-title-short":"Int. J. Electr. Power Energy Syst.","DOI":"10.1016/j.ijepes.2017.12.020","event-place":"Oxford","ISSN":"0142-0615","issued":{"date-parts":[["2018"]]},"language":"English","note":"WOS:000430770600004","page":"45-56","publisher":"Elsevier Sci Ltd","publisher-place":"Oxford","source":"Web of Science Nextgen","title":"Cyber security of a power grid: State-of-the-art","title-short":"Cyber security of a power grid","type":"article-journal","URL":"http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&amp;SrcAuth=DOISource&amp;SrcApp=WOS&amp;KeyAID=10.1016%2Fj.ijepes.2017.12.020&amp;DestApp=DOI&amp;SrcAppSID=8COHllwH67CX3cigLe5&amp;SrcJTitle=INTERNATIONAL+JOURNAL+OF+ELECTRICAL+POWER+%26+ENERGY+SYSTEMS&amp;DestDOIRegistrantName=Elsevier","volume":"99"},{"id":"thieCoreMotionMonitoring1979","abstract":"Experimental methods for detecting types of motion within and surrounding reactor cores were employed, including the dominating influence of noise analysis techniques and the associated theoretical bases underlying these methods. Out of extensive tabulations of demonstrated applications, particular attention was given to specific methods for measuring core barrel motions, in-core instrument vibrations, steam void velocity, fuel motions, and control rod vibrations.\nSelected features of types of in-vessel motion monitoring programs found in commercial power reactors were noted along with their motivations. Advantages and disadvantages can be cited for specific techniques.","author":[{"family":"Thie","given":"Joseph A"}],"citation-key":"thieCoreMotionMonitoring1979","container-title":"Nuclear technology","DOI":"10.13182/NT79-A32283","ISSN":"0029-5450","issue":"1","issued":{"date-parts":[["1979"]]},"page":"5-45","publisher":"Taylor & Francis","title":"Core Motion Monitoring","type":"article-journal","volume":"45"},{"id":"pazsitDevelopmentsCorebarrelVibration1998","abstract":"Diagnostics of core-barrel motion, and notably that of beam mode vibrations, has been usually performed by two distinct concepts. One strategy is to perform a qualitative analysis in the time domain, using descriptors such as vibration trajectory, probability distributions etc. This approach is rather realistic in the sense that it allows for general anisotropic pendular vibrations. The other strategy is to use frequency analysis with the goal of quantifying certain vibration properties. However, this second approach could so far handle only isotropic and unidirectional vibrations. In this paper we propose a unification of these two approaches by introducing a model by which general anisotropic vibrations can be quantified in the frequency domain. However, when separating the noise components prior to the frequency analysis, we suggest the use of symmetry properties of the noise in the time domain, based on reactor physics assumptions, as opposed to the earlier methods that use statistical independence of the components. Due to the unified approach, a combination of time and frequency domain analysis methods can be used for presentation and maximum information extraction.","author":[{"family":"Pázsit","given":"I."},{"family":"Karlsson","given":"J."},{"family":"Garis","given":"N. S."}],"citation-key":"pazsitDevelopmentsCorebarrelVibration1998","container-title":"Annals of Nuclear Energy","DOI":"10.1016/s0306-4549(98)00012-7","ISSN":"03064549","issue":"13","issued":{"date-parts":[["1998"]]},"page":"1079-1093","section":"1079","title":"Some developments in core-barrel vibration diagnostics","type":"article-journal","volume":"25"},{"id":"pazsitNeutronNoiseDiagnostics2017b","abstract":"In the first two papers of this series, a complete algorithm was elaborated and tested for the diagnostics of vibrating control rods in pressurized water reactors (PWRs). Although the method was thoroughly tested in numerical experiments where even the effects of background noise were accounted for, the influence of the several approximations regarding the underlying neutron physical and mechanical model of the applicability of the method in real applications could not be properly estimated. In August 1985, in-core self-powered neutron detector spectra taken at Paks-2, a PWR in Hungary, indicated the presence of an excessively vibrating control rod. With these measured noise data as input, the previously reported localization algorithm was applied in its original form. The algorithm singled out one control rod out of the possible seven, and independent investigations performed before and during the subsequent refueling showed the correctness of the localization results. It is therefore concluded that, at least in this particular application, the approximations used in the model were allowable in a case of practical interest. The algorithm was developed further to facilitate the automatization and reliability of the localization procedure. These developments and the experiences in the application of the algorithm are reported in this paper.","author":[{"family":"Pázsit","given":"I."},{"family":"Glöckler","given":"O."}],"citation-key":"pazsitNeutronNoiseDiagnostics2017b","container-title":"Nuclear Science and Engineering","DOI":"10.13182/nse88-a23561","ISSN":"0029-5639 1943-748X","issue":"4","issued":{"date-parts":[["2017"]]},"page":"313-328","section":"313","title":"On the Neutron Noise Diagnostics of Pressurized Water Reactor Control Rod Vibrations. III. Application at a Power Plant","type":"article-journal","URL":"https://www.tandfonline.com/doi/abs/10.13182/NSE88-A23561","volume":"99"},{"id":"pazsitNeutronNoiseDiagnostics2017c","abstract":"A neutron noise-based technique for the localization of excessively vibrating control rods is elaborated upon in the previous three papers of this series. The method is based on the inversion of a formula that expresses the auto- and cross spectra of three neutron detector signals through the parameters of the vibrating rod, i.e., equilibrium position and displacement components. Successful tests of the algorithm with both simulated and real data were reported in the previous papers. The algorithm had nevertheless certain drawbacks, namely, that its use requires expert knowledge, the redundancy of extra detectors cannot be utilized, and with realistic transfer functions the calculations are rather lengthy. The use of neural networks offers an alternative way of performing the inversion procedure. This possibility was investigated by constructing a network that was trained to determine the rod position from the detector spectra. It was found that all shortcomings of the traditional localization method can be eliminated. The neural network-based identification was also tested with success.","author":[{"family":"Pázsit","given":"I."},{"family":"Garis","given":"N. S."},{"family":"Glöckler","given":"O."}],"citation-key":"pazsitNeutronNoiseDiagnostics2017c","container-title":"Nuclear Science and Engineering","DOI":"10.13182/nse96-a24232","ISSN":"0029-5639 1943-748X","issue":"1","issued":{"date-parts":[["2017"]]},"page":"167-177","section":"167","title":"On the Neutron Noise Diagnostics of Pressurized Water Reactor Control Rod Vibrations —IV: Application of Neural Networks","type":"article-journal","URL":"https://www.tandfonline.com/doi/abs/10.13182/NSE96-A24232","volume":"124"},{"id":"porReactorNoiseAnalysis1998","abstract":"This paper presents an introduction on different types of well selected noise diagnostic methods with their occurrence in WWER reactors with an analysis of their impact on operational safety and aging which affects the installations safety as well The main objective is to attract the attention of NPP management staff dealing with safety, safety culture, maintenance, operation and quality assurance proving that such methods can give benefit not only to economy but impact safety of nuclear installations","author":[{"family":"Por","given":"G."}],"citation-key":"porReactorNoiseAnalysis1998","event-place":"International Atomic Energy Agency (IAEA)","event-title":"On-line testing of nuclear plant temperature and pressure instrumentation and other critical plant equipment IAEA regional workshop Working material","issued":{"date-parts":[["1998"]]},"page":"609","publisher":"IAEA","publisher-place":"International Atomic Energy Agency (IAEA)","title":"Reactor noise analysis applications and systems in WWER-440 and WWER-1000 type PWRs","type":"paper-conference","URL":"http://inis.iaea.org/search/search.aspx?orig_q=RN:30002930"},{"id":"arzhanovLocalizationVibratingControl2000","author":[{"family":"Arzhanov","given":"Vasiliy"},{"family":"Pázsit","given":"Imre"},{"family":"Garis","given":"Ninos S."}],"citation-key":"arzhanovLocalizationVibratingControl2000","container-title":"Nuclear Technology","DOI":"10.13182/NT00-A3114","ISSN":"0029-5450","issue":"2","issued":{"date-parts":[["2000",8,1]]},"page":"239-251","section":"239","title":"Localization of a Vibrating Control Rod Pin in Pressurized Water Reactors Using the Neutron Flux and Current Noise","type":"article-journal","URL":"https://doi.org/10.13182/NT00-A3114 https://www.tandfonline.com/doi/abs/10.13182/NT00-A3114","volume":"131"},{"id":"dingSurveySecurityControl2018","abstract":"Cyber-physical systems (CPSs), which are an integration of computation, networking, and physical processes, play an increasingly important role in critical infrastructure, government and everyday life. Due to physical constraints, embedded computers and networks may give rise to some additional security vulnerabilities, which results in losses of enormous economy benefits or disorder of social life. As a result, it is of significant to properly investigate the security issue of CPSs to ensure that such systems are operating in a safe manner. This paper, from a control theory perspective, presents an overview of recent advances on security control and attack detection of industrial CPSs. First, the typical system modeling on CPSs is summarized to cater for the requirement of the performance analysis. Then three typical types of cyber-attacks, i.e. denial-of-service attacks, replay attacks, and deception attacks, are disclosed from an engineering perspective. Moreover, robustness, security and resilience as well as stability are discussed to govern the capability of weakening various attacks. The development on attack detection for industrial CPSs is reviewed according to the categories on detection approaches. Furthermore, the security control and state estimation are discussed in detail. Finally, some challenge issues are raised for the future research. (c) 2017 Elsevier B.V. All rights reserved.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Ding","given":"Derui"},{"family":"Han","given":"Qing-Long"},{"family":"Xiang","given":"Yang"},{"family":"Ge","given":"Xiaohua"},{"family":"Zhang","given":"Xian-Ming"}],"citation-key":"dingSurveySecurityControl2018","container-title":"Neurocomputing","container-title-short":"Neurocomputing","DOI":"10.1016/j.neucom.2017.10.009","event-place":"Amsterdam","ISSN":"0925-2312","issued":{"date-parts":[["2018",1,31]]},"language":"English","note":"WOS:000418370200157","page":"1674-1683","publisher":"Elsevier","publisher-place":"Amsterdam","source":"Web of Science Nextgen","title":"A survey on security control and attack detection for industrial cyber-physical systems","type":"article-journal","URL":"http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&amp;SrcAuth=DOISource&amp;SrcApp=WOS&amp;KeyAID=10.1016%2Fj.neucom.2017.10.009&amp;DestApp=DOI&amp;SrcAppSID=8COHllwH67CX3cigLe5&amp;SrcJTitle=NEUROCOMPUTING&amp;DestDOIRegistrantName=Elsevier","volume":"275"},{"id":"sridharCyberPhysicalSystemSecurity2012","abstract":"The development of a trustworthy smart grid requires a deeper understanding of potential impacts resulting from successful cyber attacks. Estimating feasible attack impact requires an evaluation of the grid's dependency on its cyber infrastructure and its ability to tolerate potential failures. A further exploration of the cyber-physical relationships within the smart grid and a specific review of possible attack vectors is necessary to determine the adequacy of cybersecurity efforts. This paper highlights the significance of cyber infrastructure security in conjunction with power application security to prevent, mitigate, and tolerate cyber attacks. A layered approach is introduced to evaluating risk based on the security of both the physical power applications and the supporting cyber infrastructure. A classification is presented to highlight dependencies between the cyber-physical controls required to support the smart grid and the communication and computations that must be protected from cyber attack. The paper then presents current research efforts aimed at enhancing the smart grid's application and infrastructure security. Finally, current challenges are identified to facilitate future research efforts.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Sridhar","given":"Siddharth"},{"family":"Hahn","given":"Adam"},{"family":"Govindarasu","given":"Manimaran"}],"citation-key":"sridharCyberPhysicalSystemSecurity2012","container-title":"Proceedings of the Ieee","container-title-short":"Proc. IEEE","DOI":"10.1109/JPROC.2011.2165269","event-place":"Piscataway","ISSN":"0018-9219","issue":"1","issued":{"date-parts":[["2012"]]},"language":"English","note":"WOS:000298326400016","page":"210-224","publisher":"Ieee-Inst Electrical Electronics Engineers Inc","publisher-place":"Piscataway","source":"Web of Science Nextgen","title":"Cyber-Physical System Security for the Electric Power Grid","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1?markedListId=CPS%20Security","volume":"100"},{"id":"singhDigitalTwinOrigin2021","abstract":"Digital Twin (DT) refers to the virtual copy or model of any physical entity (physical twin) both of which are interconnected via exchange of data in real time. Conceptually, a DT mimics the state of its physical twin in real time and vice versa. Application of DT includes real-time monitoring, designing/planning, optimization, maintenance, remote access, etc. Its implementation is expected to grow exponentially in the coming decades. The advent of Industry 4.0 has brought complex industrial systems that are more autonomous, smart, and highly interconnected. These systems generate considerable amounts of data useful for several applications such as improving performance, predictive maintenance, training, etc. A sudden influx in the number of publications related to 'Digital Twin' has led to confusion between different terminologies related to the digitalization of industries. Another problem that has arisen due to the growing popularity of DT is a lack of consensus on the description of DT as well as so many different types of DT, which adds to the confusion. This paper intends to consolidate the different types of DT and different definitions of DT throughout the literature for easy identification of DT from the rest of the complimentary terms such as 'product avatar', 'digital thread', 'digital model', and 'digital shadow'. The paper looks at the concept of DT since its inception to its predicted future to realize the value it can bring to certain sectors. Understanding the characteristics and types of DT while weighing its pros and cons is essential for any researcher, business, or sector before investing in the technology.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Singh","given":"Maulshree"},{"family":"Fuenmayor","given":"Evert"},{"family":"Hinchy","given":"Eoin P."},{"family":"Qiao","given":"Yuansong"},{"family":"Murray","given":"Niall"},{"family":"Devine","given":"Declan"}],"citation-key":"singhDigitalTwinOrigin2021","container-title":"Applied System Innovation","container-title-short":"Appl. Syst. Innov.","DOI":"10.3390/asi4020036","event-place":"Basel","issue":"2","issued":{"date-parts":[["2021",6]]},"language":"English","note":"WOS:000667262200001","page":"36","publisher":"Mdpi","publisher-place":"Basel","source":"Web of Science Nextgen","title":"Digital Twin: Origin to Future","title-short":"Digital Twin","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"4"},{"id":"saadImplementationIoTBasedDigital2020","abstract":"The increased rate of cyber-attacks on the power system necessitates the need for innovative solutions to ensure its resiliency. This work builds on the advancement in the IoT to provide a practical framework that is able to respond to multiple attacks on a network of interconnected microgrids. This paper provides an IoT-based digital twin (DT) of the cyber-physical system that interacts with the control system to ensure its proper operation. The IoT cloud provision of the energy cyber-physical and the DT are mathematically formulated. Unlike other cybersecurity frameworks in the literature, the proposed one can mitigate an individual as well as coordinated attacks. The framework is tested on a distributed control system and the security measures are implemented using cloud computing. The physical controllers are implemented using single-board computers. The practical results show that the proposed DT is able to mitigate the coordinated false data injection and the denial of service cyber-attacks.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Saad","given":"Ahmed"},{"family":"Faddel","given":"Samy"},{"family":"Youssef","given":"Tarek"},{"family":"Mohammed","given":"Osama A."}],"citation-key":"saadImplementationIoTBasedDigital2020","container-title":"Ieee Transactions on Smart Grid","container-title-short":"IEEE Trans. Smart Grid","DOI":"10.1109/TSG.2020.3000958","event-place":"Piscataway","ISSN":"1949-3053","issue":"6","issued":{"date-parts":[["2020",11]]},"language":"English","note":"WOS:000583560800048","page":"5138-5150","publisher":"Ieee-Inst Electrical Electronics Engineers Inc","publisher-place":"Piscataway","source":"Web of Science Nextgen","title":"On the Implementation of IoT-Based Digital Twin for Networked Microgrids Resiliency Against Cyber Attacks","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1?markedListId=List%202","volume":"11"},{"id":"nicholImprovedDenoisingDiffusion2021","abstract":"Denoising diffusion probabilistic models (DDPM) are a class of generative models which have recently been shown to produce excellent samples. We show that with a few simple modifications, DDPMs can also achieve competitive log-likelihoods while maintaining high sample quality. Additionally, we find that learning variances of the reverse diffusion process allows sampling with an order of magnitude fewer forward passes with a negligible difference in sample quality, which is important for the practical deployment of these models. We additionally use precision and recall to compare how well DDPMs and GANs cover the target distribution. Finally, we show that the sample quality and likelihood of these models scale smoothly with model capacity and training compute, making them easily scalable. We release our code at https://github.com/openai/improved-diffusion","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Nichol","given":"Alex"},{"family":"Dhariwal","given":"Prafulla"}],"citation-key":"nicholImprovedDenoisingDiffusion2021","DOI":"10.48550/arXiv.2102.09672","issued":{"date-parts":[["2021",2,18]]},"number":"arXiv:2102.09672","publisher":"arXiv","source":"arXiv.org","title":"Improved Denoising Diffusion Probabilistic Models","type":"article","URL":"http://arxiv.org/abs/2102.09672"},{"id":"carterCyberSecurityAssessment2017","abstract":"New distributed energy resource (DER) interconnection standards require communications and interoperability to provide grid operators greater flexibility for delivering voltage and frequency support. These communication channels are designed to allow utilities, aggregators, and other grid operators the ability to enable and configure various grid-support functions. However, these capabilities expand the power system cyber security attack surface and pose a significant risk to the resilience of the electric grid if controlled in aggregate. To advise the solar industry, grid operators, and government of the current risks and provide evidence-based recommendations to the community, Sandia performed cyber security assessments of a communications-enabled PV inverter and remote grid-monitoring gateway. The team found several well-designed security features but also some weaknesses. Based on these findings, recommendations are provided to improve the security features of DER devices.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Carter","given":"Cedric"},{"family":"Onunkwo","given":"Ifeoma"},{"family":"Cordeiro","given":"Patricia"},{"family":"Johnson","given":"Jay"}],"citation-key":"carterCyberSecurityAssessment2017","container-title":"2017 IEEE 44th Photovoltaic Specialist Conference (PVSC)","DOI":"10.1109/PVSC.2017.8366503","event-place":"Washington, DC","event-title":"2017 IEEE 44th Photovoltaic Specialists Conference (PVSC)","ISBN":"978-1-5090-5605-7","issued":{"date-parts":[["2017",6]]},"language":"en","page":"2135-2140","publisher":"IEEE","publisher-place":"Washington, DC","source":"DOI.org (Crossref)","title":"Cyber Security Assessment of Distributed Energy Resources","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/8366503/"},{"id":"ModelBasedSystemsEngineering","abstract":"All models are wrong, but some are useful. —George E. P. Box   Model-Based Systems Engineering MBSE is the application of modeling systems as a cost-effective way to explore and document system characteristics. By testing and validating system characteristics early, models facilitate timely learning of properties and behaviors, enabling fast feedback on requirements and design decisions. Models provide an efficient way to explore, update, and communicate system aspects to stakeholders while significantly reducing or eliminating dependence on traditional documents. MBSERead more","accessed":{"date-parts":[["2023",10,6]]},"citation-key":"ModelBasedSystemsEngineering","container-title":"Scaled Agile Framework","language":"en-US","title":"Model-Based Systems Engineering","type":"post-weblog","URL":"https://scaledagileframework.com/model-based-systems-engineering/"},{"id":"ModelBasedSystemsEngineeringa","abstract":"Manage system complexity, improve communication, and produce optimized systems with Model-Based System Engineering.","accessed":{"date-parts":[["2023",10,6]]},"citation-key":"ModelBasedSystemsEngineeringa","language":"en","title":"Model-Based Systems Engineering (MBSE)","type":"webpage","URL":"https://www.mathworks.com/solutions/model-based-systems-engineering.html"},{"id":"WhatModelBasedSystems","abstract":"See how organizations are using model-based solutions that enable them to manage complexity, collaborate and communicate, reduce costs, and get products to market more quickly.","accessed":{"date-parts":[["2023",10,6]]},"citation-key":"WhatModelBasedSystems","language":"en-US","title":"What is Model-Based Systems Engineering (MBSE)?","type":"webpage","URL":"https://www.ansys.com/blog/model-based-systems-engineering-explained"},{"id":"leibrandtGuideSystemsEngineering2002","accessed":{"date-parts":[["2023",10,6]]},"author":[{"family":"Leibrandt","given":"Rob"}],"citation-key":"leibrandtGuideSystemsEngineering2002","container-title":"INSIGHT","DOI":"10.1002/inst.2002517","ISSN":"2156485X","issue":"1","issued":{"date-parts":[["2002",4]]},"language":"en","page":"7-7","source":"DOI.org (Crossref)","title":"A Guide to the Systems Engineering Body of Knowledge (SEBoK) Introduction","type":"article-journal","URL":"https://onlinelibrary.wiley.com/doi/10.1002/inst.2002517","volume":"5"},{"id":"SEBoK","abstract":"The Guide to the Systems Engineering Body of Knowledge (SEBoK) is a living, authoritative guide of the Systems Engineering discipline.","accessed":{"date-parts":[["2023",10,6]]},"citation-key":"SEBoK","language":"en","title":"SEBoK","type":"webpage","URL":"https://sebokwiki.org/wiki/Guide_to_the_Systems_Engineering_Body_of_Knowledge_(SEBoK)"},{"id":"IntroductionModelBasedSystems2020","abstract":"Model-based systems engineering (MBSE) is a formalized methodology that is used to support the requirements, design, analysis, verification, and validation associated with the development of complex systems. In this blog post, I provide a brief introduction to MBSE.","accessed":{"date-parts":[["2023",10,6]]},"citation-key":"IntroductionModelBasedSystems2020","issued":{"date-parts":[["2020",12,21]]},"language":"en","title":"An Introduction to Model-Based Systems Engineering (MBSE)","type":"webpage","URL":"https://insights.sei.cmu.edu/blog/introduction-model-based-systems-engineering-mbse/"},{"id":"wrightUsingCyberInformedEngineering","author":[{"family":"Wright","given":"Virginia"},{"family":"Chanoski","given":"Sam"},{"family":"Turner","given":"Tony"},{"family":"Freeman","given":"Sarah"}],"citation-key":"wrightUsingCyberInformedEngineering","language":"en","source":"Zotero","title":"Using Cyber-Informed Engineering for Cyber Defense Workbook","type":"article-journal"},{"id":"rezendeVariationalInferenceNormalizing2016","abstract":"The choice of approximate posterior distribution is one of the core problems in variational inference. Most applications of variational inference employ simple families of posterior approximations in order to allow for efficient inference, focusing on mean-field or other simple structured approximations. This restriction has a significant impact on the quality of inferences made using variational methods. We introduce a new approach for specifying flexible, arbitrarily complex and scalable approximate posterior distributions. Our approximations are distributions constructed through a normalizing flow, whereby a simple initial density is transformed into a more complex one by applying a sequence of invertible transformations until a desired level of complexity is attained. We use this view of normalizing flows to develop categories of finite and infinitesimal flows and provide a unified view of approaches for constructing rich posterior approximations. We demonstrate that the theoretical advantages of having posteriors that better match the true posterior, combined with the scalability of amortized variational approaches, provides a clear improvement in performance and applicability of variational inference.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Rezende","given":"Danilo Jimenez"},{"family":"Mohamed","given":"Shakir"}],"citation-key":"rezendeVariationalInferenceNormalizing2016","DOI":"10.48550/arXiv.1505.05770","issued":{"date-parts":[["2016",6,14]]},"number":"arXiv:1505.05770","publisher":"arXiv","source":"arXiv.org","title":"Variational Inference with Normalizing Flows","type":"article","URL":"http://arxiv.org/abs/1505.05770"},{"id":"rifaiContractiveAutoEncodersExplicit","abstract":"We present in this paper a novel approach for training deterministic auto-encoders. We show that by adding a well chosen penalty term to the classical reconstruction cost function, we can achieve results that equal or surpass those attained by other regularized autoencoders as well as denoising auto-encoders on a range of datasets. This penalty term corresponds to the Frobenius norm of the Jacobian matrix of the encoder activations with respect to the input. We show that this penalty term results in a localized space contraction which in turn yields robust features on the activation layer. Furthermore, we show how this penalty term is related to both regularized auto-encoders and denoising auto-encoders and how it can be seen as a link between deterministic and non-deterministic auto-encoders. We ﬁnd empirically that this penalty helps to carve a representation that better captures the local directions of variation dictated by the data, corresponding to a lower-dimensional non-linear manifold, while being more invariant to the vast majority of directions orthogonal to the manifold. Finally, we show that by using the learned features to initialize a MLP, we achieve state of the art classiﬁcation error on a range of datasets, surpassing other methods of pretraining.","author":[{"family":"Rifai","given":"Salah"},{"family":"Vincent","given":"Pascal"},{"family":"Muller","given":"Xavier"},{"family":"Glorot","given":"Xavier"},{"family":"Bengio","given":"Yoshua"}],"citation-key":"rifaiContractiveAutoEncodersExplicit","language":"en","source":"Zotero","title":"Contractive Auto-Encoders: Explicit Invariance During Feature Extraction","type":"article-journal"},{"id":"kingmaAutoEncodingVariationalBayes2022","abstract":"How can we perform efficient inference and learning in directed probabilistic models, in the presence of continuous latent variables with intractable posterior distributions, and large datasets? We introduce a stochastic variational inference and learning algorithm that scales to large datasets and, under some mild differentiability conditions, even works in the intractable case. Our contributions are two-fold. First, we show that a reparameterization of the variational lower bound yields a lower bound estimator that can be straightforwardly optimized using standard stochastic gradient methods. Second, we show that for i.i.d. datasets with continuous latent variables per datapoint, posterior inference can be made especially efficient by fitting an approximate inference model (also called a recognition model) to the intractable posterior using the proposed lower bound estimator. Theoretical advantages are reflected in experimental results.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Kingma","given":"Diederik P."},{"family":"Welling","given":"Max"}],"citation-key":"kingmaAutoEncodingVariationalBayes2022","DOI":"10.48550/arXiv.1312.6114","issued":{"date-parts":[["2022",12,10]]},"number":"arXiv:1312.6114","publisher":"arXiv","source":"arXiv.org","title":"Auto-Encoding Variational Bayes","type":"article","URL":"http://arxiv.org/abs/1312.6114"},{"id":"goodfellowGenerativeAdversarialNetworks2014","abstract":"We propose a new framework for estimating generative models via an adversarial process, in which we simultaneously train two models: a generative model G that captures the data distribution, and a discriminative model D that estimates the probability that a sample came from the training data rather than G. The training procedure for G is to maximize the probability of D making a mistake. This framework corresponds to a minimax two-player game. In the space of arbitrary functions G and D, a unique solution exists, with G recovering the training data distribution and D equal to 1/2 everywhere. In the case where G and D are defined by multilayer perceptrons, the entire system can be trained with backpropagation. There is no need for any Markov chains or unrolled approximate inference networks during either training or generation of samples. Experiments demonstrate the potential of the framework through qualitative and quantitative evaluation of the generated samples.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Goodfellow","given":"Ian J."},{"family":"Pouget-Abadie","given":"Jean"},{"family":"Mirza","given":"Mehdi"},{"family":"Xu","given":"Bing"},{"family":"Warde-Farley","given":"David"},{"family":"Ozair","given":"Sherjil"},{"family":"Courville","given":"Aaron"},{"family":"Bengio","given":"Yoshua"}],"citation-key":"goodfellowGenerativeAdversarialNetworks2014","issued":{"date-parts":[["2014",6,10]]},"language":"en","number":"arXiv:1406.2661","publisher":"arXiv","source":"arXiv.org","title":"Generative Adversarial Networks","type":"article","URL":"http://arxiv.org/abs/1406.2661"},{"id":"rombachHighResolutionImageSynthesis2022","abstract":"By decomposing the image formation process into a sequential application of denoising autoencoders, diffusion models (DMs) achieve state-of-the-art synthesis results on image data and beyond. Additionally, their formulation allows for a guiding mechanism to control the image generation process without retraining. However, since these models typically operate directly in pixel space, optimization of powerful DMs often consumes hundreds of GPU days and inference is expensive due to sequential evaluations. To enable DM training on limited computational resources while retaining their quality and flexibility, we apply them in the latent space of powerful pretrained autoencoders. In contrast to previous work, training diffusion models on such a representation allows for the first time to reach a near-optimal point between complexity reduction and detail preservation, greatly boosting visual fidelity. By introducing cross-attention layers into the model architecture, we turn diffusion models into powerful and flexible generators for general conditioning inputs such as text or bounding boxes and high-resolution synthesis becomes possible in a convolutional manner. Our latent diffusion models (LDMs) achieve a new state of the art for image inpainting and highly competitive performance on various tasks, including unconditional image generation, semantic scene synthesis, and super-resolution, while significantly reducing computational requirements compared to pixel-based DMs. Code is available at https://github.com/CompVis/latent-diffusion .","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Rombach","given":"Robin"},{"family":"Blattmann","given":"Andreas"},{"family":"Lorenz","given":"Dominik"},{"family":"Esser","given":"Patrick"},{"family":"Ommer","given":"Björn"}],"citation-key":"rombachHighResolutionImageSynthesis2022","DOI":"10.48550/arXiv.2112.10752","issued":{"date-parts":[["2022",4,13]]},"number":"arXiv:2112.10752","publisher":"arXiv","source":"arXiv.org","title":"High-Resolution Image Synthesis with Latent Diffusion Models","type":"article","URL":"http://arxiv.org/abs/2112.10752"},{"id":"sahariaPhotorealisticTexttoImageDiffusion2022","abstract":"We present Imagen, a text-to-image diffusion model with an unprecedented degree of photorealism and a deep level of language understanding. Imagen builds on the power of large transformer language models in understanding text and hinges on the strength of diffusion models in high-fidelity image generation. Our key discovery is that generic large language models (e.g. T5), pretrained on text-only corpora, are surprisingly effective at encoding text for image synthesis: increasing the size of the language model in Imagen boosts both sample fidelity and image-text alignment much more than increasing the size of the image diffusion model. Imagen achieves a new state-of-the-art FID score of 7.27 on the COCO dataset, without ever training on COCO, and human raters find Imagen samples to be on par with the COCO data itself in image-text alignment. To assess text-to-image models in greater depth, we introduce DrawBench, a comprehensive and challenging benchmark for text-to-image models. With DrawBench, we compare Imagen with recent methods including VQ-GAN+CLIP, Latent Diffusion Models, and DALL-E 2, and find that human raters prefer Imagen over other models in side-by-side comparisons, both in terms of sample quality and image-text alignment. See https://imagen.research.google/ for an overview of the results.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Saharia","given":"Chitwan"},{"family":"Chan","given":"William"},{"family":"Saxena","given":"Saurabh"},{"family":"Li","given":"Lala"},{"family":"Whang","given":"Jay"},{"family":"Denton","given":"Emily"},{"family":"Ghasemipour","given":"Seyed Kamyar Seyed"},{"family":"Ayan","given":"Burcu Karagol"},{"family":"Mahdavi","given":"S. Sara"},{"family":"Lopes","given":"Rapha Gontijo"},{"family":"Salimans","given":"Tim"},{"family":"Ho","given":"Jonathan"},{"family":"Fleet","given":"David J."},{"family":"Norouzi","given":"Mohammad"}],"citation-key":"sahariaPhotorealisticTexttoImageDiffusion2022","DOI":"10.48550/arXiv.2205.11487","issued":{"date-parts":[["2022",5,23]]},"number":"arXiv:2205.11487","publisher":"arXiv","source":"arXiv.org","title":"Photorealistic Text-to-Image Diffusion Models with Deep Language Understanding","type":"article","URL":"http://arxiv.org/abs/2205.11487"},{"id":"rameshHierarchicalTextConditionalImage2022","abstract":"Contrastive models like CLIP have been shown to learn robust representations of images that capture both semantics and style. To leverage these representations for image generation, we propose a two-stage model: a prior that generates a CLIP image embedding given a text caption, and a decoder that generates an image conditioned on the image embedding. We show that explicitly generating image representations improves image diversity with minimal loss in photorealism and caption similarity. Our decoders conditioned on image representations can also produce variations of an image that preserve both its semantics and style, while varying the non-essential details absent from the image representation. Moreover, the joint embedding space of CLIP enables language-guided image manipulations in a zero-shot fashion. We use diffusion models for the decoder and experiment with both autoregressive and diffusion models for the prior, finding that the latter are computationally more efficient and produce higher-quality samples.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Ramesh","given":"Aditya"},{"family":"Dhariwal","given":"Prafulla"},{"family":"Nichol","given":"Alex"},{"family":"Chu","given":"Casey"},{"family":"Chen","given":"Mark"}],"citation-key":"rameshHierarchicalTextConditionalImage2022","DOI":"10.48550/arXiv.2204.06125","issued":{"date-parts":[["2022",4,12]]},"number":"arXiv:2204.06125","publisher":"arXiv","source":"arXiv.org","title":"Hierarchical Text-Conditional Image Generation with CLIP Latents","type":"article","URL":"http://arxiv.org/abs/2204.06125"},{"id":"hoCascadedDiffusionModels2021","abstract":"We show that cascaded diffusion models are capable of generating high fidelity images on the class-conditional ImageNet generation benchmark, without any assistance from auxiliary image classifiers to boost sample quality. A cascaded diffusion model comprises a pipeline of multiple diffusion models that generate images of increasing resolution, beginning with a standard diffusion model at the lowest resolution, followed by one or more super-resolution diffusion models that successively upsample the image and add higher resolution details. We find that the sample quality of a cascading pipeline relies crucially on conditioning augmentation, our proposed method of data augmentation of the lower resolution conditioning inputs to the super-resolution models. Our experiments show that conditioning augmentation prevents compounding error during sampling in a cascaded model, helping us to train cascading pipelines achieving FID scores of 1.48 at 64x64, 3.52 at 128x128 and 4.88 at 256x256 resolutions, outperforming BigGAN-deep, and classification accuracy scores of 63.02% (top-1) and 84.06% (top-5) at 256x256, outperforming VQ-VAE-2.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Ho","given":"Jonathan"},{"family":"Saharia","given":"Chitwan"},{"family":"Chan","given":"William"},{"family":"Fleet","given":"David J."},{"family":"Norouzi","given":"Mohammad"},{"family":"Salimans","given":"Tim"}],"citation-key":"hoCascadedDiffusionModels2021","DOI":"10.48550/arXiv.2106.15282","issued":{"date-parts":[["2021",12,17]]},"number":"arXiv:2106.15282","publisher":"arXiv","source":"arXiv.org","title":"Cascaded Diffusion Models for High Fidelity Image Generation","type":"article","URL":"http://arxiv.org/abs/2106.15282"},{"id":"nicholGLIDEPhotorealisticImage2022","abstract":"Diffusion models have recently been shown to generate high-quality synthetic images, especially when paired with a guidance technique to trade off diversity for fidelity. We explore diffusion models for the problem of text-conditional image synthesis and compare two different guidance strategies: CLIP guidance and classifier-free guidance. We find that the latter is preferred by human evaluators for both photorealism and caption similarity, and often produces photorealistic samples. Samples from a 3.5 billion parameter text-conditional diffusion model using classifier-free guidance are favored by human evaluators to those from DALL-E, even when the latter uses expensive CLIP reranking. Additionally, we find that our models can be fine-tuned to perform image inpainting, enabling powerful text-driven image editing. We train a smaller model on a filtered dataset and release the code and weights at https://github.com/openai/glide-text2im.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Nichol","given":"Alex"},{"family":"Dhariwal","given":"Prafulla"},{"family":"Ramesh","given":"Aditya"},{"family":"Shyam","given":"Pranav"},{"family":"Mishkin","given":"Pamela"},{"family":"McGrew","given":"Bob"},{"family":"Sutskever","given":"Ilya"},{"family":"Chen","given":"Mark"}],"citation-key":"nicholGLIDEPhotorealisticImage2022","DOI":"10.48550/arXiv.2112.10741","issued":{"date-parts":[["2022",3,8]]},"number":"arXiv:2112.10741","publisher":"arXiv","source":"arXiv.org","title":"GLIDE: Towards Photorealistic Image Generation and Editing with Text-Guided Diffusion Models","title-short":"GLIDE","type":"article","URL":"http://arxiv.org/abs/2112.10741"},{"id":"songScoreBasedGenerativeModeling2020","abstract":"Creating noise from data is easy; creating data from noise is generative modeling. We present a stochastic differential equation (SDE) that smoothly transforms a complex data distribution to a known prior distribution by slowly injecting noise, and a corresponding reverse-time SDE that transforms the prior distribution back into the data distribution by slowly removing the noise. Crucially, the reverse-time SDE depends only on the time-dependent gradient field (a.k.a., score) of the perturbed data distribution. By leveraging advances in score-based generative modeling, we can accurately estimate these scores with neural networks, and use numerical SDE solvers to generate samples. We show that this framework encapsulates previous approaches in score-based generative modeling and diffusion probabilistic modeling, allowing for new sampling procedures and new modeling capabilities. In particular, we introduce a predictor-corrector framework to correct errors in the evolution of the discretized reverse-time SDE. We also derive an equivalent neural ODE that samples from the same distribution as the SDE, but additionally enables exact likelihood computation, and improved sampling efficiency. In addition, we provide a new way to solve inverse problems with score-based models, as demonstrated with experiments on class-conditional generation, image inpainting, and colorization. Combined with multiple architectural improvements, we achieve record-breaking performance for unconditional image generation on CIFAR-10 with an Inception score of 9.89 and FID of 2.20, a competitive likelihood of 2.99 bits/dim, and demonstrate high fidelity generation of $1024\\times 1024$ images for the first time from a score-based generative model.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Song","given":"Yang"},{"family":"Sohl-Dickstein","given":"Jascha"},{"family":"Kingma","given":"Diederik P."},{"family":"Kumar","given":"Abhishek"},{"family":"Ermon","given":"Stefano"},{"family":"Poole","given":"Ben"}],"citation-key":"songScoreBasedGenerativeModeling2020","event-title":"International Conference on Learning Representations","issued":{"date-parts":[["2020",10,2]]},"language":"en","source":"openreview.net","title":"Score-Based Generative Modeling through Stochastic Differential Equations","type":"paper-conference","URL":"https://openreview.net/forum?id=PxTIG12RRHS"},{"id":"hoClassifierFreeDiffusionGuidance2022","abstract":"Classifier guidance is a recently introduced method to trade off mode coverage and sample fidelity in conditional diffusion models post training, in the same spirit as low temperature sampling or truncation in other types of generative models. Classifier guidance combines the score estimate of a diffusion model with the gradient of an image classifier and thereby requires training an image classifier separate from the diffusion model. It also raises the question of whether guidance can be performed without a classifier. We show that guidance can be indeed performed by a pure generative model without such a classifier: in what we call classifier-free guidance, we jointly train a conditional and an unconditional diffusion model, and we combine the resulting conditional and unconditional score estimates to attain a trade-off between sample quality and diversity similar to that obtained using classifier guidance.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Ho","given":"Jonathan"},{"family":"Salimans","given":"Tim"}],"citation-key":"hoClassifierFreeDiffusionGuidance2022","DOI":"10.48550/arXiv.2207.12598","issued":{"date-parts":[["2022",7,25]]},"number":"arXiv:2207.12598","publisher":"arXiv","source":"arXiv.org","title":"Classifier-Free Diffusion Guidance","type":"article","URL":"http://arxiv.org/abs/2207.12598"},{"id":"dhariwalDiffusionModelsBeat2021","abstract":"We show that diffusion models can achieve image sample quality superior to the current state-of-the-art generative models. We achieve this on unconditional image synthesis by finding a better architecture through a series of ablations. For conditional image synthesis, we further improve sample quality with classifier guidance: a simple, compute-efficient method for trading off diversity for fidelity using gradients from a classifier. We achieve an FID of 2.97 on ImageNet 128$\\times$128, 4.59 on ImageNet 256$\\times$256, and 7.72 on ImageNet 512$\\times$512, and we match BigGAN-deep even with as few as 25 forward passes per sample, all while maintaining better coverage of the distribution. Finally, we find that classifier guidance combines well with upsampling diffusion models, further improving FID to 3.94 on ImageNet 256$\\times$256 and 3.85 on ImageNet 512$\\times$512. We release our code at https://github.com/openai/guided-diffusion","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Dhariwal","given":"Prafulla"},{"family":"Nichol","given":"Alex"}],"citation-key":"dhariwalDiffusionModelsBeat2021","DOI":"10.48550/arXiv.2105.05233","issued":{"date-parts":[["2021",6,1]]},"number":"arXiv:2105.05233","publisher":"arXiv","source":"arXiv.org","title":"Diffusion Models Beat GANs on Image Synthesis","type":"article","URL":"http://arxiv.org/abs/2105.05233"},{"id":"songDenoisingDiffusionImplicit2022","abstract":"Denoising diffusion probabilistic models (DDPMs) have achieved high quality image generation without adversarial training, yet they require simulating a Markov chain for many steps to produce a sample. To accelerate sampling, we present denoising diffusion implicit models (DDIMs), a more efficient class of iterative implicit probabilistic models with the same training procedure as DDPMs. In DDPMs, the generative process is defined as the reverse of a Markovian diffusion process. We construct a class of non-Markovian diffusion processes that lead to the same training objective, but whose reverse process can be much faster to sample from. We empirically demonstrate that DDIMs can produce high quality samples $10 \\times$ to $50 \\times$ faster in terms of wall-clock time compared to DDPMs, allow us to trade off computation for sample quality, and can perform semantically meaningful image interpolation directly in the latent space.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Song","given":"Jiaming"},{"family":"Meng","given":"Chenlin"},{"family":"Ermon","given":"Stefano"}],"citation-key":"songDenoisingDiffusionImplicit2022","DOI":"10.48550/arXiv.2010.02502","issued":{"date-parts":[["2022",10,5]]},"number":"arXiv:2010.02502","publisher":"arXiv","source":"arXiv.org","title":"Denoising Diffusion Implicit Models","type":"article","URL":"http://arxiv.org/abs/2010.02502"},{"id":"songImprovedTechniquesTraining2020","abstract":"Score-based generative models can produce high quality image samples comparable to GANs, without requiring adversarial optimization. However, existing training procedures are limited to images of low resolution (typically below 32x32), and can be unstable under some settings. We provide a new theoretical analysis of learning and sampling from score models in high dimensional spaces, explaining existing failure modes and motivating new solutions that generalize across datasets. To enhance stability, we also propose to maintain an exponential moving average of model weights. With these improvements, we can effortlessly scale score-based generative models to images with unprecedented resolutions ranging from 64x64 to 256x256. Our score-based models can generate high-fidelity samples that rival best-in-class GANs on various image datasets, including CelebA, FFHQ, and multiple LSUN categories.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Song","given":"Yang"},{"family":"Ermon","given":"Stefano"}],"citation-key":"songImprovedTechniquesTraining2020","DOI":"10.48550/arXiv.2006.09011","issued":{"date-parts":[["2020",10,23]]},"number":"arXiv:2006.09011","publisher":"arXiv","source":"arXiv.org","title":"Improved Techniques for Training Score-Based Generative Models","type":"article","URL":"http://arxiv.org/abs/2006.09011"},{"id":"songGenerativeModelingEstimating2020","abstract":"We introduce a new generative model where samples are produced via Langevin dynamics using gradients of the data distribution estimated with score matching. Because gradients can be ill-defined and hard to estimate when the data resides on low-dimensional manifolds, we perturb the data with different levels of Gaussian noise, and jointly estimate the corresponding scores, i.e., the vector fields of gradients of the perturbed data distribution for all noise levels. For sampling, we propose an annealed Langevin dynamics where we use gradients corresponding to gradually decreasing noise levels as the sampling process gets closer to the data manifold. Our framework allows flexible model architectures, requires no sampling during training or the use of adversarial methods, and provides a learning objective that can be used for principled model comparisons. Our models produce samples comparable to GANs on MNIST, CelebA and CIFAR-10 datasets, achieving a new state-of-the-art inception score of 8.87 on CIFAR-10. Additionally, we demonstrate that our models learn effective representations via image inpainting experiments.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Song","given":"Yang"},{"family":"Ermon","given":"Stefano"}],"citation-key":"songGenerativeModelingEstimating2020","DOI":"10.48550/arXiv.1907.05600","issued":{"date-parts":[["2020",10,10]]},"number":"arXiv:1907.05600","publisher":"arXiv","source":"arXiv.org","title":"Generative Modeling by Estimating Gradients of the Data Distribution","type":"article","URL":"http://arxiv.org/abs/1907.05600"},{"id":"sohl-dicksteinDeepUnsupervisedLearning2015","abstract":"A central problem in machine learning involves modeling complex data-sets using highly flexible families of probability distributions in which learning, sampling, inference, and evaluation are still analytically or computationally tractable. Here, we develop an approach that simultaneously achieves both flexibility and tractability. The essential idea, inspired by non-equilibrium statistical physics, is to systematically and slowly destroy structure in a data distribution through an iterative forward diffusion process. We then learn a reverse diffusion process that restores structure in data, yielding a highly flexible and tractable generative model of the data. This approach allows us to rapidly learn, sample from, and evaluate probabilities in deep generative models with thousands of layers or time steps, as well as to compute conditional and posterior probabilities under the learned model. We additionally release an open source reference implementation of the algorithm.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Sohl-Dickstein","given":"Jascha"},{"family":"Weiss","given":"Eric A."},{"family":"Maheswaranathan","given":"Niru"},{"family":"Ganguli","given":"Surya"}],"citation-key":"sohl-dicksteinDeepUnsupervisedLearning2015","DOI":"10.48550/arXiv.1503.03585","issued":{"date-parts":[["2015",11,18]]},"number":"arXiv:1503.03585","publisher":"arXiv","source":"arXiv.org","title":"Deep Unsupervised Learning using Nonequilibrium Thermodynamics","type":"article","URL":"http://arxiv.org/abs/1503.03585"},{"id":"duLearningUniversalPolicies2023","abstract":"A goal of artificial intelligence is to construct an agent that can solve a wide variety of tasks. Recent progress in text-guided image synthesis has yielded models with an impressive ability to generate complex novel images, exhibiting combinatorial generalization across domains. Motivated by this success, we investigate whether such tools can be used to construct more general-purpose agents. Specifically, we cast the sequential decision making problem as a text-conditioned video generation problem, where, given a text-encoded specification of a desired goal, a planner synthesizes a set of future frames depicting its planned actions in the future, after which control actions are extracted from the generated video. By leveraging text as the underlying goal specification, we are able to naturally and combinatorially generalize to novel goals. The proposed policy-as-video formulation can further represent environments with different state and action spaces in a unified space of images, which, for example, enables learning and generalization across a variety of robot manipulation tasks. Finally, by leveraging pretrained language embeddings and widely available videos from the internet, the approach enables knowledge transfer through predicting highly realistic video plans for real robots.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Du","given":"Yilun"},{"family":"Yang","given":"Mengjiao"},{"family":"Dai","given":"Bo"},{"family":"Dai","given":"Hanjun"},{"family":"Nachum","given":"Ofir"},{"family":"Tenenbaum","given":"Joshua B."},{"family":"Schuurmans","given":"Dale"},{"family":"Abbeel","given":"Pieter"}],"citation-key":"duLearningUniversalPolicies2023","issued":{"date-parts":[["2023",2,1]]},"language":"en","number":"arXiv:2302.00111","publisher":"arXiv","source":"arXiv.org","title":"Learning Universal Policies via Text-Guided Video Generation","type":"article","URL":"http://arxiv.org/abs/2302.00111"},{"id":"yimSEDiffusionModel2023","abstract":"The design of novel protein structures remains a challenge in protein engineering for applications across biomedicine and chemistry. In this line of work, a diffusion model over rigid bodies in 3D (referred to as frames) has shown success in generating novel, functional protein backbones that have not been observed in nature. However, there exists no principled methodological framework for diffusion on SE(3), the space of orientation preserving rigid motions in R3, that operates on frames and confers the group invariance. We address these shortcomings by developing theoretical foundations of SE(3) invariant diffusion models on multiple frames followed by a novel framework, FrameDiff, for learning the SE(3) equivariant score over multiple frames. We apply FrameDiff on monomer backbone generation and find it can generate designable monomers up to 500 amino acids without relying on a pretrained protein structure prediction network that has been integral to previous methods. We find our samples are capable of generalizing beyond any known protein structure.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Yim","given":"Jason"},{"family":"Trippe","given":"Brian L."},{"family":"De Bortoli","given":"Valentin"},{"family":"Mathieu","given":"Emile"},{"family":"Doucet","given":"Arnaud"},{"family":"Barzilay","given":"Regina"},{"family":"Jaakkola","given":"Tommi"}],"citation-key":"yimSEDiffusionModel2023","issued":{"date-parts":[["2023",5,22]]},"language":"en","number":"arXiv:2302.02277","publisher":"arXiv","source":"arXiv.org","title":"SE(3) diffusion model with application to protein backbone generation","type":"article","URL":"http://arxiv.org/abs/2302.02277"},{"id":"levesonSTPAHandbook","author":[{"family":"Leveson","given":"Nancy"},{"family":"Thomas","given":"John"}],"citation-key":"levesonSTPAHandbook","language":"en","source":"Zotero","title":"STPA Handbook","type":"book"},{"id":"CfE","citation-key":"CfE","issued":{"literal":"Date accessed 11/2021"},"title":"Center for Energy","type":"document","URL":"https://cfe.pitt.edu"},{"id":"kwasinskiConceptualFrameworkAssessing2016","accessed":{"date-parts":[["2022",3,25]]},"author":[{"family":"Kwasinski","given":"Alexis"},{"family":"Trainor","given":"Joseph"},{"family":"Wolshon","given":"Brian"},{"family":"Lavelle","given":"Francis M."}],"citation-key":"kwasinskiConceptualFrameworkAssessing2016","DOI":"10.6028/NIST.GCR.16-001","issued":{"date-parts":[["2016",1]]},"language":"en","number":"NIST GCR 16-001","page":"NIST GCR 16-001","publisher":"National Institute of Standards and Technology","source":"DOI.org (Crossref)","title":"A Conceptual Framework for Assessing Resilience at the Community Scale","type":"report","URL":"https://nvlpubs.nist.gov/nistpubs/gcr/2016/NIST.GCR.16-001.pdf"},{"id":"kwasinskiModelingCyberPhysicalIntraDependencies2020","abstract":"This paper studies the modeling of cyber-physical dependencies observed within power grids and the effects of these intra-dependencies, on power grid resilience, which is evaluated quantitatively. A fundamental contribution of this paper is the description of the critically important role played by cyber-physical buffers as key components to limit the negative effect of intra-dependencies on power grids resilience. Although resilience issues in the electric power provision service could be limited thanks to the use of local energy storage devices as the realization of service buffers, minimal to no autonomy in data connectivity buffers make cyber vulnerabilities specially critical in terms of resilience. This paper also explains how these models can be used for improved power grids resilience planning considering internal cyber-physical interactions.","author":[{"family":"Kwasinski","given":"Alexis"}],"citation-key":"kwasinskiModelingCyberPhysicalIntraDependencies2020","container-title":"2020 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems","DOI":"10.1109/MSCPES49613.2020.9133702","event-title":"2020 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems","issued":{"date-parts":[["2020",4]]},"page":"1-6","source":"IEEE Xplore","title":"Modeling of Cyber-Physical Intra-Dependencies in Electric Power Grids and Their Effect on Resilience","type":"paper-conference"},{"id":"olivares-rojasCybersecuritySmartGrid2021","abstract":"The proliferation of cyber-physical systems is bringing with it the growing need to link these systems with virtual environments. Particularly in the smart grid, the high costs of some devices and especially the imminent need to not be able to manipulate these devices in production environments make necessary mechanisms that allow the manipulation of these physical objects in virtual environments; this has been called a digital twin. On the other hand, cyberattacks are growing in all cyber-physical systems, and in the smart grid, cybersecurity is essential due to the smart grid is a critical infrastructure. This work shows a small implementation of a digital twin system for smart metering systems in a smart home environment for testing cybersecurity issues. The results show that the use of digital twins is feasible in various contexts of the smart grid in particularly in cybersecurity testing.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Olivares-Rojas","given":"Juan C."},{"family":"Reyes-Archundia","given":"Enrique"},{"family":"Gutierrez-Gnecchi","given":"Jose A."},{"family":"Molina-Moreno","given":"Ismael"},{"family":"Cerda-Jacobo","given":"Jaime"},{"family":"Mendez-Patino","given":"Arturo"}],"citation-key":"olivares-rojasCybersecuritySmartGrid2021","container-title":"IEEE Internet Computing","container-title-short":"IEEE Internet Comput.","DOI":"10.1109/MIC.2021.3063674","ISSN":"1089-7801, 1941-0131","issued":{"date-parts":[["2021"]]},"language":"en","page":"1-1","source":"DOI.org (Crossref)","title":"Towards Cybersecurity of the Smart Grid using Digital Twins","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9368968/"},{"id":"hancockIncorporationThermalHydraulic2021","abstract":"This report describes the development, modeling, and results of a generic pressurized water reactor power plant simulator that incorporates coupled electrical and thermal power dispatch to an industrial process located approximately one kilometer from the nuclear power plant. The simulator is a commercial PWR simulator that has been modified to include thermal power dispatch as described in past milestone reports [ , ]. The commercial PWR simulator is a generic simulator available from GSE SYSTEMS® (Sykesville, MD, USA) that is built using RELAP5-HDTM Real-Time Solution and in-house software developed by GSE Systems. This generic PWR (GPWR) simulator performs real-time simulation of the complete power plant from the reactor neutronics to the electricity generation and distribution. All primary, secondary, and auxiliary systems are modeled including all control logic in order to provide the most accurate representation of actual nuclear power plant (NPP) operation, and the simulator results have been rigorously verified by an actual NPP operating at approximately 1 GWe. This report is a continuation of worked performed in previous years, and supplemental information from previous reports is included in the appendix for reference.","accessed":{"date-parts":[["2022",3,30]]},"author":[{"family":"Hancock","given":"Stephen G."},{"family":"Westover","given":"Tyler L."},{"family":"Luo","given":"Yusheng"}],"citation-key":"hancockIncorporationThermalHydraulic2021","issued":{"date-parts":[["2021",7,31]]},"language":"English","number":"INL/EXT-21-63226-Rev000","publisher":"Idaho National Lab. (INL), Idaho Falls, ID (United States)","source":"www.osti.gov","title":"Incorporation of Thermal Hydraulic Models for Thermal Power Dispatch into a PWR Power Plant Simulator","type":"report","URL":"https://www.osti.gov/biblio/1835110"},{"id":"GetAheadCyberattacks","accessed":{"date-parts":[["2022",4,2]]},"citation-key":"GetAheadCyberattacks","title":"Get Ahead of Cyberattacks with Digital Twins | Accenture","type":"webpage","URL":"https://www.accenture.com/us-en/blogs/technology-innovation/klein-engelberg-get-ahead-of-cyberattacks-with-digital-twins"},{"id":"szekeresSoKEternalWar2013","abstract":"Memory corruption bugs in software written in low-level languages like C or C++ are one of the oldest problems in computer security. The lack of safety in these languages allows attackers to alter the program's behavior or take full control over it by hijacking its control flow. This problem has existed for more than 30 years and a vast number of potential solutions have been proposed, yet memory corruption attacks continue to pose a serious threat. Real world exploits show that all currently deployed protections can be defeated. This paper sheds light on the primary reasons for this by describing attacks that succeed on today's systems. We systematize the current knowledge about various protection techniques by setting up a general model for memory corruption attacks. Using this model we show what policies can stop which attacks. The model identifies weaknesses of currently deployed techniques, as well as other proposed protections enforcing stricter policies. We analyze the reasons why protection mechanisms implementing stricter polices are not deployed. To achieve wide adoption, protection mechanisms must support a multitude of features and must satisfy a host of requirements. Especially important is performance, as experience shows that only solutions whose overhead is in reasonable bounds get deployed. A comparison of different enforceable policies helps designers of new protection mechanisms in finding the balance between effectiveness (security) and efficiency. We identify some open research problems, and provide suggestions on improving the adoption of newer techniques.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Szekeres","given":"László"},{"family":"Payer","given":"Mathias"},{"family":"Wei","given":"Tao"},{"family":"Song","given":"Dawn"}],"citation-key":"szekeresSoKEternalWar2013","container-title":"2013 IEEE Symposium on Security and Privacy","DOI":"10.1109/SP.2013.13","event-title":"2013 IEEE Symposium on Security and Privacy","ISSN":"1081-6011","issued":{"date-parts":[["2013",5]]},"page":"48-62","source":"IEEE Xplore","title":"SoK: Eternal War in Memory","title-short":"SoK","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/6547101?casa_token=BS-5MJ0vLmIAAAAA:zbQEgMfdsqfRXpxxi0C6R7go0gaaCAcHsF9WLHt91MdiFDWvo4NS8Xbh7fDNJh44ZI-IarctggU"},{"id":"raikwarSoKUsedCryptography2019","abstract":"The underlying fundaments of blockchain are cryptography and cryptographic concepts that provide reliable and secure decentralized solutions. Although many recent papers study the use-cases of blockchain in different industrial areas, such as ﬁnance, health care, legal relations, IoT, information security, and consensus building systems, only few studies scrutinize the cryptographic concepts used in blockchain. To the best of our knowledge, there is no Systematization of Knowledge (SoK) that gives a complete picture of the existing cryptographic concepts which have been deployed or have the potential to be deployed in blockchain. In this paper, we thoroughly review and systematize all cryptographic concepts which are already used in blockchain. Additionally, we give a list of cryptographic concepts which have not yet been applied but have big potentials to improve the current blockchain solutions. We also include possible instantiations of these cryptographic concepts in the blockchain domain. Last but not least, we explicitly postulate 21 challenging problems that cryptographers interested in blockchain can work on.","accessed":{"date-parts":[["2023",10,4]]},"author":[{"family":"Raikwar","given":"Mayank"},{"family":"Gligoroski","given":"Danilo"},{"family":"Kralevska","given":"Katina"}],"citation-key":"raikwarSoKUsedCryptography2019","container-title":"IEEE Access","container-title-short":"IEEE Access","DOI":"10.1109/ACCESS.2019.2946983","ISSN":"2169-3536","issued":{"date-parts":[["2019"]]},"language":"en","page":"148550-148575","source":"DOI.org (Crossref)","title":"SoK of Used Cryptography in Blockchain","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8865045/","volume":"7"},{"id":"dasSoKComprehensiveReexamination2020","abstract":"Phishing and spear phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and base-rate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear phishing and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.","accessed":{"date-parts":[["2023",10,4]]},"author":[{"family":"Das","given":"Avisha"},{"family":"Baki","given":"Shahryar"},{"family":"El Aassal","given":"Ayman"},{"family":"Verma","given":"Rakesh"},{"family":"Dunbar","given":"Arthur"}],"citation-key":"dasSoKComprehensiveReexamination2020","container-title":"IEEE Communications Surveys & Tutorials","DOI":"10.1109/COMST.2019.2957750","ISSN":"1553-877X","issue":"1","issued":{"date-parts":[["2020"]]},"page":"671-708","source":"IEEE Xplore","title":"SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective","title-short":"SoK","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8924660","volume":"22"},{"id":"SoKUsedCryptography","accessed":{"date-parts":[["2023",10,4]]},"citation-key":"SoKUsedCryptography","title":"SoK of Used Cryptography in Blockchain | IEEE Journals & Magazine | IEEE Xplore","type":"webpage","URL":"https://ieeexplore.ieee.org/document/8865045"},{"id":"sommerOutsideClosedWorld2010","abstract":"In network intrusion detection research, one popular strategy for ﬁnding attacks is monitoring a network’s activity for anomalies: deviations from proﬁles of normality previously learned from benign trafﬁc, typically identiﬁed using tools borrowed from the machine learning community. However, despite extensive academic research one ﬁnds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational “real world” settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly ﬁnds much more success. Our main claim is that the task of ﬁnding attacks is fundamentally different from these other applications, making it signiﬁcantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly detection.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Sommer","given":"Robin"},{"family":"Paxson","given":"Vern"}],"citation-key":"sommerOutsideClosedWorld2010","container-title":"2010 IEEE Symposium on Security and Privacy","DOI":"10.1109/SP.2010.25","event-place":"Oakland, CA, USA","event-title":"2010 IEEE Symposium on Security and Privacy","ISBN":"978-1-4244-6894-2","issued":{"date-parts":[["2010"]]},"language":"en","page":"305-316","publisher":"IEEE","publisher-place":"Oakland, CA, USA","source":"DOI.org (Crossref)","title":"Outside the Closed World: On Using Machine Learning for Network Intrusion Detection","title-short":"Outside the Closed World","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/5504793/"},{"id":"SystematizingSoK","accessed":{"date-parts":[["2023",10,3]]},"citation-key":"SystematizingSoK","title":"Systematizing SoK","type":"webpage","URL":"https://oaklandsok.github.io/"},{"id":"AS5506DArchitectureAnalysis","abstract":"This standard defines a language for describing both the software architecture and the execution platform architectures of performance-critical, embedded, real-time systems; the language is known as the SAE AADL.  An AADL model describes a system as a hierarchy of components with their interfaces an","accessed":{"date-parts":[["2023",10,3]]},"citation-key":"AS5506DArchitectureAnalysis","title":"AS5506D: Architecture Analysis & Design Language (AADL) - SAE International","title-short":"AS5506D","type":"webpage","URL":"https://www.sae.org/standards/content/as5506d/"},{"id":"uckunModelBasedSystemsEngineering2011","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Uckun","given":"Serdar"},{"family":"Kurtoglu","given":"Tolga"},{"family":"Bunus","given":"Peter"},{"family":"Tumer","given":"Irem"},{"family":"Hoyle","given":"Christopher"},{"family":"Musliner","given":"David"}],"citation-key":"uckunModelBasedSystemsEngineering2011","DOI":"10.4271/2011-01-2664","event-title":"Aerospace Technology Conference and Exposition","issued":{"date-parts":[["2011",10,18]]},"page":"2011-01-2664","source":"DOI.org (Crossref)","title":"Model-Based Systems Engineering for the Design and Development of Complex Aerospace Systems","type":"paper-conference","URL":"https://www.sae.org/content/2011-01-2664/"},{"id":"huffModelbasedSystemsEngineering2019","abstract":"Securing critical infrastructure against attack presents significant challenges. As new infrastructure is built and existing infrastructure is maintained, a method to assess the vulnerabilities and support decision makers in determining the best use of security resources is needed. In response to this need, this research develops a methodology for performing vulnerability assessment and decision analysis of critical infrastructure using model-based systems engineering, an approach that has not been applied to this problem. The approach presented allows architects to link regulatory requirements, system architecture, subject matter expert opinion and attack vectors to a Department of Defense Architecture Framework (DoDAF)-based model that allows decision makers to evaluate system vulnerability and determine alternatives to securing their systems based on their budget constraints. The decision analysis is done using an integer linear program that is integrated with DoDAF to provide solutions for how to allocate scarce security resources. Securing an electrical substation is used as an illustrative case study to demonstrate the methodology. The case study shows that the method presented here can be used to answer key questions, for example, what security resources should a decision maker invest in based on their budget constraints? Results show that the modeling and analysis approach provides a means to effectively evaluate the infrastructure vulnerability and presents a set of security alternatives for decision makers to choose from, based on their vulnerabilities and budget profile.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Huff","given":"Johnathon"},{"family":"Medal","given":"Hugh"},{"family":"Griendling","given":"Kelly"}],"citation-key":"huffModelbasedSystemsEngineering2019","container-title":"SYSTEMS ENGINEERING","container-title-short":"Syst. Eng.","DOI":"10.1002/sys.21460","event-place":"Hoboken","ISSN":"1098-1241, 1520-6858","issue":"2","issued":{"date-parts":[["2019",3]]},"language":"English","note":"Web of Science ID: WOS:000461577200003","number-of-pages":"20","page":"114-133","publisher":"Wiley","publisher-place":"Hoboken","source":"Clarivate Analytics Web of Science","title":"A model-based systems engineering approach to critical infrastructure vulnerability assessment and decision analysis","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/3","volume":"22"},{"id":"nguyenModelbasedSecurityEngineering2017","abstract":"Context: Cyber-physical systems (CPSs) have emerged to be the next generation of engineered systems driving the so-called fourth industrial revolution. CPSs are becoming more complex, open and more prone to security threats, which urges security to be engineered systematically into CPSs. Model-Based Security Engineering (MBSE) could be a key means to tackle this challenge via security by design, abstraction, and automation. Objective: We aim at providing an initial assessment of the state of the art in MBSE for CPSs (MBSE4CPS). Specifically, this work focuses on finding out I) the publication statistics of MBSE4CPS studies; 2) the characteristics of MBSE4CPS studies; and 3) the open issues of MBSE4CPS research. Method: We conducted a systematic mapping study (SMS) following a rigorous protocol that was developed based on the state-of-the-art SMS and systematic review guidelines. From thousands of relevant publications, we systematically identified 48 primary MBSE4CPS studies for data extraction and synthesis to answer predefined research questions. Results: SMS results show that for three recent years (2014-2016) the number of primary MBSE4CPS studies has increased significantly. Within the primary studies, the popularity of using Domain-Specific Languages (DSLs) is comparable with the use of the standardised UML modelling notation. Most primary studies do not explicitly address specific security concerns (e.g., confidentiality, integrity) but rather focus on security analyses in general on threats, attacks or vulnerabilities. Few primary studies propose to engineer security solutions for CPSs. Many focus on the early stages of development lifecycle such as security requirement engineering or analysis. Conclusion: The SMS does not only provide the state of the art in MBSE4CPS, but also points out several open issues that would deserve more investigation, e.g., the lack of engineering security solutions for CPSs, limited tool support, too few industrial case studies, and the challenge of bridging DSLs in engineering secure CPSs. (C) 2016 Elsevier B.V. All rights reserved.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Nguyen","given":"Phu H."},{"family":"Ali","given":"Shaukat"},{"family":"Yue","given":"Tao"}],"citation-key":"nguyenModelbasedSecurityEngineering2017","container-title":"INFORMATION AND SOFTWARE TECHNOLOGY","container-title-short":"Inf. Softw. Technol.","DOI":"10.1016/j.infsof.2016.11.004","event-place":"Amsterdam","ISSN":"0950-5849, 1873-6025","issued":{"date-parts":[["2017",3]]},"language":"English","note":"Web of Science ID: WOS:000393006700007","number-of-pages":"20","page":"116-135","publisher":"Elsevier","publisher-place":"Amsterdam","source":"Clarivate Analytics Web of Science","title":"Model-based security engineering for cyber-physical systems: A systematic mapping study","title-short":"Model-based security engineering for cyber-physical systems","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/2","volume":"83"},{"id":"neureiterDomainSpecificModelBased2022","abstract":"Model Based Systems Engineering as a scientific discipline tries to address the increasing complexity of today's cyber-physical systems by utilizing different kinds of models. In practical application, however, this approach is often constrained to SysML-based object modeling. Even though this appears to be a suitable approach for dealing with complexity, various restrictions limit stakeholder acceptance. Considering scientific discussions in the context of modeling shows two different schools of thought. On the one hand, arguments for more formalized and rigorous concepts can be found, where on the other hand, the need for more stakeholder-oriented and easier-to-understand concepts is postulated. As both are reasonable, the question of integration arises. To address this aspect, we developed the concept of Domain Specific Systems Engineering. Our research in this field lasted for nearly a decade, and different aspects have been investigated. This paper contributes a summary of the overall approach that integrates the various aspects investigated so far. Thus, the underlying concepts are explained, and the corresponding modeling stack and tool-chain are described in more detail. Further, the practical experiences from various case studies are summarized, and identified shortcomings are discussed.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Neureiter","given":"Christian"},{"family":"Binder","given":"Christoph"}],"citation-key":"neureiterDomainSpecificModelBased2022","container-title":"SYSTEMS","container-title-short":"Systems-Basel","DOI":"10.3390/systems10020042","event-place":"Basel","ISSN":"2079-8954","issue":"2","issued":{"date-parts":[["2022",4]]},"language":"English","note":"Web of Science ID: WOS:000786858800001","number-of-pages":"27","page":"42","publisher":"MDPI","publisher-place":"Basel","source":"Clarivate Analytics Web of Science","title":"A Domain-Specific, Model Based Systems Engineering Approach for Cyber-Physical Systems","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/2","volume":"10"},{"id":"oudinaModelingTrustCyberPhysical2023","abstract":"Developing trust in cyber-physical systems (CPSs) is a challenging task. Trust in CPS is needed for carrying out their intended duties and is reasonably safe from misuse and intrusion; it also enforces the applicable security policy. As an example, medical smart devices, many researches have found that trust is a key factor in explaining the relationship between individual beliefs about technological attributes and their acceptance behavior; and have associated medical device failures with severe patient injuries and deaths. The cyber-physical system is considered a trust system if the principles of security and safety, confidentiality, integrity, availability, and other attributes are assured. However, a lack of sufficient analysis of such systems, as well as appropriate explanation of relevant trust assumptions, may result in systems that fail to completely realize their functionality. The existing research does not provide suitable guidance for a systematic procedure or modeling language to support such trust-based analysis. The most pressing difficulties are achieving trust by design in CPS and systematically incorporating trust engineering into system development from the start of the system life cycle. Still, there is a need for a strategy or standard model to aid in the creation of a safe, secure, and trustworthy CPS. Model-based system engineering (MBSE) approaches for trust cyber-physical systems are a means to address system trustworthiness design challenges. This work proposes a practical and efficient MBSE method for constructing trust CPS, which provides guidance for the process of trustworthiness analysis. The SysML-based profile is supplied, together with recommendations on which approach is required at each process phase. The MBSE method is proven by expanding the autonomous car SysML and UML diagrams, and we show how trust considerations are integrated into the system development life cycle.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Oudina","given":"Zina"},{"family":"Derdour","given":"Makhlouf"}],"citation-key":"oudinaModelingTrustCyberPhysical2023","container-title":"INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS","container-title-short":"Int. J. Adv. Comput. Sci. Appl.","event-place":"West Yorkshire","ISSN":"2158-107X, 2156-5570","issue":"7","issued":{"date-parts":[["2023",7]]},"language":"English","note":"Web of Science ID: WOS:001047185600001","number-of-pages":"12","page":"441-452","publisher":"Science & Information Sai Organization Ltd","publisher-place":"West Yorkshire","source":"Clarivate Analytics Web of Science","title":"Toward Modeling Trust Cyber-Physical Systems: A Model-based System Engineering Method","title-short":"Toward Modeling Trust Cyber-Physical Systems","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/2","volume":"14"},{"id":"parantModelbasedEngineeringDesigning2023","abstract":"Cyber-physical systems (CPS) are composed of independent and cooperative elements. Rapid adaptation to disturbances is an essential characteristic of CPS. One of the challenges in designing CPS is considering these specificities. Model-Based Engineering is a method for reducing complexity in system design. This paper presents a methodology for designing CPS and its control system using System Modeling Language (SysML) diagrams and IEC 61499 standard. The product's specifications are the starting point; the methodology focuses on what is produced before determining how to make it. The real-time control system is designed from high-level knowl-edge and tested software components on the plug and produce principle. Task-based structural analysis ensures the elements' synchronization to determine the system's general behavior.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Parant","given":"Alexandre"},{"family":"Gellot","given":"Francois"},{"family":"Zander","given":"Damien"},{"family":"Carre-Menetrier","given":"Veronique"},{"family":"Philippot","given":"Alexandre"}],"citation-key":"parantModelbasedEngineeringDesigning2023","container-title":"COMPUTERS IN INDUSTRY","container-title-short":"Comput. Ind.","DOI":"10.1016/j.compind.2022.103808","event-place":"Amsterdam","ISSN":"0166-3615, 1872-6194","issued":{"date-parts":[["2023",2]]},"language":"English","note":"Web of Science ID: WOS:000901415100001","number-of-pages":"19","page":"103808","publisher":"Elsevier","publisher-place":"Amsterdam","source":"Clarivate Analytics Web of Science","title":"Model-based engineering for designing cyber-physical systems from product specifications","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/2","volume":"145"},{"id":"rashidUndergraduateCourseModelbased2020","abstract":"Model-based system engineering (MBSE) is becoming an industrial standard to design embedded systems. Therefore, its integration in electrical and computer engineering education is critical. This article presents an undergraduate course on MBSE for embedded systems through the formulation of course learning outcomes, identification of the course contents, and the construction of a holistic view for the contents. The holistic view of the course binds the contents by providing the modeling methodology, the transformation engine, and the simulation environment of an end-to-end framework. Furthermore, students obtain integrated design experience, through problem-based learning, using three case studies. Assessment through quantitative evaluation and students' feedback show the viability of the presented course.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Rashid","given":"Muhammad"}],"citation-key":"rashidUndergraduateCourseModelbased2020","container-title":"COMPUTER APPLICATIONS IN ENGINEERING EDUCATION","container-title-short":"Comput. Appl. Eng. Educ.","DOI":"10.1002/cae.22233","event-place":"Hoboken","ISSN":"1061-3773, 1099-0542","issue":"3","issued":{"date-parts":[["2020",5]]},"language":"English","note":"Web of Science ID: WOS:000522056200001","number-of-pages":"13","page":"645-657","publisher":"Wiley","publisher-place":"Hoboken","source":"Clarivate Analytics Web of Science","title":"An undergraduate course on model-based system engineering for embedded systems","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"28"},{"id":"madniModelbasedSystemsEngineering2018","abstract":"As systems continue to grow in scale and complexity, the Systems Engineering community has turned to Model-Based Systems Engineering (MBSE) tomanage complexity, maintain consistency, and assure traceability during system development. It is different from \"engineering with models,\" which has been a common practice in the engineering profession for decades. MBSE is a holistic, systems engineering approach centered on the evolving system model, which serves as the \"sole source of truth\" about the system. It comprises system specification, design, validation, and configuration management. Even though MBSE is beginning to see a fair amount of use in multiple industries, specific advances are needed on multiple fronts to realize its full benefits. This paper discusses the motivation for MBSE, and its current state of maturity. It presents systems modeling methodologies and the role of ontologies and metamodels in MBSE. It presents model-based verification and validation (V&V) as an example of MBSE use. An illustrative example of the use of MBSE for design synthesis is presented to demonstrate an important MBSE capability. The paper concludes with a discussion of challenges to widescale adoption and offers promising research directions to fully realize the potential benefits of MBSE.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Madni","given":"Azad M."},{"family":"Sievers","given":"Michael"}],"citation-key":"madniModelbasedSystemsEngineering2018","container-title":"SYSTEMS ENGINEERING","container-title-short":"Syst. Eng.","DOI":"10.1002/sys.21438","event-place":"Hoboken","ISSN":"1098-1241, 1520-6858","issue":"3","issued":{"date-parts":[["2018",5]]},"language":"English","note":"Web of Science ID: WOS:000435285700004","number-of-pages":"19","page":"172-190","publisher":"Wiley","publisher-place":"Hoboken","source":"Clarivate Analytics Web of Science","title":"Model-based systems engineering: Motivation, current status, and research opportunities","title-short":"Model-based systems engineering","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"21"},{"id":"hoelldoblerInnovationsModelbasedSoftware2019","abstract":"Engineering software and software intensive systems has become increasingly complex over the last decades. In the ongoing digitalization of all aspects of our lives in almost every domain, including, e.g., mechanical engineering, electrical engineering, medicine, entertainment, or jurisdiction, software is not only used to enable low-level controls of machines, but also to understand system conditions and optimizations potentials. To remain in control of all these heterogeneous systems of systems, a precise, but abstract understanding of these systems is necessary. To this end, models in their various forms are an important prerequisite to gain this understanding. In this article, we summarize research activities focusing on the development and use of models in software and systems engineering. This research has been carried out by the working group of Bernhard Rumpe, which started 25 years ago in Munich, continued in Braunschweig, and since 10 years carries on at RWTH Aachen University.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Hoelldobler","given":"Katrin"},{"family":"Michael","given":"Judith"},{"family":"Ringert","given":"Jan Oliver"},{"family":"Rumpe","given":"Bernhard"},{"family":"Wortmann","given":"Andreas"}],"citation-key":"hoelldoblerInnovationsModelbasedSoftware2019","container-title":"JOURNAL OF OBJECT TECHNOLOGY","container-title-short":"J. Object Technol.","DOI":"10.5381/jot.2019.18.1.r1","event-place":"Zurich","ISSN":"1660-1769","issue":"1","issued":{"date-parts":[["2019",3]]},"language":"English","note":"Web of Science ID: WOS:000473335400001","number-of-pages":"60","publisher":"Journal Object Technology","publisher-place":"Zurich","source":"Clarivate Analytics Web of Science","title":"Innovations in Model-based Software And Systems Engineering","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"18"},{"id":"mazeikaMBSEsecModelBasedSystems2020","abstract":"This paper presents how Model-Based System Engineering (MBSE) could be leveraged in order to mitigate security risks at an early stage of system development. Primarily, MBSE was used to manage complex engineering projects in terms of system requirements, design, analysis, verification, and validation activities, leaving security aspects aside. However, previous research showed that security requirements and risks could be tackled in the MBSE model, and powerful MBSE tools such as simulation, change impact analysis, automated document generation, validation, and verification could be successfully reused in the multidisciplinary field. This article analyzes various security-related techniques and then clarifies how these techniques can be represented in the Systems Modeling Language (SysML) model and then further exploited with MBSE tools. The paper introduces the MBSEsec method, which gives guidelines for the security analysis process, the SysML/UML-based security profile, and recommendations on what security technique is needed at each security process phase. The MBSEsec method was verified by creating an application case study that reflects real-world problems and running an experiment where systems and security engineers evaluated the feasibility of our approach.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Mazeika","given":"Donatas"},{"family":"Butleris","given":"Rimantas"}],"citation-key":"mazeikaMBSEsecModelBasedSystems2020","container-title":"APPLIED SCIENCES-BASEL","container-title-short":"Appl. Sci.-Basel","DOI":"10.3390/app10072574","event-place":"Basel","ISSN":"2076-3417","issue":"7","issued":{"date-parts":[["2020",4]]},"language":"English","note":"Web of Science ID: WOS:000533356200373","number-of-pages":"18","page":"2574","publisher":"MDPI","publisher-place":"Basel","source":"Clarivate Analytics Web of Science","title":"MBSEsec: Model-Based Systems Engineering Method for Creating Secure Systems","title-short":"MBSEsec","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"10"},{"id":"huldtStateofpracticeSurveyModelbased2019","abstract":"This paper aims to examine and document the current state of practice of model-based systems engineering (MBSE), and how organizations look toward the future. The paper is based on a survey of how MBSE has been applied and factors that influenced the perceived benefits and results. The survey was designed to evaluate the maturity and status of the implementation of MBSE (also called model-centric systems engineering), within industry, academia, and governments. The approach to the survey development is described along with the survey results. The study indicates that one of the main hurdles to introducing a model-based approach is the lack of clear and adopted organizational structures and an understanding of required conditions and needs at a management level. The survey also indicates that 50-75% of the respondents noted some improvement or a significant improvement across almost all systems engineering tasks.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Huldt","given":"T."},{"family":"Stenius","given":"I."}],"citation-key":"huldtStateofpracticeSurveyModelbased2019","container-title":"SYSTEMS ENGINEERING","container-title-short":"Syst. Eng.","DOI":"10.1002/sys.21466","event-place":"Hoboken","ISSN":"1098-1241, 1520-6858","issue":"2","issued":{"date-parts":[["2019",3]]},"language":"English","note":"Web of Science ID: WOS:000461577200004","number-of-pages":"12","page":"134-145","publisher":"Wiley","publisher-place":"Hoboken","source":"Clarivate Analytics Web of Science","title":"State-of-practice survey of model-based systems engineering","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"22"},{"id":"rauzyFoundationsModelbasedSystems2019","abstract":"This article is a contribution to the INCOSE initiative for model-based engineering transformation. Its material has been presented at the ALSEE tour event in Oslo in September 2016. The ideas developed here come from the practical and theoretical experience of the authors in both industrial and academic frameworks. We organize the discussion around 6 theses that aim at establishing robust conceptual foundations for the model-based engineering transformation. We focus on model-based systems engineering, model-based safety assessment, and the relationship between these 2 disciplines. We report on active research initiatives that implement these 6 theses via the S2ML+X paradigm. We conclude with suggestions about future research and teaching activities.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Rauzy","given":"Antoine B."},{"family":"Haskins","given":"Cecilia"}],"citation-key":"rauzyFoundationsModelbasedSystems2019","container-title":"SYSTEMS ENGINEERING","container-title-short":"Syst. Eng.","DOI":"10.1002/sys.21469","event-place":"Hoboken","ISSN":"1098-1241, 1520-6858","issue":"2","issued":{"date-parts":[["2019",3]]},"language":"English","note":"Web of Science ID: WOS:000461577200005","number-of-pages":"10","page":"146-155","publisher":"Wiley","publisher-place":"Hoboken","source":"Clarivate Analytics Web of Science","title":"Foundations for model-based systems engineering and model-based safety assessment","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"22"},{"id":"kirshnerModelBasedSystemsEngineering2023","abstract":"As industries in various sectors increasingly adopt model-based systems engineering (MBSE) for system lifecycle design and development, engineers can manage and describe systems of higher complexity than ever before. This is especially true for the field of space systems; while past missions have developed using document-based planning, it is only in the last several years that NASA and other organizations in the space industry have begun using MBSE. One crucial factor of space systems development that is often overlooked is cybersecurity. As space systems become more complex and cyberphysical in nature, cybersecurity requirements become more difficult to capture, especially through document-based methods; a need for a means by which to continuously verify and validate systems cybersecurity for cyberphysical space missions arises. By expanding upon a National Institute of Standards and Technology (NIST) framework for cyber resiliency, this work proposes a methodology that uses MBSE traceability functionality to demonstrate adequate cybersecurity for cyberphysical space systems using SysML requirements modeling capabilities. Key goals, objectives, and strategic principles leading to achieving cybersecurity at all levels of the system's architectural hierarchy are presented. Recommendations for the future of space cybersecurity include the addition of the space sector to the Department of Homeland Security Cybersecurity & Infrastructure Security Agency's list of critical infrastructure sectors to improve standardization and control of space cyberinfrastructure.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Kirshner","given":"Mitchell"}],"citation-key":"kirshnerModelBasedSystemsEngineering2023","container-title":"AEROSPACE","container-title-short":"Aerospace","DOI":"10.3390/aerospace10020116","event-place":"Basel","ISSN":"2226-4310","issue":"2","issued":{"date-parts":[["2023",2]]},"language":"English","note":"Web of Science ID: WOS:000938268900001","number-of-pages":"17","page":"116","publisher":"MDPI","publisher-place":"Basel","source":"Clarivate Analytics Web of Science","title":"Model-Based Systems Engineering Cybersecurity for Space Systems","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"10"},{"id":"inghamSpecialIssueModelbased2019","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Ingham","given":"Michel D."}],"citation-key":"inghamSpecialIssueModelbased2019","container-title":"SYSTEMS ENGINEERING","container-title-short":"Syst. Eng.","DOI":"10.1002/sys.21483","event-place":"Hoboken","ISSN":"1098-1241, 1520-6858","issue":"2","issued":{"date-parts":[["2019",3]]},"language":"English","note":"Web of Science ID: WOS:000461577200001","number-of-pages":"1","page":"97-97","publisher":"Wiley","publisher-place":"Hoboken","source":"Clarivate Analytics Web of Science","title":"Special issue on model-based systems engineering","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"22"},{"id":"ArchitectureAnalysisAmp2023","abstract":"The Architecture Analysis & Design Language (AADL) is an architecture description language standardized by SAE. AADL was first developed in the field of avionics, and was known formerly as the Avionics Architecture Description Language.The Architecture Analysis & Design Language is derived from MetaH, an architecture description language made by the Advanced Technology Center of Honeywell. AADL is used to model the software and hardware architecture of an embedded, real-time system. Due to its emphasis on the embedded domain, AADL contains constructs for modeling both software and hardware components (with the hardware components named \"execution platform\" components within the standard). This architecture model can then be used either as a design documentation, for analyses (such as schedulability and flow control) or for code generation (of the software portion), like UML.","accessed":{"date-parts":[["2023",10,3]]},"citation-key":"ArchitectureAnalysisAmp2023","container-title":"Wikipedia","issued":{"date-parts":[["2023",9,6]]},"language":"en","license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1174175484","source":"Wikipedia","title":"Architecture Analysis &amp; Design Language","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=Architecture_Analysis_%26_Design_Language&oldid=1174175484"},{"id":"ArchitectureAnalysisDesign","abstract":"Software for mission- and safety-critical systems, such as avionics systems in aircraft, is growing larger and more expensive. The Architecture Analysis and Design Language (AADL) addresses common problems in the development of these systems, such as mismatched assumptions about the physical system, computer hardware, software, and their interactions that can result in system problems detected too late in the development lifecycle.","accessed":{"date-parts":[["2023",10,3]]},"citation-key":"ArchitectureAnalysisDesign","language":"en","title":"Architecture Analysis and Design Language (AADL)","type":"webpage","URL":"https://www.sei.cmu.edu/our-work/projects/display.cfm?customel_datapageid_4050=191439,191439"},{"id":"BellLaPadulaModel2023","abstract":"The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell, and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell, to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g., \"Top Secret\"), down to the least sensitive (e.g., \"Unclassified\" or \"Public\").\nThe Bell–LaPadula model is an example of a model where there is no clear distinction between protection and security.","accessed":{"date-parts":[["2023",10,3]]},"citation-key":"BellLaPadulaModel2023","container-title":"Wikipedia","issued":{"date-parts":[["2023",9,9]]},"language":"en","license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1174562903","source":"Wikipedia","title":"Bell–LaPadula model","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=Bell%E2%80%93LaPadula_model&oldid=1174562903"},{"id":"ISAIEC62443","abstract":"These standards set best practices for cybersecurity and provide a way to assess the level of security performance.","accessed":{"date-parts":[["2023",10,3]]},"citation-key":"ISAIEC62443","container-title":"isa.org","language":"en","title":"ISA/IEC 62443 Series of Standards - ISA","type":"webpage","URL":"https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards"},{"id":"MultipleIndependentLevels2022","abstract":"Multiple Independent Levels of Security/Safety (MILS) is a high-assurance security architecture based on the concepts of separation and controlled information flow. It is implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked, and tamperproof.","accessed":{"date-parts":[["2023",10,3]]},"citation-key":"MultipleIndependentLevels2022","container-title":"Wikipedia","issued":{"date-parts":[["2022",11,10]]},"language":"en","license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1121130466","source":"Wikipedia","title":"Multiple Independent Levels of Security","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=Multiple_Independent_Levels_of_Security&oldid=1121130466"},{"id":"stoufferGuideIndustrialControl2015","abstract":"This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Stouffer","given":"Keith"},{"family":"Lightman","given":"Suzanne"},{"family":"Pillitteri","given":"Victoria"},{"family":"Abrams","given":"Marshall"},{"family":"Hahn","given":"Adam"}],"citation-key":"stoufferGuideIndustrialControl2015","DOI":"10.6028/NIST.SP.800-82r2","issued":{"date-parts":[["2015",6,3]]},"language":"en","number":"NIST Special Publication (SP) 800-82 Rev. 2","publisher":"National Institute of Standards and Technology","source":"csrc.nist.gov","title":"Guide to Industrial Control Systems (ICS) Security","type":"report","URL":"https://csrc.nist.gov/pubs/sp/800/82/r2/final"},{"id":"kyoung-daekimCyberPhysicalSystems2012","abstract":"Cyber–physical systems (CPSs) are the next generation of engineered systems in which computing, communication, and control technologies are tightly integrated. Research on CPSs is fundamentally important for engineered systems in many important application domains such as transportation, energy, and medical systems. We overview CPS research from both a historical point of view in terms of technologies developed for early generations of control systems, as well as recent results on CPSs in many relevant research domains such as networked control, hybrid systems, real-time computing, real-time networking, wireless sensor networks, security, and model-driven development. We outline the potential for CPSs in many societally important application domains.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"literal":"Kyoung-Dae Kim"},{"family":"Kumar","given":"P. R."}],"citation-key":"kyoung-daekimCyberPhysicalSystems2012","container-title":"Proceedings of the IEEE","container-title-short":"Proc. IEEE","DOI":"10.1109/JPROC.2012.2189792","ISSN":"0018-9219, 1558-2256","issue":"Special Centennial Issue","issued":{"date-parts":[["2012",5]]},"language":"en","page":"1287-1308","source":"DOI.org (Crossref)","title":"Cyber–Physical Systems: A Perspective at the Centennial","title-short":"Cyber–Physical Systems","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/6176187/","volume":"100"},{"id":"DataDrivenModelingCyberPhysical","accessed":{"date-parts":[["2023",9,27]]},"citation-key":"DataDrivenModelingCyberPhysical","title":"Data-Driven Modeling of Cyber-Physical Systems Using Side-Channel Analysis","type":"webpage","URL":"https://www.google.com/books/edition/Data_Driven_Modeling_of_Cyber_Physical_S/2TbPDwAAQBAJ?hl=en&gbpv=1&pg=PR8&printsec=frontcover&bshm=rime/1"},{"id":"zhaoDataDrivenAttackDetection2023","abstract":"This article studies the issues of data-driven attack detection and identification for cyber-physical systems under sparse sensor attacks. First, based on the available input and output datasets, a data-driven monitor is formulated with the following two objectives: attack detection and attack identification. Then, with the subspace approach, a data-driven attack detection policy is presented, wherein the attack detector is designed directly by the process data. A subspace projection-based attack identification scheme is proposed via designing a bank of projection filters to determine the locations of attacked sensors. Moreover, the sparse recovery technique is adopted to decrease the combinatorial complexity of the subspace projection-based identification method. The attack identification is recast into a block-sparse recovery problem. Finally, the proposed methods are verified by the simulations on a flight vehicle system.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Zhao","given":"Zhengen"},{"family":"Xu","given":"Yunsong"},{"family":"Li","given":"Yuzhe"},{"family":"Zhen","given":"Ziyang"},{"family":"Yang","given":"Ying"},{"family":"Shi","given":"Yang"}],"citation-key":"zhaoDataDrivenAttackDetection2023","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/TAC.2022.3230360","ISSN":"1558-2523","issue":"10","issued":{"date-parts":[["2023",10]]},"page":"6330-6337","source":"IEEE Xplore","title":"Data-Driven Attack Detection and Identification for Cyber-Physical Systems Under Sparse Sensor Attacks","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/9992077?casa_token=QLOzqroOodIAAAAA:yAha4LvQYD_84AqAdVCAcT1QBP3lqtACiaTZMfu2oxg_mn21MrclVfnbGVFeD8cmd6NRWXQprA","volume":"68"},{"id":"pasqualettiAttackDetectionIdentification2013","abstract":"Cyber-physical systems are ubiquitous in power systems, transportation networks, industrial control processes, and critical infrastructures. These systems need to operate reliably in the face of unforeseen failures and external malicious attacks. In this paper: (i) we propose a mathematical framework for cyber-physical systems, attacks, and monitors; (ii) we characterize fundamental monitoring limitations from system-theoretic and graph-theoretic perspectives; and (ii) we design centralized and distributed attack detection and identification monitors. Finally, we validate our findings through compelling examples.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Pasqualetti","given":"Fabio"},{"family":"Dörfler","given":"Florian"},{"family":"Bullo","given":"Francesco"}],"citation-key":"pasqualettiAttackDetectionIdentification2013","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/TAC.2013.2266831","ISSN":"1558-2523","issue":"11","issued":{"date-parts":[["2013",11]]},"page":"2715-2729","source":"IEEE Xplore","title":"Attack Detection and Identification in Cyber-Physical Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/6545301?casa_token=Ft_6X6mCU54AAAAA:r49oFvPbZFAmmqczYO6s2vPybo2lkcGzxgGdX15jUF2abn1cuZ4_6PVXndBQyFhZ4LH04J-nfw","volume":"58"},{"id":"hosseinzadehActiveAttackDetection2021","abstract":"This paper proposes an active attack detection scheme for constrained cyber-physical systems. Despite passive approaches where the detection is based on the analysis of the input-output data, active approaches interact with the system by designing the control input so to improve detection. This paper focuses on the prevented actuation attack, where the attacker prevents the exchange of information between the controller and actuators. The proposed scheme consists of two units: 1) detection, and 2) control. The detection unit includes a set of parallel detectors, which are designed based on the multiple-model adaptive estimation approach to detect the attack and to identify the attacked actuator(s). For what regards the control unit, a constrained optimization approach is developed to determine the control input such that the control and detection aims are achieved. In the formulation of the detection and control objective functions, a probabilistic approach is used to reap the benefits of the a priori information availability. The effectiveness of the proposed scheme is demonstrated through a simulation study on an irrigation channel.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Hosseinzadeh","given":"Mehdi"},{"family":"Sinopoli","given":"Bruno"}],"citation-key":"hosseinzadehActiveAttackDetection2021","container-title":"2021 American Control Conference (ACC)","DOI":"10.23919/ACC50511.2021.9483322","event-title":"2021 American Control Conference (ACC)","ISSN":"2378-5861","issued":{"date-parts":[["2021",5]]},"page":"3242-3247","source":"IEEE Xplore","title":"Active Attack Detection and Control in Constrained Cyber-Physical Systems Under Prevented Actuation Attack","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/9483322?casa_token=etSNFI1RR-UAAAAA:LRARzvbUxXqEaWa7yA7CCYYeeOeo-a6bYbasgkN7hW_KG23z08aFlAHos33wMuccwrqkfmOX9g"},{"id":"giraldoSecurityPrivacyCyberPhysical2017","abstract":"The following is a survey on surveys and may help the interested reader to find a way through the jungle of literature on the security and CPS topics out there already. In order to ease the search, the authors have provided a classification in CPS Domains, Attacks, Defenses, Research-trends, Network-security, Security level implementation, and Computational Strategies which makes this survey a unique and I believe very helpful article.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Giraldo","given":"Jairo"},{"family":"Sarkar","given":"Esha"},{"family":"Cardenas","given":"Alvaro A."},{"family":"Maniatakos","given":"Michail"},{"family":"Kantarcioglu","given":"Murat"}],"citation-key":"giraldoSecurityPrivacyCyberPhysical2017","container-title":"IEEE Design & Test","DOI":"10.1109/MDAT.2017.2709310","ISSN":"2168-2364","issue":"4","issued":{"date-parts":[["2017",8]]},"page":"7-17","source":"IEEE Xplore","title":"Security and Privacy in Cyber-Physical Systems: A Survey of Surveys","title-short":"Security and Privacy in Cyber-Physical Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/7935369?casa_token=MOko-Qoz5_sAAAAA:B7aBj7Fcy9X2COxaGpuLurum7X2JnNtLbzWtA-k__zag5Khe9ZoCV5E1klMpSZODmQjsKUM47w","volume":"34"},{"id":"khalidOverviewSecuritySmart2020","abstract":"The tremendous growth of interconnectivity and dependencies of physical and cyber domains in cyber-physical systems (CPS) makes them vulnerable to several security threats like remote cyber-attacks, hardware, and software-based side-channel attacks, especially in safety-critical applications, i.e., healthcare, autonomous driving, etc. Though traditional software or hardware security measures can address these attacks in the respective domains due to enormous data and interdependencies of the physical-world and cyber-world, these techniques cannot be used directly. Therefore, to address these challenges, machine learning-based security measures have been proposed. This chapter first presents a brief overview of various security threats at different CPS layers, their respective threat models, and associated research challenges towards developing robust security measures. Towards the end, we briefly discuss and present a preliminary analysis of the state-of-the-art online anomaly detection techniques that leverage the machine learning algorithms and property-specific language, respectively.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Khalid","given":"Faiq"},{"family":"Rehman","given":"Semeen"},{"family":"Shafique","given":"Muhammad"}],"citation-key":"khalidOverviewSecuritySmart2020","container-title":"Security of Cyber-Physical Systems: Vulnerability and Impact","DOI":"10.1007/978-3-030-45541-5_2","editor":[{"family":"Karimipour","given":"Hadis"},{"family":"Srikantha","given":"Pirathayini"},{"family":"Farag","given":"Hany"},{"family":"Wei-Kocsis","given":"Jin"}],"event-place":"Cham","ISBN":"978-3-030-45541-5","issued":{"date-parts":[["2020"]]},"language":"en","page":"5-24","publisher":"Springer International Publishing","publisher-place":"Cham","source":"Springer Link","title":"Overview of Security for Smart Cyber-Physical Systems","type":"chapter","URL":"https://doi.org/10.1007/978-3-030-45541-5_2"},{"id":"faruqueDesignMethodologiesSecuring2015","abstract":"Cyber-Physical Systems (CPS) are in most cases safety- and mission-critical. Standard design techniques used for securing embedded systems are not suitable for CPS due to the restricted computation and communication budget available in the latter. In addition, the sensitivity of sensed data and the presence of actuation components further increase the security requirements of CPS. To address these issues, it is necessary to provide new design methods in which security is considered from the beginning of the whole design flow and addressed in a holistic way. In this paper, we focus on the design of secure CPS as part of the complete CPS design process, and provide insights into new requirements on platform-aware design of control components, design methodologies and architectures posed by CPS design. We start by discussing methods for the multi-disciplinary modeling, simulation, tools, and software synthesis challenges for CPS. We also present a framework for design of secure control systems for CPS, while taking into account properties of the underlying computation and communication platforms. Finally, we describe the security challenges in the computing hardware that is used in CPS.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Faruque","given":"Mohammad Al"},{"family":"Regazzoni","given":"Francesco"},{"family":"Pajic","given":"Miroslav"}],"citation-key":"faruqueDesignMethodologiesSecuring2015","container-title":"2015 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)","DOI":"10.1109/CODESISSS.2015.7331365","event-title":"2015 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)","issued":{"date-parts":[["2015",10]]},"page":"30-36","source":"IEEE Xplore","title":"Design methodologies for securing cyber-physical systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/7331365"},{"id":"sedjelmaciCyberSecurityBased2020","abstract":"The ten papers in this special issue focus on cybersecurity for cyber-physical systems (CPSs). The systems have become very complex, more sophisticated, intelligent and autonomous. They offer very complex interaction between heterogeneous cyber and physical components; additionally to this complexity, they are exposed to important disturbances due to unintentional and intentional events which make the prediction of their behaviors a very difficult task. Meanwhile, cyber security for CPS is attracting the attention of research scientists in both industry and academia since the number of cyber-attacks have increased and their behaviors have become more sophisticated, commonly known as zero-day threats. the papers in this issue aim to bring together researchers from academic and industry to share their vision of AI application in the cyber security context, and present challenges and recent works and advances related to AI-based cyber security applied to CPSs.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Sedjelmaci","given":"Hichem"},{"family":"Guenab","given":"Fateh"},{"family":"Senouci","given":"Sidi-Mohammed"},{"family":"Moustafa","given":"Hassnaa"},{"family":"Liu","given":"Jiajia"},{"family":"Han","given":"Shuai"}],"citation-key":"sedjelmaciCyberSecurityBased2020","container-title":"IEEE Network","DOI":"10.1109/MNET.2020.9105926","ISSN":"1558-156X","issue":"3","issued":{"date-parts":[["2020",5]]},"page":"6-7","source":"IEEE Xplore","title":"Cyber Security Based on Artificial Intelligence for Cyber-Physical Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/9105926","volume":"34"},{"id":"wankhadeCyberPhysicalSystem2020","abstract":"The next generation of engineered systems is specified as the cyber-physical systems (CPS) with the incorporation of communiqué, computation, and controller to achieve the targets of constancy, routine, sturdiness, and competence in physical systems. Cyber-Physical systems are a feedback system that requires cybersecurity and improved design tools that enables design methodology. Cyber-Physical system becomes a significant track intended for the advance of the smart engineering business. The control trial of wide-ranging and organically disseminated cyber-physical systems is intended to be sturdy and consistent with very multifaceted disseminated in addition to the vital controller. The safety difficulties in addition protective measures the aforementioned aspects are progressively advancing the concentration of exploration in the arena. This paper presents a study of different application framework that is helpful to industry and academia in the direction of design a strong security framework to improve these systems.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Wankhade","given":"Megha"},{"family":"Kottur","given":"Suhasini Vijaykumar"}],"citation-key":"wankhadeCyberPhysicalSystem2020","container-title":"2020 Fourth International Conference on Inventive Systems and Control (ICISC)","DOI":"10.1109/ICISC47916.2020.9171074","event-title":"2020 Fourth International Conference on Inventive Systems and Control (ICISC)","issued":{"date-parts":[["2020",1]]},"page":"716-719","source":"IEEE Xplore","title":"Cyber Physical System Framework: An Apropos Study","title-short":"Cyber Physical System Framework","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/9171074?casa_token=ThzOr3xT16gAAAAA:NktWFIimmo9FAbCfwaYlLywtCc_wYOE0B2TuTlV-stWns1HSOxoQWqD5IlOFQ2FwK4jQ-MJbig"},{"id":"shiLSTMautoencoderBasedOnline2023","abstract":"Additive manufacturing (AM) has gained increasing popularity in a large variety of mission-critical fields, such as aerospace, medical, and transportation. The layer-by-layer fabrication scheme of the AM significantly enhances fabrication flexibility, resulting in the expanded vulnerability space of cyber-physical AM systems. This potentially leads to altered AM parts with compromised mechanical properties and functionalities. Furthermore, those internal alterations in the AM builds are very challenging to detect using the traditional geometric dimensioning and tolerancing (GD&T) features. Therefore, how to effectively monitor and accurately detect cyber-physical attacks becomes a critical barrier for the broader adoption of AM technology. To address this issue, this paper proposes a machine learning-driven online side channel monitoring approach for AM process authentication. A data-driven feature extraction approach based on the LSTM-autoencoder is developed to detect the unintended process/product alterations caused by cyber-physical attacks. Both supervised and unsupervised monitoring schemes are implemented based on the extracted features. To validate the effectiveness of the proposed method, real-world case studies were conducted using a fused filament fabrication (FFF) platform equipped with two accelerometers. In the case study, two different types of cyber-physical attacks are implemented to mimic the potential real-world process alterations. Experimental results demonstrate that the proposed method outperforms conventional process monitoring methods, and it can effectively detect part geometry and layer thickness alterations in a real-time manner.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Shi","given":"Zhangyue"},{"family":"Mamun","given":"Abdullah Al"},{"family":"Kan","given":"Chen"},{"family":"Tian","given":"Wenmeng"},{"family":"Liu","given":"Chenang"}],"citation-key":"shiLSTMautoencoderBasedOnline2023","container-title":"Journal of Intelligent Manufacturing","container-title-short":"J Intell Manuf","DOI":"10.1007/s10845-021-01879-9","ISSN":"1572-8145","issue":"4","issued":{"date-parts":[["2023",4,1]]},"language":"en","page":"1815-1831","source":"Springer Link","title":"An LSTM-autoencoder based online side channel monitoring approach for cyber-physical attack detection in additive manufacturing","type":"article-journal","URL":"https://doi.org/10.1007/s10845-021-01879-9","volume":"34"},{"id":"zhangSurveyAttackDetection2021","abstract":"Cyber–physical systems (CPSs) are complex systems that involve technologies such as control, communication, and computing. Nowadays, CPSs have a wide range of applications in smart cities, smart grids, smart manufacturing and intelligent transportation. However, with integration of industrial control systems with modern communication technologies, CPSs would be inevitably exposed to increasing security threats, which could lead to severe degradation of the system performance and even destruction of CPSs. This paper presents a survey on recent advances on security issues of industrial cyber–physical systems (ICPSs). We specifically discuss two typical kinds of attacks, i.e., Denial-of-Service (DoS) attack and Deception attack, and present recent results in terms of attack detection, estimation, and control of ICPSs. Classifications of current studies are analyzed and summarized based on different system modeling and analysis methods. In addition, advantages and disadvantage of various methodologies are also discussed. Finally, the paper concludes with some potential future research directions on secure ICPSs.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Zhang","given":"Dan"},{"family":"Wang","given":"Qing-Guo"},{"family":"Feng","given":"Gang"},{"family":"Shi","given":"Yang"},{"family":"Vasilakos","given":"Athanasios V."}],"citation-key":"zhangSurveyAttackDetection2021","container-title":"ISA Transactions","container-title-short":"ISA Transactions","DOI":"10.1016/j.isatra.2021.01.036","ISSN":"0019-0578","issued":{"date-parts":[["2021",10,1]]},"page":"1-16","source":"ScienceDirect","title":"A survey on attack detection, estimation and control of industrial cyber–physical systems","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S001905782100046X","volume":"116"},{"id":"brandmanPhysicalHashPreventing2020","abstract":"Cyber-physical security is a major concern in the modern environment of digital manufacturing, wherein a cyber-attack has the potential to result in the production of defective parts, theft of IP, or damage to infrastructure or the operator have become a real threat that have the potential to create bad parts. Current cyber only solutions are insufficient due to the nature of manufacturing environments where it may not be feasible or even possible to upgrade physical equipment to the most current cyber security standards, necessitating an approach that addresses both the cyber and the physical components. This paper proposes a new method for detecting malicious cyber-physical attacks on additive manufacturing (AM) systems. The method makes use of a physical hash, which links digital data to the manufactured part via a disconnected side-channel measurement system. The disconnection ensures that if the network and/or AM system becomes compromised, the manufacturer can still rely on the measurement system for attack detection. The physical hash ensures protection of the intellectual property (IP) associated with both process and toolpath parameters while also enabling in situ quality assurance. In this paper, the physical hash takes the form of a QR code that contains a hash string of the nominal process parameters and toolpath. It is manufactured alongside the original geometry for the measurement system to scan and compare to the readings from its sensor suite. By taking measurements in situ, the measurement system can detect in real-time if the part being manufactured matches the designer’s specification. In this paper, the overall concept and underlying algorithm of the physical hash is presented. A proof-of-concept validation is realized on a material extrusion AM machine, to demonstrate the ability of a physical hash and in situ monitoring to detect the existence (and absence) of malicious attacks on the STL file, the printing process parameters, and the printing toolpath.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Brandman","given":"Josh"},{"family":"Sturm","given":"Logan"},{"family":"White","given":"Jules"},{"family":"Williams","given":"Chris"}],"citation-key":"brandmanPhysicalHashPreventing2020","container-title":"Journal of Manufacturing Systems","container-title-short":"Journal of Manufacturing Systems","DOI":"10.1016/j.jmsy.2020.05.014","ISSN":"0278-6125","issued":{"date-parts":[["2020",7,1]]},"page":"202-212","source":"ScienceDirect","title":"A physical hash for preventing and detecting cyber-physical attacks in additive manufacturing systems","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S0278612520300789","volume":"56"},{"id":"contiSidechannelAttacksMobile2022","abstract":"The attacks that leverage the side-channels produced by processes running on mobile and IoT devices are a concrete threat for cyber–physical systems. This special issue is focused on the most recent research work that investigates novel aspects of this topic. This editorial summarizes the contributions of the seven accepted papers for this special issue.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Conti","given":"Mauro"},{"family":"Losiouk","given":"Eleonora"},{"family":"Poovendran","given":"Radha"},{"family":"Spolaor","given":"Riccardo"}],"citation-key":"contiSidechannelAttacksMobile2022","container-title":"Computer Networks","container-title-short":"Computer Networks","DOI":"10.1016/j.comnet.2022.108858","ISSN":"1389-1286","issued":{"date-parts":[["2022",4,22]]},"page":"108858","source":"ScienceDirect","title":"Side-channel attacks on mobile and IoT devices for Cyber–Physical systems","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S138912862200069X","volume":"207"},{"id":"karimipourSecurityCyberPhysicalSystems2020","accessed":{"date-parts":[["2023",9,27]]},"citation-key":"karimipourSecurityCyberPhysicalSystems2020","DOI":"10.1007/978-3-030-45541-5","editor":[{"family":"Karimipour","given":"Hadis"},{"family":"Srikantha","given":"Pirathayini"},{"family":"Farag","given":"Hany"},{"family":"Wei-Kocsis","given":"Jin"}],"event-place":"Cham","ISBN":"978-3-030-45540-8 978-3-030-45541-5","issued":{"date-parts":[["2020"]]},"language":"en","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Security of Cyber-Physical Systems: Vulnerability and Impact","title-short":"Security of Cyber-Physical Systems","type":"book","URL":"http://link.springer.com/10.1007/978-3-030-45541-5"},{"id":"luciaSetpointAttackDetection2021","abstract":"In this article, we face the problem of detecting setpoint attacks in networked control systems. We consider a setup where the reference signal (also known as setpoint) is generated by a control center remotely located with respect to a standard feedback controller. In this scenario, an attacker with sufficient resources can exploit the communication channel to alter the setpoint signal and ultimately affect the tracking performance of the control system. With respect to this problem, we propose a novel distributed control architecture that, taking advantage of peculiar capabilities of the command governor control paradigm, enables the detection of reference attacks. We formally prove that for constrained linear systems such detector exists. Moreover, by limiting the attacker's disclosure resources with superimposed cryptographically secure pseudorandom signals, we show that the absence of advanced stealthy attacks is also ensured. Finally, a solid numerical simulation investigating setpoint attacks on the flight control system of a single-engine fighter is presented to provide tangible evidence of the features of the presented methodology.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Lucia","given":"Walter"},{"family":"Gheitasi","given":"Kian"},{"family":"Ghaderi","given":"Mohsen"}],"citation-key":"luciaSetpointAttackDetection2021","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/TAC.2020.3004326","ISSN":"1558-2523","issue":"5","issued":{"date-parts":[["2021",5]]},"page":"2332-2338","source":"IEEE Xplore","title":"Setpoint Attack Detection in Cyber-Physical Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/9123676?casa_token=OOTq8eZpEU4AAAAA:5yEr0KRgtpHHwEKZLTBmo0W4gMgsmUYS34RrRbmTgDc8IJvzQONedC2AMG_ws0mGOOtV2xTeTw","volume":"66"},{"id":"rokkachhetriSideChannelsCyberPhysical2017","abstract":"As 3-D printers are becoming increasingly relevant in various domains, including critical infrastructure, cyber-security questions naturally arise. This article investigates how to leverage analog emissions (vibration, acoustic, magnetic, and power) of 3-D printers in order to identify the printed object and compromise confidentiality.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Rokka Chhetri","given":"Sujit"},{"family":"Al Faruque","given":"Mohammad Abdullah"}],"citation-key":"rokkachhetriSideChannelsCyberPhysical2017","container-title":"IEEE Design & Test","DOI":"10.1109/MDAT.2017.2682225","ISSN":"2168-2364","issue":"4","issued":{"date-parts":[["2017",8]]},"page":"18-25","source":"IEEE Xplore","title":"Side Channels of Cyber-Physical Systems: Case Study in Additive Manufacturing","title-short":"Side Channels of Cyber-Physical Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/7878599?casa_token=KQXDZEp-sRgAAAAA:I48bww9EmRuRNHG8q3L4XF3DW5OVSkWLjoSS59nTGAH1OXvSw_8Wg1r7nD7ziKTRGEyIo5it4A","volume":"34"},{"id":"chenDynamicAttackDetection2017","abstract":"This technical note studies the impact of side initial state information on the detectability of data deception attacks against cyber-physical systems. We assume the attack detector has access to a linear function of the initial system state that cannot be altered by an attacker. First, we provide a necessary and sufficient condition for an attack to be undetectable by any dynamic attack detector under each specific side information pattern. Second, we characterize attacks that can be sustained for arbitrarily long periods without being detected. Third, we define the zero state inducing attack, the only type of attack that remains dynamically undetectable regardless of the side initial state information available to the attack detector. Finally, we design a dynamic attack detector that detects detectable attacks.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Chen","given":"Yuan"},{"family":"Kar","given":"Soummya"},{"family":"Moura","given":"José M. F."}],"citation-key":"chenDynamicAttackDetection2017","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/TAC.2016.2626267","ISSN":"1558-2523","issue":"9","issued":{"date-parts":[["2017",9]]},"page":"4618-4624","source":"IEEE Xplore","title":"Dynamic Attack Detection in Cyber-Physical Systems With Side Initial State Information","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/7738535?casa_token=L2XJAVNpixsAAAAA:NsDbRC_6b-skTa09odiexH7BsMjjU358Afx0HQ5NZqB6LnS8xSYj9LzQhSJ35oDgEMIIMj3_-w","volume":"62"},{"id":"aldosariSecurityPrivacyChallenges2017","abstract":"Cyber-Physical Systems, or Smart-Embedded Systems, are co-engineered for the integration of physical, computational and networking resources. These resources are used to develop an efficient base for enhancing the quality of services in all areas of life and achieving a classier lifestyle in terms of a required service’s functionality and timing. Cyber-Physical Systems (CPSs) complement the need to have smart products (e.g., homes, hospitals, airports, cities). In other words, regulate the three kinds of resources available: physical, computational, and networking. This regulation supports communication and interaction between the human word and digital word to find the required intelligence in all scopes of life, including Telecommunication, Power Generation and Distribution, and Manufacturing. Data Security is among the most important issues to be considered in recent technologies. Because Cyber-Physical Systems consist of interacting complex components and middle-ware, they face real challenges in being secure against cyber-attacks while functioning efficiently and without affecting or degrading their performance. This study gives a detailed description of CPSs, their challenges (including cyber-security attacks), characteristics, and related technologies. We also focus on the tradeoff between security and performance in CPS, and we present the most common Side Channel Attacks on the implementations of cryptographic algorithms (symmetric: AES and asymmetric: RSA) with the countermeasures against these attacks.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"AlDosari","given":"Fahd"}],"citation-key":"aldosariSecurityPrivacyChallenges2017","container-title":"Journal of Information Security","DOI":"10.4236/jis.2017.84019","issue":"4","issued":{"date-parts":[["2017",10,13]]},"language":"en","license":"http://creativecommons.org/licenses/by/4.0/","number":"4","page":"285-295","publisher":"Scientific Research Publishing","source":"www.scirp.org","title":"Security and Privacy Challenges in Cyber-Physical Systems","type":"article-journal","URL":"https://www.scirp.org/journal/paperinformation.aspx?paperid=79607","volume":"8"},{"id":"yangRuntimeIntegrityVerification2019","abstract":"The world is moving towards a connected ecosystem of cyber-physical components, which are increasingly deployed in diverse fields, from automobiles, to power grids, city infrastructure, manufacturing, and biomedical systems. Majority of these applications call for physical proximity of users to the system due to the nature of the service (e.g., health care). Both remote (through a network) and physical access to these systems have significantly broadened the attack surface of Cyber-Physical Systems (CPS) by providing increased flexibility to observe and alter the system maliciously. Many such systems are deployed in critical applications requiring a high level of operational integrity. Existing solutions for attack detection and prevention are often not adequate, specifically with respect to emerging vulnerabilities. In this paper, we focus on run-time monitoring of CPS with respect to attacks on hardware and software. In particular, we present the motivation for run-time monitoring and then propose methods for detection of physical attacks on hardware and activation of malicious programs in system software, both of which are severe threats to traditional and emerging applications of CPS. We propose a power-up and runtime hardware-software integrity monitoring of sensing and computing equipment in CPS through continuous observation of various side-channel parameters using a plug-and-play hardware module. We present a systematic framework that includes signature generation and comparison technique through device calibration, noise reduction, and workload analysis. Finally, we present a framework for monitoring two side-channel parameters (namely, power and electromagnetic radiation) to detect component replacement and malicious code execution.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Yang","given":"Shuo"},{"family":"Alaql","given":"Abdulrahman"},{"family":"Hoque","given":"Tamzidul"},{"family":"Bhunia","given":"Swarup"}],"citation-key":"yangRuntimeIntegrityVerification2019","container-title":"2019 IEEE International Conference on Consumer Electronics (ICCE)","DOI":"10.1109/ICCE.2019.8662071","event-title":"2019 IEEE International Conference on Consumer Electronics (ICCE)","ISSN":"2158-4001","issued":{"date-parts":[["2019",1]]},"page":"1-6","source":"IEEE Xplore","title":"Runtime Integrity Verification in Cyber-physical Systems using Side-Channel Fingerprint","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/8662071?casa_token=fcNFHkRNawcAAAAA:vcY_JpTHsFPPEVXy60IB0ScqkGXHkAPpk6IAlr1u6MsgPEtBDgrUpuJv3LeLGYdgpw7Nd3qwsw"},{"id":"chattopadhyaySecureCyberPhysicalSystems2017","abstract":"To understand and identify the attack surfaces of a Cyber-Physical System (CPS) is an essential step towards ensuring its security. The growing complexity of the cybernetics and the interaction of independent domains such as avionics, robotics and automotive is a major hindrance against a holistic view CPS. Furthermore, proliferation of communication networks have extended the reach of CPS from a user-centric single platform to a widely distributed network, often connecting to critical infrastructure, e.g., through smart energy initiative. In this manuscript, we reflect on this perspective and provide a review of current security trends and tools for secure CPS. We emphasize on both the design and execution flows and particularly highlight the necessity of efficient attack surface detection. We provide a detailed characterization of attacks reported on different cyber-physical systems, grouped according to their application domains, attack complexity, attack source and impact. Finally, we review the current tools, point out their inadequacies and present a roadmap of future research.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Chattopadhyay","given":"Anupam"},{"family":"Prakash","given":"Alok"},{"family":"Shafique","given":"Muhammad"}],"citation-key":"chattopadhyaySecureCyberPhysicalSystems2017","container-title":"Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017","DOI":"10.23919/DATE.2017.7927154","event-title":"Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017","ISSN":"1558-1101","issued":{"date-parts":[["2017",3]]},"page":"1104-1109","source":"IEEE Xplore","title":"Secure Cyber-Physical Systems: Current trends, tools and open research problems","title-short":"Secure Cyber-Physical Systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/7927154?casa_token=QNqi0saUdwEAAAAA:KPTsWMHmdyoghPYxRzcnyQSieO7zVDZ4cEZZ2VQRaJv_bhT2cbReTvOea5GdjxYVJIMR7A56-A"},{"id":"mohanS3ASecureSystem2013","abstract":"The recently discovered 'W32.Stuxnet' worm has drastically changed the perception that systems managing critical infrastructure are invulnerable to software security attacks. Here we present an architecture that enhances the security of safety-critical cyber-physical systems despite the presence of such malware. Our architecture uses the property that control systems have deterministic real-time) execution behavior to detect an intrusion within 0.6 μs while still guaranteeing the safety of the plant. We also show that even if an attacker is successful (or gains access to the operating system's administrative privileges), the overall state of the physical system still remains safe.","accessed":{"date-parts":[["2023",9,27]]},"author":[{"family":"Mohan","given":"Sibin"},{"family":"Bak","given":"Stanley"},{"family":"Betti","given":"Emiliano"},{"family":"Yun","given":"Heechul"},{"family":"Sha","given":"Lui"},{"family":"Caccamo","given":"Marco"}],"citation-key":"mohanS3ASecureSystem2013","collection-title":"HiCoNS '13","container-title":"Proceedings of the 2nd ACM international conference on High confidence networked systems","DOI":"10.1145/2461446.2461456","event-place":"New York, NY, USA","ISBN":"978-1-4503-1961-4","issued":{"date-parts":[["2013",4,9]]},"page":"65–74","publisher":"Association for Computing Machinery","publisher-place":"New York, NY, USA","source":"ACM Digital Library","title":"S3A: secure system simplex architecture for enhanced security and robustness of cyber-physical systems","title-short":"S3A","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2461446.2461456"},{"id":"meskeDesigningImplementingDigital2021","abstract":"Digital twins, which replicate physical assets, are perceived as enablers of digital transformation. But implementations of digital twins are still rare, and there is little advice on how to successfully develop them. We describe how a Norwegian power grid company and its technology partners designed and implemented a digital twin of its grid network, and show that a digital twin's unique characteristics are a crucial source of organizational learning that require innovative co-creation efforts and effective data governance. We also provide recommendations for designing and implementing digital twins.(1, 2)","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Meske","given":"Christian"},{"family":"Osmundsen","given":"Karen S."},{"family":"Junglas","given":"Iris"}],"citation-key":"meskeDesigningImplementingDigital2021","container-title":"Mis Quarterly Executive","container-title-short":"MIS Q. Exec.","DOI":"10.17705/2msqe.00048","event-place":"Bloomington","ISSN":"1540-1960","issue":"3","issued":{"date-parts":[["2021",9]]},"language":"English","note":"WOS:000694715100003","page":"183-198","publisher":"Indiana Univ, Oper & Decision Technol Dept","publisher-place":"Bloomington","source":"Web of Science Nextgen","title":"Designing and Implementing Digital Twins in the Energy Grid Sector","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1?markedListId=List%202","volume":"20"},{"id":"ferreiraSimulationIndustryStateoftheart2020","abstract":"Simulation is a key technology for developing planning and exploratory models to optimize decision making as well as the design and operations of complex and smart production systems. It could also aid companies to evaluate the risks, costs, implementation barriers, impact on operational performance, and roadmap toward Industry 4.0. Although several advances have been made in this domain, studies that systematically characterize and analyze the development of simulation-based research in Industry 4.0 are scarce. Therefore, this study aims to investigate the state-of-the-art research performed on the intersecting area of simulation and the field of Industry 4.0. Initially, a conceptual framework describing Industry 4.0 in terms of enabling technologies and design principles for modeling and simulation of Industry 4.0 scenarios is proposed. Thereafter, literature on simulation technologies and Industry 4.0 design principles is systematically reviewed using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) methodology. This study reveals an increasing trend in the number of publications on simulation in Industry 4.0 within the last four years. In total, 10 simulation-based approaches and 17 Industry 4.0 design principles were identified. A cross-analysis of concepts and evaluation of models' development suggest that simulation can capture the design principles of Industry 4.0 and support the investigation of the Industry 4.0 phenomenon from different perspectives. Finally, the results of this study indicate hybrid simulation and digital twin as the primary simulation-based approaches in the context of Industry 4.0.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Ferreira","given":"William de Paula"},{"family":"Armellini","given":"Fabiano"},{"family":"De Santa-Eulalia","given":"Luis Antonio"}],"citation-key":"ferreiraSimulationIndustryStateoftheart2020","container-title":"Computers & Industrial Engineering","container-title-short":"Comput. Ind. Eng.","DOI":"10.1016/j.cie.2020.106868","event-place":"Oxford","ISSN":"0360-8352","issued":{"date-parts":[["2020",11]]},"language":"English","note":"WOS:000582320000073","page":"106868","publisher":"Pergamon-Elsevier Science Ltd","publisher-place":"Oxford","source":"Web of Science Nextgen","title":"Simulation in industry 4.0: A state-of-the-art review","title-short":"Simulation in industry 4.0","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"149"},{"id":"dyliaccoEnhancingPowerSystem1997","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"DyLiacco","given":"T. E."}],"citation-key":"dyliaccoEnhancingPowerSystem1997","container-title":"Ieee Computer Applications in Power","container-title-short":"IEEE Comput. Appl. Power","DOI":"10.1109/67.595291","event-place":"New York","ISSN":"0895-0156","issue":"3","issued":{"date-parts":[["1997",7]]},"language":"English","note":"WOS:A1997XG57700009","page":"38-41","publisher":"Ieee-Inst Electrical Electronics Engineers Inc","publisher-place":"New York","source":"Web of Science Nextgen","title":"Enhancing power system security control","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"10"},{"id":"bhandalApplicationDigitalTwin2022","abstract":"Purpose The application of digital twins to optimise operations and supply chain management functions is a bourgeoning practice. Scholars have attempted to keep pace with this development initiating a fast-evolving research agenda. The purpose of this paper is to take stock of the emerging research stream identifying trends and capture the value potential of digital twins to the field of operations and supply chain management. Design/methodology/approach In this work we employ a bibliometric literature review supported by bibliographic coupling and keyword co-occurrence network analysis to examine current trends in the research field regarding the value-added potential of digital twin in operations and supply chain management. Findings The main findings of this work are the identification of four value clusters and one enabler cluster. Value clusters are comprised of articles that describe how the application of digital twin can enhance supply chain activities at the level of business processes as well as the level of supply chain capabilities. Value clusters of production flow management and product development operate at the business processes level and are maturing communities. The supply chain resilience and risk management value cluster operates at the capability level, it is just emerging, and is positioned at the periphery of the main network. Originality/value This is the first study that attempts to conceptualise digital twin as a dynamic capability and employs bibliometric and network analysis on the research stream of digital twin in operations and supply chain management to capture evolutionary trends, literature communities and value-creation dynamics in a digital-twin-enabled supply chain.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Bhandal","given":"Rajinder"},{"family":"Mcriton","given":"Royston"},{"family":"Kavanagh","given":"Richard Edward"},{"family":"Brown","given":"Anthony"}],"citation-key":"bhandalApplicationDigitalTwin2022","container-title":"Supply Chain Management-an International Journal","container-title-short":"Supply Chain Manag.","DOI":"10.1108/SCM-01-2021-0053","event-place":"Bingley","ISSN":"1359-8546","issue":"2","issued":{"date-parts":[["2022",2,17]]},"language":"English","note":"WOS:000753838000001","page":"182-206","publisher":"Emerald Group Publishing Ltd","publisher-place":"Bingley","source":"Web of Science Nextgen","title":"The application of digital twin technology in operations and supply chain management: a bibliometric review","title-short":"The application of digital twin technology in operations and supply chain management","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"27"},{"id":"khanRequirementsDigitalTwindriven2020","abstract":"Autonomy has become a focal point for research and development in many industries. Whilst this was traditionally achieved by modelling self-engineering behaviours at the component-level, efforts are now being focused on the sub-system and system-level through advancements in artificial intelligence. Exploiting its benefits requires some innovative thinking to integrate overarching concepts from big data analysis, digitisation, sensing, optimisation, information technology, and systems engineering. With recent developments in Industry 4.0, machine learning and digital twin, there has been a growing interest in adapting these concepts to achieve autonomous maintenance; the automation of predictive maintenance scheduling directly from operational data and for in-built repair at the systems-level. However, there is still ambiguity whether state-of-the-art developments are truly autonomous or they simply automate a process. In light of this, it is important to present the current perspectives about where the technology stands today and indicate possible routes for the future. As a result, this effort focuses on recent trends in autonomous maintenance before moving on to discuss digital twin as a vehicle for decision making from the viewpoint of requirements, whilst the role of AI in assisting with this process is also explored. A suggested framework for integrating digital twin strategies within maintenance models is also discussed. Finally, the article looks towards future directions on the likely evolution and implications for its development as a sustainable technology.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Khan","given":"Samir"},{"family":"Farnsworth","given":"Michael"},{"family":"McWilliam","given":"Richard"},{"family":"Erkoyuncu","given":"John"}],"citation-key":"khanRequirementsDigitalTwindriven2020","container-title":"Annual Reviews in Control","container-title-short":"Annu. Rev. Control","DOI":"10.1016/j.arcontrol.2020.08.003","event-place":"Oxford","ISSN":"1367-5788","issued":{"date-parts":[["2020"]]},"language":"English","note":"WOS:000600551200002","page":"13-28","publisher":"Pergamon-Elsevier Science Ltd","publisher-place":"Oxford","source":"Web of Science Nextgen","title":"On the requirements of digital twin-driven autonomous maintenance","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"50"},{"id":"kimSurveyMachineLearningBased2021","abstract":"A cyber-physical system (CPS) is the integration of a physical system into the real world and control applications in a computing system, interacting through a communications network. Network technology connecting physical systems and computing systems enables the simultaneous control of many physical systems and provides intelligent applications for them. However, enhancing connectivity leads to extended attack vectors in which attackers can trespass on the network and launch cyber-physical attacks, remotely disrupting the CPS. Therefore, extensive studies into cyber-physical security are being conducted in various domains, such as physical, network, and computing systems. Moreover, large-scale and complex CPSs make it difficult to analyze and detect cyber-physical attacks, and thus, machine learning (ML) techniques have recently been adopted for cyber-physical security. In this survey, we provide an extensive review of the threats and ML-based security designs for CPSs. First, we present a CPS structure that classifies the functions of the CPS into three layers: the physical system, the network, and software applications. Then, we discuss the taxonomy of cyber-physical attacks on each layer, and in particular, we analyze attacks based on the dynamics of the physical system. We review existing studies on detecting cyber-physical attacks with various ML techniques from the perspectives of the physical system, the network, and the computing system. Furthermore, we discuss future research directions for ML-based cyber-physical security research in the context of real-time constraints, resiliency, and dataset generation to learn about the possible attacks.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Kim","given":"Sangjun"},{"family":"Park","given":"Kyung-Joon"}],"citation-key":"kimSurveyMachineLearningBased2021","container-title":"Applied Sciences-Basel","container-title-short":"Appl. Sci.-Basel","DOI":"10.3390/app11125458","event-place":"Basel","issue":"12","issued":{"date-parts":[["2021",6]]},"language":"English","note":"WOS:000666134100001","page":"5458","publisher":"Mdpi","publisher-place":"Basel","source":"Web of Science Nextgen","title":"A Survey on Machine-Learning Based Security Design for Cyber-Physical Systems","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/marked/relevance/1","volume":"11"},{"id":"chiccoDataConsistencyDataDriven2021","abstract":"In the smart grid era, the number of data available for different applications has increased considerably. However, data could not perfectly represent the phenomenon or process under analysis, so their usability requires a preliminary validation carried out by experts of the specific domain. The process of data gathering and transmission over the communication channels has to be verified to ensure that data are provided in a useful format, and that no external effect has impacted on the correct data to be received. Consistency of the data coming from different sources (in terms of timings and data resolution) has to be ensured and managed appropriately. Suitable procedures are needed for transforming data into knowledge in an effective way. This contribution addresses the previous aspects by highlighting a number of potential issues and the solutions in place in different power and energy system, including the generation, grid and user sides. Recent references, as well as selected historical references, are listed to support the illustration of the conceptual aspects.","accessed":{"date-parts":[["2022",3,8]]},"author":[{"family":"Chicco","given":"Gianfranco"}],"citation-key":"chiccoDataConsistencyDataDriven2021","container-title":"Frontiers in Big Data","container-title-short":"Front. Big Data","DOI":"10.3389/fdata.2021.683682","event-place":"Lausanne","issued":{"date-parts":[["2021",5,13]]},"language":"English","note":"WOS:000659098500001","page":"683682","publisher":"Frontiers Media Sa","publisher-place":"Lausanne","source":"Web of Science Nextgen","title":"Data Consistency for Data-Driven Smart Energy Assessment","type":"article-journal","URL":"http://www.webofscience.com/wos/woscc/summary/ffb5b6d6-a673-4bef-9ff0-b8d88b1e6e37-287c2a9c/relevance/1","volume":"4"},{"id":"humayedCyberPhysicalSystemsSecurity2017","abstract":"With the exponential growth of cyber-physical systems (CPS), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lack a systematic study of CPS security issues. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it very difﬁcult to study the problem with one generalized model. In this paper, we capture and systematize existing research on CPS security under a uniﬁed framework. The framework consists of three orthogonal coordinates: (1) from the security perspective, we follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; (2)from the CPS components perspective, we focus on cyber, physical, and cyber-physical components; and (3) from the CPS systems perspective, we explore general CPS features as well as representative systems (e.g., smart grids, medical CPS and smart cars). The model can be both abstract to show general interactions of a CPS application and speciﬁc to capture any details when needed. By doing so, we aim to build a model that is abstract enough to be applicable to various heterogeneous CPS applications; and to gain a modular view of the tightly coupled CPS components. Such abstract decoupling makes it possible to gain a systematic understanding of CPS security, and to highlight the potential sources of attacks and ways of protection.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Humayed","given":"Abdulmalik"},{"family":"Lin","given":"Jingqiang"},{"family":"Li","given":"Fengjun"},{"family":"Luo","given":"Bo"}],"citation-key":"humayedCyberPhysicalSystemsSecurity2017","container-title":"arXiv:1701.04525 [cs]","issued":{"date-parts":[["2017",1,16]]},"language":"en","source":"arXiv.org","title":"Cyber-Physical Systems Security -- A Survey","type":"article-journal","URL":"http://arxiv.org/abs/1701.04525"},{"id":"linUncertaintyQuantificationSoftware2021","abstract":"A nearly autonomous management and control (NAMAC) system is designed to furnish recommendations to operators for achieving particular goals based on NAMAC’s knowledge base. As a critical component in a NAMAC system, digital twins (DTs) are used to extract information from the knowledge base to support decision-making in reactor control and management during all modes of plant operations. With the advancement of artificial intelligence and data-driven methods, machine learning algorithms are used to build DTs of various functions in the NAMAC system. To evaluate the uncertainty of DTs and its impacts on the reactor digital instrumentation and control systems, uncertainty quantification (UQ) and software risk analysis is needed. As a comprehensive overview of prior research and a starting point for new investigations, this study selects and reviews relevant UQ techniques and software hazard and software risk analysis methods that may be suitable for DTs in the NAMAC system.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Lin","given":"Linyu"},{"family":"Bao","given":"Han"},{"family":"Dinh","given":"Nam"}],"citation-key":"linUncertaintyQuantificationSoftware2021","container-title":"Annals of Nuclear Energy","container-title-short":"Annals of Nuclear Energy","DOI":"10.1016/j.anucene.2021.108362","ISSN":"03064549","issued":{"date-parts":[["2021",9]]},"language":"en","page":"108362","source":"DOI.org (Crossref)","title":"Uncertainty quantification and software risk analysis for digital twins in the nearly autonomous management and control systems: A review","title-short":"Uncertainty quantification and software risk analysis for digital twins in the nearly autonomous management and control systems","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0306454921002383","volume":"160"},{"id":"erikstadMergingPhysicsBig","abstract":"A digital twin is a model capable of rendering the state and behaviour of a unique real asset in (close to) real time. Thus, it offers opportunities beyond the capabilities offered by traditional CAD, CAE and PLM. In this paper, we will lay out the core principles on which digital twins are founded, pointing to its history from engineering analysis and simulation models. Further, we compare a physics-based digital twin solution with artificial intelligence and machine learning. Our proposition is that while the two are fundamentally different in how knowledge and insight is generated, they at the same time offer opportunities for innovative complementary solutions based on big data sensor platforms.","author":[{"family":"Erikstad","given":"Stein Ove"}],"citation-key":"erikstadMergingPhysicsBig","language":"en","page":"11","source":"Zotero","title":"Merging Physics, Big Data Analytics and Simulation for the Next-Generation Digital Twins","type":"article-journal"},{"id":"wuBatteryDigitalTwins2020","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Wu","given":"Billy"},{"family":"Widanage","given":"W. Dhammika"},{"family":"Yang","given":"Shichun"},{"family":"Liu","given":"Xinhua"}],"citation-key":"wuBatteryDigitalTwins2020","container-title":"Energy and AI","container-title-short":"Energy and AI","DOI":"10.1016/j.egyai.2020.100016","ISSN":"26665468","issued":{"date-parts":[["2020",8]]},"language":"en","page":"100016","source":"DOI.org (Crossref)","title":"Battery digital twins: Perspectives on the fusion of models, data and artificial intelligence for smart battery management systems","title-short":"Battery digital twins","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S2666546820300161","volume":"1"},{"id":"miPredictionMaintenanceIntegrated2021","abstract":"Predictive maintenance is one of the important technical means to guarantee and improve the normal industrial production. The existing bottlenecks for popularization and application are analyzed. In order to solve these problems, a cooperative awareness and interconnection framework across multiple organizations for total factors that affect prediction maintenance decision-making is discussed. Initially, the structure and operation mecha­ nism of this framework are proposed. It is designed to support the sharing of data, knowledge and resources. As a key supporting technology, the digital twin is also integrated into it to improve the accuracy of fault diagnosis and prediction and support making a maintenance plan with higher accuracy and reliability. Then, under this framework, an integrated mathematical programming model is established with considering the parameter uncertainty and an NSGA-II hybrid algorithm is utilized to solve it. Moreover, an adjustment strategy for a maintenance plan is discussed in response to the dynamic characteristics of the actual maintenance environment. Finally, a case, prediction maintenance decision-making for bearings in grinding rolls of the large vertical mill, is studied. Analysis results verify the advantage of the integrated solving mechanism based on the proposed framework. The framework and integrated decision-making approach can guide the implementation of predic­ tive maintenance with higher accuracy and reliability for industrial enterprises.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Mi","given":"Shanghua"},{"family":"Feng","given":"Yixiong"},{"family":"Zheng","given":"Hao"},{"family":"Wang","given":"Yong"},{"family":"Gao","given":"Yicong"},{"family":"Tan","given":"Jianrong"}],"citation-key":"miPredictionMaintenanceIntegrated2021","container-title":"Journal of Manufacturing Systems","container-title-short":"Journal of Manufacturing Systems","DOI":"10.1016/j.jmsy.2020.08.001","ISSN":"02786125","issued":{"date-parts":[["2021",1]]},"language":"en","page":"329-345","source":"DOI.org (Crossref)","title":"Prediction maintenance integrated decision-making approach supported by digital twin-driven cooperative awareness and interconnection framework","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0278612520301345","volume":"58"},{"id":"tsialiamanisGenerativeModelsBasis2021","abstract":"A framework is proposed for generative models as a basis for digital twins or mirrors of structures. The proposal is based on the premise that deterministic models cannot account for the uncertainty present in most structural modeling applications. Two different types of generative models are considered here. The first is a physics-based model based on the stochastic finite element (SFE) method, which is widely used when modeling structures that have material and loading uncertainties imposed. Such models can be calibrated according to data from the structure and would be expected to outperform any other model if the modeling accurately captures the true underlying physics of the structure. The potential use of SFE models as digital mirrors is illustrated via application to a linear structure with stochastic material properties. For situations where the physical formulation of such models does not suffice, a datadriven framework is proposed, using machine learning and conditional generative adversarial networks (cGANs). The latter algorithm is used to learn the distribution of the quantity of interest in a structure with material nonlinearities and uncertainties. For the examples considered in this work, the data-driven cGANs model outperforms the physicsbased approach. Finally, an example is shown where the two methods are coupled such that a hybrid model approach is demonstrated.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Tsialiamanis","given":"George"},{"family":"Wagg","given":"David J."},{"family":"Dervilis","given":"Nikolaos"},{"family":"Worden","given":"Keith"}],"citation-key":"tsialiamanisGenerativeModelsBasis2021","container-title":"Data-Centric Engineering","container-title-short":"DCE","DOI":"10.1017/dce.2021.13","ISSN":"2632-6736","issued":{"date-parts":[["2021"]]},"language":"en","page":"e11","source":"DOI.org (Crossref)","title":"On generative models as the basis for digital twins","type":"article-journal","URL":"https://www.cambridge.org/core/product/identifier/S2632673621000137/type/journal_article","volume":"2"},{"id":"dollnerGeospatialArtificialIntelligence2020","abstract":"Artificial intelligence (AI) is changing fundamentally the way how IT solutions are implemented and operated across all application domains, including the geospatial domain. This contribution outlines AI-based techniques for 3D point clouds and geospatial digital twins as generic components of geospatial AI. First, we briefly reflect on the term “AI” and outline technology developments needed to apply AI to IT solutions, seen from a software engineering perspective. Next, we characterize 3D point clouds as key category of geodata and their role for creating the basis for geospatial digital twins; we explain the feasibility of machine learning (ML) and deep learning (DL) approaches for 3D point clouds. In particular, we argue that 3D point clouds can be seen as a corpus with similar properties as natural language corpora and formulate a “Naturalness Hypothesis” for 3D point clouds. In the main part, we introduce a workflow for interpreting 3D point clouds based on ML/ DL approaches that derive domain-specific and application-specific semantics for 3D point clouds without having to create explicit spatial 3D models or explicit rule sets. Finally, examples are shown how ML/DL enables us to efficiently build and maintain base data for geospatial digital twins such as virtual 3D city models, indoor models, or building information models.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Döllner","given":"Jürgen"}],"citation-key":"dollnerGeospatialArtificialIntelligence2020","container-title":"PFG – Journal of Photogrammetry, Remote Sensing and Geoinformation Science","container-title-short":"PFG","DOI":"10.1007/s41064-020-00102-3","ISSN":"2512-2789, 2512-2819","issue":"1","issued":{"date-parts":[["2020",2]]},"language":"en","page":"15-24","source":"DOI.org (Crossref)","title":"Geospatial Artificial Intelligence: Potentials of Machine Learning for 3D Point Clouds and Geospatial Digital Twins","title-short":"Geospatial Artificial Intelligence","type":"article-journal","URL":"http://link.springer.com/10.1007/s41064-020-00102-3","volume":"88"},{"id":"nguyenDeepReinforcementLearning2021","abstract":"The scale of Internet-connected systems has increased considerably, and these systems are being exposed to cyber attacks more than ever. The complexity and dynamics of cyber attacks require protecting mechanisms to be responsive, adaptive, and scalable. Machine learning, or more speciﬁcally deep reinforcement learning (DRL), methods have been proposed widely to address these issues. By incorporating deep learning into traditional RL, DRL is highly capable of solving complex, dynamic, and especially high-dimensional cyber defense problems. This paper presents a survey of DRL approaches developed for cyber security. We touch on different vital aspects, including DRL-based security methods for cyber-physical systems, autonomous intrusion detection techniques, and multiagent DRL-based game theory simulations for defense strategies against cyber attacks. Extensive discussions and future research directions on DRL-based cyber security are also given. We expect that this comprehensive review provides the foundations for and facilitates future studies on exploring the potential of emerging DRL to cope with increasingly complex cyber security problems.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Nguyen","given":"Thanh Thi"},{"family":"Reddi","given":"Vijay Janapa"}],"citation-key":"nguyenDeepReinforcementLearning2021","container-title":"IEEE Transactions on Neural Networks and Learning Systems","container-title-short":"IEEE Trans. Neural Netw. Learning Syst.","DOI":"10.1109/TNNLS.2021.3121870","ISSN":"2162-237X, 2162-2388","issued":{"date-parts":[["2021"]]},"language":"en","page":"1-17","source":"arXiv.org","title":"Deep Reinforcement Learning for Cyber Security","type":"article-journal","URL":"http://arxiv.org/abs/1906.05799"},{"id":"moyaDigitalTwinsThat2020","abstract":"Digital twins can be defined as digital representations of physical entities that employ real-time data to enable understanding of the operating conditions of these entities. Here we present a particular type of digital twin that involves a combination of computer vision, scientific machine learning, and augmented reality. This novel digital twin is able, therefore, to see, to interpret what it sees—and, if necessary, to correct the model it is equipped with—and presents the resulting information in the form of augmented reality. The computer vision capabilities allow the twin to receive data continuously. As any other digital twin, it is equipped with one or more models so as to assimilate data. However, if persistent deviations from the predicted values are found, the proposed methodology is able to correct on the fly the existing models, so as to accommodate them to the measured reality. Finally, the suggested methodology is completed with augmented reality capabilities so as to render a completely new type of digital twin. These concepts are tested against a proof-of-concept model consisting on a nonlinear, hyperelastic beam subjected to moving loads whose exact position is to be determined.","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Moya","given":"Beatriz"},{"family":"Badías","given":"Alberto"},{"family":"Alfaro","given":"Icíar"},{"family":"Chinesta","given":"Francisco"},{"family":"Cueto","given":"Elías"}],"citation-key":"moyaDigitalTwinsThat2020","container-title":"International Journal for Numerical Methods in Engineering","container-title-short":"Int J Numer Methods Eng","DOI":"10.1002/nme.6535","ISSN":"0029-5981, 1097-0207","issued":{"date-parts":[["2020",9,24]]},"language":"en","page":"nme.6535","source":"DOI.org (Crossref)","title":"Digital twins that learn and correct themselves","type":"article-journal","URL":"https://onlinelibrary.wiley.com/doi/10.1002/nme.6535"},{"id":"liDynamicBayesianNetwork2017","accessed":{"date-parts":[["2022",3,2]]},"author":[{"family":"Li","given":"Chenzhao"},{"family":"Mahadevan","given":"Sankaran"},{"family":"Ling","given":"You"},{"family":"Choze","given":"Sergio"},{"family":"Wang","given":"Liping"}],"citation-key":"liDynamicBayesianNetwork2017","container-title":"AIAA Journal","container-title-short":"AIAA Journal","DOI":"10.2514/1.J055201","ISSN":"0001-1452, 1533-385X","issue":"3","issued":{"date-parts":[["2017",3]]},"language":"en","page":"930-941","source":"DOI.org (Crossref)","title":"Dynamic Bayesian Network for Aircraft Wing Health Monitoring Digital Twin","type":"article-journal","URL":"https://arc.aiaa.org/doi/10.2514/1.J055201","volume":"55"},{"id":"robbinsMendeleyZoteroWhich2012","abstract":"Today’s bibliographic managers provide cloud storage so that papers can be attached to citations and syncing services, in order for papers and citations to be available in multiple mediums. Mendeley and Zotero are two services that offer online storage of papers and citations, desktop applications, and tablet integration. Mendeley has an iPad application and an open API so that developers can create apps for Android tablets. Zotero is an open-source project that encourages developers to create both iPad and Android apps. Both suites can be integrated with word processing software for accurate in-text and bibliographic entries, provide full-text indexing of PDF documents, and can attach notes to citations. Choosing between them depends upon what features a mobile researcher would need and use.","accessed":{"date-parts":[["2022",2,11]]},"author":[{"family":"Robbins","given":"Laura Pope"}],"citation-key":"robbinsMendeleyZoteroWhich2012","container-title":"The Charleston Advisor","container-title-short":"charleston adv","DOI":"10.5260/chara.14.2.5","ISSN":"15254011, 15254003","issue":"2","issued":{"date-parts":[["2012",10,1]]},"language":"en","page":"5-11","source":"DOI.org (Crossref)","title":"Mendeley or Zotero: Which Should the Mobile Researcher Use?","title-short":"Mendeley or Zotero","type":"article-journal","URL":"http://openurl.ingenta.com/content/xref?genre=article&issn=1525-4011&volume=14&issue=2&spage=5","volume":"14"},{"id":"andriotisManagingEngineeringSystems2019","abstract":"Decision-making for engineering systems management can be efficiently formulated using Markov Decision Processes (MDPs) or Partially Observable MDPs (POMDPs). Typical MDP/POMDP solution procedures utilize offline knowledge about the environment and provide detailed policies for relatively small systems with tractable state and action spaces. However, in large multi-component systems the sizes of these spaces easily explode, as system states and actions scale exponentially with the number of components, whereas environment dynamics are difficult to be described explicitly for the entire system and may only be accessible through numerical simulators. In this work, to address these issues, an integrated Deep Reinforcement Learning (DRL) framework is introduced. The Deep Centralized Multi-agent Actor Critic (DCMAC) is developed, an off-policy actor-critic DRL approach, providing efficient life-cycle policies for large multi-component systems operating in high-dimensional spaces. Apart from deep network approximators parametrizing complex functions in large state spaces, DCMAC also adopts a factorized representation of the system actions, thus being able to designate individualized component- and subsystem-level decisions, while maintaining a centralized value function for the entire system. DCMAC compares well against Deep Q-Network solutions and exact policies, where applicable, and outperforms optimized baselines that are based on time-based, condition-based and periodic inspection and maintenance policies.","accessed":{"date-parts":[["2022",2,11]]},"author":[{"family":"Andriotis","given":"C.P."},{"family":"Papakonstantinou","given":"K.G."}],"citation-key":"andriotisManagingEngineeringSystems2019","container-title":"Reliability Engineering & System Safety","container-title-short":"Reliability Engineering & System Safety","DOI":"10.1016/j.ress.2019.04.036","ISSN":"09518320","issued":{"date-parts":[["2019",11]]},"language":"en","page":"106483","source":"DOI.org (Crossref)","title":"Managing engineering systems with large state and action spaces through deep reinforcement learning","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0951832018313309","volume":"191"},{"id":"einickeRobustExtendedKalman1999","abstract":"Linearization errors inherent in the speciﬁcation of an extended Kalman ﬁlter (EKF) can severely degrade its performance. This correspondence presents a new approach to the robust design of a discrete-time EKF by application of the robust linear design methods based on the H1 norm minimization criterion. The results of simulations are presented to demonstrate an advantage for signal demodulation and nonlinear equalization applications.","accessed":{"date-parts":[["2022",2,11]]},"author":[{"family":"Einicke","given":"G.A."},{"family":"White","given":"L.B."}],"citation-key":"einickeRobustExtendedKalman1999","container-title":"IEEE Transactions on Signal Processing","container-title-short":"IEEE Trans. Signal Process.","DOI":"10.1109/78.782219","ISSN":"1053587X","issue":"9","issued":{"literal":"Sept./1999"},"language":"en","page":"2596-2599","source":"DOI.org (Crossref)","title":"Robust extended Kalman filtering","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/782219/","volume":"47"},{"id":"moratoOptimalInspectionMaintenance2022","abstract":"Civil and maritime engineering systems, among others, from bridges to oﬀshore platforms and wind turbines, must be eﬃciently managed as they are exposed to deterioration mechanisms throughout their operational life, such as fatigue or corrosion. Identifying optimal inspection and maintenance policies demands the solution of a complex sequential decision-making problem under uncertainty, with the main objective of eﬃciently controlling the risk associated with structural failures. Addressing this complexity, risk-based inspection planning methodologies, supported often by dynamic Bayesian networks, evaluate a set of pre-deﬁned heuristic decision rules to reasonably simplify the decision problem. However, the resulting policies may be compromised by the limited space considered in the deﬁnition of the decision rules. Avoiding this limitation, Partially Observable Markov Decision Processes (POMDPs) provide a principled mathematical methodology for stochastic optimal control under uncertain action outcomes and observations, in which the optimal actions are prescribed as a function of the entire, dynamically updated, state probability distribution. In this paper, we combine dynamic Bayesian networks with POMDPs in a joint framework for optimal inspection and maintenance planning, and we provide the relevant formulation for developing both inﬁnite and ﬁnite horizon POMDPs in a structural reliability context. The proposed methodology is implemented and tested for the case of a structural component subject to fatigue deterioration, demonstrating the capability of state-of-the-art point-based POMDP solvers for solving the underlying planning optimization problem. Within the numerical experiments, POMDP and heuristic-based policies are thoroughly compared, and results showcase that POMDPs achieve substantially lower costs as compared to their counterparts, even for traditional problem settings.","accessed":{"date-parts":[["2022",2,11]]},"author":[{"family":"Morato","given":"P. G."},{"family":"Papakonstantinou","given":"K. G."},{"family":"Andriotis","given":"C. P."},{"family":"Nielsen","given":"J. S."},{"family":"Rigo","given":"P."}],"citation-key":"moratoOptimalInspectionMaintenance2022","container-title":"Structural Safety","container-title-short":"Structural Safety","DOI":"10.1016/j.strusafe.2021.102140","ISSN":"01674730","issued":{"date-parts":[["2022",1]]},"language":"en","page":"102140","source":"arXiv.org","title":"Optimal Inspection and Maintenance Planning for Deteriorating Structural Components through Dynamic Bayesian Networks and Markov Decision Processes","type":"article-journal","URL":"http://arxiv.org/abs/2009.04547","volume":"94"},{"id":"andriotisDeepReinforcementLearning2021","abstract":"Determination of inspection and maintenance policies for minimizing long-term risks and costs in deteriorating engineering environments constitutes a complex optimization problem. Major computational challenges include the (i) curse of dimensionality, due to exponential scaling of state/action set cardinalities with the number of components; (ii) curse of history, related to exponentially growing decision-trees with the number of decision-steps; (iii) presence of state uncertainties, induced by inherent environment stochasticity and variability of inspection/monitoring measurements; (iv) presence of constraints, pertaining to stochastic long-term limitations, due to resource scarcity and other infeasible/undesirable system responses. In this work, these challenges are addressed within a joint framework of constrained Partially Observable Markov Decision Processes (POMDP) and multi-agent Deep Reinforcement Learning (DRL). POMDPs optimally tackle (ii)-(iii), combining stochastic dynamic programming with Bayesian inference principles. Multi-agent DRL addresses (i), through deep function parametrizations and decentralized control assumptions. Challenge (iv) is herein handled through proper state augmentation and Lagrangian relaxation, with emphasis on life-cycle risk-based constraints and budget limitations. The underlying algorithmic steps are provided, and the proposed framework is found to outperform well-established policy baselines and facilitate adept prescription of inspection and intervention actions, in cases where decisions must be made in the most resource- and risk-aware manner.","accessed":{"date-parts":[["2022",2,11]]},"author":[{"family":"Andriotis","given":"C.P."},{"family":"Papakonstantinou","given":"K.G."}],"citation-key":"andriotisDeepReinforcementLearning2021","container-title":"Reliability Engineering & System Safety","container-title-short":"Reliability Engineering & System Safety","DOI":"10.1016/j.ress.2021.107551","ISSN":"09518320","issued":{"date-parts":[["2021",8]]},"language":"en","page":"107551","source":"DOI.org (Crossref)","title":"Deep reinforcement learning driven inspection and maintenance planning under incomplete information and constraints","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S095183202100106X","volume":"212"},{"id":"ioannouAutonomousIntelligentCruise1993","abstract":"Vehicle following and its effects on traffic flow has been an active area of research. Human driving involves reaction times, delays, and human errors that affect traffic flow adversely. One way to eliminate human errors and delays in vehicle following is to replace the human driver with a computer control system and sensors. The purpose of this paper is to develop an autonomous intelligent cruise control (AICC) system for automatic vehicle following, examine its effect on traffic flow, and compare its performance with that of the human driver models. The AICC system developed is not cooperative; i.e., it does not exchange information with other vehicles and yet is not susceptible to oscillations and \"slinky\" effects. The elimination of the \"slinky\" effect is achieved by using a safety distance separation rule that is proportional to the vehicle velocity (constant time headway) and by designing the control system appropriately. The performance of the AICC system is found to be superior to that of the human driver models considered. It has a faster and better transient response that leads to a much smoother and faster traffic flow. Computer simulations are used to study the performance of the proposed AICC system and analyze vehicle following in a single lane, without passing, under manual and automatic control. In addition, several emergency situations that include emergency stopping and cut-in cases were simulated. The simulation results demonstrate the effectiveness of the AICC system and its potentially beneficial effects on traffic flow.<>","accessed":{"date-parts":[["2023",11,20]]},"author":[{"family":"Ioannou","given":"P.A."},{"family":"Chien","given":"C.C."}],"citation-key":"ioannouAutonomousIntelligentCruise1993","container-title":"IEEE Transactions on Vehicular Technology","DOI":"10.1109/25.260745","ISSN":"1939-9359","issue":"4","issued":{"date-parts":[["1993",11]]},"page":"657-672","source":"IEEE Xplore","title":"Autonomous intelligent cruise control","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/260745","volume":"42"},{"id":"zhenhaiMultiargumentControlMode2016","abstract":"Adaptive Cruise Control system contains the distance control function which is an extension of the conventional Cruise Control system. ACC system has to switch to appropriate control modes according to different traffic scenes. The existing switching strategies are generally designed based on two arguments including relative distance and relative velocity between the host vehicle and the preceding vehicle. Because switching thresholds of the existing methods are mostly determined based on steady states of control mode, the switching process cannot be continuous and smooth in many cases. In order to overcome the shortage of existing switching strategy, a new switch strategy is put forward in this paper which considers three arguments: distance, relative velocity and acceleration. This new strategy can make vehicle acceleration continuous and smooth during control mode switching, which improves the comfort performance of ACC system. Moreover, the decision algorithms of cruise mode, follow mode and approach mode in ACC system are built. The new switching strategy with three arguments is established in this paper. At last, the road tests show that the proposed switching strategy is able to switch to correct control mode according to actual traffic scenes. In addition, the switching progress is smoother than the existing two arguments switching strategy.","accessed":{"date-parts":[["2023",11,20]]},"author":[{"family":"Zhenhai","given":"Gao"},{"family":"Jun","given":"Wang"},{"family":"Hongyu","given":"Hu"},{"family":"Wei","given":"Yan"},{"family":"Dazhi","given":"Wang"},{"family":"Lin","given":"Wang"}],"citation-key":"zhenhaiMultiargumentControlMode2016","collection-title":"Green Intelligent Transportation System and Safety","container-title":"Procedia Engineering","container-title-short":"Procedia Engineering","DOI":"10.1016/j.proeng.2016.01.295","ISSN":"1877-7058","issued":{"date-parts":[["2016",1,1]]},"page":"581-589","source":"ScienceDirect","title":"Multi-argument Control Mode Switching Strategy for Adaptive Cruise Control System","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S1877705816003222","volume":"137"},{"id":"sivajiAdaptiveCruiseControl2013","abstract":"This research paper deals with the design of adaptive cruise control (ACC) which was implemented on a passenger car using PID controller. An important feature of the newly based adaptive cruise control system is that, its ability to manage a competent inter-vehicle gap based on the speed of host vehicle and headway. There are three major inputs to the ACC system, that is, speed of host vehicle read from Memory unit, headway time set by driver, and actual gap measured by the Radar scanner. The system is been adapted with the velocity control at urban environments avoids mitigate possible accidents. This paper deals with the design, modulating, and estimation of the controllers performing actions on the longitudinal control of a car to accomplish stop-and-go manoeuvres.","author":[{"family":"Sivaji","given":"V V"},{"family":"Sailaja","given":"Dr M"}],"citation-key":"sivajiAdaptiveCruiseControl2013","container-title":"International Journal of Engineering Research and Applications","issue":"4","issued":{"date-parts":[["2013"]]},"language":"en","source":"Zotero","title":"Adaptive Cruise control systems for vehicle modeling using stop and go manoeuvres","type":"article-journal","volume":"3"},{"id":"nilssonCorrectbyConstructionAdaptiveCruise2016","abstract":"Motivated by the challenge of developing control software provably meeting speciﬁcations for real-world problems, this paper applies formal methods to adaptive cruise control (ACC). Starting from a linear temporal logic speciﬁcation for ACC, obtained by interpreting relevant ACC standards, we discuss in this paper two different control software synthesis methods. Each method produces a controller that is correctby-construction, meaning that trajectories of the closed-loop systems provably meet the speciﬁcation. Both methods rely on ﬁxed-point computations of certain set-valued mappings. However, one of the methods performs these computations on the continuous state space whereas the other method operates on a ﬁnite-state abstraction. While controller synthesis is based on a low-dimensional model, each controller is tested on CarSim, an industry-standard vehicle simulator. Our results demonstrate several advantages over classical control design techniques. First, a formal approach to control design removes potential ambiguity in textual speciﬁcations by translating them into precise mathematical requirements. Second, because the resulting closedloop system is known a priori to satisfy the speciﬁcation, testing can then focus on the validity of the models used in control design and whether the speciﬁcation captures the intended requirements. Finally, the set from where the speciﬁcation (e.g., safety) can be enforced is explicitly computed and thus conditions for passing control to an emergency controller are clearly deﬁned.","accessed":{"date-parts":[["2023",11,20]]},"author":[{"family":"Nilsson","given":"Petter"},{"family":"Hussien","given":"Omar"},{"family":"Balkan","given":"Ayca"},{"family":"Chen","given":"Yuxiao"},{"family":"Ames","given":"Aaron D."},{"family":"Grizzle","given":"Jessy W."},{"family":"Ozay","given":"Necmiye"},{"family":"Peng","given":"Huei"},{"family":"Tabuada","given":"Paulo"}],"citation-key":"nilssonCorrectbyConstructionAdaptiveCruise2016","container-title":"IEEE Transactions on Control Systems Technology","container-title-short":"IEEE Trans. Contr. Syst. Technol.","DOI":"10.1109/TCST.2015.2501351","ISSN":"1063-6536, 1558-0865","issue":"4","issued":{"date-parts":[["2016",7]]},"language":"en","page":"1294-1307","source":"DOI.org (Crossref)","title":"Correct-by-Construction Adaptive Cruise Control: Two Approaches","title-short":"Correct-by-Construction Adaptive Cruise Control","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/7349170/","volume":"24"},{"id":"haspalamutgilAdaptiveSwitchingMethod2017","abstract":"We present an Adaptive Cruise Control (ACC) architecture which is focused on solving repetitive switching issues between two modes of ACC, speed control and distance control. A cascaded controller structure has been used. First controller (upper) includes two modes: a speed controller (PI) and a distance controller (time-gap). Outputs of these controllers are acceleration reference signals. The second controller (lower) is responsible of providing the desired acceleration by controlling throttle. The switching problem occurs in most algorithms between two modes of the upper controller. In the proposed method, additional to the normal switching logic which is checking the distance with the leading vehicle, a set of logical comparisons have been used to prevent repetitive mode changing at the exact desired distance.","accessed":{"date-parts":[["2023",11,20]]},"author":[{"family":"Haspalamutgıl","given":"Kadir"},{"family":"Adali","given":"Erkan"}],"citation-key":"haspalamutgilAdaptiveSwitchingMethod2017","container-title":"2017 21st International Conference on System Theory, Control and Computing (ICSTCC)","DOI":"10.1109/ICSTCC.2017.8107024","event-title":"2017 21st International Conference on System Theory, Control and Computing (ICSTCC)","issued":{"date-parts":[["2017",10]]},"page":"140-145","source":"IEEE Xplore","title":"Adaptive switching method for Adaptive Cruise Control","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/8107024?casa_token=GCbUxFFrhDUAAAAA:JfMiJhBzXxVfq4N_RsCHdnGSyMHKux4ZovytCx9BfEycz4bQe5BvdfZQcq9syGy3lVpk28NV2Q"},{"id":"IEEEXploreFullText","accessed":{"date-parts":[["2023",11,20]]},"citation-key":"IEEEXploreFullText","title":"IEEE Xplore Full-Text PDF:","type":"webpage","URL":"https://ieeexplore-ieee-org.pitt.idm.oclc.org/stamp/stamp.jsp?tp=&arnumber=8107024"},{"id":"controltutorialsformatlab&simulinkInvertedPendulumSystem","accessed":{"date-parts":[["2023",11,15]]},"author":[{"family":"Control Tutorials For Matlab & Simulink","given":""}],"citation-key":"controltutorialsformatlab&simulinkInvertedPendulumSystem","container-title":"Control Tutorials For Matlab & Simulink","genre":"Tutorial","title":"Inverted Pendulum: System Modeling","type":"webpage","URL":"https://ctms.engin.umich.edu/CTMS/index.php?example=InvertedPendulum&section=SystemModeling"},{"id":"NationalCyberSecurity2023","citation-key":"NationalCyberSecurity2023","issued":{"date-parts":[["2023",3]]},"title":"National Cyber Security Strategy","type":"document","URL":"https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf"},{"id":"NationalCyberInformedEngineering2022","citation-key":"NationalCyberInformedEngineering2022","issued":{"date-parts":[["2022",6]]},"title":"National Cyber-Informed Engineering Strategy","type":"document","URL":"https://inl.gov/content/uploads/2023/07/FINAL-DOE-National-CIE-Strategy-June-2022_0.pdf"},{"id":"egerstedtLectureHybridAutomata2014","accessed":{"date-parts":[["2023",11,14]]},"citation-key":"egerstedtLectureHybridAutomata2014","collection-title":"Control of Mobile Robots","director":[{"family":"Egerstedt","given":"Magnus"}],"event-place":"Georgia Instiute of Technology","issued":{"date-parts":[["2014"]]},"medium":"Recorded Lecture","publisher-place":"Georgia Instiute of Technology","title":"Lecture 5.2 - Hybrid Automata","type":"motion_picture","URL":"https://www.youtube.com/watch?v=KdjMz0rpMms"},{"id":"CompetencyClient","accessed":{"date-parts":[["2023",11,9]]},"citation-key":"CompetencyClient","title":"CompetencyClient","type":"webpage","URL":"https://cybercompetencies.com/help"},{"id":"NUARIAddressingNational","abstract":"More than a think tank, the Norwich University Applied Research Institutes are driven to develop effective solutions for national cyber security threats.","accessed":{"date-parts":[["2023",11,9]]},"citation-key":"NUARIAddressingNational","language":"en","title":"NUARI: Addressing National Cyber Security Issues","title-short":"NUARI","type":"webpage","URL":"https://nuari.org"},{"id":"councilDigitalInstrumentationControl1997","author":[{"family":"Council","given":"National Research"}],"citation-key":"councilDigitalInstrumentationControl1997","ISBN":"0-309-05732-9","issued":{"date-parts":[["1997"]]},"publisher":"National Academies Press","title":"Digital instrumentation and control systems in nuclear power plants: safety and reliability issues","type":"book"},{"id":"simkoTheoryCyberphysicalSystems2014","abstract":"Modeling the heterogeneous composition of physical, computational and communication systems is an important challenge in engineering Cyber-Physical Systems (CPS), where the major sources of heterogeneity are causality, time semantics, and diﬀerent physical domains. Classical physical laws capture acausal continuous-time dynamics, thus the behavior of physical systems are inherently characterized by acausal continuous-time equations. On the other hand, computational and communication systems are based on the notion of causality and discrete-time semantics. Connecting the two worlds is challenging, and calls for proper formalization of the composition. In this paper, we discuss a formalism that captures both acausal physical laws, unidirectional analog signals, and is capable of describing causal computational systems, as well as the composition of CPS models.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Simko","given":"Gabor"},{"family":"Levendovszky","given":"Tihamer"},{"family":"Maroti","given":"Miklos"},{"family":"Sztipanovits","given":"Janos"}],"citation-key":"simkoTheoryCyberphysicalSystems2014","container-title":"Proceedings of the 4th ACM SIGBED International Workshop on Design, Modeling, and Evaluation of Cyber-Physical Systems","DOI":"10.1145/2593458.2593463","event-place":"Berlin Germany","event-title":"CPS Week '14: Cyber Physical Systems Week 2014","ISBN":"978-1-4503-2871-5","issued":{"date-parts":[["2014",4,14]]},"language":"en","page":"56-61","publisher":"ACM","publisher-place":"Berlin Germany","source":"DOI.org (Crossref)","title":"Towards a theory for cyber-physical systems modeling","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2593458.2593463"},{"id":"leePresentFutureCyberPhysical2015","abstract":"This paper is about better engineering of cyber-physical systems (CPSs) through better models. Deterministic models have historically proven extremely useful and arguably form the kingpin of the industrial revolution and the digital and information technology revolutions. Key deterministic models that have proven successful include differential equations, synchronous digital logic and single-threaded imperative programs. Cyber-physical systems, however, combine these models in such a way that determinism is not preserved. Two projects show that deterministic CPS models with faithful physical realizations are possible and practical. The ﬁrst project is PRET, which shows that the timing precision of synchronous digital logic can be practically made available at the software level of abstraction. The second project is Ptides (programming temporally-integrated distributed embedded systems), which shows that deterministic models for distributed cyber-physical systems have practical faithful realizations. These projects are existence proofs that deterministic CPS models are possible and practical.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Lee","given":"Edward"}],"citation-key":"leePresentFutureCyberPhysical2015","container-title":"Sensors","container-title-short":"Sensors","DOI":"10.3390/s150304837","ISSN":"1424-8220","issue":"3","issued":{"date-parts":[["2015",2,26]]},"language":"en","page":"4837-4869","source":"DOI.org (Crossref)","title":"The Past, Present and Future of Cyber-Physical Systems: A Focus on Models","title-short":"The Past, Present and Future of Cyber-Physical Systems","type":"article-journal","URL":"http://www.mdpi.com/1424-8220/15/3/4837","volume":"15"},{"id":"simkoSpecificationCyberPhysicalComponents2013","abstract":"Model-Based Engineering of Cyber-Physical Systems (CPS) needs correct-by-construction design methodologies, hence CPS modeling languages require mathematically rigorous, unambiguous, and sound speciﬁcations of their semantics. The main challenge is the formalization of the heterogeneous composition and interactions of CPS systems. Creating modeling languages that support both the acausal and causal modeling approaches, and which has well-deﬁned and sound behavior across the heterogeneous time domains is a challenging task. In this paper, we discuss the diﬃculties and as an example develop the formal semantics of a CPS-speciﬁc modeling language called CyPhyML. We formalize the structural semantics of CyPhyML by means of constraint rules and its behavioral semantics by deﬁning a semantic mapping to a language for diﬀerential algebraic equations. The speciﬁcation language is based on an executable subset of ﬁrst-order logic, which facilitates model conformance checking, model checking and model synthesis.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Simko","given":"Gabor"},{"family":"Lindecker","given":"David"},{"family":"Levendovszky","given":"Tihamer"},{"family":"Neema","given":"Sandeep"},{"family":"Sztipanovits","given":"Janos"}],"citation-key":"simkoSpecificationCyberPhysicalComponents2013","collection-editor":[{"family":"Hutchison","given":"David"},{"family":"Kanade","given":"Takeo"},{"family":"Kittler","given":"Josef"},{"family":"Kleinberg","given":"Jon M."},{"family":"Mattern","given":"Friedemann"},{"family":"Mitchell","given":"John C."},{"family":"Naor","given":"Moni"},{"family":"Nierstrasz","given":"Oscar"},{"family":"Pandu Rangan","given":"C."},{"family":"Steffen","given":"Bernhard"},{"family":"Sudan","given":"Madhu"},{"family":"Terzopoulos","given":"Demetri"},{"family":"Tygar","given":"Doug"},{"family":"Vardi","given":"Moshe Y."},{"family":"Weikum","given":"Gerhard"}],"container-title":"Model-Driven Engineering Languages and Systems","DOI":"10.1007/978-3-642-41533-3_29","editor":[{"family":"Moreira","given":"Ana"},{"family":"Schätz","given":"Bernhard"},{"family":"Gray","given":"Jeff"},{"family":"Vallecillo","given":"Antonio"},{"family":"Clarke","given":"Peter"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-642-41532-6 978-3-642-41533-3","issued":{"date-parts":[["2013"]]},"language":"en","page":"471-487","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"Specification of Cyber-Physical Components with Formal Semantics – Integration and Composition","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-642-41533-3_29","volume":"8107"},{"id":"furrerSafeSecureSystem2023","abstract":"Cyber-physical systems are at the core of our current civilization. Countless examples dominate our daily life and work, such as driverless cars that will soon master our roads, implanted medical devices that will improve many lives, and industrial control systems that control production and infrastructure. Because cyber-physical systems manipulate the real world, they constitute a danger for many applications. Therefore, their safety and security are essential properties of these indispensable systems. The long history of systems engineering has demonstrated that the system quality properties—such as safety and security—strongly depend on the underlying system architecture. Satisfactory system quality properties can only be ensured if the fundamental system architecture is sound! The development of dependable cyber-physical architectures in recent years suggests that two harmonical architectures are required: a design-time architecture and a run-time architecture. The design-time architecture deﬁnes and speciﬁes all parts and relationships, assuring the required system quality properties. However, in today’s complex systems, ensuring all quality properties in all operating conditions during design time will never be possible. Therefore, an additional line of defense against safety accidents and security incidents is indispensable: This must be provided by the run-time architecture. The run-time architecture primarily consists of a protective shell that monitors the run-time system during operation. It detects anomalies in system behavior, interface functioning, or data—often using artiﬁcial intelligence algorithms—and takes autonomous mitigation measures, thus attempting to prevent imminent safety accidents or security incidents before they occur. This paper’s core is the protective shell as a run-time protection mechanism for cyber-physical systems. The paper has the form of an introductory tutorial and includes focused references.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Furrer","given":"Frank J."}],"citation-key":"furrerSafeSecureSystem2023","container-title":"Informatik Spektrum","container-title-short":"Informatik Spektrum","DOI":"10.1007/s00287-023-01533-z","ISSN":"0170-6012, 1432-122X","issue":"2","issued":{"date-parts":[["2023",4]]},"language":"en","page":"96-103","source":"DOI.org (Crossref)","title":"Safe and secure system architectures for cyber-physical systems","type":"article-journal","URL":"https://link.springer.com/10.1007/s00287-023-01533-z","volume":"46"},{"id":"leeQuantifyingGeneralizingCAP2021","abstract":"In distributed applications, Brewer’s CAP theorem tells us that when networks become partitioned, there is a tradeoﬀ between consistency and availability. Consistency is agreement on the values of shared variables across a system, and availability is the ability to respond to reads and writes accessing those shared variables. We quantify these concepts, giving numerical values to inconsistency and unavailability. Recognizing that network partitioning is not an all-or-nothing proposition, we replace the P in CAP with L, a numerical measure of apparent latency, and derive the CAL theorem, an algebraic relation between inconsistency, unavailability, and apparent latency. This relation shows that if latency becomes unbounded (e.g., the network becomes partitioned), then one of inconsistency and unavailability must also become unbounded, and hence the CAP theorem is a special case of the CAL theorem. We describe two distributed coordination mechanisms, which we have implemented as an extension of the Lingua Franca coordination language, that support arbitrary tradeoﬀs between consistency and availability as apparent latency varies. With centralized coordination, inconsistency remains bounded by a chosen numerical value at the cost that unavailability becomes unbounded under network partitioning. With decentralized coordination, unavailability remains bounded by a chosen numerical quantity at the cost that inconsistency becomes unbounded under network partitioning. Our centralized coordination mechanism is an extension of techniques that have historically been used for distributed simulation, an application where consistency is paramount. Our decentralized coordination mechanism is an extension of techniques that have been used in distributed databases when availability is paramount.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Lee","given":"Edward A."},{"family":"Bateni","given":"Soroush"},{"family":"Lin","given":"Shaokai"},{"family":"Lohstroh","given":"Marten"},{"family":"Menard","given":"Christian"}],"citation-key":"leeQuantifyingGeneralizingCAP2021","issued":{"date-parts":[["2021",9,16]]},"language":"en","number":"arXiv:2109.07771","publisher":"arXiv","source":"arXiv.org","title":"Quantifying and Generalizing the CAP Theorem","type":"article","URL":"http://arxiv.org/abs/2109.07771"},{"id":"kusmenkoModelingArchitecturesCyberPhysical2017","abstract":"Cyber-physical systems (CPS) in automotive or robotics industry comprise many diﬀerent speciﬁc features, e.g., trajectory planning, lane correction, battery management or engine control, requiring a steady interaction with their environment over sensors and actuators. Assembling all these diﬀerent features is one of the key challenges in the development of such complex systems. Component and connector (C&C) models are widely used for the design and development of CPS to represent features and their logical interaction. An advantage of C&C models is that complex features can be hierarchically decomposed into subfeatures, developed and managed by diﬀerent domain experts. In this paper, we present the textual modeling family MontiCAR, Modeling and Testing of Cyber-Physical Architectures. It is based on the C&C paradigm and increases development eﬃciency of CPS by incorporating (i) component and connector arrays, (ii) name and index based autoconnections, (iii) a strict type system with unit and accuracy support, as well as (iv) an advanced Math language supporting BLAS operations and matrix classiﬁcations. Arrays and their autoconnection modes allow an eﬃcient way of modeling redundant components such as front and rear park sensors or an LED matrix system containing hundreds of single dimmable lights. The strict type system and matrix classiﬁcation provide means for integrated static veriﬁcation of C&C architectures at compile time minimizing bug-ﬁxing related costs. The capabilities and beneﬁts of the proposed language family are demonstrated by a running example of a parking assistance system.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Kusmenko","given":"Evgeny"},{"family":"Roth","given":"Alexander"},{"family":"Rumpe","given":"Bernhard"},{"family":"Von Wenckstern","given":"Michael"}],"citation-key":"kusmenkoModelingArchitecturesCyberPhysical2017","container-title":"Modelling Foundations and Applications","DOI":"10.1007/978-3-319-61482-3_3","editor":[{"family":"Anjorin","given":"Anthony"},{"family":"Espinoza","given":"Huáscar"}],"event-place":"Cham","ISBN":"978-3-319-61481-6 978-3-319-61482-3","issued":{"date-parts":[["2017"]]},"language":"en","page":"34-50","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Modeling Architectures of Cyber-Physical Systems","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-61482-3_3","volume":"10376"},{"id":"nuzzoMethodologyToolsNext2015","abstract":"The realization of complex, cyber-physical “systems of systems” can substantially beneﬁt from model-based hierarchical and compositional methodologies to make their design possible let alone optimal. In this paper, we introduce the methodology being developed within the industrial Cyber-Physical (iCyPhy) research consortium, which addresses the complexity and heterogeneity of cyber-physical systems by formalizing the design process in a hierarchical and compositional way, and provides a unifying framework where different modeling, analysis and synthesis tools can seamlessly interconnect. We use assume-guarantee contracts and their algebra (e.g. composition, conjunction, refinement) to provide formal support to the entire design flow. The design is carried out as a sequence of refinement steps from a high-level specification (top-down phase) to an implementation built out of a library of components at the lower level (bottom-up phase). At each step, the design is refined by combining synthesis from requirements, optimization and simulation-based design space exploration methods. We illustrate our approach on design examples of embedded controllers for aircraft power distribution and air management systems.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Nuzzo","given":"Pierluigi"},{"family":"Sangiovanni‐Vincentelli","given":"Alberto L."},{"family":"Murray","given":"Richard M."}],"citation-key":"nuzzoMethodologyToolsNext2015","container-title":"INCOSE International Symposium","container-title-short":"INCOSE International Symp","DOI":"10.1002/j.2334-5837.2015.00060.x","ISSN":"2334-5837, 2334-5837","issue":"1","issued":{"date-parts":[["2015",10]]},"language":"en","page":"235-249","source":"DOI.org (Crossref)","title":"Methodology and Tools for Next Generation Cyber‐Physical Systems: The iCyPhy Approach","title-short":"Methodology and Tools for Next Generation Cyber‐Physical Systems","type":"article-journal","URL":"https://incose.onlinelibrary.wiley.com/doi/10.1002/j.2334-5837.2015.00060.x","volume":"25"},{"id":"urbanDevelopingEmbeddedSoftware","author":[{"family":"Urban","given":"Paul"},{"family":"Harper","given":"Jeff"}],"citation-key":"urbanDevelopingEmbeddedSoftware","language":"en","source":"Zotero","title":"Developing Embedded Software with Model-Based Design to Meet Certification Standards","type":"article-journal"},{"id":"ruchkinIPLIntegrationProperty2018","abstract":"Design and veriﬁcation of modern systems requires diverse models, which often come from a variety of disciplines, and it is challenging to manage their heterogeneity – especially in the case of cyber-physical systems. To check consistency between models, recent approaches map these models to ﬂexible static abstractions, such as architectural views. This model integration approach, however, comes at a cost of reduced expressiveness because complex behaviors of the models are abstracted away. As a result, it may be impossible to automatically verify important behavioral properties across multiple models, leaving systems vulnerable to subtle bugs. This paper introduces the Integration Property Language (IPL) that improves integration expressiveness using modular veriﬁcation of properties that depend on detailed behavioral semantics while retaining the ability for static system-wide reasoning. We prove that the veriﬁcation algorithm is sound and analyze its termination conditions. Furthermore, we perform a case study on a mobile robot to demonstrate IPL is practically useful and evaluate its performance.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Ruchkin","given":"Ivan"},{"family":"Sunshine","given":"Joshua"},{"family":"Iraci","given":"Grant"},{"family":"Schmerl","given":"Bradley"},{"family":"Garlan","given":"David"}],"citation-key":"ruchkinIPLIntegrationProperty2018","container-title":"Formal Methods","DOI":"10.1007/978-3-319-95582-7_10","editor":[{"family":"Havelund","given":"Klaus"},{"family":"Peleska","given":"Jan"},{"family":"Roscoe","given":"Bill"},{"family":"De Vink","given":"Erik"}],"event-place":"Cham","ISBN":"978-3-319-95581-0 978-3-319-95582-7","issued":{"date-parts":[["2018"]]},"language":"en","page":"165-184","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"IPL: An Integration Property Language for Multi-model Cyber-physical Systems","title-short":"IPL","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-95582-7_10","volume":"10951"},{"id":"ruchkinIntegrationModelingMethods","author":[{"family":"Ruchkin","given":"Ivan"}],"citation-key":"ruchkinIntegrationModelingMethods","language":"en","source":"Zotero","title":"Integration of Modeling Methods for Cyber-Physical Systems","type":"article-journal"},{"id":"carreiraFoundationsMultiParadigmModelling2020","accessed":{"date-parts":[["2023",11,8]]},"citation-key":"carreiraFoundationsMultiParadigmModelling2020","DOI":"10.1007/978-3-030-43946-0","editor":[{"family":"Carreira","given":"Paulo"},{"family":"Amaral","given":"Vasco"},{"family":"Vangheluwe","given":"Hans"}],"event-place":"Cham","ISBN":"978-3-030-43945-3 978-3-030-43946-0","issued":{"date-parts":[["2020"]]},"language":"en","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Foundations of Multi-Paradigm Modelling for Cyber-Physical Systems","type":"book","URL":"http://link.springer.com/10.1007/978-3-030-43946-0"},{"id":"sztipanovitsDesignToolChain2015","abstract":"Design automation tools evolved to support the principle of \"separation of concerns\" to manage engineering complexity. Accordingly, we find tool suites that are vertically integrated with limited support (even intention) for horizontal integratability (i.e. integration across disciplinary boundaries). CPS challenges these established boundaries and with this - market conditions. The question is how to facilitate reorganization and create the foundation and technologies for composable CPS design tool chains that enables reuse of existing commercial and open source tools? In this paper we describe some of the lessons learned in the design and implementation of a design automation tool suite for complex cyber-physical systems (CPS) in the vehicle domain. The tool suite followed a model- and component-based design approach to match the significant increase in design productivity experienced in several narrowly focused homogeneous domains, such as signal processing, control and aspects of electronic design. The primary challenge in the undertaking was the tremendous heterogeneity of complex cyber-physical systems (CPS), where such as vehicles has not yet been achieved. This paper describes some of the challenges addressed and solution approaches to building a comprehensive design tool suite for complex CPS.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Sztipanovits","given":"Janos"},{"family":"Bapty","given":"Ted"},{"family":"Neema","given":"Sandeep"},{"family":"Koutsoukos","given":"Xenofon"},{"family":"Jackson","given":"Ethan"}],"citation-key":"sztipanovitsDesignToolChain2015","container-title":"Proceedings of the 52nd Annual Design Automation Conference","DOI":"10.1145/2744769.2747922","event-place":"San Francisco California","event-title":"DAC '15: The 52nd Annual Design Automation Conference 2015","ISBN":"978-1-4503-3520-1","issued":{"date-parts":[["2015",6,7]]},"language":"en","page":"1-6","publisher":"ACM","publisher-place":"San Francisco California","source":"DOI.org (Crossref)","title":"Design tool chain for cyber-physical systems: lessons learned","title-short":"Design tool chain for cyber-physical systems","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2744769.2747922"},{"id":"bakirtzisCompositionalCyberPhysicalSystems2021","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Bakirtzis","given":"Georgios"},{"family":"Vasilakopoulou","given":"Christina"},{"family":"Fleming","given":"Cody H."}],"citation-key":"bakirtzisCompositionalCyberPhysicalSystems2021","container-title":"Electronic Proceedings in Theoretical Computer Science","container-title-short":"Electron. Proc. Theor. Comput. Sci.","DOI":"10.4204/EPTCS.333.9","ISSN":"2075-2180","issued":{"date-parts":[["2021",2,8]]},"language":"en","page":"125-138","source":"DOI.org (Crossref)","title":"Compositional Cyber-Physical Systems Modeling","type":"article-journal","URL":"http://arxiv.org/abs/2101.10484v1","volume":"333"},{"id":"lattmannComponentbasedModelingDynamic2012","abstract":"Cyber-Physical Systems (CPS) are composed of computational and physical components, which includes various types of physical phenomena such as electrical and mechanical domains. Many modeling paradigms exist to model the static properties and dynamic behavior of such components. However, there is no uniﬁed modeling framework to compose components that use diﬀerent paradigms and/or tools. In this paper, we present the syntax and semantics of such an integration language and its component-based design, where components can embed models from diﬀerent tools, formalisms, and paradigms such as Bond Graphs and Modelica models. Our framework is built around common set of interface concepts to support heterogeneous composition and interchangeability among modeling paradigms.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Lattmann","given":"Zsolt"},{"family":"Nagel","given":"Adam"},{"family":"Levendovszky","given":"Tihamer"},{"family":"Bapty","given":"Ted"},{"family":"Neema","given":"Sandeep"},{"family":"Karsai","given":"Gabor"}],"citation-key":"lattmannComponentbasedModelingDynamic2012","container-title":"Proceedings of the 6th International Workshop on Multi-Paradigm Modeling","DOI":"10.1145/2508443.2508456","event-place":"Innsbruck Austria","event-title":"MODELS '12: ACM/IEEE 15th International Conference on Model Driven Engineering Languages and Systems","ISBN":"978-1-4503-1805-1","issued":{"date-parts":[["2012",10]]},"language":"en","page":"73-78","publisher":"ACM","publisher-place":"Innsbruck Austria","source":"DOI.org (Crossref)","title":"Component-based modeling of dynamic systems using heterogeneous composition","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2508443.2508456"},{"id":"ruchkinChallengesPhysicalModeling2016","abstract":"Cyber-physical systems (CPSs) mix software, hardware, and physical aspects with equal importance. Typically, the use of models of such systems during run time has concentrated only on managing and controlling the cyber (software) aspects. However, to fully realize the goals of a CPS, physical models too have to be treated as ﬁrst-class models. This approach gives rise to three main challenges: (a) identifying and integrating physical and software models with different characteristics and semantics; (b) obtaining instances of physical models at a suitable level of abstraction for adaptation; and (c) using and adapting physical models to control CPSs. In this position paper, we elaborate on these three challenges and describe our vision of making physical models ﬁrst-class entities in adaptation. We illustrate this vision in the context of power adaptation for a service robotic system.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Ruchkin","given":"Ivan"},{"family":"Samuel","given":"Selva"},{"family":"Schmerl","given":"Bradley"},{"family":"Rico","given":"Amanda"},{"family":"Garlan","given":"David"}],"citation-key":"ruchkinChallengesPhysicalModeling2016","container-title":"2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)","DOI":"10.1109/WF-IoT.2016.7845513","event-place":"Reston, VA, USA","event-title":"2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)","ISBN":"978-1-5090-4130-5","issued":{"date-parts":[["2016",12]]},"language":"en","page":"210-215","publisher":"IEEE","publisher-place":"Reston, VA, USA","source":"DOI.org (Crossref)","title":"Challenges in physical modeling for adaptation of cyber-physical systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7845513/"},{"id":"nitscheSatisfactionCheckingPower2014","abstract":"Since energy consumption is one of the most limiting factors for embedded and integrated systems, today’s microelectronic design demands urgently for power-aware methodologies for early speciﬁcation, design-space exploration and veriﬁcation of the designs’ power properties. To this end, we currently develop a contract- and component-based design concept for power properties, called Power Contracts, to provide a formal link between the bottom-up power characterization of low-level system components and the top-down speciﬁcation of the systems’ high-level power intent. In this paper, we present a ﬁrst proof of concept for the veriﬁcation of the leaf-component power contracts of a hierarchical system design w. r. t. their implementation in UPPAAL. Building on these, we can provide assured power contracts for the hierarchical Virtual Integration (VI) of the leafcomponents to a compound power contract of the integrated ﬁnal system and thus allow for a sound and traceable bottom-up integration and veriﬁcation methodology for power properties.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Nitsche","given":"Gregor"},{"family":"Gruttner","given":"Kim"},{"family":"Nebel","given":"Wolfgang"}],"citation-key":"nitscheSatisfactionCheckingPower2014","container-title":"Proceedings of the 2014 Forum on Specification and Design Languages (FDL)","DOI":"10.1109/FDL.2014.7119364","event-place":"Munich, Germany","event-title":"2014 Forum on Specification and Design Languages (FDL)","ISBN":"978-2-9530504-9-3","issued":{"date-parts":[["2014",10]]},"language":"en","page":"1-8","publisher":"IEEE","publisher-place":"Munich, Germany","source":"DOI.org (Crossref)","title":"Towards satisfaction checking of power contracts in Uppaal","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7119364/"},{"id":"sangiovanni-vincentelliTamingDrFrankenstein2012","abstract":"Cyber-physical systems combine a cyber side (computing and networking) with a physical side (mechanical, electrical, and chemical processes). In many cases, the cyber component controls the physical side using sensors and actuators that observe the physical system and actuate the controls. Such systems present the biggest challenges as well as the biggest opportunities in several large industries, including electronics, energy, automotive, defense and aerospace, telecommunications, instrumentation, industrial automation.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Sangiovanni-Vincentelli","given":"Alberto"},{"family":"Damm","given":"Werner"},{"family":"Passerone","given":"Roberto"}],"citation-key":"sangiovanni-vincentelliTamingDrFrankenstein2012","container-title":"European Journal of Control","container-title-short":"European Journal of Control","DOI":"10.3166/ejc.18.217-238","ISSN":"09473580","issue":"3","issued":{"date-parts":[["2012",1]]},"language":"en","page":"217-238","source":"DOI.org (Crossref)","title":"Taming Dr. Frankenstein: Contract-Based Design for Cyber-Physical Systems*","title-short":"Taming Dr. Frankenstein","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0947358012709433","volume":"18"},{"id":"liStochasticContractsCyberphysical2017","abstract":"We develop an assume-guarantee contract framework for the design of cyber-physical systems, modeled as closed-loop control systems, under probabilistic requirements. We use a variant of signal temporal logic, namely, Stochastic Signal Temporal Logic (StSTL) to specify system behaviors as well as contract assumptions and guarantees, thus enabling automatic reasoning about requirements of stochastic systems. Given a stochastic linear system representation and a set of requirements captured by bounded StSTL contracts, we propose algorithms that can check contract compatibility, consistency, and refinement, and generate a controller to guarantee that a contract is satisfied, following a stochastic model predictive control approach. Our algorithms leverage encodings of the verification and control synthesis tasks into mixed integer optimization problems, and conservative approximations of probabilistic constraints that produce both sound and tractable problem formulations. We illustrate the effectiveness of our approach on a few examples, including the design of embedded controllers for aircraft power distribution networks.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Li","given":"Jiwei"},{"family":"Nuzzo","given":"Pierluigi"},{"family":"Sangiovanni-Vincentelli","given":"Alberto"},{"family":"Xi","given":"Yugeng"},{"family":"Li","given":"Dewei"}],"citation-key":"liStochasticContractsCyberphysical2017","container-title":"Proceedings of the 15th ACM-IEEE International Conference on Formal Methods and Models for System Design","DOI":"10.1145/3127041.3127045","event-place":"Vienna Austria","event-title":"MEMOCODE '17: 15th ACM-IEEE International Conference on Formal Methods and Models for System Design","ISBN":"978-1-4503-5093-8","issued":{"date-parts":[["2017",9,29]]},"language":"en","page":"5-14","publisher":"ACM","publisher-place":"Vienna Austria","source":"DOI.org (Crossref)","title":"Stochastic contracts for cyber-physical system design under probabilistic requirements","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3127041.3127045"},{"id":"nuzzoStochasticAssumeGuaranteeContracts2019","abstract":"We present an assume-guarantee contract framework for cyber-physical system design under probabilistic requirements. Given a stochastic linear system and a set of requirements captured by bounded Stochastic Signal Temporal Logic (StSTL) contracts, we propose algorithms to check contract compatibility, consistency, and refinement, and generate a sequence of control inputs that satisfies a contract. We leverage encodings of the verification and control synthesis tasks into mixed integer optimization problems, and conservative approximations of probabilistic constraints that produce sound and tractable problem formulations. We illustrate the effectiveness of our approach on three case studies, including the design of controllers for aircraft power distribution networks.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Nuzzo","given":"Pierluigi"},{"family":"Li","given":"Jiwei"},{"family":"Sangiovanni-Vincentelli","given":"Alberto L."},{"family":"Xi","given":"Yugeng"},{"family":"Li","given":"Dewei"}],"citation-key":"nuzzoStochasticAssumeGuaranteeContracts2019","container-title":"ACM Transactions on Embedded Computing Systems","container-title-short":"ACM Trans. Embed. Comput. Syst.","DOI":"10.1145/3243216","ISSN":"1539-9087, 1558-3465","issue":"1","issued":{"date-parts":[["2019",1,31]]},"language":"en","page":"1-26","source":"DOI.org (Crossref)","title":"Stochastic Assume-Guarantee Contracts for Cyber-Physical System Design","type":"article-journal","URL":"https://dl.acm.org/doi/10.1145/3243216","volume":"18"},{"id":"delahayeProbabilisticContractsCompositional2011","abstract":"A contract allows to distinguish hypotheses made on a system (the guarantees) from those made on its environment (the assumptions). In this paper, we focus on models of Assume/Guarantee contracts for (stochastic) systems. We consider contracts capable of capturing reliability and availability properties of such systems. We also show that classical notions of Satisfaction and Reﬁnement can be checked by effective methods thanks to a reduction to classical veriﬁcation problems. Finally, theorems supporting compositional reasoning and enabling the scalable analysis of complex systems are also studied.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Delahaye","given":"Benoît"},{"family":"Caillaud","given":"Benoît"},{"family":"Legay","given":"Axel"}],"citation-key":"delahayeProbabilisticContractsCompositional2011","container-title":"Formal Methods in System Design","container-title-short":"Form Methods Syst Des","DOI":"10.1007/s10703-010-0107-8","ISSN":"0925-9856, 1572-8102","issue":"1","issued":{"date-parts":[["2011",2]]},"language":"en","page":"1-32","source":"DOI.org (Crossref)","title":"Probabilistic contracts: a compositional reasoning methodology for the design of systems with stochastic and/or non-deterministic aspects","title-short":"Probabilistic contracts","type":"article-journal","URL":"http://link.springer.com/10.1007/s10703-010-0107-8","volume":"38"},{"id":"girardInvariantSetsAssumeGuarantee2022","abstract":"Contract theory is a powerful tool to reason on systems that are interacting with an external environment, possibly made of other systems. Formally, a contract is usually given by assumptions and guarantees, which specify the expected behavior of the system (the guarantees) in a certain context (the assumptions). In this work, we present a veriﬁcation framework for discrete-time dynamical systems with assume-guarantee contracts. We ﬁrst introduce a class of assume-guarantee contracts with their satisfaction semantics parameterized by a time-horizon over which assumptions are evaluated. We then show that the problem of verifying whether such contracts are satisﬁed is equivalent to show the existence of a positive invariant set for an auxiliary system. This allows us to leverage the extensive literature on invariant set computation. A simple illustrative example is provided to show the effectiveness of our approach.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Girard","given":"Antoine"},{"family":"Iovine","given":"Alessio"},{"family":"Benberkane","given":"Sofiane"}],"citation-key":"girardInvariantSetsAssumeGuarantee2022","container-title":"2022 IEEE 61st Conference on Decision and Control (CDC)","DOI":"10.1109/CDC51059.2022.9993344","event-place":"Cancun, Mexico","event-title":"2022 IEEE 61st Conference on Decision and Control (CDC)","ISBN":"978-1-66546-761-2","issued":{"date-parts":[["2022",12,6]]},"language":"en","page":"2190-2195","publisher":"IEEE","publisher-place":"Cancun, Mexico","source":"DOI.org (Crossref)","title":"Invariant Sets for Assume-Guarantee Contracts","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/9993344/"},{"id":"ruchkinEliminatingInterDomainVulnerabilities2015","abstract":"Designing secure cyber-physical systems (CPS) is a particularly diﬃcult task since security vulnerabilities stem not only from traditional cybersecurity concerns, but also physical ones. Many of the standard methods for CPS design make strong and unveriﬁed assumptions about the trustworthiness of physical devices, such as sensors. When these assumptions are violated, subtle inter-domain vulnerabilities are introduced into the system model. In this paper we use formal speciﬁcation of analysis contracts to expose security assumptions and guarantees of analyses from reliability, control, and sensor security domains. We show that this speciﬁcation allows us to determine where these assumptions are violated, opening the door to malicious attacks. We demonstrate how this approach can help discover and prevent vulnerabilities using a self-driving car example.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Ruchkin","given":"Ivan"},{"family":"Rao","given":"Ashwini"},{"family":"De Niz","given":"Dionisio"},{"family":"Chaki","given":"Sagar"},{"family":"Garlan","given":"David"}],"citation-key":"ruchkinEliminatingInterDomainVulnerabilities2015","container-title":"Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy","DOI":"10.1145/2808705.2808714","event-place":"Denver Colorado USA","event-title":"CCS'15: The 22nd ACM Conference on Computer and Communications Security","ISBN":"978-1-4503-3827-1","issued":{"date-parts":[["2015",10,16]]},"language":"en","page":"11-22","publisher":"ACM","publisher-place":"Denver Colorado USA","source":"DOI.org (Crossref)","title":"Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analysis Contracts Approach","title-short":"Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2808705.2808714"},{"id":"ruchkinContractbasedIntegrationCyberphysical2014","abstract":"Developing cyber-physical systems involves multiple engineering domains, e.g., timing, logical correctness, thermal resilience, and mechanical stress. In today’s industrial practice, these domains rely on multiple analyses to obtain and verify critical system properties. Domain diﬀerences make the analyses abstract away interactions among themselves, potentially invalidating the results. Speciﬁcally, one challenge is to ensure that an analysis is never applied to a model that violates the assumptions of the analysis. Since such violation can originate from the updating of the model by another analysis, analyses must be executed in the correct order. Another challenge is to apply diverse analyses soundly and scalably over models of realistic complexity. To address these challenges, we develop an analysis integration approach that uses contracts to specify dependencies between analyses, determine their correct orders of application, and specify and verify applicability conditions in multiple domains. We implement our approach and demonstrate its eﬀectiveness, scalability, and extensibility through a veriﬁcation case study for thread and battery cell scheduling.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Ruchkin","given":"Ivan"},{"family":"De Niz","given":"Dionisio"},{"family":"Garlan","given":"David"},{"family":"Chaki","given":"Sagar"}],"citation-key":"ruchkinContractbasedIntegrationCyberphysical2014","container-title":"Proceedings of the 14th International Conference on Embedded Software","DOI":"10.1145/2656045.2656052","event-place":"New Delhi India","event-title":"ESWEEK'14: TENTH EMBEDDED SYSTEM WEEK","ISBN":"978-1-4503-3052-7","issued":{"date-parts":[["2014",10,12]]},"language":"en","page":"1-10","publisher":"ACM","publisher-place":"New Delhi India","source":"DOI.org (Crossref)","title":"Contract-based integration of cyber-physical analyses","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2656045.2656052"},{"id":"nuzzoContractbasedDesignControl2014","abstract":"We introduce a platform-based design methodology that addresses the complexity and heterogeneity of cyber-physical systems by using assume-guarantee contracts to formalize the design process and enable realization of control protocols in a hierarchical and compositional manner. Given the architecture of the physical plant to be controlled, the design is carried out as a sequence of reﬁnement steps from an initial speciﬁcation to a ﬁnal implementation, including synthesis from requirements and mapping of higher-level functional and nonfunctional models into a set of candidate solutions built out of a library of components at the lower level. Initial top-level requirements are captured as contracts and expressed using linear temporal logic (LTL) and signal temporal logic (STL) formulas to enable requirement analysis and early detection of inconsistencies. Requirements are then reﬁned into a controller architecture by combining reactive synthesis steps from LTL speciﬁcations with simulation-based design space exploration steps. We demonstrate our approach on the design of embedded controllers for aircraft electric power distribution.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Nuzzo","given":"Pierluigi"},{"family":"Finn","given":"John B."},{"family":"Iannopollo","given":"Antonio"},{"family":"Sangiovanni-Vincentelli","given":"Alberto L."}],"citation-key":"nuzzoContractbasedDesignControl2014","container-title":"Design, Automation & Test in Europe Conference & Exhibition (DATE), 2014","DOI":"10.7873/DATE.2014.072","event-place":"Dresden, Germany","event-title":"Design Automation and Test in Europe","ISBN":"978-3-9815370-2-4","issued":{"date-parts":[["2014"]]},"language":"en","page":"1-4","publisher":"IEEE Conference Publications","publisher-place":"Dresden, Germany","source":"DOI.org (Crossref)","title":"Contract-based design of control protocols for safety-critical cyber-physical systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6800273"},{"id":"sharfAssumeGuaranteeContracts2021","abstract":"Modern engineering systems include many components of diﬀerent types and functions. Verifying that these systems satisfy given speciﬁcations can be an arduous task, as most formal veriﬁcation methods are limited to systems of moderate size. Recently, contract theory has been proposed as a modular framework for deﬁning speciﬁcations. In this paper, we present a contract theory for discrete-time dynamical control systems relying on assume/guarantee contracts, which prescribe assumptions on the input of the system and guarantees on the output. We then focus on contracts deﬁned by linear constraints, and develop eﬃcient computational tools for veriﬁcation of satisfaction and reﬁnement based on linear programming. We exemplify these tools in a simulation example, proving a certain safety speciﬁcation for a two-vehicle autonomous driving setting.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Sharf","given":"Miel"},{"family":"Besselink","given":"Bart"},{"family":"Molin","given":"Adam"},{"family":"Zhao","given":"Qiming"},{"family":"Johansson","given":"Karl Henrik"}],"citation-key":"sharfAssumeGuaranteeContracts2021","issued":{"date-parts":[["2021",4,19]]},"language":"en","number":"arXiv:2012.12657","publisher":"arXiv","source":"arXiv.org","title":"Assume/Guarantee Contracts for Dynamical Systems: Theory and Computational Tools","title-short":"Assume/Guarantee Contracts for Dynamical Systems","type":"article","URL":"http://arxiv.org/abs/2012.12657"},{"id":"CyberInformedEngineeringImplementation2023","citation-key":"CyberInformedEngineeringImplementation2023","issued":{"date-parts":[["2023",8,7]]},"number":"INL/RPT-23-74072","title":"Cyber-Informed Engineering Implementation Guide","type":"report"},{"id":"levesonHighpressureSteamEngines1992","author":[{"family":"Leveson","given":"Nancy G."}],"citation-key":"levesonHighpressureSteamEngines1992","container-title":"Proceedings of the 14th international conference on Software engineering","issued":{"date-parts":[["1992"]]},"page":"2-14","title":"High-pressure steam engines and computer software","type":"paper-conference"},{"id":"NCEES2022Annual2022","citation-key":"NCEES2022Annual2022","issued":{"date-parts":[["2022"]]},"publisher":"National Council of Examiners for Engineering an Surveying","title":"NCEES 2022 Annual Report","type":"report"},{"id":"hartonas-garmhausenAutomaticVerificationIndustrial1995","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Hartonas-Garmhausen","given":"V."},{"family":"Kurfess","given":"T."},{"family":"Clarke","given":"E.M."},{"family":"Long","given":"D."}],"citation-key":"hartonas-garmhausenAutomaticVerificationIndustrial1995","container-title":"Proceedings of 1995 IEEE Workshop on Industrial-Strength Formal Specification Techniques","DOI":"10.1109/WIFT.1995.515481","event-place":"Boca Raton, FL, USA","event-title":"1995 IEEE Workshop on Industrial-Strength Formal Specification Techniques","ISBN":"978-0-8186-7005-3","issued":{"date-parts":[["1995"]]},"page":"88-96","publisher":"IEEE Comput. Soc. Press","publisher-place":"Boca Raton, FL, USA","source":"DOI.org (Crossref)","title":"Automatic verification of industrial designs","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/515481/"},{"id":"ruchkinContractbasedIntegrationCyberphysical2014a","abstract":"Developing cyber-physical systems involves multiple engineering domains, e.g., timing, logical correctness, thermal resilience, and mechanical stress. In today's industrial practice, these domains rely on multiple analyses to obtain and verify critical system properties. Domain differences make the analyses abstract away interactions among themselves, potentially invalidating the results. Specifically, one challenge is to ensure that an analysis is never applied to a model that violates the assumptions of the analysis. Since such violation can originate from the updating of the model by another analysis, analyses must be executed in the correct order. Another challenge is to apply diverse analyses soundly and scalably over models of realistic complexity. To address these challenges, we develop an analysis integration approach that uses contracts to specify dependencies between analyses, determine their correct orders of application, and specify and verify applicability conditions in multiple domains. We implement our approach and demonstrate its effectiveness, scalability, and extensibility through a verification case study for thread and battery cell scheduling.","accessed":{"date-parts":[["2023",11,8]]},"author":[{"family":"Ruchkin","given":"Ivan"},{"family":"De Niz","given":"Dionisio"},{"family":"Chaki","given":"Sagar"},{"family":"Garlan","given":"David"}],"citation-key":"ruchkinContractbasedIntegrationCyberphysical2014a","container-title":"2014 International Conference on Embedded Software (EMSOFT)","DOI":"10.1145/2656045.2656052","event-title":"2014 International Conference on Embedded Software (EMSOFT)","issued":{"date-parts":[["2014",10]]},"page":"1-10","source":"IEEE Xplore","title":"Contract-based integration of cyber-physical analyses","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/6986131"},{"id":"nestlerCompetencyCybersecurityEducation","author":[{"family":"Nestler","given":"Vincent"},{"family":"Fowler","given":"Zoe"}],"citation-key":"nestlerCompetencyCybersecurityEducation","language":"en","source":"Zotero","title":"Competency in Cybersecurity Education:","type":"article-journal"},{"id":"NationalCentersAcademic","accessed":{"date-parts":[["2023",11,7]]},"citation-key":"NationalCentersAcademic","title":"National Centers of Academic Excellence","type":"webpage","URL":"https://www.nsa.gov/Academics/Centers-of-Academic-Excellence/"},{"id":"2023NationalCybersecurity","accessed":{"date-parts":[["2023",11,7]]},"citation-key":"2023NationalCybersecurity","title":"2023 National Cybersecurity Education Colloquium | CAE Community","type":"webpage","URL":"https://www.caecommunity.org/about-us/cae-cybersecurity-community/event-programs/2023-national-cybersecurity-education"},{"id":"petersenWorkforceFrameworkCybersecurity2020","abstract":"This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work. It expresses that work as Task statements and describes Knowledge and Skill statements that provide a foundation for learners including students, job seekers, and employees. The use of these statements helps students to develop skills, job seekers to demonstrate competencies, and employees to accomplish tasks. As a common, consistent lexicon that categorizes and describes cybersecurity work, the NICE Framework improves communication about how to identify, recruit, develop, and retain cybersecurity talent. The NICE Framework is a reference source from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of cybersecurity education, training, and workforce...","accessed":{"date-parts":[["2023",11,7]]},"author":[{"family":"Petersen","given":"Rodney"},{"family":"Santos","given":"Danielle"},{"family":"Wetzel","given":"Karen"},{"family":"Smith","given":"Matthew"},{"family":"Witte","given":"Gregory"}],"citation-key":"petersenWorkforceFrameworkCybersecurity2020","DOI":"10.6028/NIST.SP.800-181r1","issued":{"date-parts":[["2020",11,16]]},"language":"en","number":"NIST Special Publication (SP) 800-181 Rev. 1","publisher":"National Institute of Standards and Technology","source":"csrc.nist.gov","title":"Workforce Framework for Cybersecurity (NICE Framework)","type":"report","URL":"https://csrc.nist.gov/pubs/sp/800/181/r1/final"},{"id":"Montreat360App2022","abstract":"Montreat 360° is an app for Montreat College students that helps track experiential learning - real-life experience - through campus involvement.","accessed":{"date-parts":[["2023",11,7]]},"citation-key":"Montreat360App2022","issued":{"date-parts":[["2022",9,29]]},"language":"en-US","title":"Montreat 360° | App for Students at Montreat College","type":"webpage","URL":"https://www.montreat.edu/student-life/montreat-360/"},{"id":"DoDCyberWorkforce","accessed":{"date-parts":[["2023",11,7]]},"citation-key":"DoDCyberWorkforce","title":"DoD Cyber Workforce Framework – DoD Cyber Exchange","type":"webpage","URL":"https://public.cyber.mil/wid/dcwf/"},{"id":"CareersPreparationNational","accessed":{"date-parts":[["2023",11,7]]},"citation-key":"CareersPreparationNational","title":"Careers Preparation National Center | CAE Community","type":"webpage","URL":"https://www.caecommunity.org/national-center/careers-preparation-national-center"},{"id":"gronlundGronlundWritingInstructional2009","author":[{"family":"Gronlund","given":"Norman Edward"},{"family":"Brookhart","given":"Susan M."}],"citation-key":"gronlundGronlundWritingInstructional2009","container-title":"(No Title)","issued":{"date-parts":[["2009"]]},"title":"Gronlund's writing instructional objectives","type":"article-journal"},{"id":"magerPreparingInstructionalObjectives1962","author":[{"family":"Mager","given":"Robert F."}],"citation-key":"magerPreparingInstructionalObjectives1962","issued":{"date-parts":[["1962"]]},"publisher":"ERIC","title":"Preparing instructional objectives.","type":"article-journal"},{"id":"CompetencyDevelopment2pager","citation-key":"CompetencyDevelopment2pager","title":"Competency Development 2-pager","type":"document"},{"id":"estefanSurveyModelBasedSystems2008","author":[{"family":"Estefan","given":"Jeff A"}],"citation-key":"estefanSurveyModelBasedSystems2008","issued":{"date-parts":[["2008"]]},"language":"en","source":"Zotero","title":"Survey of Model-Based Systems Engineering (MBSE) Methodologies","type":"article-journal"},{"id":"garciaREGULATORYEFFORTSCYBER","abstract":"Small Modular Reactors / Advanced Reactors (SMR/ARs) are expected to provide safe, secure, and economical power that have the potential to support initiatives aimed at combating climate change. Current proposed SMR/ARs involve diverse technologies that include next generation modular pressurized water reactors, high temperature gas cooled reactors, molten salt reactors, and liquid metal cooled fast reactors. These diverse technologies each have a unique set of functions and systems that support both nuclear safety and security. To address these challenges, the U.S. Nuclear Regulatory Commission (NRC) is moving toward a risk informed, performance based and technology-neutral regulation and associated regulatory guides. The U.S. NRC, supported by cyber security experts from DOE national laboratories and U.S. universities, has undertaken efforts to develop a regulatory guide (RG), to provide an advanced reactor licensee with an acceptable approach for meeting the requirements of the proposed cyber security rule for advanced reactors, 10 CFR 73.110, “Technology neutral requirements for protection of digital computer and communication systems and networks.” The RG aims to provide a process that accounts for the differing risk levels within advanced reactor technologies while providing reasonable assurance of adequate protection of public health and safety and promoting the common defense and security and protecting the environment. As such, a key RG outcome will be to provide the licensee with a risk-informed approach that would allow for the design and implementation of a cyber security program to meet demands for protection against the unacceptable consequences from a cyber attack. The RG is expected to leverage both the outcomes of the safety and security analyses performed for the associated reactor design.","author":[{"family":"Garcia","given":"I"},{"family":"Jauntirans","given":"J"},{"family":"Rowland","given":"M"}],"citation-key":"garciaREGULATORYEFFORTSCYBER","language":"en","source":"Zotero","title":"U.S.A. REGULATORY EFFORTS FOR CYBER SECURITY OF ADVANCED REACTORS","type":"report"},{"id":"topperModelBasedSystemsEngineering2013","abstract":"Model-based systems engineering techniques facilitate complex system design and documentation processes. A rigorous, iterative conceptual development process based on the Unified Modeling Language (UML) or the Systems Modeling Language (SysML) and consisting of domain modeling, use case development, and behavioral and structural modeling supports design, architecting, analysis, modeling and simulation, test and evaluation, and program management activities. The resulting model is more useful than traditional documentation because it represents structure, data, and functions, along with associated documentation, in a multidimensional, navigable format. Beyond benefits to project documentation and stakeholder communication, UML- and SysML-based models also support direct analysis methods, such as functional thread extraction. The APL team is continuing to develop analysis techniques using conceptual models to reduce the risk of design and test errors, reduce costs, and improve the quality of analysis and supporting modeling and simulation activities in the development of complex systems.","accessed":{"date-parts":[["2023",10,3]]},"author":[{"family":"Topper","given":"J. Stephen"},{"family":"Horner","given":"Nathaniel C."}],"citation-key":"topperModelBasedSystemsEngineering2013","container-title":"JOHNS HOPKINS APL TECHNICAL DIGEST","container-title-short":"Johns Hopkins APL Tech. Dig.","event-place":"Laurel","ISSN":"0270-5214, 1930-0530","issue":"1","issued":{"date-parts":[["2013"]]},"language":"English","note":"Web of Science ID: WOS:000321063200005","number-of-pages":"14","page":"419-432","publisher":"Johns Hopkins Univ Applied Physics Laboratory Llc","publisher-place":"Laurel","source":"Clarivate Analytics Web of Science","title":"Model-Based Systems Engineering in Support of Complex Systems Development","type":"article-journal","URL":"https://www.webofscience.com/wos/woscc/summary/563bee91-8c90-4554-ae8d-46c3ce0028ee-a808dfa0/relevance/1","volume":"32"},{"id":"ruchkinChallengesPhysicalModeling2016a","abstract":"Cyber-physical systems (CPSs) mix software, hardware, and physical aspects with equal importance. Typically, the use of models of such systems during run time has concentrated only on managing and controlling the cyber (software) aspects. However, to fully realize the goals of a CPS, physical models too have to be treated as first-class models. This approach gives rise to three main challenges: (a) identifying and integrating physical and software models with different characteristics and semantics; (b) obtaining instances of physical models at a suitable level of abstraction for adaptation; and (c) using and adapting physical models to control CPSs. In this position paper, we elaborate on these three challenges and describe our vision of making physical models first-class entities in adaptation. We illustrate this vision in the context of power adaptation for a service robotic system.","accessed":{"date-parts":[["2023",11,6]]},"author":[{"family":"Ruchkin","given":"Ivan"},{"family":"Samuel","given":"Selva"},{"family":"Schmerl","given":"Bradley"},{"family":"Rico","given":"Amanda"},{"family":"Garlan","given":"David"}],"citation-key":"ruchkinChallengesPhysicalModeling2016a","container-title":"2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)","DOI":"10.1109/WF-IoT.2016.7845513","event-title":"2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)","issued":{"date-parts":[["2016",12]]},"page":"210-215","source":"IEEE Xplore","title":"Challenges in physical modeling for adaptation of cyber-physical systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/7845513?casa_token=4qDnAMcJ_VkAAAAA:BmwKCMMxC-lGcaRMmVDxkqk6df0Gd5P39iNud94-qMYWM77p-myERky0ofSw2dLXcY6k0V-6AA"},{"id":"weiSystemTheoreticApproach2018","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Wei","given":"Lee Chee"},{"family":"Madnick","given":"Stuart E."}],"citation-key":"weiSystemTheoreticApproach2018","container-title":"SSRN Electronic Journal","container-title-short":"SSRN Journal","DOI":"10.2139/ssrn.3370555","ISSN":"1556-5068","issued":{"date-parts":[["2018"]]},"language":"en","source":"DOI.org (Crossref)","title":"A System Theoretic Approach to Cybersecurity Risk Analysis and Mitigation for Autonomous Passenger Vehicles","type":"article-journal","URL":"https://www.ssrn.com/abstract=3370555"},{"id":"PRISMProbabilisticSymbolic","accessed":{"date-parts":[["2023",11,3]]},"citation-key":"PRISMProbabilisticSymbolic","title":"PRISM - Probabilistic Symbolic Model Checker","type":"webpage","URL":"https://www.prismmodelchecker.org/"},{"id":"langFormalVerificationApplied2021","abstract":"Formal verification tools are cited as an essential component to enable more widespread development and adoption of advanced autonomous systems. While numerous techniques and tools exist, the applicability of these tools to actual systems under development is currently uncertain. There are myriad reasons for such uncertainty, mostly stemming from assumptions necessary for such tools to work, such as: 1) The assumption that an underlying dynamics model or Simulink model is available, 2) The assumption that the dynamics are low-dimensional, 3) The assumption that the dynamics are linear or linearizable without sacrificing accuracy, and 4) The assumption that the underlying controllers and autonomy algorithms are available and easily modeled. This paper first presents a novel satellite benchmark that incorporates autonomous switching between multiple modes of operation related to attitude control. The result is a hybrid system with nonlinear rotational dynamics restricted to a manifold within each mode. Several open source verification tools are then applied to this benchmark to determine any results that can be drawn about the stability of the overall system. We provide a thorough comparison and discussion of the benefits and drawbacks of those tools we tested, none of which were capable of completely verifying stability requirements over the entire benchmark to the best of our efforts. We also discuss the significant hurdles that remain to implementing these tools on realistic autonomous systems, and the techniques we have found to be the most applicable. The contributions of this paper are: 1) a challenging benchmark on which developers can test their verification tools, and 2) a useful starting point to anyone who wants to apply formal methods to autonomous aerospace systems and to advance the conversation on what remains to be accomplished for these tools to be of practical use.","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Lang","given":"Kendra"},{"family":"Klett","given":"Corbin"},{"family":"Hawkins","given":"Kelsey"},{"family":"Feron","given":"Eric"},{"family":"Tsiotras","given":"Panagiotis"},{"family":"Phillips","given":"Sean"}],"citation-key":"langFormalVerificationApplied2021","container-title":"AIAA Scitech 2021 Forum","DOI":"10.2514/6.2021-1126","ISSN":"9781624106095","issued":{"date-parts":[["2021",1,1]]},"page":"1-14","publisher":"American Institute of Aeronautics and Astronautics Inc, AIAA","source":"KAUST FACULTY PORTAL","title":"Formal verification applied to autonomous spacecraft attitude control","type":"article-journal","URL":"https://arc.aiaa.org/doi/10.2514/6.2021-1126"},{"id":"althoffSetPropagationTechniques2021","abstract":"Reachability analysis consists in computing the set of states that are reachable by a dynamical system from all initial states and for all admissible inputs and parameters. It is a fundamental problem motivated by many applications in formal verification, controller synthesis, and estimation, to name only a few. This article focuses on a class of methods for computing a guaranteed overapproximation of the reachable set of continuous and hybrid systems, relying predominantly on set propagation; starting from the set of initial states, these techniques iteratively propagate a sequence of sets according to the system dynamics. After a review of set representation and computation, the article presents the state of the art of set propagation techniques for reachability analysis of linear, nonlinear, and hybrid systems. It ends with a discussion of successful applications of reachability analysis to real-world problems.","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Althoff","given":"Matthias"},{"family":"Frehse","given":"Goran"},{"family":"Girard","given":"Antoine"}],"citation-key":"althoffSetPropagationTechniques2021","container-title":"Annual Review of Control, Robotics, and Autonomous Systems","DOI":"10.1146/annurev-control-071420-081941","issue":"1","issued":{"date-parts":[["2021"]]},"page":"369-395","source":"Annual Reviews","title":"Set Propagation Techniques for Reachability Analysis","type":"article-journal","URL":"https://doi.org/10.1146/annurev-control-071420-081941","volume":"4"},{"id":"nghiemMontecarloTechniquesFalsification2010","abstract":"We present a Monte-Carlo optimization technique for finding inputs to a system that falsify a given Metric Temporal Logic (MTL) property. Our approach performs a random walk over the space of inputs guided by a robustness metric defined by the MTL property. Robustness can be used to guide our search for a falsifying trajectory by exploring trajectories with smaller robustness values. We show that the notion of robustness can be generalized to consider hybrid system trajectories. The resulting testing framework can be applied to non-linear hybrid systems with external inputs. We show through numerous experiments on complex systems that using our framework can help automatically falsify properties with more consistency as compared to other means such as uniform sampling.","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Nghiem","given":"Truong"},{"family":"Sankaranarayanan","given":"Sriram"},{"family":"Fainekos","given":"Georgios"},{"family":"Ivancić","given":"Franjo"},{"family":"Gupta","given":"Aarti"},{"family":"Pappas","given":"George J."}],"citation-key":"nghiemMontecarloTechniquesFalsification2010","collection-title":"HSCC '10","container-title":"Proceedings of the 13th ACM international conference on Hybrid systems: computation and control","DOI":"10.1145/1755952.1755983","event-place":"New York, NY, USA","ISBN":"978-1-60558-955-8","issued":{"date-parts":[["2010",4,12]]},"page":"211–220","publisher":"Association for Computing Machinery","publisher-place":"New York, NY, USA","source":"ACM Digital Library","title":"Monte-carlo techniques for falsification of temporal properties of non-linear hybrid systems","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/1755952.1755983"},{"id":"fainekosRobustnessTemporalLogic2009","abstract":"In this paper, we consider the robust interpretation of Metric Temporal Logic (MTL) formulas over signals that take values in metric spaces. For such signals, which are generated by systems whose states are equipped with non-trivial metrics, for example continuous or hybrid, robustness is not only natural, but also a critical measure of system performance. Thus, we propose multi-valued semantics for MTL formulas, which capture not only the usual Boolean satisfiability of the formula, but also topological information regarding the distance, ε, from unsatisfiability. We prove that any other signal that remains ε-close to the initial one also satisfies the same MTL specification under the usual Boolean semantics. Finally, our framework is applied to the problem of testing formulas of two fragments of MTL, namely Metric Interval Temporal Logic (MITL) and closed Metric Temporal Logic (clMTL), over continuous-time signals using only discrete-time analysis. The motivating idea behind our approach is that if the continuous-time signal fulfills certain conditions and the discrete-time signal robustly satisfies the temporal logic specification, then the corresponding continuous-time signal should also satisfy the same temporal logic specification.","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Fainekos","given":"Georgios E."},{"family":"Pappas","given":"George J."}],"citation-key":"fainekosRobustnessTemporalLogic2009","container-title":"Theoretical Computer Science","container-title-short":"Theoretical Computer Science","DOI":"10.1016/j.tcs.2009.06.021","ISSN":"0304-3975","issue":"42","issued":{"date-parts":[["2009",9,28]]},"page":"4262-4291","source":"ScienceDirect","title":"Robustness of temporal logic specifications for continuous-time signals","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S0304397509004149","volume":"410"},{"id":"askarpourFormalMethodsDesigning2019a","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Askarpour","given":"Mehrnoosh"},{"family":"Ghezzi","given":"Carlo"},{"family":"Mandrioli","given":"Dino"},{"family":"Rossi","given":"Matteo"},{"family":"Tsigkanos","given":"Christos"}],"citation-key":"askarpourFormalMethodsDesigning2019a","container-title":"From Software Engineering to Formal Methods and Tools, and Back","DOI":"10.1007/978-3-030-30985-5_8","editor":[{"family":"Ter Beek","given":"Maurice H."},{"family":"Fantechi","given":"Alessandro"},{"family":"Semini","given":"Laura"}],"event-place":"Cham","ISBN":"978-3-030-30984-8 978-3-030-30985-5","issued":{"date-parts":[["2019"]]},"language":"en","page":"110-130","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Formal Methods in Designing Critical Cyber-Physical Systems","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-030-30985-5_8","volume":"11865"},{"id":"kimNuDEFormalMethodbased2017a","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Kim","given":"Eui-Sub"},{"family":"Lee","given":"Dong-Ah"},{"family":"Jung","given":"Sejin"},{"family":"Yoo","given":"Junbeom"},{"family":"Choi","given":"Jong-Gyun"},{"family":"Lee","given":"Jang-Soo"}],"citation-key":"kimNuDEFormalMethodbased2017a","container-title":"Journal of Computing Science and Engineering","container-title-short":"Journal of Computing Science and Engineering","DOI":"10.5626/JCSE.2017.11.1.9","ISSN":"1976-4677","issue":"1","issued":{"date-parts":[["2017",3,30]]},"language":"en","page":"9-23","source":"DOI.org (Crossref)","title":"NuDE 2.0: A Formal Method-based Software Development, Verification and Safety Analysis Environment for Digital I&Cs in NPPs","title-short":"NuDE 2.0","type":"article-journal","URL":"http://koreascience.or.kr/journal/view.jsp?kj=E1EIKI&py=2017&vnc=v11n1&sp=9","volume":"11"},{"id":"annpureddySTaLiRoToolTemporal2011","abstract":"S-TaLiRo is a Matlab (TM) toolbox that searches for trajectories of minimal robustness in Simulink/Stateflow diagrams. It can analyze arbitrary Simulink models or user defined functions that model the system. At the heart of the tool, we use randomized testing based on stochastic optimization techniques including Monte-Carlo methods and Ant-Colony Optimization. Among the advantages of the toolbox is the seamless integration inside the Matlab environment, which is widely used in the industry for model-based development of control software. We present the architecture of S-TaLiRo and its working on an application example.","author":[{"family":"Annpureddy","given":"Yashwanth"},{"family":"Liu","given":"Che"},{"family":"Fainekos","given":"Georgios"},{"family":"Sankaranarayanan","given":"Sriram"}],"citation-key":"annpureddySTaLiRoToolTemporal2011","collection-title":"Lecture Notes in Computer Science","container-title":"Tools and Algorithms for the Construction and Analysis of Systems","DOI":"10.1007/978-3-642-19835-9_21","editor":[{"family":"Abdulla","given":"Parosh Aziz"},{"family":"Leino","given":"K. Rustan M."}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-642-19835-9","issued":{"date-parts":[["2011"]]},"language":"en","page":"254-257","publisher":"Springer","publisher-place":"Berlin, Heidelberg","source":"Springer Link","title":"S-TaLiRo: A Tool for Temporal Logic Falsification for Hybrid Systems","title-short":"S-TaLiRo","type":"paper-conference"},{"id":"antoNovelFrameworkDesign2023","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Anto","given":"Kelvin"},{"family":"Swain","given":"Akshya Kumar"},{"family":"Roop","given":"Partha"}],"citation-key":"antoNovelFrameworkDesign2023","container-title":"IEEE Access","container-title-short":"IEEE Access","DOI":"10.1109/ACCESS.2023.3295421","ISSN":"2169-3536","issued":{"date-parts":[["2023"]]},"page":"73556-73567","source":"DOI.org (Crossref)","title":"A Novel Framework for the Design of Resilient Cyber-Physical Systems Using Control Theory and Formal Methods","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10184000/","volume":"11"},{"id":"jonesAnomalyDetectionCyberphysical2014","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Jones","given":"Austin"},{"family":"Kong","given":"Zhaodan"},{"family":"Belta","given":"Calin"}],"citation-key":"jonesAnomalyDetectionCyberphysical2014","container-title":"53rd IEEE Conference on Decision and Control","DOI":"10.1109/CDC.2014.7039487","event-place":"Los Angeles, CA, USA","event-title":"2014 IEEE 53rd Annual Conference on Decision and Control (CDC)","ISBN":"978-1-4673-6090-6 978-1-4799-7746-8 978-1-4799-7745-1","issued":{"date-parts":[["2014",12]]},"page":"848-853","publisher":"IEEE","publisher-place":"Los Angeles, CA, USA","source":"DOI.org (Crossref)","title":"Anomaly detection in cyber-physical systems: A formal methods approach","title-short":"Anomaly detection in cyber-physical systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7039487/"},{"id":"instituteofelectricalandelectronicsengineers2014IEEE53rd2014","citation-key":"instituteofelectricalandelectronicsengineers2014IEEE53rd2014","editor":[{"family":"Institute of Electrical and Electronics Engineers","given":""},{"family":"IEEE Control Systems Society","given":""}],"event-place":"Piscataway, NJ","ISBN":"978-1-4673-6090-6 978-1-4673-6089-0","issued":{"date-parts":[["2014"]]},"language":"eng","publisher":"IEEE","publisher-place":"Piscataway, NJ","source":"K10plus ISBN","title":"2014 IEEE 53rd Annual Conference on Decision and Control (CDC 2014): Los Angeles, California, USA, 15 - 17 December 2014","title-short":"2014 IEEE 53rd Annual Conference on Decision and Control (CDC 2014)","type":"book"},{"id":"zhongAnalysisEnergyLaboratory2023","abstract":"Laboratory safety in colleges and universities has received wider attention as a critical annual inspection by the Ministry of Education. The laboratory environment is complex and diverse, with many hazard factors. To effectively prevent the occurrence of laboratory emergencies in universities, the STAMP/STPA model is used to analyze the safety of energy laboratory safety management in a resource-based university. Between 2021 and 2022, we carried out laboratory safety inspection and field observation for a mining resource university in China, and identified 16 unsafe control actions in the field of energy laboratory safety management in the university, and identified ten critical causal factors leading to unsafe control actions. Combining the actual situation of the mining resource university, the short-term countermeasures and long-term countermeasures to improve laboratory safety management are proposed to guarantee the university’s laboratory safety management. Moreover, the research results have suggestions for the construction and development of laboratory safety management at similar universities.","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Zhong","given":"Shuheng"},{"family":"Du","given":"Jinping"},{"family":"Jiang","given":"Xidi"}],"citation-key":"zhongAnalysisEnergyLaboratory2023","container-title":"Sustainability","container-title-short":"Sustainability","DOI":"10.3390/su151511505","ISSN":"2071-1050","issue":"15","issued":{"date-parts":[["2023",7,25]]},"language":"en","page":"11505","source":"DOI.org (Crossref)","title":"Analysis of Energy Laboratory Safety Management in China Based on the System-Theoretic Accident Model and Processes/System Theoretic Process Analysis STAMP/STPA Model","type":"article-journal","URL":"https://www.mdpi.com/2071-1050/15/15/11505","volume":"15"},{"id":"kleinSeL4FormalVerification2009","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Klein","given":"Gerwin"},{"family":"Elphinstone","given":"Kevin"},{"family":"Heiser","given":"Gernot"},{"family":"Andronick","given":"June"},{"family":"Cock","given":"David"},{"family":"Derrin","given":"Philip"},{"family":"Elkaduwe","given":"Dhammika"},{"family":"Engelhardt","given":"Kai"},{"family":"Kolanski","given":"Rafal"},{"family":"Norrish","given":"Michael"},{"family":"Sewell","given":"Thomas"},{"family":"Tuch","given":"Harvey"},{"family":"Winwood","given":"Simon"}],"citation-key":"kleinSeL4FormalVerification2009","container-title":"Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles","DOI":"10.1145/1629575.1629596","event-place":"Big Sky Montana USA","event-title":"SOSP09: ACM SIGOPS 22nd Symposium on Operating Systems Principles","ISBN":"978-1-60558-752-3","issued":{"date-parts":[["2009",10,11]]},"language":"en","page":"207-220","publisher":"ACM","publisher-place":"Big Sky Montana USA","source":"DOI.org (Crossref)","title":"seL4: formal verification of an OS kernel","title-short":"seL4","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/1629575.1629596"},{"id":"kwonReachabilityAnalysisSafety2018","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Kwon","given":"Cheolhyeon"},{"family":"Hwang","given":"Inseok"}],"citation-key":"kwonReachabilityAnalysisSafety2018","container-title":"IEEE Transactions on Automatic Control","container-title-short":"IEEE Trans. Automat. Contr.","DOI":"10.1109/TAC.2017.2761762","ISSN":"0018-9286, 1558-2523, 2334-3303","issue":"7","issued":{"date-parts":[["2018",7]]},"page":"2272-2279","source":"DOI.org (Crossref)","title":"Reachability Analysis for Safety Assurance of Cyber-Physical Systems Against Cyber Attacks","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8063959/","volume":"63"},{"id":"sulamanComparisonFMEASTPA2019","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Sulaman","given":"Sardar Muhammad"},{"family":"Beer","given":"Armin"},{"family":"Felderer","given":"Michael"},{"family":"Höst","given":"Martin"}],"citation-key":"sulamanComparisonFMEASTPA2019","container-title":"Software Quality Journal","container-title-short":"Software Qual J","DOI":"10.1007/s11219-017-9396-0","ISSN":"0963-9314, 1573-1367","issue":"1","issued":{"date-parts":[["2019",3]]},"language":"en","page":"349-387","source":"DOI.org (Crossref)","title":"Comparison of the FMEA and STPA safety analysis methods–a case study","type":"article-journal","URL":"http://link.springer.com/10.1007/s11219-017-9396-0","volume":"27"},{"id":"karatzasSystemTheoreticProcessAnalysis2020","abstract":"Inelasticity of demand along with the distributed energy sources and energy market democratization pose significant challenges which have considerable negative impacts on overall grid balance. The need for increased capacity and flexibility in the era of energy market digitalization has introduced new requirements in the energy supply network which could not be satisfied without continuous and costly local power network upgrades. Additionally, with the emergence of Smart Homes (SHs) and Home Energy Management (HEM) systems for monitoring and operating household appliances, opportunities have arisen for automated Demand Response (DR). DR is exploited for the modification of the consumer energy demand, in response to the specific conditions within the electricity system (e.g., peak period network congestion). In order to optimally integrate DR in the broader Smart Grid (SG) system, modelling of the system parameters and safety analysis is required. In this paper, the implementation of STPA (System-Theoretic Process Analysis) structured method, as a relatively new hazard analysis technique for complex systems is presented and the feasibility of STPA implementation for loss prevention on a Demand Response system for home energy management, and within the complex SG context, is examined. The applied method delivers a mechanism useful in understanding where gaps in current operational risk structures may exist. The STPA findings in terms of loss scenarios can be used to generate a variety of safeguards to ensure secure operational control and in implementing targeted strategies through standard approaches of risk assessment.","accessed":{"date-parts":[["2023",11,3]]},"author":[{"family":"Karatzas","given":"Stylianos"},{"family":"Chassiakos","given":"Athanasios"}],"citation-key":"karatzasSystemTheoreticProcessAnalysis2020","container-title":"Systems","container-title-short":"Systems","DOI":"10.3390/systems8030033","ISSN":"2079-8954","issue":"3","issued":{"date-parts":[["2020",9,18]]},"language":"en","page":"33","source":"DOI.org (Crossref)","title":"System-Theoretic Process Analysis (STPA) for Hazard Analysis in Complex Systems: The Case of “Demand-Side Management in a Smart Grid”","title-short":"System-Theoretic Process Analysis (STPA) for Hazard Analysis in Complex Systems","type":"article-journal","URL":"https://www.mdpi.com/2079-8954/8/3/33","volume":"8"},{"id":"bakVerifyingCyberphysicalSystems2016","author":[{"family":"Bak","given":"Stanley"},{"family":"Chaki","given":"Sagar"}],"citation-key":"bakVerifyingCyberphysicalSystems2016","container-title":"2016 International Conference on Embedded Software (EMSOFT)","DOI":"10.1145/2968478.2968490","issued":{"date-parts":[["2016"]]},"page":"1-10","title":"Verifying cyber-physical systems by combining software model checking with hybrid systems reachability","type":"article-journal"},{"id":"mitchellToolboxHamiltonJacobiSolvers2005","author":[{"family":"Mitchell","given":"Ian M."},{"family":"Templeton","given":"Jeremy A."}],"citation-key":"mitchellToolboxHamiltonJacobiSolvers2005","container-title":"A Toolbox of Hamilton-Jacobi Solvers for Analysis of Nondeterministic Continuous and Hybrid Systems\",","ISBN":"978-3-540-31954-2","issued":{"date-parts":[["2005"]]},"page":"480--494","publisher":"Springer Berlin Heidelberg","title":"A Toolbox of Hamilton-Jacobi Solvers for Analysis of Nondeterministic Continuous and Hybrid Systems","type":"paper-conference"},{"id":"chenReachabilityAnalysisNonLinear2015","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Chen","given":"Xin"}],"citation-key":"chenReachabilityAnalysisNonLinear2015","issued":{"date-parts":[["2015",3]]},"publisher":"RWTH Aachen","title":"Reachability Analysis of Non-Linear Hybrid Systems Using Taylor Models","type":"report"},{"id":"championKindModelChecker2016","abstract":"Kind 2 is an open-source, multi-engine, SMT-based model checker for safety properties of ﬁnite- and inﬁnite-state synchronous reactive systems. It takes as input models written in an extension of the Lustre language that allows the speciﬁcation of assume-guarantee-style contracts for system components. Kind 2 was implemented from scratch based on techniques used by its predecessor, the PKind model checker. This paper discusses a number of improvements over PKind in terms of invariant generation. It also introduces two main features: contract-based compositional reasoning and certiﬁcate generation.","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Champion","given":"Adrien"},{"family":"Mebsout","given":"Alain"},{"family":"Sticksel","given":"Christoph"},{"family":"Tinelli","given":"Cesare"}],"citation-key":"championKindModelChecker2016","container-title":"Computer Aided Verification","DOI":"10.1007/978-3-319-41540-6_29","editor":[{"family":"Chaudhuri","given":"Swarat"},{"family":"Farzan","given":"Azadeh"}],"event-place":"Cham","ISBN":"978-3-319-41539-0 978-3-319-41540-6","issued":{"date-parts":[["2016"]]},"language":"en","page":"510-517","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"The Kind 2 Model Checker","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-41540-6_29","volume":"9780"},{"id":"pagettiMultitaskImplementationMultiperiodic2011","abstract":"This article presents a complete scheme for the integration and the development of multi-periodic critical embedded systems. A system is formally specified as a modular and hierarchical assembly of several locally mono-periodic synchronous functions into a globally multi-periodic synchronous system. To support this, we introduce a real-time software architecture description language, named Prelude, which is built upon the synchronous languages and which provides a high level of abstraction for describing the functional and the real-time architecture of a multiperiodic control system. A program is translated into a set of real-time tasks that can be executed on a monoprocessor real-time platform with an on-line priority-based scheduler such as Deadline-Monotonic or Earliest-Deadline-First. The compilation is formally proved correct, meaning that the generated code respects the real-time semantics of the original program (respect of periods, deadlines, release dates and precedences) as well as its functional semantics (respect of variable consumption).","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Pagetti","given":"Claire"},{"family":"Forget","given":"Julien"},{"family":"Boniol","given":"Frédéric"},{"family":"Cordovilla","given":"Mikel"},{"family":"Lesens","given":"David"}],"citation-key":"pagettiMultitaskImplementationMultiperiodic2011","container-title":"Discrete Event Dynamic Systems","container-title-short":"Discrete Event Dyn Syst","DOI":"10.1007/s10626-011-0107-x","ISSN":"0924-6703, 1573-7594","issue":"3","issued":{"date-parts":[["2011",9]]},"language":"en","page":"307-338","source":"DOI.org (Crossref)","title":"Multi-task Implementation of Multi-periodic Synchronous Programs","type":"article-journal","URL":"http://link.springer.com/10.1007/s10626-011-0107-x","volume":"21"},{"id":"caspiLUSTREDeclarativeLanguage","abstract":"LUSTRE is a synchronous data-ﬂow language for programming systems which interact with their environments in real-time. After an informal presentation of the language, we describe its semantics by means of structural inference rules. Moreover, we show how to use this semantics in order to generate eﬃcient sequential code, namely, a ﬁnite state automaton which represents the control of the program. Formal rules for program transformation are also presented.","author":[{"family":"Caspi","given":"P"},{"family":"Pilaud","given":"D"},{"family":"Halbwachs","given":"N"},{"family":"Plaice","given":"J A"}],"citation-key":"caspiLUSTREDeclarativeLanguage","language":"en","source":"Zotero","title":"LUSTRE: A declarative language for programming synchronous systems","type":"article-journal"},{"id":"bourbouhCoCoSimCodeGeneration","abstract":"We present CoCoSim, a framework to support the design, code generation and analysis of discrete dataﬂow model expressed in Simulink. In this work, we speciﬁcally focus on the analysis and code generation of multi-periodic systems. For that CoCoSim provides two complementary approaches: the ﬁrst amounts to encode the multiperiodic semantics in a pure-synchronous one – à la Lustre–, enabling the use of model checker for verifying properties. The second provides a faithful code generation into multiple communicating (mono)synchronous components – à la Prelude–that can be then simulated or embedded in the ﬁnal platform with any real-time scheduler. These approaches have been experimented in various settings.","author":[{"family":"Bourbouh","given":"Hamza"},{"family":"Garoche","given":"Pierre-Loïc"},{"family":"Loquen","given":"Thomas"},{"family":"Noulard","given":"Éric"},{"family":"Pagetti","given":"Claire"}],"citation-key":"bourbouhCoCoSimCodeGeneration","language":"en","source":"Zotero","title":"CoCoSim, a code generation framework for control/command applications An overview of CoCoSim for multi-periodic discrete Simulink models","type":"article-journal"},{"id":"biereBoundedModelChecking2003","abstract":"Symbolic model checking with Binary Decision Diagrams (BDDs) has been successfully used in the last decade for formally verifying ﬁnite state systems such as sequential circuits and protocols. Since its introduction in the beginning of the 90’s, it has been integrated in the quality assurance process of several major hardware companies. The main bottleneck of this method is that BDDs may grow exponentially, and hence the amount of available memory restricts the size of circuits that can be veriﬁed efﬁciently. In this article we survey a technique called Bounded Model Checking (BMC), which uses a propositional SAT solver rather than BDD manipulation techniques. Since its introduction in 1999, BMC has been well received by the industry. It can ﬁnd many logical errors in complex systems that can not be handled by competing techniques, and is therefore widely perceived as a complementary technique to BDD-based model checking. This observation is supported by several independent comparisons that have been published in the last few years.","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Biere","given":"Armin"},{"family":"Cimatti","given":"Alessandro"},{"family":"Clarke","given":"Edmund M."},{"family":"Strichman","given":"Ofer"},{"family":"Zhu","given":"Yunshan"}],"citation-key":"biereBoundedModelChecking2003","container-title":"Advances in Computers","DOI":"10.1016/S0065-2458(03)58003-2","ISBN":"978-0-12-012158-8","issued":{"date-parts":[["2003"]]},"language":"en","page":"117-148","publisher":"Elsevier","source":"DOI.org (Crossref)","title":"Bounded Model Checking","type":"chapter","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0065245803580032","volume":"58"},{"id":"gaoDeltaCompleteAnalysisBounded2014","abstract":"We present the framework of δ-complete analysis for bounded reachability problems of general hybrid systems. We perform bounded reachability checking through solving δ-decision problems over the reals. The techniques take into account of robustness properties of the systems under numerical perturbations. We prove that the veriﬁcation problems become much more mathematically tractable in this new framework. Our implementation of the techniques, an open-source tool dReach, scales well on several highly nonlinear hybrid system models that arise in biomedical and robotics applications.","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Gao","given":"Sicun"},{"family":"Kong","given":"Soonho"},{"family":"Chen","given":"Wei"},{"family":"Clarke","given":"Edmund"}],"citation-key":"gaoDeltaCompleteAnalysisBounded2014","issued":{"date-parts":[["2014",4,28]]},"language":"en","number":"arXiv:1404.7171","publisher":"arXiv","source":"arXiv.org","title":"Delta-Complete Analysis for Bounded Reachability of Hybrid Systems","type":"article","URL":"http://arxiv.org/abs/1404.7171"},{"id":"kongDReachDReachabilityAnalysis2015","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Kong","given":"Soonho"},{"family":"Gao","given":"Sicun"},{"family":"Chen","given":"Wei"},{"family":"Clarke","given":"Edmund"}],"citation-key":"kongDReachDReachabilityAnalysis2015","container-title":"Tools and Algorithms for the Construction and Analysis of Systems","DOI":"10.1007/978-3-662-46681-0_15","editor":[{"family":"Baier","given":"Christel"},{"family":"Tinelli","given":"Cesare"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-662-46680-3 978-3-662-46681-0","issued":{"date-parts":[["2015"]]},"language":"en","page":"200-205","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"dReach: δ-Reachability Analysis for Hybrid Systems","title-short":"dReach","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-662-46681-0_15","volume":"9035"},{"id":"barrettSatisfiabilityModuloTheories2018","abstract":"Satisﬁability Modulo Theories (SMT) refers to the problem of determining whether a ﬁrst-order formula is satisﬁable with respect to some logical theory. Solvers based on SMT are used as back-end engines in model-checking applications such as bounded, interpolation-based, and predicate-abstraction-based model checking. After a brief illustration of these uses, we survey the predominant techniques for solving SMT problems with an emphasis on the lazy approach, in which a propositional satisﬁability (SAT) solver is combined with one or more theory solvers. We discuss the architecture of a lazy SMT solver, give examples of theory solvers, show how to combine such solvers modularly, and mention several extensions of the lazy approach. We also brieﬂy describe the eager approach in which the SMT problem is reduced to a SAT problem. Finally, we discuss how the basic framework for determining satisﬁability can be extended with additional functionality such as producing models, proofs, unsatisﬁable cores, and interpolants.","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Barrett","given":"Clark"},{"family":"Tinelli","given":"Cesare"}],"citation-key":"barrettSatisfiabilityModuloTheories2018","container-title":"Handbook of Model Checking","DOI":"10.1007/978-3-319-10575-8_11","editor":[{"family":"Clarke","given":"Edmund M."},{"family":"Henzinger","given":"Thomas A."},{"family":"Veith","given":"Helmut"},{"family":"Bloem","given":"Roderick"}],"event-place":"Cham","ISBN":"978-3-319-10574-1 978-3-319-10575-8","issued":{"date-parts":[["2018"]]},"language":"en","page":"305-343","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Satisfiability Modulo Theories","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-10575-8_11"},{"id":"yuSTLmcRobustSTL2022","abstract":"We present the STLmc model checker for signal temporal logic (STL) properties of hybrid systems. The STLmc tool can perform STL model checking up to a robustness threshold for a wide range of hybrid systems. Our tool utilizes the refutation-complete SMT-based bounded model checking algorithm by reducing the robust STL model checking problem into Boolean STL model checking. If STLmc does not ﬁnd a counterexample, the system is guaranteed to be correct up to the given bounds and robustness threshold. We demonstrate the eﬀectiveness of STLmc on a number of hybrid system benchmarks.","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Yu","given":"Geunyeol"},{"family":"Lee","given":"Jia"},{"family":"Bae","given":"Kyungmin"}],"citation-key":"yuSTLmcRobustSTL2022","container-title":"Computer Aided Verification","DOI":"10.1007/978-3-031-13185-1_26","editor":[{"family":"Shoham","given":"Sharon"},{"family":"Vizel","given":"Yakir"}],"event-place":"Cham","ISBN":"978-3-031-13184-4 978-3-031-13185-1","issued":{"date-parts":[["2022"]]},"language":"en","page":"524-537","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"STLmc: Robust STL Model Checking of Hybrid Systems Using SMT","title-short":"STLmc","type":"chapter","URL":"https://link.springer.com/10.1007/978-3-031-13185-1_26","volume":"13371"},{"id":"cimattiSMTBasedVerificationHybrid2021","abstract":"Hybrid automata networks (HAN) are a powerful formalism to model complex embedded systems. In this paper, we survey the recent advances in the application of Satisﬁability Modulo Theories (SMT) to the analysis of HAN. SMT can be seen as an extended form of Boolean satisﬁability (SAT), where literals are interpreted with respect to a background theory (e.g. linear arithmetic). HAN can be symbolically represented by means of SMT formulae, and analyzed by generalizing to the case of SMT the traditional model checking algorithms based on SAT.","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Cimatti","given":"Alessandro"},{"family":"Mover","given":"Sergio"},{"family":"Tonetta","given":"Stefano"}],"citation-key":"cimattiSMTBasedVerificationHybrid2021","container-title":"Proceedings of the AAAI Conference on Artificial Intelligence","container-title-short":"AAAI","DOI":"10.1609/aaai.v26i1.8442","ISSN":"2374-3468, 2159-5399","issue":"1","issued":{"date-parts":[["2021",9,20]]},"language":"en","page":"2100-2105","source":"DOI.org (Crossref)","title":"SMT-Based Verification of Hybrid Systems","type":"article-journal","URL":"https://ojs.aaai.org/index.php/AAAI/article/view/8442","volume":"26"},{"id":"diggaralaVerificationAnnotatedModels","author":[{"family":"Diggarala","given":""},{"family":"Mitra","given":""},{"family":"Visawnathan","given":""}],"citation-key":"diggaralaVerificationAnnotatedModels","container-title":"EMSOFT 2023","title":"Verification of Annotated Models from Executions","type":"paper-conference"},{"id":"duggiralaC2E2VerificationTool2015","abstract":"Mathwork’s Stateﬂow is a predominant environment for modeling embedded and cyberphysical systems where control software interact with physical processes. We present Compare-Execute-Check-Engine (C2E2)—a veriﬁcation tool for continuous and hybrid Stateﬂow models. It checks bounded time invariant properties of models with nonlinear dynamics, and discrete transitions with guards and resets. C2E2 transforms the model, computing simulations using a validated numerical solver, and then computes reachtube over-approximations with increasing precision. For this last step it uses annotations that have to be added to the model. These annotations are extensions of proof certiﬁcates studied in Control Theory and can be automatically obtained for linear dynamics. The C2E2 algorithm is sound and it is guaranteed to terminate if the system is robustly safe (or unsafe) with respect to perturbations to the of guards and invariants of the model. We present the architecture of C2E2, its workﬂow, and examples illustrating its potential role in model-based design, veriﬁcation, and validation.","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Duggirala","given":"Parasara Sridhar"},{"family":"Mitra","given":"Sayan"},{"family":"Viswanathan","given":"Mahesh"},{"family":"Potok","given":"Matthew"}],"citation-key":"duggiralaC2E2VerificationTool2015","container-title":"Tools and Algorithms for the Construction and Analysis of Systems","DOI":"10.1007/978-3-662-46681-0_5","editor":[{"family":"Baier","given":"Christel"},{"family":"Tinelli","given":"Cesare"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-662-46680-3 978-3-662-46681-0","issued":{"date-parts":[["2015"]]},"language":"en","page":"68-82","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"C2E2: A Verification Tool for Stateflow Models","title-short":"C2E2","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-662-46681-0_5","volume":"9035"},{"id":"fanAutomaticReachabilityAnalysis2016","abstract":"C2E2 is a bounded reachability analysis tool for nonlinear dynamical systems and hybrid automaton models. Previously it required users to annotate each system of diﬀerential equations of the hybrid automaton with discrepancy functions, and since these annotations are diﬃcult to get for general nonlinear diﬀerential equations, the tool had limited usability. This version of C2E2 is improved in several ways, the most prominent among which is the elimination of the need for userprovided discrepancy functions. It automatically computes piece-wise (or local) discrepancy functions around the reachable parts of the state space using symbolically computed Jacobian matrix and eigenvalue perturbation bounds. The special cases of linear and constant rate diﬀerential equations are handled with more eﬃcient algorithm. In this paper, we discuss these and other new features that make the new C2E2 a usable tool for bounded reachability analysis of hybrid systems.","accessed":{"date-parts":[["2023",11,2]]},"author":[{"family":"Fan","given":"Chuchu"},{"family":"Qi","given":"Bolun"},{"family":"Mitra","given":"Sayan"},{"family":"Viswanathan","given":"Mahesh"},{"family":"Duggirala","given":"Parasara Sridhar"}],"citation-key":"fanAutomaticReachabilityAnalysis2016","container-title":"Computer Aided Verification","DOI":"10.1007/978-3-319-41528-4_29","editor":[{"family":"Chaudhuri","given":"Swarat"},{"family":"Farzan","given":"Azadeh"}],"event-place":"Cham","ISBN":"978-3-319-41527-7 978-3-319-41528-4","issued":{"date-parts":[["2016"]]},"language":"en","page":"531-538","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Automatic Reachability Analysis for Nonlinear Hybrid Models with C2E2","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-319-41528-4_29","volume":"9779"},{"id":"langFormalVerificationApplied","author":[{"family":"Lang","given":"Kendra"},{"family":"Klett","given":"Corbin"},{"family":"Hawkins","given":"Kelsey"},{"family":"Feron","given":"Eric"},{"family":"Tsiotras","given":"Panagiotis"},{"family":"Phillips","given":"Sean"}],"citation-key":"langFormalVerificationApplied","language":"en","source":"Zotero","title":"Formal Veriﬁcation Applied to Autonomous Spacecraft Attitude Control","type":"article-journal"},{"id":"althoffReachabilityAnalysisNonlinear2013","abstract":"A new technique for computing the reachable set of hybrid systems with nonlinear continuous dynamics is presented. Previous work showed that abstracting the nonlinear continuous dynamics to linear differential inclusions results in a scalable approach for reachability analysis. However, when the abstraction becomes inaccurate, linearization techniques require splitting of reachable sets, resulting in an exponential growth of required linearizations. In this work, the nonlinearity of the dynamics is more accurately abstracted to polynomial difference inclusions. As a consequence, it is no longer guaranteed that reachable sets of consecutive time steps are mapped to convex sets as typically used in previous works. Thus, a non-convex set representation is developed in order to better capture the nonlinear dynamics, requiring no or much less splitting. The new approach has polynomial complexity with respect to the number of continuous state variables when splitting can be avoided and is thus promising when a linearization technique requires splitting for the same problem. The benefits are presented by numerical examples.","accessed":{"date-parts":[["2023",11,1]]},"author":[{"family":"Althoff","given":"Matthias"}],"citation-key":"althoffReachabilityAnalysisNonlinear2013","collection-title":"HSCC '13","container-title":"Proceedings of the 16th international conference on Hybrid systems: computation and control","DOI":"10.1145/2461328.2461358","event-place":"New York, NY, USA","ISBN":"978-1-4503-1567-8","issued":{"date-parts":[["2013",4,8]]},"page":"173–182","publisher":"Association for Computing Machinery","publisher-place":"New York, NY, USA","source":"ACM Digital Library","title":"Reachability analysis of nonlinear systems using conservative polynomialization and non-convex sets","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/2461328.2461358"},{"id":"dwDARPAExplainableArtificial2019","author":[{"family":"DW","given":"Gunning D. Aha"}],"citation-key":"dwDARPAExplainableArtificial2019","container-title":"AI Mag","issue":"2","issued":{"date-parts":[["2019"]]},"page":"44","title":"DARPA’s explainable artificial intelligence program","type":"article-journal","volume":"40"},{"id":"choiCompilingNeuralNetworks2017","author":[{"family":"Choi","given":"Arthur"},{"family":"Shi","given":"Weijia"},{"family":"Shih","given":"Andy"},{"family":"Darwiche","given":"Adnan"}],"citation-key":"choiCompilingNeuralNetworks2017","container-title":"intelligence","issued":{"date-parts":[["2017"]]},"title":"Compiling neural networks into tractable Boolean circuits","type":"article-journal"},{"id":"grossApplicationModelbasedFault1997","author":[{"family":"Gross","given":"K. C."},{"family":"Singer","given":"R. M."},{"family":"Wegerich","given":"S. W."},{"family":"Herzog","given":"J. P."},{"family":"VanAlstine","given":"R."},{"family":"Bockhorst","given":"F."}],"citation-key":"grossApplicationModelbasedFault1997","issued":{"date-parts":[["1997"]]},"publisher":"Argonne National Lab.(ANL), Argonne, IL (United States)","title":"Application of a model-based fault detection system to nuclear plant signals","type":"report"},{"id":"grochowskiAlgorithmicTransparencyExplainability2021","author":[{"family":"Grochowski","given":"Mateusz"},{"family":"Jablonowska","given":"Agnieszka"},{"family":"Lagioia","given":"Francesca"},{"family":"Sartor","given":"Giovanni"}],"citation-key":"grochowskiAlgorithmicTransparencyExplainability2021","container-title":"Critical Analysis L.","issued":{"date-parts":[["2021"]]},"page":"43","publisher":"HeinOnline","title":"Algorithmic transparency and explainability for EU consumer protection: unwrapping the regulatory premises","type":"article-journal","volume":"8"},{"id":"ribeiroWhyShouldTrust2016","abstract":"Despite widespread adoption, machine learning models remain mostly black boxes. Understanding the reasons behind predictions is, however, quite important in assessing trust, which is fundamental if one plans to take action based on a prediction, or when choosing whether to deploy a new model. Such understanding also provides insights into the model, which can be used to transform an untrustworthy model or prediction into a trustworthy one. In this work, we propose LIME, a novel explanation technique that explains the predictions of any classiﬁer in an interpretable and faithful manner, by learning an interpretable model locally around the prediction. We also propose a method to explain models by presenting representative individual predictions and their explanations in a non-redundant way, framing the task as a submodular optimization problem. We demonstrate the ﬂexibility of these methods by explaining diﬀerent models for text (e.g. random forests) and image classiﬁcation (e.g. neural networks). We show the utility of explanations via novel experiments, both simulated and with human subjects, on various scenarios that require trust: deciding if one should trust a prediction, choosing between models, improving an untrustworthy classiﬁer, and identifying why a classiﬁer should not be trusted.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Ribeiro","given":"Marco Tulio"},{"family":"Singh","given":"Sameer"},{"family":"Guestrin","given":"Carlos"}],"citation-key":"ribeiroWhyShouldTrust2016","issued":{"date-parts":[["2016",8,9]]},"language":"en","number":"arXiv:1602.04938","publisher":"arXiv","source":"arXiv.org","title":"\"Why Should I Trust You?\": Explaining the Predictions of Any Classifier","title-short":"\"Why Should I Trust You?","type":"article","URL":"http://arxiv.org/abs/1602.04938"},{"id":"arkadovVirtualDigitalNuclear2014","abstract":"The article describes the “Virtual Digital VVER–Based Nuclear Power Plant” computerized sys tem comprising a totality of verified initial data (sets of input data for a model intended for describing the behavior of nuclear power plant (NPP) systems in design and emergency modes of their operation) and a uni fied system of new generation computation codes intended for carrying out coordinated computation of the variety of physical processes in the reactor core and NPP equipment. Experiments with the demonstration version of the “Virtual Digital VVER Based NPP” computerized system has shown that it is in principle pos sible to set up a unified system of computation codes in a common software environment for carrying out interconnected calculations of various physical phenomena at NPPs constructed according to the standard AES 2006 project. With the full scale version of the “Virtual Digital VVER Based NPP” computerized sys tem put in operation, the concerned engineering, design, construction, and operating organizations will have access to all necessary information relating to the NPP power unit project throughout its entire lifecycle. The domestically developed commercial grade software product set to operate as an independently operating application to the project will bring about additional competitive advantages in the modern market of nuclear power technologies.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Arkadov","given":"G. V."},{"family":"Zhukavin","given":"A. P."},{"family":"Kroshilin","given":"A. E."},{"family":"Parshikov","given":"I. A."},{"family":"Solov’ev","given":"S. L."},{"family":"Shishov","given":"A. V."}],"citation-key":"arkadovVirtualDigitalNuclear2014","container-title":"Thermal Engineering","container-title-short":"Therm. Eng.","DOI":"10.1134/S0040601514100012","ISSN":"0040-6015, 1555-6301","issue":"10","issued":{"date-parts":[["2014",10]]},"language":"en","page":"697-705","source":"DOI.org (Crossref)","title":"The virtual digital nuclear power plant: A modern tool for supporting the lifecycle of VVER-based nuclear power units","title-short":"The virtual digital nuclear power plant","type":"article-journal","URL":"http://link.springer.com/10.1134/S0040601514100012","volume":"61"},{"id":"cookIndustrialControlSystem2017","abstract":"The threat to Industrial Control Systems (ICS) from cyber attacks is widely acknowledged by governments and literature. Operators of ICS are looking to address these threats in an effective and cost-sensitive manner that does not expose their operations to additional risks through invasive testing. Whilst existing standards and guidelines offer comprehensive advice for reviewing the security of ICS infrastructure, resource and time limitations can lead to incomplete assessments or undesirably long countermeasure implementation schedules. In this paper we consider the problem of undertaking efﬁcient cyber security risk assessments and implementing mitigations in large, established ICS operations for which a full security review cannot be implemented on a constrained timescale. The contribution is the Industrial Control System Cyber Defence Triage Process (ICS-CDTP). ICS-CDTP determines areas of priority where the impact of attacks is greatest, and where initial investment reduces the organisation’s overall exposure swiftly. ICS-CDTP is designed to be a precursor to a wider, holistic review across the operation following established security management approaches. ICS-CDTP is a novel combination of the Diamond Model of Intrusion Analysis, the Mandiant Attack Lifecycle, and the CARVER Matrix, allowing for an effective triage of attack vectors and likely targets for a capable antagonist. ICS-CDTP identiﬁes and focuses on key ICS processes and their exposure to cyber threats with the view to maintain critical operations. The article deﬁnes ICS-CDTP and exempliﬁes its application using a ﬁctitious water treatment facility, and explains its evaluation as part of a large-scale serious game exercise.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Cook","given":"Allan"},{"family":"Janicke","given":"Helge"},{"family":"Smith","given":"Richard"},{"family":"Maglaras","given":"Leandros"}],"citation-key":"cookIndustrialControlSystem2017","container-title":"Computers & Security","container-title-short":"Computers & Security","DOI":"10.1016/j.cose.2017.07.009","ISSN":"01674048","issued":{"date-parts":[["2017",9]]},"language":"en","page":"467-481","source":"DOI.org (Crossref)","title":"The industrial control system cyber defence triage process","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0167404817301505","volume":"70"},{"id":"glaessgenDigitalTwinParadigm2012","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Glaessgen","given":"Edward"},{"family":"Stargel","given":"David"}],"citation-key":"glaessgenDigitalTwinParadigm2012","container-title":"53rd AIAA/ASME/ASCE/AHS/ASC Structures, Structural Dynamics and Materials Conference&lt;BR&gt;20th AIAA/ASME/AHS Adaptive Structures Conference&lt;BR&gt;14th AIAA","DOI":"10.2514/6.2012-1818","event-place":"Honolulu, Hawaii","event-title":"53rd AIAA/ASME/ASCE/AHS/ASC Structures, Structural Dynamics and Materials Conference<BR>20th AIAA/ASME/AHS Adaptive Structures Conference<BR>14th AIAA","ISBN":"978-1-60086-937-2","issued":{"date-parts":[["2012",4,23]]},"language":"en","publisher":"American Institute of Aeronautics and Astronautics","publisher-place":"Honolulu, Hawaii","source":"DOI.org (Crossref)","title":"The Digital Twin Paradigm for Future NASA and U.S. Air Force Vehicles","type":"paper-conference","URL":"http://arc.aiaa.org/doi/abs/10.2514/6.2012-1818"},{"id":"smilkovSmoothGradRemovingNoise2017","abstract":"Explaining the output of a deep network remains a challenge. In the case of an image classiﬁer, one type of explanation is to identify pixels that strongly inﬂuence the ﬁnal decision. A starting point for this strategy is the gradient of the class score function with respect to the input image. This gradient can be interpreted as a sensitivity map, and there are several techniques that elaborate on this basic idea. This paper makes two contributions: it introduces SMOOTHGRAD, a simple method that can help visually sharpen gradient-based sensitivity maps, and it discusses lessons in the visualization of these maps. We publish the code for our experiments and a website with our results.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Smilkov","given":"Daniel"},{"family":"Thorat","given":"Nikhil"},{"family":"Kim","given":"Been"},{"family":"Viégas","given":"Fernanda"},{"family":"Wattenberg","given":"Martin"}],"citation-key":"smilkovSmoothGradRemovingNoise2017","issued":{"date-parts":[["2017",6,12]]},"language":"en","number":"arXiv:1706.03825","publisher":"arXiv","source":"arXiv.org","title":"SmoothGrad: removing noise by adding noise","title-short":"SmoothGrad","type":"article","URL":"http://arxiv.org/abs/1706.03825"},{"id":"skjerveSimulatorbasedHumanFactors2011","accessed":{"date-parts":[["2023",10,11]]},"citation-key":"skjerveSimulatorbasedHumanFactors2011","DOI":"10.1007/978-0-85729-003-8","editor":[{"family":"Skjerve","given":"Ann Britt"},{"family":"Bye","given":"Andreas"}],"event-place":"London","ISBN":"978-0-85729-002-1 978-0-85729-003-8","issued":{"date-parts":[["2011"]]},"language":"en","publisher":"Springer London","publisher-place":"London","source":"DOI.org (Crossref)","title":"Simulator-based Human Factors Studies Across 25 Years: The History of the Halden Man-Machine Laboratory","title-short":"Simulator-based Human Factors Studies Across 25 Years","type":"book","URL":"https://link.springer.com/10.1007/978-0-85729-003-8"},{"id":"hermansaSensorBasedPredictiveMaintenance2021","abstract":"In this paper, the problem of the identiﬁcation of undesirable events is discussed. Such events can be poorly represented in the historical data, and it is predominantly impossible to learn from past examples. The discussed issue is considered in the work in the context of two use cases in which vibration and temperature measurements collected by wireless sensors are analysed. These use cases include crushers at a coal-ﬁred power plant and gantries in a steelworks converter. The awareness, resulting from the cooperation with industry, of the need for a system that works in cold start conditions and does not ﬂood the machine operator with alarms was the motivation for proposing a new predictive maintenance method. The proposed solution is based on the methods of outlier identiﬁcation. These methods are applied to the collected data that was transformed into a multidimensional feature vector. The novelty of the proposed solution stems from the creation of a methodology for the reduction of false positive alarms, which was applied to a system identifying undesirable events. This methodology is based on the adaptation of the system to the analysed data, the interaction with the dispatcher, and the use of the XAI (eXplainable Artiﬁcial Intelligence) method. The experiments performed on several data sets showed that the proposed method reduced false alarms by 90.25% on average in relation to the performance of the stand-alone outlier detection method. The obtained results allowed for the implementation of the developed method to a system operating in a real industrial facility. The conducted research may be valuable for systems with a cold start problem where frequent alarms can lead to discouragement and disregard for the system by the user.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Hermansa","given":"Marek"},{"family":"Kozielski","given":"Michał"},{"family":"Michalak","given":"Marcin"},{"family":"Szczyrba","given":"Krzysztof"},{"family":"Wróbel","given":"Łukasz"},{"family":"Sikora","given":"Marek"}],"citation-key":"hermansaSensorBasedPredictiveMaintenance2021","container-title":"Sensors","container-title-short":"Sensors","DOI":"10.3390/s22010226","ISSN":"1424-8220","issue":"1","issued":{"date-parts":[["2021",12,29]]},"language":"en","page":"226","source":"DOI.org (Crossref)","title":"Sensor-Based Predictive Maintenance with Reduction of False Alarms—A Case Study in Heavy Industry","type":"article-journal","URL":"https://www.mdpi.com/1424-8220/22/1/226","volume":"22"},{"id":"bifflSecurityQualityCyberPhysical2019","accessed":{"date-parts":[["2023",10,11]]},"citation-key":"bifflSecurityQualityCyberPhysical2019","DOI":"10.1007/978-3-030-25312-7","editor":[{"family":"Biffl","given":"Stefan"},{"family":"Eckhart","given":"Matthias"},{"family":"Lüder","given":"Arndt"},{"family":"Weippl","given":"Edgar"}],"event-place":"Cham","ISBN":"978-3-030-25311-0 978-3-030-25312-7","issued":{"date-parts":[["2019"]]},"language":"en","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Security and Quality in Cyber-Physical Systems Engineering: With Forewords by Robert M. Lee and Tom Gilb","title-short":"Security and Quality in Cyber-Physical Systems Engineering","type":"book","URL":"http://link.springer.com/10.1007/978-3-030-25312-7"},{"id":"tuegelReengineeringAircraftStructural2011","abstract":"Reengineering of the aircraft structural life prediction process to fully exploit advances in very high performance digital computing is proposed. The proposed process utilizes an ultrahigh fidelity model of individual aircraft by tail number, a Digital Twin, to integrate computation of structural deflections and temperatures in response to flight conditions, with resulting local damage and material state evolution. A conceptual model of how the Digital Twin can be used for predicting the life of aircraft structure and assuring its structural integrity is presented. The technical challenges to developing and deploying a Digital Twin are discussed in detail.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Tuegel","given":"Eric J."},{"family":"Ingraffea","given":"Anthony R."},{"family":"Eason","given":"Thomas G."},{"family":"Spottswood","given":"S. Michael"}],"citation-key":"tuegelReengineeringAircraftStructural2011","container-title":"International Journal of Aerospace Engineering","container-title-short":"International Journal of Aerospace Engineering","DOI":"10.1155/2011/154798","ISSN":"1687-5966, 1687-5974","issued":{"date-parts":[["2011"]]},"language":"en","page":"1-14","source":"DOI.org (Crossref)","title":"Reengineering Aircraft Structural Life Prediction Using a Digital Twin","type":"article-journal","URL":"http://www.hindawi.com/journals/ijae/2011/154798/","volume":"2011"},{"id":"murdochDefinitionsMethodsApplications2019","abstract":"Significance\n            The recent surge in interpretability research has led to confusion on numerous fronts. In particular, it is unclear what it means to be interpretable and how to select, evaluate, or even discuss methods for producing interpretations of machine-learning models. We aim to clarify these concerns by defining interpretable machine learning and constructing a unifying framework for existing methods which highlights the underappreciated role played by human audiences. Within this framework, methods are organized into 2 classes: model based and post hoc. To provide guidance in selecting and evaluating interpretation methods, we introduce 3 desiderata: predictive accuracy, descriptive accuracy, and relevancy. Using our framework, we review existing work, grounded in real-world studies which exemplify our desiderata, and suggest directions for future work.\n          , \n            Machine-learning models have demonstrated great success in learning complex patterns that enable them to make predictions about unobserved data. In addition to using models for prediction, the ability to interpret what a model has learned is receiving an increasing amount of attention. However, this increased focus has led to considerable confusion about the notion of interpretability. In particular, it is unclear how the wide array of proposed interpretation methods are related and what common concepts can be used to evaluate them. We aim to address these concerns by defining interpretability in the context of machine learning and introducing the predictive, descriptive, relevant (PDR) framework for discussing interpretations. The PDR framework provides 3 overarching desiderata for evaluation: predictive accuracy, descriptive accuracy, and relevancy, with relevancy judged relative to a human audience. Moreover, to help manage the deluge of interpretation methods, we introduce a categorization of existing techniques into model-based and post hoc categories, with subgroups including sparsity, modularity, and simulatability. To demonstrate how practitioners can use the PDR framework to evaluate and understand interpretations, we provide numerous real-world examples. These examples highlight the often underappreciated role played by human audiences in discussions of interpretability. Finally, based on our framework, we discuss limitations of existing methods and directions for future work. We hope that this work will provide a common vocabulary that will make it easier for both practitioners and researchers to discuss and choose from the full range of interpretation methods.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Murdoch","given":"W. James"},{"family":"Singh","given":"Chandan"},{"family":"Kumbier","given":"Karl"},{"family":"Abbasi-Asl","given":"Reza"},{"family":"Yu","given":"Bin"}],"citation-key":"murdochDefinitionsMethodsApplications2019","container-title":"Proceedings of the National Academy of Sciences","container-title-short":"Proc. Natl. Acad. Sci. U.S.A.","DOI":"10.1073/pnas.1900654116","ISSN":"0027-8424, 1091-6490","issue":"44","issued":{"date-parts":[["2019",10,29]]},"language":"en","page":"22071-22080","source":"DOI.org (Crossref)","title":"Definitions, methods, and applications in interpretable machine learning","type":"article-journal","URL":"https://pnas.org/doi/full/10.1073/pnas.1900654116","volume":"116"},{"id":"pattersonFrameworkIntegratedNuclear2016","abstract":"A conceptual framework is proposed for a digital environment extending from the prototype design of nuclear plants through operations and decommissioning to storage and waste disposal. The environment consists of a series of interconnected multi-scale, multi-physics computational models linked to the realworld by data acquired during validation of prototypes, in-service monitoring and inspections of plant, post-shut-down inspections of plant and in-situ monitoring of stored waste. The technology gaps for the implementation of the integrated nuclear digital environment (INDE) are identiﬁed and discussed together with the advantages to be gained from its implementation. Implementation of INDE will be dependent on future advances in High Performance Computing systems approaching the exascale and parallel advances in the development of algorithms for processing large amounts of data. The data itself will be acquired through innovations in measurement, analysis and uncertainty and will be applied through projects relating to lifetime extension, decommissioning and resurgent national science programmes. It is postulated that the existence of this type of framework might be inevitable given both nuclear-speciﬁc and non-nuclear drivers and may be essential for the nuclear industry to deliver current and future challenges from the clean-up of legacy waste sites to time and budget, future generation nuclear reactors and small-scale mass-production of modular nuclear power plants. It is proposed that implementation of INDE will lead to shorten development times, reduced costs and increased credibility, operability, reliability and safety.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Patterson","given":"Eann A."},{"family":"Taylor","given":"Richard J."},{"family":"Bankhead","given":"Mark"}],"citation-key":"pattersonFrameworkIntegratedNuclear2016","container-title":"Progress in Nuclear Energy","container-title-short":"Progress in Nuclear Energy","DOI":"10.1016/j.pnucene.2015.11.009","ISSN":"01491970","issued":{"date-parts":[["2016",3]]},"language":"en","page":"97-103","source":"DOI.org (Crossref)","title":"A framework for an integrated nuclear digital environment","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0149197015301104","volume":"87"},{"id":"parkReliableIntelligentDiagnostic2022","abstract":"When abnormal operating conditions occur in nuclear power plants, operators must identify the occurrence cause and implement the necessary mitigation measures. Accordingly, the operator must rapidly and accurately analyze the symptom requirements of more than 200 abnormal scenarios from the trends of many variables to perform diagnostic tasks and implement mitigation actions rapidly. However, the probability of human error increases owing to the characteristics of the diagnostic tasks performed by the operator. Researches regarding diagnostic tasks based on Artiﬁcial Intelligence (AI) have been conducted recently to reduce the likelihood of human errors; however, reliability issues due to the black box characteristics of AI have been pointed out. Hence, the application of eXplainable Artiﬁcial Intelligence (XAI), which can provide AI diagnostic evidence for operators, is considered. In conclusion, the XAI to solve the reliability problem of AI is included in the AI-based diagnostic algorithm. A reliable intelligent diagnostic assistant based on a merged diagnostic algorithm, in the form of an operator support system, is developed, and includes an interface to efﬁciently inform operators.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Park","given":"Ji Hun"},{"family":"Jo","given":"Hye Seon"},{"family":"Lee","given":"Sang Hyun"},{"family":"Oh","given":"Sang Won"},{"family":"Na","given":"Man Gyun"}],"citation-key":"parkReliableIntelligentDiagnostic2022","container-title":"Nuclear Engineering and Technology","container-title-short":"Nuclear Engineering and Technology","DOI":"10.1016/j.net.2021.10.024","ISSN":"17385733","issue":"4","issued":{"date-parts":[["2022",4]]},"language":"en","page":"1271-1287","source":"DOI.org (Crossref)","title":"A reliable intelligent diagnostic assistant for nuclear power plants using explainable artificial intelligence of GRU-AE, LightGBM and SHAP","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1738573321006082","volume":"54"},{"id":"dammLscBreathingLife1999","abstract":"While message sequence charts (MSCs) are widely used in industry to document the interworking of processes or objects, they are expressively weak, being based on the modest semantic notion of a partial ordering of events as deﬁned, e.g., in the ITU standard. A highly expressive and rigorously deﬁned MSC language is a must for serious, semantically meaningful tool support for use-cases and scenarios. It is also a prerequisite to addressing what we regard as one of the central problems in behavioral speciﬁcation of systems: relating scenario-based inter-object speciﬁcation to state-machine intra-object speciﬁcation. This paper proposes an extension of MSCs, which we call live sequence charts (or LSCs), since our main extension deals with specifying “liveness”, i.e., things that must occur. In fact, LSCs allow the distinction between possible and necessary behavior both globally, on the level of an entire chart and locally, when specifying events, conditions and progress over time within a chart. This makes it possible to specify forbidden scenarios, for example, and enables naturally speciﬁed structuring constructs such as subcharts, branching and iteration.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Damm","given":"Werner"},{"family":"Harel","given":"David"}],"citation-key":"dammLscBreathingLife1999","container-title":"Formal Methods for Open Object-Based Distributed Systems","DOI":"10.1007/978-0-387-35562-7_23","editor":[{"family":"Ciancarini","given":"Paolo"},{"family":"Fantechi","given":"Alessandro"},{"family":"Gorrieri","given":"Robert"}],"event-place":"Boston, MA","ISBN":"978-1-4757-5266-3 978-0-387-35562-7","issued":{"date-parts":[["1999"]]},"language":"en","page":"293-311","publisher":"Springer US","publisher-place":"Boston, MA","source":"DOI.org (Crossref)","title":"Lsc’s: Breathing Life Into Message Sequence Charts","title-short":"Lsc’s","type":"chapter","URL":"http://link.springer.com/10.1007/978-0-387-35562-7_23"},{"id":"platzerLogicalFoundationsCyberPhysical2018","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Platzer","given":"André"}],"citation-key":"platzerLogicalFoundationsCyberPhysical2018","DOI":"10.1007/978-3-319-63588-0","event-place":"Cham","ISBN":"978-3-319-63587-3 978-3-319-63588-0","issued":{"date-parts":[["2018"]]},"language":"en","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Logical Foundations of Cyber-Physical Systems","type":"book","URL":"http://link.springer.com/10.1007/978-3-319-63588-0"},{"id":"molnarInterpretableMachineLearning","author":[{"family":"Molnar","given":"Christoph"}],"citation-key":"molnarInterpretableMachineLearning","language":"en","source":"Zotero","title":"Interpretable Machine Learning","type":"article-journal"},{"id":"kimInterpretabilityFeatureAttribution2018","abstract":"The interpretation of deep learning models is a challenge due to their size, complexity, and often opaque internal state. In addition, many systems, such as image classiﬁers, operate on low-level features rather than high-level concepts. To address these challenges, we introduce Concept Activation Vectors (CAVs), which provide an interpretation of a neural net’s internal state in terms of human-friendly concepts. The key idea is to view the high-dimensional internal state of a neural net as an aid, not an obstacle. We show how to use CAVs as part of a technique, Testing with CAVs (TCAV), that uses directional derivatives to quantify the degree to which a user-deﬁned concept is important to a classiﬁcation result–for example, how sensitive a prediction of zebra is to the presence of stripes. Using the domain of image classiﬁcation as a testing ground, we describe how CAVs may be used to explore hypotheses and generate insights for a standard image classiﬁcation network as well as a medical application.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Kim","given":"Been"},{"family":"Wattenberg","given":"Martin"},{"family":"Gilmer","given":"Justin"},{"family":"Cai","given":"Carrie"},{"family":"Wexler","given":"James"},{"family":"Viegas","given":"Fernanda"},{"family":"Sayres","given":"Rory"}],"citation-key":"kimInterpretabilityFeatureAttribution2018","issued":{"date-parts":[["2018",6,7]]},"language":"en","number":"arXiv:1711.11279","publisher":"arXiv","source":"arXiv.org","title":"Interpretability Beyond Feature Attribution: Quantitative Testing with Concept Activation Vectors (TCAV)","title-short":"Interpretability Beyond Feature Attribution","type":"article","URL":"http://arxiv.org/abs/1711.11279"},{"id":"chenIntegratedIntelligentManufacturing2017","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Chen","given":"Yubao"}],"citation-key":"chenIntegratedIntelligentManufacturing2017","container-title":"Engineering","container-title-short":"Engineering","DOI":"10.1016/J.ENG.2017.04.009","ISSN":"20958099","issue":"5","issued":{"date-parts":[["2017",10]]},"language":"en","page":"588-595","source":"DOI.org (Crossref)","title":"Integrated and Intelligent Manufacturing: Perspectives and Enablers","title-short":"Integrated and Intelligent Manufacturing","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S2095809917307105","volume":"3"},{"id":"ayo-imoruHybridNuclearPlant2017","abstract":"With nuclear plant full scope simulator technology reaching maturity, the possibility of using its capabilities in expert systems such as online plant diagnostics has become a reality. The effectiveness of plant diagnostics using real-time simulated measurements as a plant reference has been shown in previous papers. However, in order to implement these systems, the full scope plant simulator needs to be designed speciﬁcally with this application in mind. This will help in maximising the effectiveness and scope of use of the system. This paper investigates the various simulator technologies available as well as the development strategies and focus areas to establish the design requirements of a single, full scope engineering and training nuclear plant simulator. This can be implemented to provide a real-time dynamic reference to the plant diagnostic system.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Ayo-Imoru","given":"R.M."},{"family":"Cilliers","given":"A.C."}],"citation-key":"ayo-imoruHybridNuclearPlant2017","container-title":"Annals of Nuclear Energy","container-title-short":"Annals of Nuclear Energy","DOI":"10.1016/j.anucene.2016.11.034","ISSN":"03064549","issued":{"date-parts":[["2017",3]]},"language":"en","page":"447-453","source":"DOI.org (Crossref)","title":"Hybrid nuclear plant simulator design requirements to enable dynamic diagnostics of plant operations","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0306454916308283","volume":"101"},{"id":"selvarajuGradCAMVisualExplanations2020","abstract":"We propose a technique for producing ‘visual explanations’ for decisions from a large class of Convolutional Neural Network (CNN)-based models, making them more transparent and explainable.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Selvaraju","given":"Ramprasaath R."},{"family":"Cogswell","given":"Michael"},{"family":"Das","given":"Abhishek"},{"family":"Vedantam","given":"Ramakrishna"},{"family":"Parikh","given":"Devi"},{"family":"Batra","given":"Dhruv"}],"citation-key":"selvarajuGradCAMVisualExplanations2020","container-title":"International Journal of Computer Vision","container-title-short":"Int J Comput Vis","DOI":"10.1007/s11263-019-01228-7","ISSN":"0920-5691, 1573-1405","issue":"2","issued":{"date-parts":[["2020",2]]},"language":"en","page":"336-359","source":"arXiv.org","title":"Grad-CAM: Visual Explanations from Deep Networks via Gradient-based Localization","title-short":"Grad-CAM","type":"article-journal","URL":"http://arxiv.org/abs/1610.02391","volume":"128"},{"id":"szegedyGoingDeeperConvolutions2015","abstract":"We propose a deep convolutional neural network architecture codenamed Inception that achieves the new state of the art for classiﬁcation and detection in the ImageNet Large-Scale Visual Recognition Challenge 2014 (ILSVRC14). The main hallmark of this architecture is the improved utilization of the computing resources inside the network. By a carefully crafted design, we increased the depth and width of the network while keeping the computational budget constant. To optimize quality, the architectural decisions were based on the Hebbian principle and the intuition of multi-scale processing. One particular incarnation used in our submission for ILSVRC14 is called GoogLeNet, a 22 layers deep network, the quality of which is assessed in the context of classiﬁcation and detection.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Szegedy","given":"Christian"},{"literal":"Wei Liu"},{"literal":"Yangqing Jia"},{"family":"Sermanet","given":"Pierre"},{"family":"Reed","given":"Scott"},{"family":"Anguelov","given":"Dragomir"},{"family":"Erhan","given":"Dumitru"},{"family":"Vanhoucke","given":"Vincent"},{"family":"Rabinovich","given":"Andrew"}],"citation-key":"szegedyGoingDeeperConvolutions2015","container-title":"2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","DOI":"10.1109/CVPR.2015.7298594","event-place":"Boston, MA, USA","event-title":"2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","ISBN":"978-1-4673-6964-0","issued":{"date-parts":[["2015",6]]},"language":"en","page":"1-9","publisher":"IEEE","publisher-place":"Boston, MA, USA","source":"DOI.org (Crossref)","title":"Going deeper with convolutions","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7298594/"},{"id":"kapteynPhysicsBasedModelsPredictive2020","abstract":"This work develops a methodology for creating a data-driven digital twin from a library of physics-based models representing various asset states. The digital twin is updated using interpretable machine learning. Specifically, we use optimal trees---a recently developed scalable machine learning method---to train an interpretable data-driven classifier. Training data for the classifier are generated offline using simulated scenarios solved by the library of physics-based models. These data can be further augmented using experimental or other historical data. In operation, the classifier uses observational data from the asset to infer which physics-based models in the model library are the best candidates for the updated digital twin. The approach is demonstrated through the development of a structural digital twin for a 12ft wingspan unmanned aerial vehicle. This digital twin is built from a library of reduced-order models of the vehicle in a range of structural states. The data-driven digital twin dynamically updates in response to structural damage or degradation and enables the aircraft to replan a safe mission accordingly. Within this context, we study the performance of the optimal tree classifiers and demonstrate how their interpretability enables explainable structural assessments from sparse sensor measurements, and also informs optimal sensor placement.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Kapteyn","given":"Michael G."},{"family":"Willcox","given":"Karen E."}],"citation-key":"kapteynPhysicsBasedModelsPredictive2020","issued":{"date-parts":[["2020",4,28]]},"language":"en","number":"arXiv:2004.11356","publisher":"arXiv","source":"arXiv.org","title":"From Physics-Based Models to Predictive Digital Twins via Interpretable Machine Learning","type":"article","URL":"http://arxiv.org/abs/2004.11356"},{"id":"slackFoolingLIMESHAP2020","abstract":"As machine learning black boxes are increasingly being deployed in domains such as healthcare and criminal justice, there is growing emphasis on building tools and techniques for explaining these black boxes in an interpretable manner. Such explanations are being leveraged by domain experts to diagnose systematic errors and underlying biases of black boxes. In this paper, we demonstrate that post hoc explanations techniques that rely on input perturbations, such as LIME and SHAP, are not reliable. Specifically, we propose a novel scaffolding technique that effectively hides the biases of any given classifier by allowing an adversarial entity to craft an arbitrary desired explanation. Our approach can be used to scaffold any biased classifier in such a way that its predictions on the input data distribution still remain biased, but the post hoc explanations of the scaffolded classifier look innocuous. Using extensive evaluation with multiple real world datasets (including COMPAS), we demonstrate how extremely biased (racist) classifiers crafted by our framework can easily fool popular explanation techniques such as LIME and SHAP into generating innocuous explanations which do not reflect the underlying biases.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Slack","given":"Dylan"},{"family":"Hilgard","given":"Sophie"},{"family":"Jia","given":"Emily"},{"family":"Singh","given":"Sameer"},{"family":"Lakkaraju","given":"Himabindu"}],"citation-key":"slackFoolingLIMESHAP2020","container-title":"Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society","DOI":"10.1145/3375627.3375830","event-place":"New York NY USA","event-title":"AIES '20: AAAI/ACM Conference on AI, Ethics, and Society","ISBN":"978-1-4503-7110-0","issued":{"date-parts":[["2020",2,7]]},"language":"en","page":"180-186","publisher":"ACM","publisher-place":"New York NY USA","source":"DOI.org (Crossref)","title":"Fooling LIME and SHAP: Adversarial Attacks on Post hoc Explanation Methods","title-short":"Fooling LIME and SHAP","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3375627.3375830"},{"id":"yaoModelBasedDeepTransfer2022","abstract":"Deep learning–based nuclear intelligent fault detection and diagnosis (FDD) methods have been widely developed and have achieved very competitive results with the progress of artiﬁcial intelligence technology. However, the pretrained model for diagnosis tasks is hard in achieving good performance when the reactor operation conditions are updated. On the other hand, retraining the model for a new data set will waste computing resources. This article proposes an FDD method for cross-condition and cross-facility tasks based on the optimized transferable convolutional neural network (CNN) model. First, by using the pretrained model’s prior knowledge, the model’s diagnosis performance to be transferred for source domain data sets is improved. Second, a model-based transfer learning strategy is adopted to freeze the feature extraction layer in a part of the training model. Third, the training data in target domain data sets are used to optimize the model layer by layer to ﬁnd the optimization model with the transferred layer. Finally, the proposed comprehensive simulation platform provides source and target cross-condition and cross-facility data sets to support case studies. The designed model utilizes the strong nonlinear feature extraction performance of a deep network and applies the prior knowledge of pretrained models to improve the accuracy and timeliness of training. The results show that the proposed method is superior to achieving good generalization performance at less training epoch than the retraining benchmark deep CNN model.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Yao","given":"Yuantao"},{"family":"Ge","given":"Daochuan"},{"family":"Yu","given":"Jie"},{"family":"Xie","given":"Min"}],"citation-key":"yaoModelBasedDeepTransfer2022","container-title":"Frontiers in Energy Research","container-title-short":"Front. Energy Res.","DOI":"10.3389/fenrg.2022.823395","ISSN":"2296-598X","issued":{"date-parts":[["2022",3,2]]},"language":"en","page":"823395","source":"DOI.org (Crossref)","title":"Model-Based Deep Transfer Learning Method to Fault Detection and Diagnosis in Nuclear Power Plants","type":"article-journal","URL":"https://www.frontiersin.org/articles/10.3389/fenrg.2022.823395/full","volume":"10"},{"id":"nguyenModelBasedDiagnosticFrameworks","author":[{"family":"Nguyen","given":"Tat Nghia"}],"citation-key":"nguyenModelBasedDiagnosticFrameworks","language":"en","source":"Zotero","title":"Model-Based Diagnostic Frameworks for Fault Detection and System Monitoring in Nuclear Engineering Systems","type":"article-journal"},{"id":"guoNewModelbasedApproach2014","abstract":"With the fast growth in intermittent renewable power generation, unprecedented demands for power plant operation ﬂexibility have posed new challenges to the ageing conventional power plants in the UK. Adding biomass to coal for co-ﬁred power generation has become widely implemented practices in order to meet the emission regulation targets. These have impacted the coal mill and power plant operation safety and reliability. The Vertical Spindle mill model was developed through the authors’ work before 2007. From then, the new research progress has been made in modelling and condition monitoring for Tube-ball mills and is reported in the paper. A mathematical model for Tube-ball milling process is developed by applying engineering principles combined with model unknown parameter identiﬁcations using a computational intelligent algorithm. The model describes the whole milling process from the mill idle status, start-up to normal grinding and shut-down. The model is veriﬁed using on-site measurement data and on-line test. The on-line model is used for mill condition monitoring in two ways: (i) to compare the predicted and measured mill output pressure and temperatures and to raise alarms if there are big discrepancies; and (ii) to monitor the mill model parameter variation patterns which detect the potential faults and mill malfunctions.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Guo","given":"Shen"},{"family":"Wang","given":"Jihong"},{"family":"Wei","given":"Jianlin"},{"family":"Zachariades","given":"Paschalis"}],"citation-key":"guoNewModelbasedApproach2014","container-title":"Energy Conversion and Management","container-title-short":"Energy Conversion and Management","DOI":"10.1016/j.enconman.2013.12.046","ISSN":"01968904","issued":{"date-parts":[["2014",4]]},"language":"en","page":"10-19","source":"DOI.org (Crossref)","title":"A new model-based approach for power plant Tube-ball mill condition monitoring and fault detection","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0196890413008224","volume":"80"},{"id":"herlockerExplainingCollaborativeFiltering2000","abstract":"Automated collaborative filtering (ACF) systems predict a person’s affinity for items or information by connecting that person’s recorded interests with the recorded interests of a community of people and sharing ratings between likeminded persons. However, current recommender systems are black boxes, providing no transparency into the working of the recommendation. Explanations provide that transparency, exposing the reasoning and data behind a recommendation. In this paper, we address explanation interfaces for ACF systems – how they should be implemented and why they should be implemented. To explore how, we present a model for explanations based on the user’s conceptual model of the recommendation process. We then present experimental results demonstrating what components of an explanation are the most compelling. To address why, we present experimental evidence that shows that providing explanations can improve the acceptance of ACF systems. We also describe some initial explorations into measuring how explanations can improve the filtering performance of users.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Herlocker","given":"Jonathan L."},{"family":"Konstan","given":"Joseph A."},{"family":"Riedl","given":"John"}],"citation-key":"herlockerExplainingCollaborativeFiltering2000","container-title":"Proceedings of the 2000 ACM conference on Computer supported cooperative work","DOI":"10.1145/358916.358995","event-place":"Philadelphia Pennsylvania USA","event-title":"CSCW00: Computer Supported Cooperative Work","ISBN":"978-1-58113-222-9","issued":{"date-parts":[["2000",12]]},"language":"en","page":"241-250","publisher":"ACM","publisher-place":"Philadelphia Pennsylvania USA","source":"DOI.org (Crossref)","title":"Explaining collaborative filtering recommendations","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/358916.358995"},{"id":"zhangExplainableHumanintheloopDynamic2022","abstract":"Digital Twins (DT) are essentially Dynamic Data-driven models that serve as real-time symbiotic “virtual replicas” of real-world systems. DT can leverage fundamentals of Dynamic Data-Driven Applications Systems (DDDAS) bidirectional symbiotic sensing feedback loops for its continuous updates. Sensing loops can consequently steer measurement, analysis and reconﬁguration aimed at more accurate modelling and analysis in DT. The reconﬁguration decisions can be autonomous or interactive, keeping human-in-the-loop. The trustworthiness of these decisions can be hindered by inadequate explainability of the rationale, and utility gained in implementing the decision for the given situation among alternatives. Additionally, diﬀerent decision-making algorithms and models have varying complexity, quality and can result in diﬀerent utility gained for the model. The inadequacy of explainability can limit the extent to which humans can evaluate the decisions, often leading to updates which are unﬁt for the given situation, erroneous, compromising the overall accuracy of the model. The novel contribution of this paper is an approach to harnessing explainability in human-in-the-loop DDDAS and DT systems, leveraging bidirectional symbiotic sensing feedback. The approach utilises interpretable machine learning and goal modelling to explainability, and considers trade-oﬀ analysis of utility gained. We use examples from smart warehousing to demonstrate the approach.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Zhang","given":"Nan"},{"family":"Bahsoon","given":"Rami"},{"family":"Tziritas","given":"Nikos"},{"family":"Theodoropoulos","given":"Georgios"}],"citation-key":"zhangExplainableHumanintheloopDynamic2022","issued":{"date-parts":[["2022",11,22]]},"language":"en","number":"arXiv:2207.09106","publisher":"arXiv","source":"arXiv.org","title":"Explainable Human-in-the-loop Dynamic Data-Driven Digital Twins","type":"article","URL":"http://arxiv.org/abs/2207.09106"},{"id":"hwangESFDExplainableSensor2021","abstract":"Industrial Control Systems (ICS) are evolving into smart environments with increased interconnectivity by being connected to the Internet. These changes increase the likelihood of security vulnerabilities and accidents. As the risk of cyberattacks on ICS has increased, various anomaly detection studies are being conducted to detect abnormal situations in industrial processes. However, anomaly detection in ICS suffers from numerous false alarms. When false alarms occur, multiple sensors need to be checked, which is impractical. In this study, when an anomaly is detected, sensors displaying abnormal behavior are visually presented through XAI-based analysis to support quick practical actions and operations. Anomaly Detection has designed and applied better anomaly detection technology than the ﬁrst prize at HAICon2020, an ICS security threat detection AI contest hosted by the National Security Research Institute last year, and explains the anomalies detected in its model. To the best of our knowledge, our work is at the forefront of explainable anomaly detection research in ICS. Therefore, it is expected to increase the utilization of anomaly detection technology in ICS.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Hwang","given":"Chanwoong"},{"family":"Lee","given":"Taejin"}],"citation-key":"hwangESFDExplainableSensor2021","container-title":"IEEE Access","container-title-short":"IEEE Access","DOI":"10.1109/ACCESS.2021.3119573","ISSN":"2169-3536","issued":{"date-parts":[["2021"]]},"language":"en","page":"140470-140486","source":"DOI.org (Crossref)","title":"E-SFD: Explainable Sensor Fault Detection in the ICS Anomaly Detection System","title-short":"E-SFD","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9568906/","volume":"9"},{"id":"nguyenDigitalTwinApproach2022","abstract":"Automating the task of fault detection and diagnosis is crucial in the effort to reduce the operation and maintenance cost in the nuclear industry. This paper describes a physics-based approach for system-level diagnosis in thermal–hydraulic systems in nuclear power plants. The inclusion of physics information allows for the creation of virtual sensors, which provide improved fault diagnosis capability. The physics information also serves to better constrain diagnostic solutions to the physical domain. As a demonstration, various test cases for fault diagnosis in a high-pressure feedwater system were considered. The use of virtual sensors allows constructing performance models for two ﬁrst-point feedwater heaters which would not have been possible otherwise due to the limited sensor set. Real-time plant data provided by a utility partner were used to assess the diagnostic approach. The detection of an abnormal event immediate after a plant startup pointed to faulty behaviors in the two ﬁrst-point feedwater heaters. This double-blind fault diagnosis was subsequently conﬁrmed by the plant operator. In addition, several simulated sensor fault events demonstrated the capability of our algorithms in detecting and discriminating sensor faults.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Nguyen","given":"Tat Nghia"},{"family":"Ponciroli","given":"Roberto"},{"family":"Bruck","given":"Paul"},{"family":"Esselman","given":"Thomas C."},{"family":"Rigatti","given":"Joseph A."},{"family":"Vilim","given":"Richard B."}],"citation-key":"nguyenDigitalTwinApproach2022","container-title":"Annals of Nuclear Energy","container-title-short":"Annals of Nuclear Energy","DOI":"10.1016/j.anucene.2022.109002","ISSN":"03064549","issued":{"date-parts":[["2022",6]]},"language":"en","page":"109002","source":"DOI.org (Crossref)","title":"A digital twin approach to system-level fault detection and diagnosis for improved equipment health monitoring","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0306454922000378","volume":"170"},{"id":"rasheedDigitalTwinValues2020","abstract":"Digital twin can be deﬁned as a virtual representation of a physical asset enabled through data and simulators for real-time prediction, optimization, monitoring, controlling, and improved decision making. Recent advances in computational pipelines, multiphysics solvers, artiﬁcial intelligence, big data cybernetics, data processing and management tools bring the promise of digital twins and their impact on society closer to reality. Digital twinning is now an important and emerging trend in many applications. Also referred to as a computational megamodel, device shadow, mirrored system, avatar or a synchronized virtual prototype, there can be no doubt that a digital twin plays a transformative role not only in how we design and operate cyber-physical intelligent systems, but also in how we advance the modularity of multi-disciplinary systems to tackle fundamental barriers not addressed by the current, evolutionary modeling practices. In this work, we review the recent status of methodologies and techniques related to the construction of digital twins mostly from a modeling perspective. Our aim is to provide a detailed coverage of the current challenges and enabling technologies along with recommendations and reﬂections for various stakeholders.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Rasheed","given":"Adil"},{"family":"San","given":"Omer"},{"family":"Kvamsdal","given":"Trond"}],"citation-key":"rasheedDigitalTwinValues2020","container-title":"IEEE Access","container-title-short":"IEEE Access","DOI":"10.1109/ACCESS.2020.2970143","ISSN":"2169-3536","issued":{"date-parts":[["2020"]]},"language":"en","page":"21980-22012","source":"DOI.org (Crossref)","title":"Digital Twin: Values, Challenges and Enablers From a Modeling Perspective","title-short":"Digital Twin","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8972429/","volume":"8"},{"id":"ritterDigitalTwinDetect2022","abstract":"Abstract\n            This case study describes the development of technologies that enable digital-engineering and digital-twinning efforts in proliferation detection. The project presents a state-of-the-art approach to support International Atomic Energy Agency (IAEA) safeguards by incorporating diversion-pathway analysis, facility misuse, and the detection of indicators within the reactor core, applying the safeguards-by-design concept, and demonstrates its applicability as a sensitive monitoring system for advanced reactors and power plants. There are two pathways a proliferating state might take using the reactor core. One is “diversion,” where special fissionable nuclear material—i.e., Pu-239, U-233, U enriched in U-233/235—that has been declared to the IAEA is removed surreptitiously, either by taking small amounts of nuclear material over a long time (known as protracted diversion) or large amounts in a short time (known as abrupt diversion). The second pathway is “misuse,” where undeclared source material—material that can be transmuted into special fissionable nuclear material: depleted uranium, natural uranium, and thorium—is placed in the core, where it uses the neutron flux for transmutation. Digital twinning and digital engineering have demonstrated significant performance improvement and schedule reduction in the aerospace, automotive, and construction industries. This integrated modeling approach has not been fully applied to nuclear safeguards programs in the past. Digital twinning, combined with machine learning technologies, can lead to new innovations in process-monitoring detection, specifically in event classification, real-time notification, and data tampering. It represents a technological leap in evaluation and detection capability to safeguard any nuclear facility.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Ritter","given":"Christopher"},{"family":"Hays","given":"Ross"},{"family":"Browning","given":"Jeren"},{"family":"Stewart","given":"Ryan"},{"family":"Bays","given":"Samuel"},{"family":"Reyes","given":"Gustavo"},{"family":"Schanfein","given":"Mark"},{"family":"Pluth","given":"Adam"},{"family":"Sabharwall","given":"Piyush"},{"family":"Kunz","given":"Ross"},{"family":"Shields","given":"Ashley"},{"family":"Koudelka","given":"John"},{"family":"Zohner","given":"Porter"}],"citation-key":"ritterDigitalTwinDetect2022","container-title":"Journal of Energy Resources Technology","DOI":"10.1115/1.4053979","ISSN":"0195-0738, 1528-8994","issue":"10","issued":{"date-parts":[["2022",10,1]]},"language":"en","page":"102108","source":"DOI.org (Crossref)","title":"Digital Twin to Detect Nuclear Proliferation: A Case Study","title-short":"Digital Twin to Detect Nuclear Proliferation","type":"article-journal","URL":"https://asmedigitalcollection.asme.org/energyresources/article/144/10/102108/1137857/Digital-Twin-to-Detect-Nuclear-Proliferation-A","volume":"144"},{"id":"heDatadrivenDigitalTwin2019","abstract":"Due to the installation of various apparatus in process industries, both factors of complex structures and severe operating conditions could result in higher accident frequencies and maintenance challenges. Given the importance of security in process systems, this paper presents a data-driven digital twin system for automatic process applications by integrating virtual modeling, process monitoring, diagnosis, and optimized control into a cooperative architecture. For unknown model parameters, the adaptive system identification is proposed to model closed-loop virtual systems and residual signals with fault-free case data. Performance indices are improved to make the design of robust monitoring and diagnosis system to identify the apparatus status. Soft-sensor, parameterization control, and model-matching reconfiguration are ameliorated and incorporated into the optimized control configuration to guarantee stable and safe control performance under apparatus faults. The effectiveness and performance of the proposed digital twin system are evaluated by using different simulations on the Tennessee Eastman benchmark process in the presence of realistic fault scenarios. © 2019 Published by Elsevier Ltd on behalf of ISA.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"He","given":"Rui"},{"family":"Chen","given":"Guoming"},{"family":"Dong","given":"Che"},{"family":"Sun","given":"Shufeng"},{"family":"Shen","given":"Xiaoyu"}],"citation-key":"heDatadrivenDigitalTwin2019","container-title":"ISA Transactions","container-title-short":"ISA Transactions","DOI":"10.1016/j.isatra.2019.05.011","ISSN":"00190578","issued":{"date-parts":[["2019",12]]},"language":"en","page":"221-234","source":"DOI.org (Crossref)","title":"Data-driven digital twin technology for optimized control in process systems","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0019057819302332","volume":"95"},{"id":"yaacoubCyberphysicalSystemsSecurity2020","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Yaacoub","given":"Jean-Paul A."},{"family":"Salman","given":"Ola"},{"family":"Noura","given":"Hassan N."},{"family":"Kaaniche","given":"Nesrine"},{"family":"Chehab","given":"Ali"},{"family":"Malli","given":"Mohamad"}],"citation-key":"yaacoubCyberphysicalSystemsSecurity2020","container-title":"Microprocessors and Microsystems","container-title-short":"Microprocessors and Microsystems","DOI":"10.1016/j.micpro.2020.103201","ISSN":"01419331","issued":{"date-parts":[["2020",9]]},"language":"en","page":"103201","source":"DOI.org (Crossref)","title":"Cyber-physical systems security: Limitations, issues and future trends","title-short":"Cyber-physical systems security","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0141933120303689","volume":"77"},{"id":"humayedCyberPhysicalSystemsSecurity2017a","abstract":"With the exponential growth of cyber-physical systems (CPSs), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lacks a systematic review of the CPS security literature. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it difﬁcult to study the problem with one generalized model. In this paper, we study and systematize existing research on CPS security under a uniﬁed framework. The framework consists of three orthogonal coordinates: 1) from the security perspective, we follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; 2) from the CPS components perspective, we focus on cyber, physical, and cyberphysical components; and 3) from the CPS systems perspective, we explore general CPS features as well as representative systems (e.g., smart grids, medical CPS, and smart cars). The model can be both abstract to show general interactions of components in a CPS application, and speciﬁc to capture any details when needed. By doing so, we aim to build a model that is abstract enough to be applicable to various heterogeneous CPS applications; and to gain a modular view of the tightly coupled CPS components. Such abstract decoupling makes it possible to gain a systematic understanding of CPS security, and to highlight the potential sources of attacks and ways of protection. With this intensive literature review, we attempt to summarize the state-of-the-art on CPS security, provide researchers with a comprehensive list of references, and also encourage the audience to further explore this emerging ﬁeld.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Humayed","given":"Abdulmalik"},{"family":"Lin","given":"Jingqiang"},{"family":"Li","given":"Fengjun"},{"family":"Luo","given":"Bo"}],"citation-key":"humayedCyberPhysicalSystemsSecurity2017a","container-title":"IEEE Internet of Things Journal","container-title-short":"IEEE Internet Things J.","DOI":"10.1109/JIOT.2017.2703172","ISSN":"2327-4662","issue":"6","issued":{"date-parts":[["2017",12]]},"language":"en","page":"1802-1831","source":"DOI.org (Crossref)","title":"Cyber-Physical Systems Security—A Survey","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/7924372/","volume":"4"},{"id":"alguliyevCyberphysicalSystemsTheir2018","abstract":"The creation of cyber-physical systems posed new challenges for people. Ensuring the information security of cyber-physical systems is one of the most complex problems in a wide range of defenses against cyber-attacks. The aim of this paper is to analyse and classify existing research papers on the security of cyber-physical systems. Philosophical issues of cyber-physical systems are raised. Their inﬂuence on the aspects of people's lives is investigated. The principle of cyber-physical system operation is described. The main diﬃculties and solutions in the estimation of the consequences of cyber-attacks, attacks modeling and detection and the development of security architecture are noted. The main types of attacks and threats against cyber-physical systems are analysed. A tree of attacks on cyber-physical systems is proposed. The future research directions are shown.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Alguliyev","given":"Rasim"},{"family":"Imamverdiyev","given":"Yadigar"},{"family":"Sukhostat","given":"Lyudmila"}],"citation-key":"alguliyevCyberphysicalSystemsTheir2018","container-title":"Computers in Industry","container-title-short":"Computers in Industry","DOI":"10.1016/j.compind.2018.04.017","ISSN":"01663615","issued":{"date-parts":[["2018",9]]},"language":"en","page":"212-223","source":"DOI.org (Crossref)","title":"Cyber-physical systems and their security issues","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0166361517304244","volume":"100"},{"id":"lundbergConsistentIndividualizedFeature2019","abstract":"Interpreting predictions from tree ensemble methods such as gradient boosting machines and random forests is important, yet feature attribution for trees is often heuristic and not individualized for each prediction. Here we show that popular feature attribution methods are inconsistent, meaning they can lower a feature’s assigned importance when the true impact of that feature actually increases. This is a fundamental problem that casts doubt on any comparison between features. To address it we turn to recent applications of game theory and develop fast exact tree solutions for SHAP (SHapley Additive exPlanation) values, which are the unique consistent and locally accurate attribution values. We then extend SHAP values to interaction effects and define SHAP interaction values. We propose a rich visualization of individualized feature attributions that improves over classic attribution summaries and partial dependence plots, and a unique “supervised” clustering (clustering based on feature attributions). We demonstrate better agreement with human intuition through a user study, exponential improvements in run time, improved clustering performance, and better identification of influential features. An implementation of our algorithm has also been merged into XGBoost and LightGBM, see http://github.com/slundberg/shap for details.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Lundberg","given":"Scott M."},{"family":"Erion","given":"Gabriel G."},{"family":"Lee","given":"Su-In"}],"citation-key":"lundbergConsistentIndividualizedFeature2019","issued":{"date-parts":[["2019",3,6]]},"language":"en","number":"arXiv:1802.03888","publisher":"arXiv","source":"arXiv.org","title":"Consistent Individualized Feature Attribution for Tree Ensembles","type":"article","URL":"http://arxiv.org/abs/1802.03888"},{"id":"volodinConceptInstrumentationDigital2019","abstract":"The relevance of the idea under consideration lies in the development of the use of digital twins of power units in the nuclear industry. With their help, we can not only predict the state of technological equipment, etc., but also solve the problem of parameter tuning of automatic regulators in different operating modes of NPP unit. Authors consider approaches to this problem based on optimal control theory, fuzzy logic and machine learning. Advantages and disadvantages of each approach are considered.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Volodin","given":"V.S."},{"family":"Tolokonskii","given":"A.O."}],"citation-key":"volodinConceptInstrumentationDigital2019","container-title":"Journal of Physics: Conference Series","container-title-short":"J. Phys.: Conf. Ser.","DOI":"10.1088/1742-6596/1391/1/012083","ISSN":"1742-6588, 1742-6596","issue":"1","issued":{"date-parts":[["2019",11,1]]},"language":"en","page":"012083","source":"DOI.org (Crossref)","title":"Concept of instrumentation of digital twins of nuclear power plants units as observers for digital NPP I&C system","type":"article-journal","URL":"https://iopscience.iop.org/article/10.1088/1742-6596/1391/1/012083","volume":"1391"},{"id":"blumreiterSelfExplainableCyberPhysicalSystems2019","abstract":"With the increasing complexity of Cyber-Physical Systems, their behavior and decisions become increasingly difﬁcult to understand and comprehend for users and other stakeholders. Our vision is to build self-explainable systems that can, at run-time, answer questions about the system’s past, current, and future behavior. As hitherto no design methodology or reference framework exists for building such systems, we propose the Monitor, Analyze, Build, Explain (MAB-EX) framework for building self-explainable systems that leverage requirements- and explainability models at run-time. The basic idea of MAB-EX is to ﬁrst Monitor and Analyze a certain behavior of a system, then Build an explanation from explanation models and convey this EXplanation in a suitable way to a stakeholder. We also take into account that new explanations can be learned, by updating the explanation models, should new and yet unexplainable behavior be detected by the system.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Blumreiter","given":"Mathias"},{"family":"Greenyer","given":"Joel"},{"family":"Chiyah Garcia","given":"Francisco Javier"},{"family":"Klos","given":"Verena"},{"family":"Schwammberger","given":"Maike"},{"family":"Sommer","given":"Christoph"},{"family":"Vogelsang","given":"Andreas"},{"family":"Wortmann","given":"Andreas"}],"citation-key":"blumreiterSelfExplainableCyberPhysicalSystems2019","container-title":"2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C)","DOI":"10.1109/MODELS-C.2019.00084","event-place":"Munich, Germany","event-title":"2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C)","ISBN":"978-1-72815-125-0","issued":{"date-parts":[["2019",9]]},"language":"en","page":"543-548","publisher":"IEEE","publisher-place":"Munich, Germany","source":"DOI.org (Crossref)","title":"Towards Self-Explainable Cyber-Physical Systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/8904796/"},{"id":"ayo-imoruEnhancedFaultDiagnosis2021","abstract":"Nuclear power plants can provide a huge amount of clean energy, which can help most countries to meet their greenhouse gas emission requirements according to the Paris agreement on climate change. To meet this energy need, the nuclear plant must be operated safely and economically, which makes the digital twin concept viable for achieving this aim. The digital twin can be used to monitor plant condition, fault diagnosis, prediction, and plant maintenance support systems. In this work, the framework for digital twin in a nuclear plant is proposed. This framework combines the application of the nuclear plant simulator and machine learning tools. The machine learning aspect of this digital twin concept is the focus of this paper. Data was generated by using a personal computer-based nuclear plant simulator. Principal component analysis was used in reducing the data dimension. Artificial neural networks and adaptive neuro-fuzzy inference systems were trained with the reduced data and used to diagnose the faults. Four faults in the plant were diagnosed with minimal error. The fault diagnosis is a significant aspect of the digital twin framework.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Ayo-Imoru","given":"Ronke M."},{"family":"Ali","given":"Ahmed A."},{"family":"Bokoro","given":"Pitshou N."}],"citation-key":"ayo-imoruEnhancedFaultDiagnosis2021","container-title":"2021 International Conference on Electrical, Computer and Energy Technologies (ICECET)","DOI":"10.1109/ICECET52533.2021.9698715","event-place":"Cape Town, South Africa","event-title":"2021 International Conference on Electrical, Computer and Energy Technologies (ICECET)","ISBN":"978-1-66544-231-2","issued":{"date-parts":[["2021",12,9]]},"language":"en","page":"1-6","publisher":"IEEE","publisher-place":"Cape Town, South Africa","source":"DOI.org (Crossref)","title":"An enhanced fault diagnosis in nuclear power plants for a digital twin framework","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/9698715/"},{"id":"hehenbergerMechatronicFutures2016","accessed":{"date-parts":[["2023",10,11]]},"citation-key":"hehenbergerMechatronicFutures2016","DOI":"10.1007/978-3-319-32156-1","editor":[{"family":"Hehenberger","given":"Peter"},{"family":"Bradley","given":"David"}],"event-place":"Cham","ISBN":"978-3-319-32154-7 978-3-319-32156-1","issued":{"date-parts":[["2016"]]},"language":"en","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Mechatronic Futures","type":"book","URL":"http://link.springer.com/10.1007/978-3-319-32156-1"},{"id":"wellingBayesianLearningStochastic2011","author":[{"family":"Welling","given":"Max"},{"family":"Teh","given":"Yee W."}],"citation-key":"wellingBayesianLearningStochastic2011","container-title":"Proceedings of the 28th international conference on machine learning (ICML-11)","issued":{"date-parts":[["2011"]]},"page":"681-688","title":"Bayesian learning via stochastic gradient Langevin dynamics","type":"paper-conference"},{"id":"yangDiffusionModelsComprehensive2022","author":[{"family":"Yang","given":"Ling"},{"family":"Zhang","given":"Zhilong"},{"family":"Song","given":"Yang"},{"family":"Hong","given":"Shenda"},{"family":"Xu","given":"Runsheng"},{"family":"Zhao","given":"Yue"},{"family":"Shao","given":"Yingxia"},{"family":"Zhang","given":"Wentao"},{"family":"Cui","given":"Bin"},{"family":"Yang","given":"Ming-Hsuan"}],"citation-key":"yangDiffusionModelsComprehensive2022","container-title":"arXiv preprint arXiv:2209.00796","issued":{"date-parts":[["2022"]]},"title":"Diffusion models: A comprehensive survey of methods and applications","type":"article-journal"},{"id":"wengWhatAreDiffusion2021","abstract":"[Updated on 2021-09-19: Highly recommend this blog post on score-based generative modeling by Yang Song (author of several key papers in the references)]. [Updated on 2022-08-27: Added classifier-free guidance, GLIDE, unCLIP and Imagen. [Updated on 2022-08-31: Added latent diffusion model.\nSo far, I’ve written about three types of generative models, GAN, VAE, and Flow-based models. They have shown great success in generating high-quality samples, but each has some limitations of its own.","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Weng","given":"Lilian"}],"citation-key":"wengWhatAreDiffusion2021","issued":{"date-parts":[["2021",7,11]]},"language":"en","section":"posts","title":"What are Diffusion Models?","type":"webpage","URL":"https://lilianweng.github.io/posts/2021-07-11-diffusion-models/"},{"id":"hoDenoisingDiffusionProbabilistic2020","abstract":"We present high quality image synthesis results using diffusion probabilistic models, a class of latent variable models inspired by considerations from nonequilibrium thermodynamics. Our best results are obtained by training on a weighted variational bound designed according to a novel connection between diffusion probabilistic models and denoising score matching with Langevin dynamics, and our models naturally admit a progressive lossy decompression scheme that can be interpreted as a generalization of autoregressive decoding. On the unconditional CIFAR10 dataset, we obtain an Inception score of 9.46 and a state-of-the-art FID score of 3.17. On 256x256 LSUN, we obtain sample quality similar to ProgressiveGAN. Our implementation is available at https://github.com/hojonathanho/diffusion","accessed":{"date-parts":[["2023",10,5]]},"author":[{"family":"Ho","given":"Jonathan"},{"family":"Jain","given":"Ajay"},{"family":"Abbeel","given":"Pieter"}],"citation-key":"hoDenoisingDiffusionProbabilistic2020","DOI":"10.48550/arXiv.2006.11239","issued":{"date-parts":[["2020",12,16]]},"number":"arXiv:2006.11239","publisher":"arXiv","source":"arXiv.org","title":"Denoising Diffusion Probabilistic Models","type":"article","URL":"http://arxiv.org/abs/2006.11239"},{"id":"mitcbmmDiffusionScoreBasedGenerative2023","abstract":"Yang Song, Stanford University\n\nGenerating data with complex patterns, such as images, audio, and molecular structures, requires fitting very flexible statistical models to the data distribution. Even in the age of deep neural networks, building such models is difficult because they typically require an intractable normalization procedure to represent a probability distribution. To address this challenge, we consider modeling the vector field of gradients of the data distribution (known as the score function), which does not require normalization and therefore can take full advantage of the flexibility of deep neural networks. I will show how to (1) estimate the score function from data with flexible deep neural networks and efficient statistical methods, (2) generate new data using stochastic differential equations and Markov chain Monte Carlo, and even (3) evaluate probability values accurately as in a traditional statistical model. The resulting method, called score-based generative modeling or diffusion modeling, achieves record performance in applications including image synthesis, text-to-speech generation, time series prediction, and point cloud generation, challenging the long-time dominance of generative adversarial networks (GANs) on many of these tasks. Furthermore, score-based generative models are particularly suitable for Bayesian reasoning tasks such as solving ill-posed inverse problems, yielding superior performance on several tasks in medical image reconstruction.","accessed":{"date-parts":[["2023",10,10]]},"citation-key":"mitcbmmDiffusionScoreBasedGenerative2023","dimensions":"1:32:00","director":[{"literal":"MITCBMM"}],"issued":{"date-parts":[["2023",1,17]]},"source":"YouTube","title":"Diffusion and Score-Based Generative Models","type":"motion_picture","URL":"https://www.youtube.com/watch?v=wMmqCMwuM2Q"},{"id":"outlierDiffusionModelsPaper2022","abstract":"Diffusion Models are generative models just like GANs. In recent times many state-of-the-art works have been released that build on top of diffusion models such as #dalle or #imagen. In this video I give a detailed explanation of how they work. At first I explain the fundamental idea of these models and later we dive deep into the math part. I try to explain all of this on a really easy & intuitive level. After the math derivation, we look at the results from different papers and how they compare to other methods.\n\n#diffusion #dalle2 #dalle #imagen \n\n00:00 Introduction\n02:48 Idea & Theory\n07:06 Architecture\n09:33 Math Derivation\n26:59 Algorithms\n28:22 Improvements\n29:43 Results\n31:34 Summary\n\nFurther Reading:\n1. Paper: https://arxiv.org/pdf/1503.03585.pdf\n2. Paper: https://arxiv.org/pdf/2006.11239.pdf\n3. Paper: https://arxiv.org/pdf/2102.09672.pdf\n4. Paper: https://arxiv.org/pdf/2105.05233.pdf\n5. VAE & Reparam. Trick: https://lilianweng.github.io/posts/20...\n6. Written Tutorial: https://lilianweng.github.io/posts/20...\n\nPyTorch Implementation Video:    • Diffusion Models | PyTorch Implementa...  \n\nFollow me on instagram lol: https://www.instagram.com/dome271","accessed":{"date-parts":[["2023",10,10]]},"citation-key":"outlierDiffusionModelsPaper2022","dimensions":"0:56","director":[{"literal":"Outlier"}],"issued":{"date-parts":[["2022",6,6]]},"source":"YouTube","title":"Diffusion Models | Paper Explanation | Math Explained","type":"motion_picture","URL":"https://www.youtube.com/watch?v=HoKDTa5jHvg"},{"id":"220900796Diffusion","accessed":{"date-parts":[["2023",10,10]]},"citation-key":"220900796Diffusion","title":"[2209.00796] Diffusion Models: A Comprehensive Survey of Methods and Applications","type":"webpage","URL":"https://arxiv.org/abs/2209.00796"},{"id":"beltaFormalMethodsDiscretetime2017","author":[{"family":"Belta","given":"Calin"},{"family":"Yordanov","given":"Boyan"},{"family":"Gol","given":"Ebru Aydin"}],"citation-key":"beltaFormalMethodsDiscretetime2017","ISBN":"3-319-50763-X","issued":{"date-parts":[["2017"]]},"publisher":"Springer","title":"Formal methods for discrete-time dynamical systems","type":"book","volume":"89"},{"id":"oortwijnFormalVerificationIndustrial2019","author":[{"family":"Oortwijn","given":"Wytse"},{"family":"Huisman","given":"Marieke"}],"citation-key":"oortwijnFormalVerificationIndustrial2019","container-title":"Integrated Formal Methods: 15th International Conference, IFM 2019, Bergen, Norway, December 2–6, 2019, Proceedings 15","ISBN":"3-030-34967-5","issued":{"date-parts":[["2019"]]},"page":"418-436","publisher":"Springer","title":"Formal verification of an industrial safety-critical traffic tunnel control system","type":"paper-conference"},{"id":"chongReportNSFWorkshop2016","author":[{"family":"Chong","given":"Stephen"},{"family":"Guttman","given":"Joshua"},{"family":"Datta","given":"Anupam"},{"family":"Myers","given":"Andrew"},{"family":"Pierce","given":"Benjamin"},{"family":"Schaumont","given":"Patrick"},{"family":"Sherwood","given":"Tim"},{"family":"Zeldovich","given":"Nickolai"}],"citation-key":"chongReportNSFWorkshop2016","issued":{"date-parts":[["2016"]]},"title":"Report on the NSF workshop on formal methods for security","type":"report"},{"id":"cardenasChallengesSecuringCyber2009","author":[{"family":"Cardenas","given":"Alvaro"},{"family":"Amin","given":"Saurabh"},{"family":"Sinopoli","given":"Bruno"},{"family":"Giani","given":"Annarita"},{"family":"Perrig","given":"Adrian"},{"family":"Sastry","given":"Shankar"}],"citation-key":"cardenasChallengesSecuringCyber2009","container-title":"Workshop on future directions in cyber-physical systems security","issue":"1","issued":{"date-parts":[["2009"]]},"publisher":"Citeseer","title":"Challenges for securing cyber physical systems","type":"paper-conference","volume":"5"},{"id":"brajeAdversarySafetyConstruction2022","author":[{"family":"Braje","given":"Timothy M."},{"family":"Lee","given":"Alice R."},{"family":"Wagner","given":"Andrew"},{"family":"Kaiser","given":"Benjamin"},{"family":"Park","given":"Daniel"},{"family":"Kalke","given":"Martine"},{"family":"Cunningham","given":"Robert K."},{"family":"Chlipala","given":"Adam"}],"citation-key":"brajeAdversarySafetyConstruction2022","container-title":"2022 IEEE 35th Computer Security Foundations Symposium (CSF)","ISBN":"1-66548-417-9","issued":{"date-parts":[["2022"]]},"page":"412-427","publisher":"IEEE","title":"Adversary safety by construction in a language of cryptographic protocols","type":"paper-conference"},{"id":"levesonImprovedDesignProcess2019","author":[{"family":"Leveson","given":"Nancy"}],"citation-key":"levesonImprovedDesignProcess2019","container-title":"Massachusetts Institute of Technology, White Paper","issued":{"date-parts":[["2019"]]},"title":"An Improved Design Process for Complex Control-Based Systems Using STPA and a Conceptual Architecture","type":"article-journal"},{"id":"ellisonExtendingAADLSecurity2015","author":[{"family":"Ellison","given":"Robert"},{"family":"Householder","given":"Allen"},{"family":"Hudak","given":"John"},{"family":"Kazman","given":"Rik"},{"family":"Woody","given":"Carol"}],"citation-key":"ellisonExtendingAADLSecurity2015","container-title":"CMU/SEI Report","issued":{"date-parts":[["2015"]]},"title":"Extending AADL for security design assurance of cyber-physical systems","type":"article-journal"},{"id":"rajhansVerificationHybridDynamic","abstract":"This paper concerns the use of linear hybrid automata (LHA) to verify properties of hybrid dynamic systems based on the concept of simulation relations. Following a review of basic concepts and a description of the LHA analysis tool PHAVer, assume-guarantee reasoning is described as a method for compositional veriﬁcation. The results from the literature are summarized with an example to illustrate the concepts. Finally, the paper outlines some research directions for making this approach more useful.","author":[{"family":"Rajhans","given":"Akshay"}],"citation-key":"rajhansVerificationHybridDynamic","language":"en","source":"Zotero","title":"Veriﬁcation of Hybrid Dynamic Systems Using Linear Hybrid Automata","type":"article"},{"id":"rajhansVerificationHybridDynamica","author":[{"family":"Rajhans","given":"Akshay"}],"citation-key":"rajhansVerificationHybridDynamica","title":"Verification of Hybrid Dynamic Systems Using Linear Hybrid Automata","type":"article-journal"},{"id":"kovacsFrameworkUsingFormal2010","accessed":{"date-parts":[["2022",6,20]]},"author":[{"family":"Kovacs","given":"Gabor"},{"family":"Pietrac","given":"Laurent"}],"citation-key":"kovacsFrameworkUsingFormal2010","container-title":"Proceedings of the 1st ISW on DCS","event-title":"1st ISW on DCS","ISBN":"978-963-661-950-3","issued":{"date-parts":[["2010"]]},"page":"66--76","title":"A Framework for Using Formal Methods in Process Control","type":"paper-conference","URL":"http://lpietrac.free.fr/publis/Kovacs-2010-iswdcs.pdf"},{"id":"kimSignoffBoundedFormal2014","author":[{"family":"Kim","given":"NamDo"},{"family":"Park","given":"Junhyuk"},{"family":"Singh","given":"HarGovind"},{"family":"Singhal","given":"Vigyan"}],"citation-key":"kimSignoffBoundedFormal2014","container-title":"Design and Verification Conference","issued":{"date-parts":[["2014"]]},"title":"Sign-off with Bounded Formal Verification Proofs","type":"paper-conference"},{"id":"jinModelingPROFINETActions2015","author":[{"family":"Jin","given":"Wei"},{"family":"Gao","given":"Xin"},{"family":"Li","given":"Jing"}],"citation-key":"jinModelingPROFINETActions2015","container-title":"First International Conference on Information Sciences, Machinery, Materials and Energy","ISBN":"94-6252-067-4","issued":{"date-parts":[["2015"]]},"page":"397-402","publisher":"Atlantis Press","title":"Modeling {PROFINET} actions with timing pi-calculus","type":"paper-conference"},{"id":"cremersFormalMethodsSecurity2003","author":[{"family":"Cremers","given":"C. J. F."},{"family":"Mauw","given":"S."},{"family":"De Vink","given":"E. P."}],"citation-key":"cremersFormalMethodsSecurity2003","container-title":"NVTI newsletter","issued":{"date-parts":[["2003"]]},"page":"21-32","title":"Formal methods for security protocols: Three examples of the black-box approach","type":"article-journal","volume":"7"},{"id":"sunSoKAttacksIndustrial2021","abstract":"Programmable Logic Controllers (PLCs) play a critical role in the industrial control systems. Vulnerabilities in PLC programs might lead to attacks causing devastating consequences to the critical infrastructure, as shown in Stuxnet and similar attacks. In recent years, we have seen an exponential increase in vulnerabilities reported for PLC control logic. Looking back on past research, we found extensive studies explored control logic modiﬁcation attacks, as well as formal veriﬁcation-based security solutions.","accessed":{"date-parts":[["2022",5,16]]},"author":[{"family":"Sun","given":"Ruimin"},{"family":"Mera","given":"Alejandro"},{"family":"Lu","given":"Long"},{"family":"Choffnes","given":"David"}],"citation-key":"sunSoKAttacksIndustrial2021","issued":{"date-parts":[["2021",3,23]]},"language":"en","number":"arXiv:2006.04806","publisher":"arXiv","source":"arXiv.org","title":"SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses","title-short":"SoK","type":"article","URL":"http://arxiv.org/abs/2006.04806"},{"id":"yinRecentAdvancesFormal2020","accessed":{"date-parts":[["2022",6,20]]},"author":[{"family":"Yin","given":"Xiang"},{"family":"Li","given":"Shaoyuan"}],"citation-key":"yinRecentAdvancesFormal2020","container-title":"Control Theory and Technology","container-title-short":"Control Theory Technol.","DOI":"10.1007/s11768-020-00008-w","ISSN":"2198-0942","issue":"4","issued":{"date-parts":[["2020",12,1]]},"language":"en","page":"459-461","source":"Springer Link","title":"Recent advances on formal methods for safety and security of cyber-physical systems","type":"article-journal","URL":"https://doi.org/10.1007/s11768-020-00008-w","volume":"18"},{"id":"sullereyDesignGuidelinesFormal","abstract":"Improvement in capacity and usability of EDA tools has helped in pushing the formal verification envelope. Capacity still remains the major limiting factor in the scope of formal verification deployment. Formal verification experts employ a variety of techniques to overcome this challenge. Design and implementation choices made by the designers greatly influences the effectiveness of these techniques as well as ease with which they can be applied. Most designers are not exposed to the formal verification process. This paper proposes design guidelines that facilitate application of formal verification on large blocks.","author":[{"family":"Sullerey","given":"Anamaya"}],"citation-key":"sullereyDesignGuidelinesFormal","language":"en","source":"Zotero","title":"Design Guidelines for Formal Verification","type":"article-journal"},{"id":"polaControlCyberPhysicalSystemsLogic2019","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Pola","given":"Giordano"},{"family":"Di Benedetto","given":"Maria Domenica"}],"citation-key":"polaControlCyberPhysicalSystemsLogic2019","container-title":"Annual Reviews in Control","container-title-short":"Annual Reviews in Control","DOI":"10.1016/j.arcontrol.2019.03.010","ISSN":"13675788","issued":{"date-parts":[["2019"]]},"language":"en","page":"178-192","source":"DOI.org (Crossref)","title":"Control of Cyber-Physical-Systems with logic specifications: A formal methods approach","title-short":"Control of Cyber-Physical-Systems with logic specifications","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1367578818302153","volume":"47"},{"id":"michaelFormalMethodsCyberphysical2021","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Michael","given":"James Bret"},{"family":"Drusinsky","given":"Doron"},{"family":"Wijesekera","given":"Duminda"}],"citation-key":"michaelFormalMethodsCyberphysical2021","container-title":"Computer","container-title-short":"Computer","DOI":"10.1109/MC.2021.3089267","ISSN":"0018-9162, 1558-0814","issue":"9","issued":{"date-parts":[["2021",9]]},"language":"en","page":"25-29","source":"DOI.org (Crossref)","title":"Formal Methods in Cyberphysical Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9524651/","volume":"54"},{"id":"hudakOverviewAADLToolsets2021","author":[{"family":"Hudak","given":"John"},{"family":"Hugues","given":"Jerome"}],"citation-key":"hudakOverviewAADLToolsets2021","issued":{"date-parts":[["2021"]]},"language":"en","source":"Zotero","title":"An Overview of AADL and Toolsets to Support the Engineering of Safety-critical Systems","type":"article-journal"},{"id":"adiegoBringingAutomatedModel2014","abstract":"Veriﬁcation of critical software is a high priority but a challenging task for industrial control systems. Model checking appears to be an appropriate approach for this purpose. However, this technique is not widely used in industry yet, due to some obstacles. The main obstacles encountered when trying to apply formal veriﬁcation techniques at industrial installations are the diﬃculty of creating models out of PLC programs and deﬁning formally the speciﬁcation requirements. In addition, models produced out of real-life programs have a huge state space, thus preventing the veriﬁcation due to performance issues. Our work at CERN (European Organization for Nuclear Research) focuses on developing eﬃcient automatic veriﬁcation methods for industrial critical installations based on PLC (Programmable Logic Controller) control systems.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Adiego","given":"Borja Fernández"},{"family":"Darvas","given":"Dániel"},{"family":"Tournier","given":"Jean-Charles"},{"family":"Viñuela","given":"Enrique Blanco"},{"family":"Suárez","given":"Víctor M. González"}],"citation-key":"adiegoBringingAutomatedModel2014","container-title":"IFAC Proceedings Volumes","container-title-short":"IFAC Proceedings Volumes","DOI":"10.3182/20140514-3-FR-4046.00051","ISSN":"14746670","issue":"2","issued":{"date-parts":[["2014"]]},"language":"en","page":"394-399","source":"DOI.org (Crossref)","title":"Bringing Automated Model Checking to PLC Program Development — A CERN Case Study —","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1474667015374334","volume":"47"},{"id":"guFormalVerificationAutonomous2018","abstract":"In an attempt to increase productivity and the workers’ safety, the construction industry is moving towards autonomous construction sites, where various construction machines operate without human intervention. In order to perform their tasks autonomously, the machines are equipped with different features, such as position localization, human and obstacle detection, collision avoidance, etc. Such systems are safety critical, and should operate autonomously with very high dependability (e.g., by meeting task deadlines, avoiding (fatal) accidents at all costs, etc.). An Autonomous Wheel Loader is a machine that transports materials within the construction site without a human in the cab. To check the dependability of the loader, in this paper we provide a timed automata description of the vehicle’s control system, including the abstracted path planning and collision avoidance algorithms used to navigate the loader, and we model check the encoding in UPPAAL, against various functional, timing and safety requirements. The complex nature of the navigation algorithms makes the loader’s abstract modeling and the verification very challenging. Our work shows that exhaustive verification techniques can be applied early in the development of autonomous systems, to enable finding potential design errors that would incur increased costs if discovered later.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Gu","given":"Rong"},{"family":"Marinescu","given":"Raluca"},{"family":"Seceleanu","given":"Cristina"},{"family":"Lundqvist","given":"Kristina"}],"citation-key":"guFormalVerificationAutonomous2018","container-title":"Proceedings of the 6th Conference on Formal Methods in Software Engineering","DOI":"10.1145/3193992.3193999","event-place":"Gothenburg Sweden","event-title":"ICSE '18: 40th International Conference on Software Engineering","ISBN":"978-1-4503-5718-0","issued":{"date-parts":[["2018",6,2]]},"language":"en","page":"74-83","publisher":"ACM","publisher-place":"Gothenburg Sweden","source":"DOI.org (Crossref)","title":"Formal verification of an autonomous wheel loader by model checking","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3193992.3193999"},{"id":"girardReachabilityUncertainLinear2005","abstract":"We present a method for the computation of reachable sets of uncertain linear systems. The main innovation of the method consists in the use of zonotopes for reachable set representation. Zonotopes are special polytopes with several interesting properties : they can be encoded eﬃciently, they are closed under linear transformations and Minkowski sum. The resulting method has been used to treat several examples and has shown great performances for high dimensional systems. An extension of the method for the veriﬁcation of piecewise linear hybrid systems is proposed.","accessed":{"date-parts":[["2023",11,1]]},"author":[{"family":"Girard","given":"Antoine"}],"citation-key":"girardReachabilityUncertainLinear2005","collection-editor":[{"family":"Hutchison","given":"David"},{"family":"Kanade","given":"Takeo"},{"family":"Kittler","given":"Josef"},{"family":"Kleinberg","given":"Jon M."},{"family":"Mattern","given":"Friedemann"},{"family":"Mitchell","given":"John C."},{"family":"Naor","given":"Moni"},{"family":"Nierstrasz","given":"Oscar"},{"family":"Pandu Rangan","given":"C."},{"family":"Steffen","given":"Bernhard"},{"family":"Sudan","given":"Madhu"},{"family":"Terzopoulos","given":"Demetri"},{"family":"Tygar","given":"Dough"},{"family":"Vardi","given":"Moshe Y."},{"family":"Weikum","given":"Gerhard"}],"container-title":"Hybrid Systems: Computation and Control","DOI":"10.1007/978-3-540-31954-2_19","editor":[{"family":"Morari","given":"Manfred"},{"family":"Thiele","given":"Lothar"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-540-25108-8 978-3-540-31954-2","issued":{"date-parts":[["2005"]]},"language":"en","page":"291-305","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"Reachability of Uncertain Linear Systems Using Zonotopes","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-540-31954-2_19","volume":"3414"},{"id":"chenReachabilityAnalysisCyberPhysical2022","abstract":"Reachability analysis is a fundamental problem in veriﬁcation that checks for a given model and set of initial states if the system will reach a given set of unsafe states. Its importance lies in the ability to exhaustively explore the behaviors of a model over a ﬁnite or inﬁnite time horizon. The problem of reachability analysis for Cyber-Physical Systems (CPS) is especially challenging because it involves reasoning about the continuous states of the system as well as its switching behavior. Each of these two aspects can by itself cause the reachability analysis problem to be undecidable. In this paper, we survey recent progress in this ﬁeld beginning with the success of hybrid systems with afﬁne dynamics. We then examine the current state-of-the-art for CPS with nonlinear dynamics and those driven by “learning-enabled” components such as neural networks. We conclude with an examination of some promising directions and open challenges.","accessed":{"date-parts":[["2023",11,1]]},"author":[{"family":"Chen","given":"Xin"},{"family":"Sankaranarayanan","given":"Sriram"}],"citation-key":"chenReachabilityAnalysisCyberPhysical2022","container-title":"NASA Formal Methods","DOI":"10.1007/978-3-031-06773-0_6","editor":[{"family":"Deshmukh","given":"Jyotirmoy V."},{"family":"Havelund","given":"Klaus"},{"family":"Perez","given":"Ivan"}],"event-place":"Cham","ISBN":"978-3-031-06772-3 978-3-031-06773-0","issued":{"date-parts":[["2022"]]},"language":"en","page":"109-130","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Reachability Analysis for Cyber-Physical Systems: Are We There Yet?","title-short":"Reachability Analysis for Cyber-Physical Systems","type":"chapter","URL":"https://link.springer.com/10.1007/978-3-031-06773-0_6","volume":"13260"},{"id":"fehnkerBenchmarksHybridSystems2004","abstract":"There are numerous application examples for hybrid systems veriﬁcation in recent literature. Most of them were introduced to illustrate a new approach to hybrid systems veriﬁcation, and are therefore of a limited size. Others are case studies that serve to prove that an approach can be applied to real world problems. Veriﬁcation of these typically requires a lot of domain experience to obtain a tractable, veriﬁable model. Veriﬁcation of a case study yields a singular result that is hard to compare and time-consuming to reproduce.","accessed":{"date-parts":[["2023",11,1]]},"author":[{"family":"Fehnker","given":"Ansgar"},{"family":"Ivančić","given":"Franjo"}],"citation-key":"fehnkerBenchmarksHybridSystems2004","collection-editor":[{"family":"Goos","given":"Gerhard"},{"family":"Hartmanis","given":"Juris"},{"family":"Van Leeuwen","given":"Jan"}],"container-title":"Hybrid Systems: Computation and Control","DOI":"10.1007/978-3-540-24743-2_22","editor":[{"family":"Alur","given":"Rajeev"},{"family":"Pappas","given":"George J."}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-540-21259-1 978-3-540-24743-2","issued":{"date-parts":[["2004"]]},"language":"en","page":"326-341","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"Benchmarks for Hybrid Systems Verification","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-540-24743-2_22","volume":"2993"},{"id":"rumpVerificationMethodsRigorous2010","author":[{"family":"Rump","given":"Siegfried"}],"citation-key":"rumpVerificationMethodsRigorous2010","container-title":"Acta Numerica","issued":{"date-parts":[["2010"]]},"page":"287--449","title":"Verification methods:  Rigorous results using floating-point arithemetic","type":"article-journal"},{"id":"grobelnaGroblena_masterPdf2019","author":[{"family":"Grobelna","given":"Marta"}],"citation-key":"grobelnaGroblena_masterPdf2019","genre":"Master's thesis","issued":{"date-parts":[["2019",9,16]]},"publisher":"RWTH Aachen University","title":"groblena_master.pdf","type":"thesis"},{"id":"althoffARCHCOMP19CategoryReport","abstract":"This report presents the results of a friendly competition for formal veriﬁcation of continuous and hybrid systems with linear continuous dynamics. The friendly competition took place as part of the workshop Applied Veriﬁcation for Continuous and Hybrid Systems (ARCH) in 2019. In its third edition, seven tools have been applied to solve six diﬀerent benchmark problems in the category for linear continuous dynamics (in alphabetical order): CORA, CORA/SX, HyDRA, Hylaa, JuliaReach, SpaceEx, and XSpeed. This report is a snapshot of the current landscape of tools and the types of benchmarks they are particularly suited for. Due to the diversity of problems, we are not ranking tools, yet the presented results provide one of the most complete assessments of tools for the safety veriﬁcation of continuous and hybrid systems with linear continuous dynamics up to this date.","author":[{"family":"Althoﬀ","given":"Matthias"},{"family":"Bak","given":"Stanley"},{"family":"Forets","given":"Marcelo"},{"family":"Frehse","given":"Goran"},{"family":"Ray","given":"Rajarshi"},{"family":"Schilling","given":"Christian"},{"family":"Schupp","given":"Stefan"}],"citation-key":"althoffARCHCOMP19CategoryReport","language":"en","source":"Zotero","title":"ARCH-COMP19 Category Report: Continuous and Hybrid Systems with Linear Continuous Dynamics","type":"article-journal"},{"id":"althoffARCHCOMP17CategoryReport","abstract":"This report presents the results of a friendly competition for formal veriﬁcation of continuous and hybrid systems with linear continuous dynamics. The friendly competition took place as part of the workshop Applied Veriﬁcation for Continuous and Hybrid Systems (ARCH) in 2017. In its ﬁrst edition, seven tools have been applied to solve three diﬀerent benchmark problems in the category for linear continuous dynamics (in alphabetical order): Axelerator, CORA, Flow*, HyDRA, Hylaa, SpaceEx, and XSpeed. The result is a snapshot of the current landscape of tools and the types of benchmarks they are particularly suited for. Due to the diversity of problems, we are not ranking tools, yet the presented results probably provide the most complete assessment of tools for the safety veriﬁcation of continuous and hybrid systems with linear continuous dynamics up to this date.","author":[{"family":"Althoﬀ","given":"Matthias"},{"family":"Bak","given":"Stanley"},{"family":"Cattaruzza","given":"Dario"},{"family":"Chen","given":"Xin"},{"family":"Frehse","given":"Goran"},{"family":"Ray","given":"Rajarshi"},{"family":"Schupp","given":"Stefan"}],"citation-key":"althoffARCHCOMP17CategoryReport","language":"en","source":"Zotero","title":"ARCH-COMP17 Category Report: Continuous and Hybrid Systems with Linear Continuous Dynamics","type":"article-journal"},{"id":"althoffIntroductionCORA2015","abstract":"The philosophy, architecture, and capabilities of the COntinuous Reachability Analyzer (CORA) are presented. CORA is a toolbox that integrates various vector and matrix set representations and operations on them as well as reachability algorithms of various dynamic system classes. The software is designed such that set representations can be exchanged without having to modify the code for reachability analysis. CORA has a modular design, making it possible to use the capabilities of the various set representations for other purposes besides reachability analysis. The toolbox is designed using the object oriented paradigm, such that users can safely use methods without concerning themselves with detailed information hidden inside the object. Since the toolbox is written in MATLAB, the installation and use is platform independent.","accessed":{"date-parts":[["2023",10,30]]},"author":[{"family":"Althoff","given":"Matthias"}],"citation-key":"althoffIntroductionCORA2015","DOI":"10.29007/zbkv","event-title":"ARCH14-15. 1st and 2nd International Workshop on Applied veRification for Continuous and Hybrid Systems","language":"en","page":"120-87","source":"DOI.org (Crossref)","title":"An Introduction to CORA 2015","type":"paper-conference","URL":"https://easychair.org/publications/paper/xMm"},{"id":"beltaFormalMethodsDynamical2014","abstract":"In control theory, \"complex\" models of physical processes, such as systems of differential equations, are usually checked against \"simple\" specifications, such as stability and set invariance. In formal methods, \"rich\" specifications, such as languages and formulae of temporal logics, are checked against \"simple\" models of software programs and digital circuits, such as finite transition graphs. With the development and integration of cyber physical and safety critical systems, there is an increasing need for computational tools for verification and control of complex systems from rich, temporal logic specifications. The formal verification and synthesis problems have been shown to be undecidable even for very simple classes of infinitespace continuous and hybrid systems. However, provably correct but conservative approaches, in which the satisfaction of a property by a dynamical system is implied by the satisfaction of the property by a finite over-approximation (abstraction) of the system, have received a lot of attention in recent years. Some classes of systems allowing for computationally efficient verification and control from temporal logic specifications are reviewed. For continuous and discrete-time linear systems and continuous-time multi-linear systems, it is shown that finite abstractions can be constructed through polyhedral operations only. By using techniques from model checking and automata games, this allows for verification and control from specifications given as Linear Temporal Logic (LTL) formulae over linear predicates in the state variables. A connection between the existence of Lyapunov functions and finite bisimulations is established for discrete-time linear and switched linear systems. Finally, optimality and correctness requirements are combined in a model predictive approach to generate control strategies for discrete-time linear systems. The usefulness of these computational tools is illustrated with various examples such as verification and synthesis of biological circuits in synthetic biology and motion planning and control in robotics.","accessed":{"date-parts":[["2023",10,30]]},"author":[{"family":"Belta","given":"Calin"}],"citation-key":"beltaFormalMethodsDynamical2014","container-title":"2014 21st International Symposium on Temporal Representation and Reasoning","DOI":"10.1109/TIME.2014.16","event-title":"2014 21st International Symposium on Temporal Representation and Reasoning","ISSN":"2332-6468","issued":{"date-parts":[["2014",9]]},"page":"3-3","source":"IEEE Xplore","title":"Formal Methods for Dynamical Systems","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/6940367"},{"id":"berzComputationApplicationTaylor1998","abstract":"The expansion of complicated functions of many variables in Taylor polynomials is an important problem for many applications, and in practice can be performed rather conveniently (even to high orders) using polynomial algebras. An important application of these methods is the field of beam physics, where often expansions in about six variables to orders between five and ten are used.","accessed":{"date-parts":[["2023",10,30]]},"author":[{"family":"Berz","given":"Martin"},{"family":"Hoffstätter","given":"Georg"}],"citation-key":"berzComputationApplicationTaylor1998","container-title":"Reliable Computing","container-title-short":"Reliable Computing","DOI":"10.1023/A:1009958918582","ISSN":"1573-1340","issue":"1","issued":{"date-parts":[["1998",2,1]]},"language":"en","page":"83-97","source":"Springer Link","title":"Computation and Application of Taylor Polynomials with Interval Remainder Bounds","type":"article-journal","URL":"https://doi.org/10.1023/A:1009958918582","volume":"4"},{"id":"breenLevelSetMethods","author":[{"family":"Breen","given":"David"},{"family":"Museth","given":"Ken"}],"citation-key":"breenLevelSetMethods","title":"Level Set Methods for Visualization","type":"document"},{"id":"berzVerifiedIntegrationODEs1998","abstract":"A method is developed that allows the verified integration of ODEs based on local modeling with high-order Taylor polynomials with remainder bound. The use of such Taylor models of order n allows convenient automated verified inclusion of functional dependencies with an accuracy that scales with the (n + 1)-st order of the domain and substantially reduces blow-up.","accessed":{"date-parts":[["2023",10,30]]},"author":[{"family":"Berz","given":"Martin"},{"family":"Makino","given":"Kyoko"}],"citation-key":"berzVerifiedIntegrationODEs1998","container-title":"Reliable Computing","container-title-short":"Reliable Computing","DOI":"10.1023/A:1024467732637","ISSN":"1573-1340","issue":"4","issued":{"date-parts":[["1998",11,1]]},"language":"en","page":"361-369","source":"Springer Link","title":"Verified Integration of ODEs and Flows Using Differential Algebraic Methods on High-Order Taylor Models","type":"article-journal","URL":"https://doi.org/10.1023/A:1024467732637","volume":"4"},{"id":"hespanhaHybridControlSwitched","author":[{"family":"Hespanha","given":"João P"}],"citation-key":"hespanhaHybridControlSwitched","language":"en","source":"Zotero","title":"Hybrid Control and Switched Systems","type":"article-journal"},{"id":"podelskiModelCheckingHybrid2006","abstract":"We call a hybrid system stable if every trajectory inevitably ends up in a given region. Our notion of stability deviates from classical definitions in control theory. In this paper, we present a model checking algorithm for stability in the new sense. The idea of the algorithm is to reduce the stability proof for the whole system to a set of (smaller) proofs for several one-mode systems.","author":[{"family":"Podelski","given":"Andreas"},{"family":"Wagner","given":"Silke"}],"citation-key":"podelskiModelCheckingHybrid2006","collection-title":"Lecture Notes in Computer Science","container-title":"Hybrid Systems: Computation and Control","DOI":"10.1007/11730637_38","editor":[{"family":"Hespanha","given":"João P."},{"family":"Tiwari","given":"Ashish"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-540-33171-1","issued":{"date-parts":[["2006"]]},"language":"en","page":"507-521","publisher":"Springer","publisher-place":"Berlin, Heidelberg","source":"Springer Link","title":"Model Checking of Hybrid Systems: From Reachability Towards Stability","title-short":"Model Checking of Hybrid Systems","type":"paper-conference"},{"id":"gibouReviewLevelsetMethods2018","abstract":"We review some of the recent advances in level-set methods and their applications. In particular, we discuss how to impose boundary conditions at irregular domains and free boundaries, as well as the extension of level-set methods to adaptive Cartesian grids and parallel architectures. Illustrative applications are taken from the physical and life sciences. Fast sweeping methods are briefly discussed.","accessed":{"date-parts":[["2023",10,27]]},"author":[{"family":"Gibou","given":"Frederic"},{"family":"Fedkiw","given":"Ronald"},{"family":"Osher","given":"Stanley"}],"citation-key":"gibouReviewLevelsetMethods2018","container-title":"Journal of Computational Physics","container-title-short":"Journal of Computational Physics","DOI":"10.1016/j.jcp.2017.10.006","ISSN":"0021-9991","issued":{"date-parts":[["2018",1,15]]},"page":"82-109","source":"ScienceDirect","title":"A review of level-set methods and some recent applications","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S0021999117307441","volume":"353"},{"id":"mitchellFlexibleExtensibleEfficient2008","abstract":"Level set methods are a popular and powerful class of numerical algorithms for dynamic implicit surfaces and solution of Hamilton-Jacobi PDEs. While the advanced level set schemes combine both efficiency and accuracy, their implementation complexity makes it difficult for the community to reproduce new results and make quantitative comparisons between methods. This paper describes the Toolbox of Level Set Methods, a collection of Matlab routines implementing the basic level set algorithms on fixed Cartesian grids for rectangular domains in arbitrary dimension. The Toolbox’s code and interface are designed to permit flexible combinations of different schemes and PDE forms, allow easy extension through the addition of new algorithms, and achieve efficient execution despite the fact that the code is entirely written as m-files. The current contents of the Toolbox and some coding patterns important to achieving its flexibility, extensibility and efficiency are briefly explained, as is the process of adding two new algorithms. Code for both the Toolbox and the new algorithms is available from the Web.","accessed":{"date-parts":[["2023",10,12]]},"author":[{"family":"Mitchell","given":"Ian M."}],"citation-key":"mitchellFlexibleExtensibleEfficient2008","container-title":"Journal of Scientific Computing","container-title-short":"J Sci Comput","DOI":"10.1007/s10915-007-9174-4","ISSN":"1573-7691","issue":"2","issued":{"date-parts":[["2008",6,1]]},"language":"en","page":"300-329","source":"Springer Link","title":"The Flexible, Extensible and Efficient Toolbox of Level Set Methods","type":"article-journal","URL":"https://doi.org/10.1007/s10915-007-9174-4","volume":"35"},{"id":"tomlinComputationalTechniquesVerification2003","abstract":"Hybrid system theory lies at the intersection of the ﬁelds of engineering control theory and computer science veriﬁcation. It is deﬁned as the modeling, analysis, and control of systems which involve the interaction of both discrete state systems, represented by ﬁnite automata, and continuous state dynamics, represented by diﬀerential equations. The embedded autopilot of a modern commercial jet is a prime example of a hybrid system: the autopilot modes correspond to the application of diﬀerent control laws, and the logic of mode switching is determined by the continuous state dynamics of the aircraft, as well as through interaction with the pilot. To understand the behavior of hybrid systems, to simulate, and to control these systems, theoretical advances, analyses, and numerical tools are needed. In this paper, we ﬁrst present a general model for a hybrid system along with an overview of methods for verifying continuous and hybrid systems. We describe a particular veriﬁcation technique for hybrid systems, based on two-person zero-sum game theory for automata and continuous dynamical systems. We then outline a numerical implementation of this technique using level set methods, and we demonstrate its use in the design and analysis of aircraft collision avoidance protocols, and in veriﬁcation of autopilot logic.","accessed":{"date-parts":[["2023",10,23]]},"author":[{"family":"Tomlin","given":"C.J."},{"family":"Mitchell","given":"I."},{"family":"Bayen","given":"A.M."},{"family":"Oishi","given":"M."}],"citation-key":"tomlinComputationalTechniquesVerification2003","container-title":"Proceedings of the IEEE","container-title-short":"Proc. IEEE","DOI":"10.1109/JPROC.2003.814621","ISSN":"0018-9219","issue":"7","issued":{"date-parts":[["2003",7]]},"language":"en","page":"986-1001","source":"DOI.org (Crossref)","title":"Computational techniques for the verification of hybrid systems","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/1215682/","volume":"91"},{"id":"osherLevelSetMethods2001","abstract":"The level set method was devised by S. Osher and J. A. Sethian (1988, J. Comput. Phys.79, 12–49) as a simple and versatile method for computing and analyzing the motion of an interface Γ in two or three dimensions. Γ bounds a (possibly multiply connected) region Ω. The goal is to compute and analyze the subsequent motion of Γ under a velocity field v. This velocity can depend on position, time, the geometry of the interface, and the external physics. The interface is captured for later time as the zero level set of a smooth (at least Lipschitz continuous) function ϕ (x, t); i.e., Γ(t)={x|ϕ(x, t)=0}. ϕ is positive inside Ω, negative outside Ω, and is zero on Γ(t). Topological merging and breaking are well defined and easily performed. In this review article we discuss recent variants and extensions, including the motion of curves in three dimensions, the dynamic surface extension method, fast methods for steady state problems, diffusion generated motion, and the variational level set approach. We also give a user's guide to the level set dictionary and technology and couple the method to a wide variety of problems involving external physics, such as compressible and incompressible (possibly reacting) flow, Stefan problems, kinetic crystal growth, epitaxial growth of thin films, vortex-dominated flows, and extensions to multiphase motion. We conclude with a discussion of applications to computer vision and image processing.","accessed":{"date-parts":[["2023",10,27]]},"author":[{"family":"Osher","given":"Stanley"},{"family":"Fedkiw","given":"Ronald P."}],"citation-key":"osherLevelSetMethods2001","container-title":"Journal of Computational Physics","container-title-short":"Journal of Computational Physics","DOI":"10.1006/jcph.2000.6636","ISSN":"0021-9991","issue":"2","issued":{"date-parts":[["2001",5,20]]},"page":"463-502","source":"ScienceDirect","title":"Level Set Methods: An Overview and Some Recent Results","title-short":"Level Set Methods","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S0021999100966361","volume":"169"},{"id":"annunziatoConnectionHamiltonJacobiBellmanFokkerPlanck2014","abstract":"In the framework of stochastic processes, the connection between the dynamic programming scheme given by the Hamilton-Jacobi-Bellman equation and a recently proposed control approach based on the Fokker-Planck equation is discussed. Under appropriate assumptions it is shown that the two strategies are equivalent in the case of expected cost functionals, while the Fokker-Planck formalism allows considering a larger classof objectives. To illustratethe connection between the two control strategies, the cases of an Itō stochastic process and of a piecewise-deterministic process are considered.","accessed":{"date-parts":[["2023",10,27]]},"author":[{"family":"Annunziato","given":"Mario"},{"family":"Borzì","given":"Alfio"},{"family":"Nobile","given":"Fabio"},{"family":"Tempone","given":"Raul"}],"citation-key":"annunziatoConnectionHamiltonJacobiBellmanFokkerPlanck2014","container-title":"Applied Mathematics","DOI":"10.4236/am.2014.516239","issue":"16","issued":{"date-parts":[["2014",8,29]]},"language":"en","license":"http://creativecommons.org/licenses/by/4.0/","number":"16","page":"2476-2484","publisher":"Scientific Research Publishing","source":"www.scirp.org","title":"On the Connection between the Hamilton-Jacobi-Bellman and the Fokker-Planck Control Frameworks","type":"article-journal","URL":"https://www.scirp.org/journal/paperinformation.aspx?paperid=49428","volume":"5"},{"id":"nuskenSolvingHighdimensionalHamiltonJacobiBellman2023","abstract":"Optimal control of diffusion processes is intimately connected to the problem of solving certain Hamilton-Jacobi-Bellman equations. Building on recent machine learning inspired approaches towards high-dimensional PDEs, we investigate the potential of $\\textit{iterative diffusion optimisation}$ techniques, in particular considering applications in importance sampling and rare event simulation, and focusing on problems without diffusion control, with linearly controlled drift and running costs that depend quadratically on the control. More generally, our methods apply to nonlinear parabolic PDEs with a certain shift invariance. The choice of an appropriate loss function being a central element in the algorithmic design, we develop a principled framework based on divergences between path measures, encompassing various existing methods. Motivated by connections to forward-backward SDEs, we propose and study the novel $\\textit{log-variance}$ divergence, showing favourable properties of corresponding Monte Carlo estimators. The promise of the developed approach is exemplified by a range of high-dimensional and metastable numerical examples.","accessed":{"date-parts":[["2023",10,27]]},"author":[{"family":"Nüsken","given":"Nikolas"},{"family":"Richter","given":"Lorenz"}],"citation-key":"nuskenSolvingHighdimensionalHamiltonJacobiBellman2023","DOI":"10.48550/arXiv.2005.05409","issued":{"date-parts":[["2023",1,29]]},"number":"arXiv:2005.05409","publisher":"arXiv","source":"arXiv.org","title":"Solving high-dimensional Hamilton-Jacobi-Bellman PDEs using neural networks: perspectives from the theory of controlled diffusions and measures on path space","title-short":"Solving high-dimensional Hamilton-Jacobi-Bellman PDEs using neural networks","type":"article","URL":"http://arxiv.org/abs/2005.05409"},{"id":"mitchellToolboxLevelSet2005","author":[{"family":"Mitchell","given":"Ian"}],"citation-key":"mitchellToolboxLevelSet2005","issued":{"date-parts":[["2005"]]},"language":"en","source":"Zotero","title":"A Toolbox of Level Set Methods","type":"article-journal"},{"id":"wilsonBestPracticesScientific2014","abstract":"We describe a set of best practices for scientific software development, based on research and experience, that will improve scientists' productivity and the reliability of their software.","accessed":{"date-parts":[["2023",10,27]]},"author":[{"family":"Wilson","given":"Greg"},{"family":"Aruliah","given":"D. A."},{"family":"Brown","given":"C. Titus"},{"family":"Hong","given":"Neil P. Chue"},{"family":"Davis","given":"Matt"},{"family":"Guy","given":"Richard T."},{"family":"Haddock","given":"Steven H. D."},{"family":"Huff","given":"Kathryn D."},{"family":"Mitchell","given":"Ian M."},{"family":"Plumbley","given":"Mark D."},{"family":"Waugh","given":"Ben"},{"family":"White","given":"Ethan P."},{"family":"Wilson","given":"Paul"}],"citation-key":"wilsonBestPracticesScientific2014","container-title":"PLOS Biology","container-title-short":"PLOS Biology","DOI":"10.1371/journal.pbio.1001745","ISSN":"1545-7885","issue":"1","issued":{"date-parts":[["2014",1,7]]},"language":"en","page":"e1001745","publisher":"Public Library of Science","source":"PLoS Journals","title":"Best Practices for Scientific Computing","type":"article-journal","URL":"https://journals.plos.org/plosbiology/article?id=10.1371/journal.pbio.1001745","volume":"12"},{"id":"tomlinSafetyVerificationConflict2001","abstract":"We address the problem of generating provably-safe conflict resolution maneuvers for aircraft in uncertain environments. We assume that a maneuver is composed of a sequence of flight modes, which are segments of constant heading, of constant bank angle, or of constant airspeed. Each of these flight modes has associated to it the kinematics of the aircraft, and hence the maneuver is a hybrid system. While the flight modes are defined ahead of time, their sequencing and parameter values do not necessarily have to be. We present an algorithm for generating provably safe maneuvers, which is based on a general procedure for designing controllers for hybrid systems. The result is a maneuver, proven to be safe within the limits of the models used, which is a familiar sequence of commands easily executable by the flight management systems. The maneuvers may be viewed as protocols, or “rules of the road”, and are well-defined for each conflict scenario. We present results for two example maneuvers.","accessed":{"date-parts":[["2023",10,27]]},"author":[{"family":"Tomlin","given":"C."},{"family":"Mitchell","given":"I."},{"family":"Ghosh","given":"R."}],"citation-key":"tomlinSafetyVerificationConflict2001","container-title":"IEEE Transactions on Intelligent Transportation Systems","container-title-short":"IEEE Trans. Intell. Transport. Syst.","DOI":"10.1109/6979.928722","ISSN":"15249050","issue":"2","issued":{"date-parts":[["2001",6]]},"language":"en","page":"110-120","source":"DOI.org (Crossref)","title":"Safety verification of conflict resolution manoeuvres","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/928722/","volume":"2"},{"id":"crossLevelSetMethods2008","abstract":"Most existing algorithms for approximating the reachable sets of continuous systems assume an ordinary differential equation model of system evolution. In this paper we adapt such an existing algorithm—one based on level set methods and the Hamilton-Jacobi partial differential equation—in two distinct ways to work with systems modeled by index one differential algebraic equations (DAEs). The ﬁrst method works by analytic projection of the dynamics onto the DAE’s constraint manifold, while the second works in the full dimensional state space. The two schemes are demonstrated on a nonlinear power system voltage safety problem.","accessed":{"date-parts":[["2023",10,27]]},"author":[{"family":"Cross","given":"Elizabeth Ann"},{"family":"Mitchell","given":"Ian M."}],"citation-key":"crossLevelSetMethods2008","container-title":"2008 American Control Conference","DOI":"10.1109/ACC.2008.4586828","event-place":"Seattle, WA","event-title":"2008 American Control Conference (ACC '08)","ISBN":"978-1-4244-2078-0","issued":{"date-parts":[["2008",6]]},"language":"en","page":"2260-2265","publisher":"IEEE","publisher-place":"Seattle, WA","source":"DOI.org (Crossref)","title":"Level set methods for computing reachable sets of systems with differential algebraic equation dynamics","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/4586828/"},{"id":"LevelSetMethods","accessed":{"date-parts":[["2023",10,27]]},"citation-key":"LevelSetMethods","title":"Level set methods for computing reachable sets of systems with differential algebraic equation dynamics | IEEE Conference Publication | IEEE Xplore","type":"webpage","URL":"https://ieeexplore-ieee-org.pitt.idm.oclc.org/document/4586828"},{"id":"mitchellTimedependentHamiltonJacobiFormulation2005","abstract":"We describe and implement an algorithm for computing the set of reachable states of a continuous dynamic game. The algorithm is based on a proof that the reachable set is the zero sublevel set of the viscosity solution of a particular time-dependent Hamilton–Jacobi–Isaacs partial differential equation. While alternative techniques for computing the reachable set have been proposed, the differential game formulation allows treatment of nonlinear systems with inputs and uncertain parameters. Because the time-dependent equation’s solution is continuous and deﬁned throughout the state space, methods from the level set literature can be used to generate more accurate approximations than are possible for formulations with potentially discontinuous solutions. A numerical implementation of our formulation is described and has been released on the web. Its correctness is veriﬁed through a two vehicle, three dimensional collision avoidance example for which an analytic solution is available.","accessed":{"date-parts":[["2023",10,27]]},"author":[{"family":"Mitchell","given":"I.M."},{"family":"Bayen","given":"A.M."},{"family":"Tomlin","given":"C.J."}],"citation-key":"mitchellTimedependentHamiltonJacobiFormulation2005","container-title":"IEEE Transactions on Automatic Control","container-title-short":"IEEE Trans. Automat. Contr.","DOI":"10.1109/TAC.2005.851439","ISSN":"0018-9286","issue":"7","issued":{"date-parts":[["2005",7]]},"language":"en","page":"947-957","source":"DOI.org (Crossref)","title":"A time-dependent Hamilton-Jacobi formulation of reachable sets for continuous dynamic games","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/1463302/","volume":"50"},{"id":"mitchellOverapproximatingReachableSets2003","author":[{"family":"Mitchell","given":"Ian M"},{"family":"Tomlin","given":"Claire J"}],"citation-key":"mitchellOverapproximatingReachableSets2003","container-title":"Journal of Scientific Computing","issue":"1--3","issued":{"date-parts":[["2003"]]},"language":"en","source":"Zotero","title":"Overapproximating Reachable Sets by Hamilton-Jacobi Projections","type":"article-journal","volume":"19"},{"id":"peisertSoftwareInfrastructureDevelop2023a","abstract":"Having infrastructure survive over very long stretches of time is a nontrivial task. This is either because such infrastructure needs to be built extremely well from the outset or because it requires ongoing maintenance. The former may require prohibitively large initial investments. The latter requires ongoing investment from public agencies over the span of decades or centuries despite the pendulum swings of those governments from contrasting political aims. Without either the very high initial or ongoing investment, infrastructure can fail. Physical infrastructure failure is not inevitable—consider railways in Japan, the Panama Canal, and the U.S. Interstate Highway System.","accessed":{"date-parts":[["2023",10,25]]},"author":[{"family":"Peisert","given":"Sean"}],"citation-key":"peisertSoftwareInfrastructureDevelop2023a","container-title":"IEEE Security & Privacy","DOI":"10.1109/MSEC.2023.3273492","ISSN":"1558-4046","issue":"4","issued":{"date-parts":[["2023",7]]},"page":"4-8","source":"IEEE Xplore","title":"On Software Infrastructure: Develop, Prove, Profit?","title-short":"On Software Infrastructure","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10194513","volume":"21"},{"id":"harrisonConstructingCloudBasedIDS2012","abstract":"Cloud computing has emerged in recent years as a major segment of the IT industry; however, security concerns remain the primary impediment to full-scale adoption. Leveraging properties of virtualization, virtual machine introspection (VMI) has yielded promising research for cloud security yet adoption of these approaches in production environments remains minimal due to a semantic gap: the extraction of high-level knowledge of the guest operating system's state from low-level artifacts collected out-of-VM. Within the field of forensic memory analysis (FMA), a similar semantic gap exists from the reconstruction of physical memory dumps. We implement a production oriented prototype utilizing designs that combines and narrows these semantic gaps in a modular framework to function as an intrusion detection system (IDS) detecting and defeating post-exploitation activity.","accessed":{"date-parts":[["2023",10,25]]},"author":[{"family":"Harrison","given":"Christopher"},{"family":"Cook","given":"Devin"},{"family":"McGraw","given":"Robert"},{"family":"Hamilton Jr.","given":"John A."}],"citation-key":"harrisonConstructingCloudBasedIDS2012","container-title":"2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications","DOI":"10.1109/TrustCom.2012.113","event-title":"2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications","ISSN":"2324-9013","issued":{"date-parts":[["2012",6]]},"page":"163-169","source":"IEEE Xplore","title":"Constructing a Cloud-Based IDS by Merging VMI with FMA","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/6295971?casa_token=QsolkvO1g_AAAAAA:SonsQYxySS_Sn65nJ2R6k1IBzNQXmsqWhnWG6fr47VkZIZaYD6nE6_UxBllmtLP7BEpHbIihP4E"},{"id":"askarpourFormalModelHuman2019","abstract":"Recent developments in manufacturing technologies, also known as Industry 4.0, seek to build Smart Factories where supply chains and production lines are equipped with a higher level of automation. However, this significant innovation does not entirely eliminate the need for the presence of human operators; on the contrary, it requires them to collaborate with robots and execute hybrid tasks. Thus, creating safe workspaces for human operators is crucial for the future of factories where humans and robots collaborate closely in common workspaces. The uncertainty of human behavior and, consequently, of the actual execution of workflows, pose significant challenges to the safety of collaborative applications. This paper extends our earlier work, a formal verification methodology to analyze the safety of collaborative robotics applications (Askarpour et al. 2017) [1], with a rich non-deterministic formal model of operator behaviors that captures the hazardous situations resulting from human errors. The model allows safety engineers to refine their designs until all plausible erroneous behaviors are considered and mitigated. The solidity of the proposed approach is evaluated on a pair of real-life case studies.","accessed":{"date-parts":[["2023",10,13]]},"author":[{"family":"Askarpour","given":"Mehrnoosh"},{"family":"Mandrioli","given":"Dino"},{"family":"Rossi","given":"Matteo"},{"family":"Vicentini","given":"Federico"}],"citation-key":"askarpourFormalModelHuman2019","container-title":"Robotics and Computer-Integrated Manufacturing","container-title-short":"Robotics and Computer-Integrated Manufacturing","DOI":"10.1016/j.rcim.2019.01.001","ISSN":"07365845","issued":{"date-parts":[["2019",6]]},"language":"en","page":"465-476","source":"DOI.org (Crossref)","title":"Formal model of human erroneous behavior for safety analysis in collaborative robotics","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0736584518303247","volume":"57"},{"id":"cleavelandFormallyVerifiedNextgeneration2023","abstract":"The design of aircraft collision avoidance algorithms is a subtle but important challenge that merits the need for provable safety guarantees. Obtaining such guarantees is nontrivial given the unpredictability of the interplay of the intruder aircraft decisions, the ownship pilot reactions, and the subtlety of the continuous motion dynamics of aircraft. Existing collision avoidance systems, such as TCAS and the Next-Generation Airborne Collision Avoidance System ACAS X, have been analyzed assuming severe restrictions on the intruder’s flight maneuvers, limiting their safety guarantees in real-world scenarios where the intruder may change its course.\n            This work takes a conceptually significant and practically relevant departure from existing ACAS X models by generalizing them to hybrid games with first-class representations of the ownship and intruder decisions coming from two independent players, enabling significantly advanced predictive power. By proving the existence of winning strategies for the resulting Adversarial ACAS X in differential game logic, collision-freedom is established for the rich encounters of ownship and intruder aircraft with independent decisions along differential equations for flight paths with evolving vertical/horizontal velocities. We present three classes of models of increasing complexity: single-advisory infinite-time models, bounded time models, and infinite time, multi-advisory models. Within each class of models, we identify symbolic conditions and prove that there then always is a possible ownship maneuver that will prevent a collision between the two aircraft.","accessed":{"date-parts":[["2023",10,13]]},"author":[{"family":"Cleaveland","given":"Rachel"},{"family":"Mitsch","given":"Stefan"},{"family":"Platzer","given":"André"}],"citation-key":"cleavelandFormallyVerifiedNextgeneration2023","container-title":"ACM Transactions on Embedded Computing Systems","container-title-short":"ACM Trans. Embed. Comput. Syst.","DOI":"10.1145/3544970","ISSN":"1539-9087, 1558-3465","issue":"1","issued":{"date-parts":[["2023",1,31]]},"language":"en","page":"1-30","source":"DOI.org (Crossref)","title":"Formally Verified Next-generation Airborne Collision Avoidance Games in ACAS X","type":"article-journal","URL":"https://dl.acm.org/doi/10.1145/3544970","volume":"22"},{"id":"vicentiniSafetyAssessmentCollaborative2020","abstract":"A crucial aspect of physical human–robot collaboration (HRC) is to maintain a safe common workspace for human operator. However, close proximity between human–robot and unpredictability of human behavior raises serious challenges in terms of safety. This article proposes a risk analysis methodology for collaborative robotic applications, which is compatible with well-known standards in the area and relies on formal veriﬁcation techniques to automate the traditional risk analysis methods. In particular, the methodology relies on temporal logic-based models to describe the different possible ways in which tasks can be carried out, and on fully automated formal veriﬁcation techniques to explore the corresponding state space to detect and modify the hazardous situations at early stages of system design.","accessed":{"date-parts":[["2023",10,13]]},"author":[{"family":"Vicentini","given":"Federico"},{"family":"Askarpour","given":"Mehrnoosh"},{"family":"Rossi","given":"Matteo G."},{"family":"Mandrioli","given":"Dino"}],"citation-key":"vicentiniSafetyAssessmentCollaborative2020","container-title":"IEEE Transactions on Robotics","container-title-short":"IEEE Trans. Robot.","DOI":"10.1109/TRO.2019.2937471","ISSN":"1552-3098, 1941-0468","issue":"1","issued":{"date-parts":[["2020",2]]},"language":"en","page":"42-61","source":"DOI.org (Crossref)","title":"Safety Assessment of Collaborative Robotics Through Automated Formal Verification","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8844289/","volume":"36"},{"id":"STALIROTALIROTOOLS","abstract":"TALIRO (TemporAl LogIC RObustness) tools is a suit of tools for the analysis of continuous and hybrid dynamical systems using linear time temporal logics.","accessed":{"date-parts":[["2023",10,13]]},"citation-key":"STALIROTALIROTOOLS","title":"S-TALIRO - TALIRO-TOOLS","type":"webpage","URL":"https://sites.google.com/a/asu.edu/s-taliro/s-taliro"},{"id":"TALIROTOOLS","abstract":"TALIRO (TemporAl LogIC RObustness) tools is a suit of tools for the analysis of continuous and hybrid dynamical systems using linear time temporal logics.","accessed":{"date-parts":[["2023",10,13]]},"citation-key":"TALIROTOOLS","title":"TALIRO-TOOLS","type":"webpage","URL":"https://sites.google.com/a/asu.edu/s-taliro/"},{"id":"bansalIntroductionReachability","author":[{"family":"Bansal","given":"Somil"}],"citation-key":"bansalIntroductionReachability","language":"en","source":"Zotero","title":"Introduction to Reachability","type":"article-journal"},{"id":"rufferConvergentSystemsVs2013","abstract":"Two similar stability notions are considered; one is the long established notion of convergent systems, the other is the younger notion of incremental stability. Both notions require that any two solutions of a system converge to each other. Yet these stability concepts are different, in the sense that none implies the other, as is shown in this paper using two examples. It is shown under what additional assumptions one property indeed implies the other. Furthermore, this paper contains necessary and sufficient characterizations of both properties in terms of Lyapunov functions.","accessed":{"date-parts":[["2023",10,13]]},"author":[{"family":"Rüffer","given":"Björn S."},{"family":"Van De Wouw","given":"Nathan"},{"family":"Mueller","given":"Markus"}],"citation-key":"rufferConvergentSystemsVs2013","container-title":"Systems & Control Letters","container-title-short":"Systems & Control Letters","DOI":"10.1016/j.sysconle.2012.11.015","ISSN":"01676911","issue":"3","issued":{"date-parts":[["2013",3]]},"language":"en","page":"277-285","source":"DOI.org (Crossref)","title":"Convergent systems vs. incremental stability","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0167691112002393","volume":"62"},{"id":"chenTaylorModelFlowpipe2012","abstract":"We propose an approach for verifying non-linear hybrid systems using higher-order Taylor models that are a combination of bounded degree polynomials over the initial conditions and time, bloated by an interval. Taylor models are an effective means for computing rigorous bounds on the complex time trajectories of non-linear differential equations. As a result, Taylor models have been successfully used to verify properties of non-linear continuous systems. However, the handling of discrete (controller) transitions remains a challenging problem.","accessed":{"date-parts":[["2023",10,13]]},"author":[{"family":"Chen","given":"Xin"},{"family":"Abraham","given":"Erika"},{"family":"Sankaranarayanan","given":"Sriram"}],"citation-key":"chenTaylorModelFlowpipe2012","container-title":"2012 IEEE 33rd Real-Time Systems Symposium","DOI":"10.1109/RTSS.2012.70","event-place":"San Juan, PR, USA","event-title":"2012 IEEE 33rd Real-Time Systems Symposium (RTSS)","ISBN":"978-1-4673-3098-5","issued":{"date-parts":[["2012",12]]},"language":"en","page":"183-192","publisher":"IEEE","publisher-place":"San Juan, PR, USA","source":"DOI.org (Crossref)","title":"Taylor Model Flowpipe Construction for Non-linear Hybrid Systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/6424802/"},{"id":"ToolboxLevelSet","citation-key":"ToolboxLevelSet","title":"A Toolbox of Level Set Methods","type":"webpage","URL":"https://pdfs.semanticscholar.org/f7f4/aa142f6beff42a95d6254289400a6038774e.pdf"},{"id":"chenFlowAnalyzerNonlinear2013","abstract":"The tool Flow* performs Taylor model-based flowpipe construction for non-linear (polynomial) hybrid systems. Flow* combines well-known Taylor model arithmetic techniques for guaranteed approximations of the continuous dynamics in each mode with a combination of approaches for handling mode invariants and discrete transitions. Flow* supports a wide variety of optimizations including adaptive step sizes, adaptive selection of approximation orders and the heuristic selection of template directions for aggregating flowpipes. This paper describes Flow* and demonstrates its performance on a series of non-linear continuous and hybrid system benchmarks. Our comparisons show that Flow* is competitive with other tools.","author":[{"family":"Chen","given":"Xin"},{"family":"Ábrahám","given":"Erika"},{"family":"Sankaranarayanan","given":"Sriram"}],"citation-key":"chenFlowAnalyzerNonlinear2013","collection-title":"Lecture Notes in Computer Science","container-title":"Computer Aided Verification","DOI":"10.1007/978-3-642-39799-8_18","editor":[{"family":"Sharygina","given":"Natasha"},{"family":"Veith","given":"Helmut"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-642-39799-8","issued":{"date-parts":[["2013"]]},"language":"en","page":"258-263","publisher":"Springer","publisher-place":"Berlin, Heidelberg","source":"Springer Link","title":"Flow*: An Analyzer for Non-linear Hybrid Systems","title-short":"Flow*","type":"paper-conference"},{"id":"SpaceExStateSpace","accessed":{"date-parts":[["2023",10,12]]},"citation-key":"SpaceExStateSpace","title":"SpaceEx | State Space Explorer","type":"webpage","URL":"http://spaceex.imag.fr/"},{"id":"outlierDiffusionModelsPyTorch2022","abstract":"Diffusion Models are generative models just like GANs. In recent times many state-of-the-art works have been released that build on top of diffusion models such as #dalle , #imagen or #stablediffusion . In this video I'm coding a PyTorch implementation of diffusion models in a very easy and straightforward way. At first I'm showing how to implement an unconditional version and subsequently train it. After that I'm explaining 2 popular improvements for diffusion models: classifier free guidance and exponential moving average. I'm also going to implement both updates and train a conditional model on CIFAR-10 and afterwards compare the different results.\n\nCode: https://github.com/dome272/Diffusion-...\n\n#diffusion #dalle2 #dalle #imagen #stablediffusion\n\n00:00 Introduction\n02:05 Recap\n03:16 Diffusion Tools\n07:22 UNet\n13:07 Training Loop\n15:44 Unconditional Results\n16:05 Classifier Free Guidance\n19:16 Exponential Moving Average\n21:05 Conditional Results\n21:51 Github Code & Outro\n\nFurther Reading:\n1. Paper: https://arxiv.org/pdf/1503.03585.pdf\n2. Paper: https://arxiv.org/pdf/2006.11239.pdf\n3. Paper: https://arxiv.org/pdf/2102.09672.pdf\n4. Paper: https://arxiv.org/pdf/2105.05233.pdf\n5. CFG: https://arxiv.org/pdf/2207.12598.pdf\n6. Timestep Embedding: https://machinelearningmastery.com/a-...\n\nFollow me on instagram lol: https://www.instagram.com/dome271","accessed":{"date-parts":[["2023",10,11]]},"citation-key":"outlierDiffusionModelsPyTorch2022","dimensions":"22:25","director":[{"literal":"Outlier"}],"issued":{"date-parts":[["2022",9,20]]},"source":"YouTube","title":"Diffusion Models | PyTorch Implementation","type":"motion_picture","URL":"https://www.youtube.com/watch?v=TBCRlnwJtZU"},{"id":"wengAutoencoderBetaVAE2018","abstract":"[Updated on 2019-07-18: add a section on VQ-VAE & VQ-VAE-2.]  [Updated on 2019-07-26: add a section on TD-VAE.] \nAutocoder is invented to reconstruct high-dimensional data using a neural network model with a narrow bottleneck layer in the middle (oops, this is probably not true for Variational Autoencoder, and we will investigate it in details in later sections). A nice byproduct is dimension reduction: the bottleneck layer captures a compressed latent encoding.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Weng","given":"Lilian"}],"citation-key":"wengAutoencoderBetaVAE2018","issued":{"date-parts":[["2018",8,12]]},"language":"en","section":"posts","title":"From Autoencoder to Beta-VAE","type":"webpage","URL":"https://lilianweng.github.io/posts/2018-08-12-vae/"},{"id":"lundbergUnifiedApproachInterpreting2017","abstract":"Understanding why a model makes a certain prediction can be as crucial as the prediction’s accuracy in many applications. However, the highest accuracy for large modern datasets is often achieved by complex models that even experts struggle to interpret, such as ensemble or deep learning models, creating a tension between accuracy and interpretability. In response, various methods have recently been proposed to help users interpret the predictions of complex models, but it is often unclear how these methods are related and when one method is preferable over another. To address this problem, we present a uniﬁed framework for interpreting predictions, SHAP (SHapley Additive exPlanations). SHAP assigns each feature an importance value for a particular prediction. Its novel components include: (1) the identiﬁcation of a new class of additive feature importance measures, and (2) theoretical results showing there is a unique solution in this class with a set of desirable properties. The new class uniﬁes six existing methods, notable because several recent methods in the class lack the proposed desirable properties. Based on insights from this uniﬁcation, we present new methods that show improved computational performance and/or better consistency with human intuition than previous approaches.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Lundberg","given":"Scott"},{"family":"Lee","given":"Su-In"}],"citation-key":"lundbergUnifiedApproachInterpreting2017","issued":{"date-parts":[["2017",11,24]]},"language":"en","number":"arXiv:1705.07874","publisher":"arXiv","source":"arXiv.org","title":"A Unified Approach to Interpreting Model Predictions","type":"article","URL":"http://arxiv.org/abs/1705.07874"},{"id":"gheorghiubobaruAutomatedAssumeGuaranteeReasoning2008","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Gheorghiu Bobaru","given":"Mihaela"},{"family":"Păsăreanu","given":"Corina S."},{"family":"Giannakopoulou","given":"Dimitra"}],"citation-key":"gheorghiubobaruAutomatedAssumeGuaranteeReasoning2008","container-title":"Computer Aided Verification","DOI":"10.1007/978-3-540-70545-1_14","editor":[{"family":"Gupta","given":"Aarti"},{"family":"Malik","given":"Sharad"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-540-70543-7 978-3-540-70545-1","ISSN":"0302-9743, 1611-3349","issued":{"date-parts":[["2008"]]},"language":"en","page":"135-148","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"Automated Assume-Guarantee Reasoning by Abstraction Refinement","type":"chapter","URL":"http://link.springer.com/10.1007/978-3-540-70545-1_14","volume":"5123"},{"id":"wangFormalModelBasedDesign2019","abstract":"The model-based approach has been widely applied to the design of software. However, most of these approaches depend on simulation and manual code implementation, which reduces the efﬁciency and quality of software. In this paper, we present a new model-based approach, which automatically generates the executable C++ code running on the popular Robot Operation System (ROS). Our approach consists of three phases: modeling, veriﬁcation, and automatic code generation. In the modeling phase, the internal interaction behaviors of robot systems are modeled as a network of timed automata. In the veriﬁcation phase, the safety requirements are formalized and veriﬁed. In the code generation phase, a code generation tool can generate executable C++ code from the veriﬁed timed automata model. It bridges the gap between the formal model and the error-prone system implementation. Compared with existing method, the code generator provides the abstractions and mapping of ROS instructions, which realize the seamless connection between the generated code and ROS. The tool also supports most of the complex structures and advanced features of timed automata such as timer, committed location, and synchronous action. For evaluation, a real-industrial robot application of grasping a cup is conducted using our modelbased design method, and the generated code can be directly deployed and successfully accomplishes the grasping task.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Wang","given":"Rui"},{"family":"Guan","given":"Yong"},{"family":"Song","given":"Houbing"},{"family":"Li","given":"Xinxin"},{"family":"Li","given":"Xiaojuan"},{"family":"Shi","given":"Zhiping"},{"family":"Song","given":"Xiaoyu"}],"citation-key":"wangFormalModelBasedDesign2019","container-title":"IEEE Systems Journal","container-title-short":"IEEE Systems Journal","DOI":"10.1109/JSYST.2018.2867285","ISSN":"1932-8184, 1937-9234, 2373-7816","issue":"1","issued":{"date-parts":[["2019",3]]},"language":"en","page":"1096-1107","source":"DOI.org (Crossref)","title":"A Formal Model-Based Design Method for Robotic Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/8464674/","volume":"13"},{"id":"terbeekFormalMethodsTools2022","abstract":"Formal methods and tools have become well established and widely applied to ensure the correctness of fundamental components of industrial critical systems in domains like railways, avionics and automotive. In this Introduction to the special issue, we outline a number of recent achievements concerning the use of formal methods and tools for the speciﬁcation and veriﬁcation of critical systems from a variety of industrial domains. These achievements are represented by eight properly revised and extended versions of papers that were selected from the 24th and 25th International Conference on Formal Methods for Industrial Critical Systems (FMICS 2019 and FMICS 2020).","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Ter Beek","given":"Maurice H."},{"family":"Larsen","given":"Kim G."},{"family":"Ničković","given":"Dejan"},{"family":"Willemse","given":"Tim A. C."}],"citation-key":"terbeekFormalMethodsTools2022","container-title":"International Journal on Software Tools for Technology Transfer","container-title-short":"Int J Softw Tools Technol Transfer","DOI":"10.1007/s10009-022-00660-4","ISSN":"1433-2779, 1433-2787","issue":"3","issued":{"date-parts":[["2022",6]]},"language":"en","page":"325-330","source":"DOI.org (Crossref)","title":"Formal methods and tools for industrial critical systems","type":"article-journal","URL":"https://link.springer.com/10.1007/s10009-022-00660-4","volume":"24"},{"id":"sleitiDigitalTwinEnergy2022","abstract":"The complex future power plants require digital twin (DT) architecture to achieve high reliability, availability and maintainability at lower cost. The available research on DT for power plants is limited and lacks details on DT comprehensiveness and robustness. The main focus of the present study is to propose a comprehensive and robust DT architecture for power plants that can also be used for other similar complex capital-intensive large engineering systems. First, overviews are conducted for DT key research and development for power plants and related energy savings applications to provide current status, guidelines and research gaps. Then, the requirements and rules for the power plant DT are established and the major DT components are determined. These components include the physics-based formulations; the statistical analysis of data from the sensor network; the realtime data; the pre-performed localized in-depth simulations to predict activities of the corresponding physical twin; and the system Genome with a digital thread that connects all these components together. Recommendations and future directions are made for the power plant DT development including the need for real data and physical description of the overall system focusing on each component individually and on the overall connections. Data-driven algorithms with capabilities to predict the system’s dynamic behavior still need to be developed. The data-driven approach alone is not sufficient and a low-order physics based model should operate in tandem with the updated latest system parameters to allow interpretation and enhancing the results from the data-driven process. Discrepancies between the dynamic system models (DSM) and anomaly detection and deep learning (ADL) require in-depth localized off-line simulations. Furthermore, this paper demonstrates the advantages of the developed ADL algorithm approach and DSM prediction of the DT using vector autoregressive model for anomaly detection in utility gas turbines with data from an operational power plant.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Sleiti","given":"Ahmad K."},{"family":"Kapat","given":"Jayanta S."},{"family":"Vesely","given":"Ladislav"}],"citation-key":"sleitiDigitalTwinEnergy2022","container-title":"Energy Reports","container-title-short":"Energy Reports","DOI":"10.1016/j.egyr.2022.02.305","ISSN":"23524847","issued":{"date-parts":[["2022",11]]},"language":"en","page":"3704-3726","source":"DOI.org (Crossref)","title":"Digital twin in energy industry: Proposed robust digital twin for power plant and other complex capital-intensive large engineering systems","title-short":"Digital twin in energy industry","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S2352484722005522","volume":"8"},{"id":"sangiovanni-vincentelliTamingDrFrankenstein2012a","abstract":"Cyber-physical systems combine a cyber side (computing and networking) with a physical side (mechanical, electrical, and chemical processes). In many cases, the cyber component controls the physical side using sensors and actuators that observe the physical system and actuate the controls. Such systems present the biggest challenges as well as the biggest opportunities in several large industries, including electronics, energy, automotive, defense and aerospace, telecommunications, instrumentation, industrial automation.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Sangiovanni-Vincentelli","given":"Alberto"},{"family":"Damm","given":"Werner"},{"family":"Passerone","given":"Roberto"}],"citation-key":"sangiovanni-vincentelliTamingDrFrankenstein2012a","container-title":"European Journal of Control","container-title-short":"European Journal of Control","DOI":"10.3166/ejc.18.217-238","ISSN":"09473580","issue":"3","issued":{"date-parts":[["2012",1]]},"language":"en","page":"217-238","source":"DOI.org (Crossref)","title":"Taming Dr. Frankenstein: Contract-Based Design for Cyber-Physical Systems*","title-short":"Taming Dr. Frankenstein","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0947358012709433","volume":"18"},{"id":"leeCyberPhysicalSystems","abstract":"Cyber-Physical Systems (CPS) are integrations of computation and physical processes. Embedded computers and networks monitor and control the physical processes, usually with feedback loops where physical processes affect computations and vice versa. The economic and societal potential of such systems is vastly greater than what has been realized, and major investments are being made worldwide to develop the technology. There are considerable challenges, particularly because the physical components of such systems introduce safety and reliability requirements qualitatively different from those in generalpurpose computing. Moreover, physical components are qualitatively different from object-oriented software components. Standard abstractions based on method calls and threads do not work. This paper examines the challenges in designing such systems, and in particular raises the question of whether today’s computing and networking technologies provide an adequate foundation for CPS. It concludes that it will not be sufﬁcient to improve design processes, raise the level of abstraction, or verify (formally or otherwise) designs that are built on today’s abstractions. To realize the full potential of CPS, we will have to rebuild computing and networking abstractions. These abstractions will have to embrace physical dynamics and computation in a uniﬁed way.","author":[{"family":"Lee","given":"Edward A"}],"citation-key":"leeCyberPhysicalSystems","language":"en","source":"Zotero","title":"Cyber Physical Systems: Design Challenges","type":"article-journal"},{"id":"derlerModelingCyberPhysical2012","abstract":"This paper focuses on the challenges of modeling cyber–physical systems (CPSs) that arise from the intrinsic heterogeneity, concurrency, and sensitivity to timing of such systems. It uses a portion of an aircraft vehicle management system (VMS), specifically the fuel management subsystem, to illustrate the challenges, and then discusses technologies that at least partially address the challenges. Specific technologies described include hybrid system modeling and simulation, concurrent and heterogeneous models of computation, the use of domain-specific ontologies to enhance modularity, and the joint modeling of functionality and implementation architectures.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Derler","given":"P."},{"family":"Lee","given":"E. A."},{"family":"Vincentelli","given":"A. S."}],"citation-key":"derlerModelingCyberPhysical2012","container-title":"Proceedings of the IEEE","container-title-short":"Proc. IEEE","DOI":"10.1109/JPROC.2011.2160929","ISSN":"0018-9219, 1558-2256","issue":"1","issued":{"date-parts":[["2012",1]]},"language":"en","page":"13-28","source":"DOI.org (Crossref)","title":"Modeling Cyber–Physical Systems","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/5995279/","volume":"100"},{"id":"bernardiSecurityModellingFormal2021","abstract":"The modelling and verification of systems security is an open research topic whose complexity and importance needs, in our view, the use of formal and non-formal methods. This paper addresses the modelling of security using misuse cases and the automatic verification of survivability properties using model checking. The survivability of a system characterises its capacity to fulfil its mission (promptly) in the presence of attacks, failures, or accidents, as defined by Ellison. The original contributions of this paper are a methodology and its tool support, through a framework called surreal. The methodology starts from a misuse case specification enriched with UML profile annotations and obtains, as a byproduct, a survivability assessment model (SAM). Using predefined queries the survivability properties are proved in the SAM. A total of fourteen properties have been formulated and also implemented in surreal, which encompasses tools to model the security specification, to create the SAM and to prove the properties. Finally, the paper validates the methodology and the framework using a cyber–physical system (CPS) case study, in the automotive field.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Bernardi","given":"S."},{"family":"Gentile","given":"U."},{"family":"Marrone","given":"S."},{"family":"Merseguer","given":"J."},{"family":"Nardone","given":"R."}],"citation-key":"bernardiSecurityModellingFormal2021","container-title":"Journal of Systems and Software","container-title-short":"Journal of Systems and Software","DOI":"10.1016/j.jss.2020.110746","ISSN":"01641212","issued":{"date-parts":[["2021",1]]},"language":"en","page":"110746","source":"DOI.org (Crossref)","title":"Security modelling and formal verification of survivability properties: Application to cyber–physical systems","title-short":"Security modelling and formal verification of survivability properties","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0164121220301710","volume":"171"},{"id":"arrietaExplainableArtificialIntelligence2020","author":[{"family":"Arrieta","given":"Alejandro Barredo"},{"family":"Díaz-Rodríguez","given":"Natalia"},{"family":"Del Ser","given":"Javier"},{"family":"Bennetot","given":"Adrien"},{"family":"Tabik","given":"Siham"},{"family":"Barbado","given":"Alberto"},{"family":"García","given":"Salvador"},{"family":"Gil-López","given":"Sergio"},{"family":"Molina","given":"Daniel"},{"family":"Benjamins","given":"Richard"}],"citation-key":"arrietaExplainableArtificialIntelligence2020","container-title":"Information fusion","ISBN":"1566-2535","issued":{"date-parts":[["2020"]]},"page":"82-115","publisher":"Elsevier","title":"Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI","type":"article-journal","volume":"58"},{"id":"ahmedTravelTimePrediction2021","abstract":"Travel time information is used as input or auxiliary data for tasks such as dynamic navigation, infrastructure planning, congestion control, and accident detection. Various data-driven Travel Time Prediction (TTP) methods have been proposed in recent years. One of the most challenging tasks in TTP is developing and selecting the most appropriate prediction algorithm. The existing studies that empirically compare different TTP models only use a few models with speciﬁc features. Moreover, there is a lack of research on explaining TTPs made by black-box models. Such explanations can help to tune and apply TTP methods successfully. To ﬁll these gaps in the current TTP literature, using three data sets, we compare three types of TTP methods (ensemble tree-based learning, deep neural networks, and hybrid models) and ten different prediction algorithms overall. Furthermore, we apply XAI (Explainable Artiﬁcial Intelligence) methods (SHAP and LIME) to understand and interpret models’ predictions. The prediction accuracy and reliability for all models are evaluated and compared. We observed that the ensemble learning methods, i.e., XGBoost and LightGBM, are the best performing models over the three data sets, and XAI methods can adequately explain how various spatial and temporal features inﬂuence travel time.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Ahmed","given":"Irfan"},{"family":"Kumara","given":"Indika"},{"family":"Reshadat","given":"Vahideh"},{"family":"Kayes","given":"A. S. M."},{"family":"Van Den Heuvel","given":"Willem-Jan"},{"family":"Tamburri","given":"Damian A."}],"citation-key":"ahmedTravelTimePrediction2021","container-title":"Electronics","container-title-short":"Electronics","DOI":"10.3390/electronics11010106","ISSN":"2079-9292","issue":"1","issued":{"date-parts":[["2021",12,29]]},"language":"en","page":"106","source":"DOI.org (Crossref)","title":"Travel Time Prediction and Explanation with Spatio-Temporal Features: A Comparative Study","title-short":"Travel Time Prediction and Explanation with Spatio-Temporal Features","type":"article-journal","URL":"https://www.mdpi.com/2079-9292/11/1/106","volume":"11"},{"id":"wangFormalAnalysisSecurity2017","abstract":"For the research and development of CyberPhysical System (CPS), the security problems have gradually emerged. This paper explores the design of security for CPS. We focus on a kind of common attacks that destroys the critical system parameters to paralyze the system. Timed Automata are used for formalizing the behaviors of CPS, since the requirements on time are necessary for CPS. The modeling of CPS includes three aspects: the interactions between the various components of the CPS, the attacker, and the recovery mechanism. A modeling framework is given to illustrate our method. We also take the network water level control system as an example to illustrate our modeling processes. By using the model checking tool PAT, the security properties are verified and the results are analyzed.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Wang","given":"Ting"},{"family":"Su","given":"Qi"},{"family":"Chen","given":"Tieming"}],"citation-key":"wangFormalAnalysisSecurity2017","container-title":"2017 IEEE Second International Conference on Data Science in Cyberspace (DSC)","DOI":"10.1109/DSC.2017.44","event-place":"Shenzhen, China","event-title":"2017 IEEE Second International Conference on Data Science in Cyberspace (DSC)","ISBN":"978-1-5386-1600-0","issued":{"date-parts":[["2017",6]]},"language":"en","page":"534-540","publisher":"IEEE","publisher-place":"Shenzhen, China","source":"DOI.org (Crossref)","title":"Formal Analysis of Security Properties of Cyber-Physical System Based on Timed Automata","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/8005528/"},{"id":"shresthaModelCheckingSecurity2018","abstract":"With the increasing inter-connection of operation technology to the IT network, the security threat to the Industrial Control System (ICS) is increasing daily. Therefore, it is critical to utilize formal verification technique such as model checking to mathematically prove the correctness of security and safety requirements in the controller logic before it is deployed on the field. However, model checking requires considerable effort for regular ICS users and control technician to verify properties . This paper, provides a simpler approach to the model checking of temperature process control system by first starting with the control module design without formal verification. Second, identifying possible vulnerabilities in such design. Third, verifying the safety and security properties with a formal method.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Shrestha","given":"Roshan"},{"family":"Mehrpouyan","given":"Hoda"},{"family":"Xu","given":"Dianxiang"}],"citation-key":"shresthaModelCheckingSecurity2018","container-title":"Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy","DOI":"10.1145/3176258.3176949","event-place":"Tempe AZ USA","event-title":"CODASPY '18: Eighth ACM Conference on Data and Application Security and Privacy","ISBN":"978-1-4503-5632-9","issued":{"date-parts":[["2018",3,13]]},"language":"en","page":"164-166","publisher":"ACM","publisher-place":"Tempe AZ USA","source":"DOI.org (Crossref)","title":"Model Checking of Security Properties in Industrial Control Systems (ICS)","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3176258.3176949"},{"id":"qinFormalModelingVerification2017","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Qin","given":"Boya"},{"family":"Liu","given":"Dong"},{"family":"Cao","given":"Min"},{"family":"Zou","given":"Jingxi"}],"citation-key":"qinFormalModelingVerification2017","container-title":"2017 IEEE Conference on Energy Internet and Energy System Integration (EI2)","DOI":"10.1109/EI2.2017.8245721","event-place":"Beijing","event-title":"2017 IEEE Conference on Energy Internet and Energy System Integration (EI2)","ISBN":"978-1-5386-1427-3","issued":{"date-parts":[["2017",11]]},"language":"en","page":"1-6","publisher":"IEEE","publisher-place":"Beijing","source":"DOI.org (Crossref)","title":"Formal modeling and verification of flexible load control for power grid CPS based on differential dynamic logic","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/8245721/"},{"id":"nuzzoContractbasedDesignControl2014a","abstract":"We introduce a platform-based design methodology that addresses the complexity and heterogeneity of cyber-physical systems by using assume-guarantee contracts to formalize the design process and enable realization of control protocols in a hierarchical and compositional manner. Given the architecture of the physical plant to be controlled, the design is carried out as a sequence of reﬁnement steps from an initial speciﬁcation to a ﬁnal implementation, including synthesis from requirements and mapping of higher-level functional and nonfunctional models into a set of candidate solutions built out of a library of components at the lower level. Initial top-level requirements are captured as contracts and expressed using linear temporal logic (LTL) and signal temporal logic (STL) formulas to enable requirement analysis and early detection of inconsistencies. Requirements are then reﬁned into a controller architecture by combining reactive synthesis steps from LTL speciﬁcations with simulation-based design space exploration steps. We demonstrate our approach on the design of embedded controllers for aircraft electric power distribution.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Nuzzo","given":"Pierluigi"},{"family":"Finn","given":"John B."},{"family":"Iannopollo","given":"Antonio"},{"family":"Sangiovanni-Vincentelli","given":"Alberto L."}],"citation-key":"nuzzoContractbasedDesignControl2014a","container-title":"Design, Automation & Test in Europe Conference & Exhibition (DATE), 2014","DOI":"10.7873/DATE.2014.072","event-place":"Dresden, Germany","event-title":"Design Automation and Test in Europe","ISBN":"978-3-9815370-2-4","issued":{"date-parts":[["2014"]]},"language":"en","page":"1-4","publisher":"IEEE Conference Publications","publisher-place":"Dresden, Germany","source":"DOI.org (Crossref)","title":"Contract-based design of control protocols for safety-critical cyber-physical systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6800273"},{"id":"kumarModelingVerificationTimed2016","abstract":"Cyber Physical Systems are composition of physical processes and discrete computational elements. Modeling and veriﬁcation of such systems require mechanisms that incorporate continuos behaviour for monitoring physical events and descrete behaviour for computational elements. Passage of time is a fundamental property to be modelled and hybrid systems incorporate this aspect directly in the automaton of the model. In this paper a validation model for a timed automata is modeled using PROMELA and is veriﬁed using Spin model checker. The novelty of the proposed work is an attempt to model timed automata based hybrid systems using the basic constructs of PROMELA. Veriﬁcation of safety and correctness properties of a trafﬁc controller modeled as a hybrid system is attempted. Further a trafﬁc light controller protocol consisting of four such controllers are introduced,their interactions and properties were veriﬁed. The proposed work provide an easy and effective way to build protocols for timed automaton based systems using Spin Model Checker.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Kumar","given":"N Suresh"},{"family":"Kumar","given":"G Santhosh"}],"citation-key":"kumarModelingVerificationTimed2016","container-title":"2016 IEEE Annual India Conference (INDICON)","DOI":"10.1109/INDICON.2016.7839011","event-place":"Bangalore, India","event-title":"2016 IEEE Annual India Conference (INDICON)","ISBN":"978-1-5090-3646-2","issued":{"date-parts":[["2016",12]]},"language":"en","page":"1-8","publisher":"IEEE","publisher-place":"Bangalore, India","source":"DOI.org (Crossref)","title":"Modeling and verification of timed automaton based hybrid systems using spin model checker","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7839011/"},{"id":"gaborSimulationBasedArchitectureSmart2016","abstract":"In order to accurately predict future states of a smart cyber-physical system, which can change its behavior to a large degree in response to environmental inﬂuences, the existence of precise models of the system and its surroundings is demandable. In machine engineering, ultra-high ﬁdelity simulations have been developed to better understand both constraints in system design and possible consequences of external inﬂuences during the system’s operation. These digital twins enable further applications in software design for complex cyberphysical systems as online planning methods can utilize good simulations to continuously optimize the system behavior, yielding a software architecture framework based on the information ﬂow between the cyber-physical system, its physical environment and the digital twin model.","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Gabor","given":"Thomas"},{"family":"Belzner","given":"Lenz"},{"family":"Kiermeier","given":"Marie"},{"family":"Beck","given":"Michael Till"},{"family":"Neitz","given":"Alexander"}],"citation-key":"gaborSimulationBasedArchitectureSmart2016","container-title":"2016 IEEE International Conference on Autonomic Computing (ICAC)","DOI":"10.1109/ICAC.2016.29","event-place":"Wuerzburg, Germany","event-title":"2016 IEEE International Conference on Autonomic Computing (ICAC)","ISBN":"978-1-5090-1654-9","issued":{"date-parts":[["2016",7]]},"language":"en","page":"374-379","publisher":"IEEE","publisher-place":"Wuerzburg, Germany","source":"DOI.org (Crossref)","title":"A Simulation-Based Architecture for Smart Cyber-Physical Systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7573168/"},{"id":"fitzgeraldCyberPhysicalSystemsDesign2015","abstract":"The engineering of dependable cyber-physical systems (CPSs) is inherently collaborative, demanding cooperation between diverse disciplines. A goal of current research is the development of integrated tool chains for model-based CPS design that support co-modelling, analysis, co-simulation, testing and implementation. We discuss the role of formal methods in addressing three key aspects of this goal: providing reasoning support for semantically heterogeneous models, managing the complexity and scale of design space exploration, and supporting traceability and provenance in the CPS design set. We brieﬂy outline an approach to the development of such a tool chain based on existing tools and discuss ongoing challenges and open research questions in this area.","accessed":{"date-parts":[["2023",10,10]]},"author":[{"family":"Fitzgerald","given":"John"},{"family":"Gamble","given":"Carl"},{"family":"Larsen","given":"Peter Gorm"},{"family":"Pierce","given":"Kenneth"},{"family":"Woodcock","given":"Jim"}],"citation-key":"fitzgeraldCyberPhysicalSystemsDesign2015","container-title":"2015 IEEE/ACM 3rd FME Workshop on Formal Methods in Software Engineering","DOI":"10.1109/FormaliSE.2015.14","event-place":"Florence, Italy","event-title":"2015 IEEE/ACM 3rd FME Workshop on Formal Methods in Software Engineering (FormaliSE)","ISBN":"978-1-4673-7043-1","issued":{"date-parts":[["2015",5]]},"language":"en","page":"40-46","publisher":"IEEE","publisher-place":"Florence, Italy","source":"DOI.org (Crossref)","title":"Cyber-Physical Systems Design: Formal Foundations, Methods and Integrated Tool Chains","title-short":"Cyber-Physical Systems Design","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/7166696/"},{"id":"caleroAutonomicTrustedComputing2011","accessed":{"date-parts":[["2023",10,11]]},"citation-key":"caleroAutonomicTrustedComputing2011","collection-title":"Lecture Notes in Computer Science","DOI":"10.1007/978-3-642-23496-5","editor":[{"family":"Calero","given":"Jose M. Alcaraz"},{"family":"Yang","given":"Laurence T."},{"family":"Mármol","given":"Félix Gómez"},{"family":"García Villalba","given":"Luis Javier"},{"family":"Li","given":"Andy Xiaolin"},{"family":"Wang","given":"Yan"}],"event-place":"Berlin, Heidelberg","ISBN":"978-3-642-23495-8 978-3-642-23496-5","issued":{"date-parts":[["2011"]]},"language":"en","publisher":"Springer Berlin Heidelberg","publisher-place":"Berlin, Heidelberg","source":"DOI.org (Crossref)","title":"Autonomic and Trusted Computing","type":"book","URL":"http://link.springer.com/10.1007/978-3-642-23496-5","volume":"6906"},{"id":"agencyAssessmentManagementAgeing2007","accessed":{"date-parts":[["2023",10,11]]},"author":[{"family":"Agency","given":"International Atomic Energy"}],"citation-key":"agencyAssessmentManagementAgeing2007","genre":"Text","ISBN":"9789201051073","issued":{"date-parts":[["2007"]]},"language":"en","page":"1-74","publisher":"International Atomic Energy Agency","source":"www.iaea.org","title":"Assessment and Management of Ageing of Major Nuclear Power Plant Components Important to Safety: PWR Vessel Internals","title-short":"Assessment and Management of Ageing of Major Nuclear Power Plant Components Important to Safety","type":"report","URL":"https://www.iaea.org/publications/7740/assessment-and-management-of-ageing-of-major-nuclear-power-plant-components-important-to-safety-pwr-vessel-internals"},{"id":"khattakReviewCyberSecurity2017","author":[{"family":"Khattak","given":"Muhammad Adil"},{"family":"Shaharuddin","given":"Muhammad Khairy Harmaini"},{"family":"Haris","given":"Muhammad Saiful Islam"},{"family":"Aminuddin","given":"Muhammad Zuhaili Mohammad"},{"family":"Azhar","given":"Nik Mohamad Amirul Nik"},{"family":"Ahmad","given":"Nik Muhammad Hakimi Nik"}],"citation-key":"khattakReviewCyberSecurity2017","container-title":"Journal of Advanced Research in Applied Sciences and Engineering Technology","ISBN":"2462-1943","issue":"1","issued":{"date-parts":[["2017"]]},"page":"43-54","title":"Review of cyber security applications in nuclear power plants","type":"article-journal","volume":"7"},{"id":"chanReasoningBayesianNetwork2012","author":[{"family":"Chan","given":"Hei"},{"family":"Darwiche","given":"Adnan"}],"citation-key":"chanReasoningBayesianNetwork2012","container-title":"arXiv preprint arXiv:1212.2470","issued":{"date-parts":[["2012"]]},"title":"Reasoning about Bayesian network classifiers","type":"article-journal"},{"id":"commissionCyberSecurityPrograms2010","author":[{"family":"Commission","given":"US Nuclear Regulatory"}],"citation-key":"commissionCyberSecurityPrograms2010","issued":{"date-parts":[["2010"]]},"publisher":"US Nuclear Regulatory Commission, Office of Nuclear Regulatory Research","title":"Cyber security programs for nuclear facilities","type":"book"},{"id":"veneriHandsonIndustrialInternet2018","author":[{"family":"Veneri","given":"Giacomo"},{"family":"Capasso","given":"Antonio"}],"citation-key":"veneriHandsonIndustrialInternet2018","ISBN":"1-78953-830-0","issued":{"date-parts":[["2018"]]},"publisher":"Packt Publishing Ltd","title":"Hands-on industrial Internet of Things: create a powerful industrial IoT infrastructure using industry 4.0","type":"book"},{"id":"arthoFormalTechniquesSafetyCritical2015","author":[{"family":"Artho","given":"Cyrille"},{"family":"Ölveczky","given":"Peter Csaba"}],"citation-key":"arthoFormalTechniquesSafetyCritical2015","issued":{"date-parts":[["2015"]]},"publisher":"Springer","title":"Formal Techniques for Safety-Critical Systems","type":"book"},{"id":"millerExplanationArtificialIntelligence2019","author":[{"family":"Miller","given":"Tim"}],"citation-key":"millerExplanationArtificialIntelligence2019","container-title":"Artificial intelligence","ISBN":"0004-3702","issued":{"date-parts":[["2019"]]},"page":"1-38","publisher":"Elsevier","title":"Explanation in artificial intelligence: Insights from the social sciences","type":"article-journal","volume":"267"},{"id":"leeExplainableAIDomain2021","author":[{"family":"Lee","given":"Minyoung"},{"family":"Jeon","given":"Joohyoung"},{"family":"Lee","given":"Hongchul"}],"citation-key":"leeExplainableAIDomain2021","container-title":"Journal of Intelligent Manufacturing","ISBN":"0956-5515","issued":{"date-parts":[["2021"]]},"page":"1-13","publisher":"Springer","title":"Explainable AI for domain experts: a post Hoc analysis of deep learning for defect classification of TFT–LCD panels","type":"article-journal"},{"id":"garciaHeyMyMalware2017","author":[{"family":"Garcia","given":"Luis"},{"family":"Brasser","given":"Ferdinand"},{"family":"Cintuglu","given":"Mehmet Hazar"},{"family":"Sadeghi","given":"Ahmad-Reza"},{"family":"Mohammed","given":"Osama A."},{"family":"Zonouz","given":"Saman A."}],"citation-key":"garciaHeyMyMalware2017","container-title":"NDSS","issued":{"date-parts":[["2017"]]},"page":"1-15","title":"Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit.","type":"paper-conference"},{"id":"cardoneHistoryLambdacalculusCombinatory2006","author":[{"family":"Cardone","given":"Felice"},{"family":"Hindley","given":"J Roger"}],"citation-key":"cardoneHistoryLambdacalculusCombinatory2006","container-title":"Handbook of the History of Logic","container-title-short":"Handbook of the History of Logic","issued":{"date-parts":[["2006"]]},"page":"723-817","publisher":"Citeseer","title":"History of lambda-calculus and combinatory logic","type":"article-journal","volume":"5"},{"id":"gallierConstructiveLogicsPart1993","abstract":"The purpose of this paper is to give an exposition of material dealing with constructive logics, typed λ-calculi, and linear logic. The emergence in the past ten years of a coherent field of research often named “logic and computation” has had two major (and related) effects: firstly, it has rocked vigorously the world of mathematical logic; secondly, it has created a new computer science discipline, which spans a range of subjects from what is traditionally called the theory of computation, to programming language design. Remarkably, this new body of work relies heavily on some “old” concepts found in mathematical logic, like natural deduction, sequent calculus, and λ-calculus (but often viewed in a different light), and also on some newer concepts. Thus, it may be quite a challenge to become initiated to this new body of work (but the situation is improving, and there are now some excellent texts on this subject matter). This paper attempts to provide a coherent and hopefully “gentle” initiation to this new body of work. We have attempted to cover the basic material on natural deduction, sequent calculus, and typed λ-calculus, but also to provide an introduction to Girard's linear logic, one of the most exciting developments in logic these past six years. The first part of these notes gives an exposition of the background material (with some exceptions, such as “contraction-free” systems for intuitionistic propositional logic and the Girard translation of classical logic into intuitionistic logic, which is new). The second part is devoted to more current topics such as linear logic, proof nets, the geometry of interaction, and unified systems of logic (LU).","accessed":{"date-parts":[["2024",2,21]]},"author":[{"family":"Gallier","given":"Jean"}],"citation-key":"gallierConstructiveLogicsPart1993","container-title":"Theoretical Computer Science","container-title-short":"Theoretical Computer Science","DOI":"10.1016/0304-3975(93)90011-H","ISSN":"0304-3975","issue":"2","issued":{"date-parts":[["1993",3,29]]},"page":"249-339","source":"ScienceDirect","title":"Constructive logics Part I: A tutorial on proof systems and typed λ-calculi","title-short":"Constructive logics Part I","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/030439759390011H","volume":"110"},{"id":"altenkirchWhyDependentTypes2005","abstract":"We exhibit the rationale behind the design of Epigram, a dependently typed programming language and interactive program development system, using reﬁnements of a well known program—merge sort—as a running example. We discuss its relationship with other proposals to introduce aspects of dependent types into functional programming languages and sketch some topics for further work in this area.","author":[{"family":"Altenkirch","given":"Thorsten"},{"family":"McBride","given":"Conor"},{"family":"McKinna","given":"James"}],"citation-key":"altenkirchWhyDependentTypes2005","issued":{"date-parts":[["2005"]]},"language":"en","source":"Zotero","title":"Why Dependent Types Matter","type":"document"},{"id":"kernFormalVerificationHardware1999","abstract":"In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods in a design process: the formal framework used to specify desired properties of a design and the verification techniques and tools used to reason about the relationship between a specification and a corresponding implementation. We survey a variety of frameworks and techniques proposed in the literature and applied to actual designs. The specification frameworks we describe include temporal logics, predicate logic, abstraction and refinement, as well as containment between ω-regular languages. The verification techniques presented include model checking, automata-theoretic techniques, automated theorem proving, and approaches that integrate the above methods. In order to provide insight into the scope and limitations of currently available techniques, we present a selection of case studies where formal methods were applied to industrial-scale designs, such as microprocessors, floating-point hardware, protocols, memory subsystems, and communications hardware.","accessed":{"date-parts":[["2024",2,17]]},"author":[{"family":"Kern","given":"Christoph"},{"family":"Greenstreet","given":"Mark R."}],"citation-key":"kernFormalVerificationHardware1999","container-title":"ACM Transactions on Design Automation of Electronic Systems","container-title-short":"ACM Trans. Des. Autom. Electron. Syst.","DOI":"10.1145/307988.307989","ISSN":"1084-4309","issue":"2","issued":{"date-parts":[["1999",4,1]]},"page":"123–193","source":"ACM Digital Library","title":"Formal verification in hardware design: a survey","title-short":"Formal verification in hardware design","type":"article-journal","URL":"https://dl.acm.org/doi/10.1145/307988.307989","volume":"4"},{"id":"mackenzieMechanizingProofComputing2004","author":[{"family":"MacKenzie","given":"Donald"}],"citation-key":"mackenzieMechanizingProofComputing2004","ISBN":"0-262-63295-0","issued":{"date-parts":[["2004"]]},"publisher":"MIT Press","title":"Mechanizing proof: computing, risk, and trust","type":"book"},{"id":"davisFidelityMathematicalDiscourse1972","accessed":{"date-parts":[["2024",2,17]]},"author":[{"family":"Davis","given":"P. J."}],"citation-key":"davisFidelityMathematicalDiscourse1972","container-title":"The American Mathematical Monthly","DOI":"10.2307/2316620","ISSN":"0002-9890","issue":"3","issued":{"date-parts":[["1972"]]},"page":"252-263","publisher":"Mathematical Association of America","source":"JSTOR","title":"Fidelity in Mathematical Discourse: Is One and One Really Two?","title-short":"Fidelity in Mathematical Discourse","type":"article-journal","URL":"https://www.jstor.org/stable/2316620","volume":"79"},{"id":"pollackHowBelieveMachineChecked1997","author":[{"family":"Pollack","given":"Robert"}],"citation-key":"pollackHowBelieveMachineChecked1997","issued":{"date-parts":[["1997"]]},"title":"How to Believe a Machine-Checked Proof","type":"article-journal"},{"id":"boldoComputerArithmeticFormal2017","author":[{"family":"Boldo","given":"Sylvie"},{"family":"Melquiond","given":"Guillaume"}],"call-number":"QA76.9 .C62 B58 2017","citation-key":"boldoComputerArithmeticFormal2017","issued":{"date-parts":[["2017"]]},"publisher":"ITSE Press, Ltd","title":"Computer Arithmetic and Formal Proofs:  Verifying Floating-point Algorithms with the Coq System","type":"book"},{"id":"demilloSocialProcessesProofs1979","abstract":"It is argued that formal verifications of programs, no matter how obtained, will not play the same key role in the development of computer science and software engineering as proofs do in mathematics. Furthermore the absence of continuity, the inevitability of change, and the complexity of specification of significantly many real programs make the formal verification process difficult to justify and manage. It is felt that ease of formal verification should not dominate program language design.","accessed":{"date-parts":[["2024",2,17]]},"author":[{"family":"De Millo","given":"Richard A."},{"family":"Lipton","given":"Richard J."},{"family":"Perlis","given":"Alan J."}],"citation-key":"demilloSocialProcessesProofs1979","container-title":"Communications of the ACM","container-title-short":"Commun. ACM","DOI":"10.1145/359104.359106","ISSN":"0001-0782","issue":"5","issued":{"date-parts":[["1979",5,1]]},"page":"271–280","source":"ACM Digital Library","title":"Social processes and proofs of theorems and programs","type":"article-journal","URL":"https://dl.acm.org/doi/10.1145/359104.359106","volume":"22"},{"id":"peetModernControlSystems","author":[{"family":"Peet","given":"Matthew"}],"citation-key":"peetModernControlSystems","title":"Modern Control Systems:  Small Gain Theorem","type":"speech","URL":"https://control.asu.edu/Classes/MMAE543/543Lecture15.pdf"},{"id":"didebanControllerSynthesisPetri2009","abstract":"In this paper, we present two different methods for the synthesis of a simplified controller using Petri Nets. The supervisory control theory presented by Ramadge and Wonham is adapted to Petri nets modeling. Uncontrollable transitions in discrete event systems are the cause of forbidden states in supervisory control. This paper concerns the problem of forbidden states in safe Petri Net. We present different methods to reduce the number of constraints that prevent from forbidden states. Using these methods, we can construct a maximally permissive controller. The implementation of these approaches is considered using the SFC model.","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Dideban","given":"Abbas"},{"family":"Alla","given":"Hassane"}],"citation-key":"didebanControllerSynthesisPetri2009","DOI":"10.14236/ewic/VECOS2009.10","event-title":"Third International Workshop on Verification and Evaluation of Computer and Communication Systems (VECoS 2009)","issued":{"date-parts":[["2009",7,1]]},"publisher":"BCS Learning & Development","source":"www.scienceopen.com","title":"Controller Synthesis By Petri Nets Modeling","type":"paper-conference","URL":"https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/VECOS2009.10"},{"id":"giuaPetriNetsAutomatic2018","abstract":"The goal of this paper is to overview the historical development of the ﬁeld of Petri nets (PNs) from a Systems Theory and Automatic Control perspective. It is intentionally not meant to be comprehensive: we limit ourselves to outline, through selected representative topics, some of the conceptual issues studied in the literature. In a ﬁrst part we retrace the emergence of some basic net concepts to provide a broad view of the family of PN formalisms. Then we focus, more speciﬁcally, on the use of Petri nets within Automatic Control. Discrete net models have been considered since the middle of the 70s and starting since the late 80s have also been used for addressing classical problems, such as supervisory and deadlock control, state estimation, diagnosis, and so on. The double beneﬁt is the ability to model a larger class of systems and to provide eﬃcient algorithms for solving certain of those problems. We also discuss new approaches based on continuous and hybrid nets, which have been developed within the Automatic Control community.","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Giua","given":"Alessandro"},{"family":"Silva","given":"Manuel"}],"citation-key":"giuaPetriNetsAutomatic2018","container-title":"Annual Reviews in Control","container-title-short":"Annual Reviews in Control","DOI":"10.1016/j.arcontrol.2018.04.006","ISSN":"13675788","issued":{"date-parts":[["2018"]]},"language":"en","page":"223-239","source":"DOI.org (Crossref)","title":"Petri nets and Automatic Control: A historical perspective","title-short":"Petri nets and Automatic Control","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1367578818300117","volume":"45"},{"id":"giuaPetriNetStructural1994","abstract":"The primary motivation for this research is to show how Petri nets may be efficiently used within the framework of supervisory control. In particular, the paper discusses how integer programming techniques for Petri net models may be used to validate supervisors for the control of discrete event systems. We consider a class of place/transition nets, called elementary composed state machines. The reachability problem for this class can be solved by a modification of classical incidence matrix analysis. In fact it is possible to derive a set of linear inequalities that exactly defines the set of reachable markings. Finally, we show how important properties of discrete event systems, such as the absence of blocking states or controllability, may be analyzed by integer programming techniques.<>","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Giua","given":"A."},{"family":"DiCesare","given":"F."}],"citation-key":"giuaPetriNetStructural1994","container-title":"IEEE Transactions on Robotics and Automation","DOI":"10.1109/70.282543","ISSN":"2374-958X","issue":"2","issued":{"date-parts":[["1994",4]]},"page":"185-195","source":"IEEE Xplore","title":"Petri net structural analysis for supervisory control","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/282543?casa_token=mzh0ebl2u50AAAAA:e0mDsVZJxEI2G7I8y5eafMtGOpvXPFp6AkObg96NMVS4NOMN4HyuBombfMXntRYtqHIz7b_SeQ","volume":"10"},{"id":"baloghModellingUseAdaptive2023","abstract":"The issue of modeling holds significant importance for the applicability of control theory, particularly at higher control levels where the verbal description of control objects becomes increasingly crucial. However, a notable disadvantage of such verbal descriptions is the inherent ambiguity and vagueness of the obtained results. This article aims to address this challenge by proposing an approach that utilizes Petri nets (PN) to model and control a specific component within an intelligent home. Additionally, the Simulink modeling tool and Petri net analysis tools are introduced as aids in the modeling process. The article focuses on creating a model that accurately represents the temperature regulation system in the home, considering the constant rise in energy consumption and costs. Furthermore, the transfer of the model to the Simulink environment using IF THEN rules is demonstrated, allowing for an evaluation of its performance. Through the comprehensive application of this approach, the aim is to optimize energy usage and reduce costs within household environments.","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Balogh","given":"Zoltán"},{"family":"Fodor","given":"Kristián"},{"family":"Francisti","given":"Jan"},{"family":"Drozda","given":"Martin"},{"family":"Čavojský","given":"Maroš"}],"citation-key":"baloghModellingUseAdaptive2023","collection-title":"27th International Conference on Knowledge Based and Intelligent Information and Engineering Sytems (KES 2023)","container-title":"Procedia Computer Science","container-title-short":"Procedia Computer Science","DOI":"10.1016/j.procs.2023.10.132","ISSN":"1877-0509","issued":{"date-parts":[["2023",1,1]]},"page":"1438-1447","source":"ScienceDirect","title":"Modelling and Use of Adaptive Control Using Petri Nets","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S1877050923012905","volume":"225"},{"id":"murataStateEquationControllability1977","abstract":"Petri nets are a versatile modeling device for studying the structure and control of concurrent systems. Petri nets and related graph models have been used for modeling a wide variety of systems from computers to social systems. In order to introduce this interesting modeling device to the researcher in control theory, this paper discusses Petri nets in the context of the state equation for a linear discrete-time system. The controllability concept of dynamic systems is applied to Petri nets for the first time. It is also shown that the controllability and reachability of a Petri net are related to maximal matchings of its bipartite graph.","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Murata","given":"T."}],"citation-key":"murataStateEquationControllability1977","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/TAC.1977.1101509","ISSN":"1558-2523","issue":"3","issued":{"date-parts":[["1977",6]]},"page":"412-416","source":"IEEE Xplore","title":"State equation, controllability, and maximal matchings of petri nets","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/1101509?casa_token=6Kx_Rj-ypzoAAAAA:FZk0V_DlefIBBBex-k6BgT11teKCHnusMDOVUOQCcYM_ABsm9Zn7DyDnzTwyo9X_TN-5QFJwAg","volume":"22"},{"id":"fabianPetriNetsControl1994","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Fabian","given":"M."},{"family":"Lennartson","given":"B."}],"citation-key":"fabianPetriNetsControl1994","container-title":"IFAC Proceedings Volumes","container-title-short":"IFAC Proceedings Volumes","DOI":"10.1016/S1474-6670(17)46051-4","ISSN":"14746670","issue":"4","issued":{"date-parts":[["1994",6]]},"language":"en","page":"365-370","source":"DOI.org (Crossref)","title":"Petri Nets and Control Synthesis: An Object-Oriented Approach","title-short":"Petri Nets and Control Synthesis","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1474667017460514","volume":"27"},{"id":"fabianPetriNetsControl1994a","abstract":"When implementing control of discrete event systems, the efficiency and reliability would be greatly improved if the control algorithms could be automatically synthesised. Using reussble software models as models of the physical resources, and part-routing es specifications on the system-behavior, we will show how such automatic generation of coatrol algorithms can be achieved. Our approach IS based on the Supervisory Control Theory (SCT) developed by Ramadge and Wonham. The machining resources are modeled by Petri Nets. The pat-routes are also given ad petri Nets describing the order in which each part should, or can (alternative routes are allowed)visit the respective resources, together with which operation the resource is to perform on the individual part The parts’ desired routes are individually specified irrespective of parts of other types, even though they may compete for mutual resources. The part specifications, seen now as users of the resources, are composed into a joint global specification which is further composed with the resources. Elementary Petri Net manipulations give a net describing the total system with but a fraction of the states that would result from composition of the corresponding state-automatons. The reachability-graph of this Petri Net is then calculated and used as the finite state-machine input to an SCT algorithm. At this point further specifications, in the from of desired or forbidden stetes can be introduced, whereafter the supervisor is generated. In the global specification, and hence within the supervisor, the same event can lead to any of a subset of different states. This non-determinism is resolved by inspection of the system-state before and after the event. In this paper we will describe a flexible manufcturing system with a number of different products and generate its control-laws as outlined above.","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Fabian","given":"M."},{"family":"Lennartson","given":"B."}],"citation-key":"fabianPetriNetsControl1994a","collection-title":"IFAC Workshop on Intelligent Manufacturing Systems 1994 (IMS'94), Vienna, Austria, 13-15 June","container-title":"IFAC Proceedings Volumes","container-title-short":"IFAC Proceedings Volumes","DOI":"10.1016/S1474-6670(17)46051-4","ISSN":"1474-6670","issue":"4","issued":{"date-parts":[["1994",6,1]]},"page":"365-370","source":"ScienceDirect","title":"Petri Nets and Control Synthesis: An Object-Oriented Approach","title-short":"Petri Nets and Control Synthesis","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S1474667017460514","volume":"27"},{"id":"barkaouiSupervisoryControlDiscrete1997","abstract":"The present work is related to the use of Petri nets structural techniques in the supervisory control of discrete event systems. A relevant property of the system behaviour under supervision is to be non-blocking, i.e. from any state reachable from initial state, it is always possible to reach a desirable (or marked) state. Recent works had shown that the synthesis of proper supervisors based on Petri net modelling of DES is an interesting approach. In this paper, we present a proper supervisor synthesis method based on a purely structural reasoning. This parametrized method is especially well-suited for a large class of discrete event systems, called G-Task, for modelling concurrent automated manufacturing systems with flexibility on routings and on synchronization patterns with shared resources. Also, it can be exploited for enforcing constraints on the reachability set of any bounded uncontrolled net.","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Barkaoui","given":"K."},{"family":"Chaoui","given":"A."},{"family":"Zouari","given":"B."}],"citation-key":"barkaouiSupervisoryControlDiscrete1997","container-title":"Computational Cybernetics and Simulation 1997 IEEE International Conference on Systems, Man, and Cybernetics","DOI":"10.1109/ICSMC.1997.633253","event-title":"Computational Cybernetics and Simulation 1997 IEEE International Conference on Systems, Man, and Cybernetics","ISSN":"1062-922X","issued":{"date-parts":[["1997",10]]},"page":"3750-3755 vol.4","source":"IEEE Xplore","title":"Supervisory control of discrete event systems based on structure theory of Petri nets","type":"paper-conference","URL":"https://ieeexplore.ieee.org/abstract/document/633253","volume":"4"},{"id":"giuaSystemsTheoryView","abstract":"Petri nets are a family of powerful discrete event models whose interest has grown, within the automatic control community, in parallel with the development of the theory of discrete event systems. In this tutorial paper our goal is that of giving a ﬂavor, by means of simple examples, of the features that make Petri nets a good model for systems theory and of pointing out at a few open areas for research. We focus on Place/Transitions nets, the simplest Petri net model. In particular we compare Petri nets with automata, and show that the former model has several advantages over the latter, not only because it is more general but also because it offers a better structure that has been used for developing computationally efﬁcient algorithms for analysis and synthesis.","author":[{"family":"Giua","given":"Alessandro"},{"family":"Seatzu","given":"Carla"}],"citation-key":"giuaSystemsTheoryView","language":"en","source":"Zotero","title":"A Systems Theory View of Petri Nets","type":"article-journal"},{"id":"jyotishPerformanceMeasurementSafetycritical2023","abstract":"This article proposes a novel approach to measure the performance of Safety-Critical Systems (SCS). Such systems contain multiple processing nodes that communicate with each other is modeled by a Petri nets (PN). The paper uses the PN for the performance evaluation of SCS. A set of ordinary differential equations (ODEs) is derived from the Petri net model that represent the state of the system, and the solutions can be used to measure the system's performance. The proposed method can avoid the state space explosion problem and also introduces new metrics of performance, along with their measurement: deadlock, liveness, stability, boundedness, and steady state. The proposed technique is applied to Shutdown System (SDS) of Nuclear Power Plant (NPP). We obtained 99.887% accuracy of performance measurement, which proves the effectiveness of our approach.","accessed":{"date-parts":[["2024",2,15]]},"author":[{"family":"Jyotish","given":"Nand Kumar"},{"family":"Singh","given":"Lalit Kumar"},{"family":"Kumar","given":"Chiranjeev"}],"citation-key":"jyotishPerformanceMeasurementSafetycritical2023","container-title":"Nuclear Engineering and Technology","container-title-short":"Nuclear Engineering and Technology","DOI":"10.1016/j.net.2022.11.015","ISSN":"17385733","issue":"3","issued":{"date-parts":[["2023",3]]},"language":"en","page":"861-869","source":"DOI.org (Crossref)","title":"Performance measurement of safety-critical systems based on ordinary differential equations and Petri nets: A case study of nuclear power plant","title-short":"Performance measurement of safety-critical systems based on ordinary differential equations and Petri nets","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S1738573322005411","volume":"55"},{"id":"SafeReinforcementLearning","abstract":"$pageDescription","accessed":{"date-parts":[["2024",2,13]]},"citation-key":"SafeReinforcementLearning","language":"en","title":"Safe reinforcement learning integrating physic laws, control theories, and formal methods","type":"webpage","URL":"https://carnegiebosch.cmu.edu/research/2021-projects/safe-reinforcement-learning-integration.html"},{"id":"FormalMethodsb","accessed":{"date-parts":[["2024",2,13]]},"citation-key":"FormalMethodsb","title":"Formal Methods","type":"webpage","URL":"https://users.ece.cmu.edu/~koopman/des_s99/formal_methods/"},{"id":"beltaFormalMethodsDiscreteTime2017a","accessed":{"date-parts":[["2024",2,13]]},"author":[{"family":"Belta","given":"Calin"},{"family":"Yordanov","given":"Boyan"},{"family":"Aydin Gol","given":"Ebru"}],"citation-key":"beltaFormalMethodsDiscreteTime2017a","collection-title":"Studies in Systems, Decision and Control","DOI":"10.1007/978-3-319-50763-7","event-place":"Cham","ISBN":"978-3-319-50762-0 978-3-319-50763-7","issued":{"date-parts":[["2017"]]},"language":"en","publisher":"Springer International Publishing","publisher-place":"Cham","source":"DOI.org (Crossref)","title":"Formal Methods for Discrete-Time Dynamical Systems","type":"book","URL":"http://link.springer.com/10.1007/978-3-319-50763-7","volume":"89"},{"id":"AWS","citation-key":"AWS","issued":{"literal":"date accessed 03/24/2022"},"title":"AWS IoT Twin Maker","type":"webpage","URL":"https://aws.amazon.com/iot-twinmaker/"},{"id":"InteractionRoundoffNoise","accessed":{"date-parts":[["2024",2,8]]},"citation-key":"InteractionRoundoffNoise","title":"On the Interaction of Roundoff Noise and Dynamic Range in Digital Filters* - Jackson - 1970 - Bell System Technical Journal - Wiley Online Library","type":"webpage","URL":"https://onlinelibrary-wiley-com.pitt.idm.oclc.org/doi/abs/10.1002/j.1538-7305.1970.tb01763.x"},{"id":"oppenheimRealizationDigitalFilters1970","abstract":"Recently, statistical models for the effects of roundoff noise in fixed-point and floating-point realizations of digital filters have been proposed and verified, and a comparison between these realizations presented. In this paper a structure for implementing digital filters using block-floating-point arithmetic is proposed and a statistical analysis of the effects of roundoff noise is carried out. On the basis of this analysis, block-floating-point is compared to fixed-point and floating-point arithmetic with regard to roundoff noise effects.","accessed":{"date-parts":[["2024",2,8]]},"author":[{"family":"Oppenheim","given":"A."}],"citation-key":"oppenheimRealizationDigitalFilters1970","container-title":"IEEE Transactions on Audio and Electroacoustics","DOI":"10.1109/TAU.1970.1162085","ISSN":"1558-2582","issue":"2","issued":{"date-parts":[["1970",6]]},"page":"130-136","source":"IEEE Xplore","title":"Realization of digital filters using block-floating-point arithmetic","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/1162085?casa_token=Ah4FKuW8dWsAAAAA:sY06mnCtOtw44rCWhPiuSFDyipuJoHikB-SMO_-NAvYxEbwQtggd2pWmez3Xl6ztTcfeKRWdhA","volume":"18"},{"id":"weinsteinQUANTIZATIONEFFECTSDIGITAL1969","abstract":"When a digital filter is implemented on a computer or with special-purpose hardware, errors and constraints due to finite word length are unavoidable. These quantization effects must be considered, both in deciding what register length is needed for a given filter implementation and in choosing between several possible implementations of the same filter design, which will be affected differently by quantization.","accessed":{"date-parts":[["2024",2,8]]},"author":[{"family":"Weinstein","given":"Clifford J."}],"citation-key":"weinsteinQUANTIZATIONEFFECTSDIGITAL1969","DOI":"10.21236/AD0706862","event-place":"Fort Belvoir, VA","issued":{"date-parts":[["1969",11,21]]},"language":"en","publisher":"Defense Technical Information Center","publisher-place":"Fort Belvoir, VA","source":"DOI.org (Crossref)","title":"QUANTIZATION EFFECTS IN DIGITAL FILTERS:","title-short":"QUANTIZATION EFFECTS IN DIGITAL FILTERS","type":"report","URL":"http://www.dtic.mil/docs/citations/AD0706862"},{"id":"soderstrandMultipliersResiduenumberarithmeticDigital1977","abstract":"A recently proposed residue-number-arithmetic digital filter offers major cost and speed advantages over binary-arithmetic digital filters, but suffers one major drawback. The filter coefficients must be constant, since the lack of a fast method of multiplication by a fraction in residue arithmetic requires the coefficients to be realised by a fixed table look-up read-only memory. Two multipliers are proposed which realise a completely general fractional multiply and are suitable for digital-filtering applications.","accessed":{"date-parts":[["2024",2,8]]},"author":[{"family":"Soderstrand","given":"M. A."},{"family":"Fields","given":"E. L."}],"citation-key":"soderstrandMultipliersResiduenumberarithmeticDigital1977","container-title":"Electronics Letters","DOI":"10.1049/el:19770117","ISSN":"1350-911X","issue":"6","issued":{"date-parts":[["1977",3,17]]},"language":"en","page":"164-166","publisher":"IET Digital Library","source":"digital-library.theiet.org","title":"Multipliers for residue-number-arithmetic digital filters","type":"article-journal","URL":"https://digital-library.theiet.org/content/journals/10.1049/el_19770117","volume":"13"},{"id":"jenkinsUseResidueNumber1977","abstract":"A technique is presented for implementing a finite impulse response (FIR) digital filter in a residue number system (RNS). For many years residue number coding has been recognized as a system which provides a capability for the implementation of high speed multiplication and addition. The advantages of residue coding for the design of high speed FIR filters result from the fact that an FIR requires only the high speed residue operations, i.e., addition and multiplication, while not requiring the slower RNS operations of division or sign detection. A new hardware implementation of the Chinese Remainder Theorem is proposed for an efficient translation of residue coded outputs into natural numbers. A numerical example illustrates the principles of residue encoding, residue arithmetic, and residue decoding for FIR filters. An RNS implementation of a 64th-order dual bandpass filter is compared with several alternative filter structures to illustrate tradeoffs between speed and hardware complexity.","accessed":{"date-parts":[["2024",2,8]]},"author":[{"family":"Jenkins","given":"W."},{"family":"Leon","given":"B."}],"citation-key":"jenkinsUseResidueNumber1977","container-title":"IEEE Transactions on Circuits and Systems","DOI":"10.1109/TCS.1977.1084321","ISSN":"1558-1276","issue":"4","issued":{"date-parts":[["1977",4]]},"page":"191-201","source":"IEEE Xplore","title":"The use of residue number systems in the design of finite impulse response digital filters","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/1084321?casa_token=XdjpccSTFRAAAAAA:9ru-8Uhyn9WqOU4VH0OlAEYlffdomoTZs2ktv-lTXPPeMi8w3_JXeS8dd5pZwLxapTQdLb0Q9A","volume":"24"},{"id":"soderstrandHighspeedLowcostRecursive1977","abstract":"Use of table look-up multiplication by fractional coefficients allows implementation of high-speed, low-cost recursive digital filters using residue number arithmetic. An 8-bit equivalent filter based on the lossless discrete integrator (LDI) technique described by Bruton can be easily implemented using inexpensive commercially available PROM's for the table look-up. Computer Simulations of first- and second-order LDI-RNS filters indicate substantial cost savings and speed advantages. Experiments on a first-order section verify the basic operation, speed calculations, and cost analysis. Furthermore, extensions to more bits and higher order filters are possible.","accessed":{"date-parts":[["2024",2,8]]},"author":[{"family":"Soderstrand","given":"M.A."}],"citation-key":"soderstrandHighspeedLowcostRecursive1977","container-title":"Proceedings of the IEEE","DOI":"10.1109/PROC.1977.10616","ISSN":"1558-2256","issue":"7","issued":{"date-parts":[["1977",7]]},"page":"1065-1067","source":"IEEE Xplore","title":"A high-speed low-cost recursive digital filter using residue number arithmetic","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/1454885?casa_token=0nHHqOecy5oAAAAA:9oASTHv6Hh9oRe4Biqf7Yv3_QzHSY2Mn8h98SpRmAq9iWceMPcKtzQWq7ausax3IXfGs0BaQKg","volume":"65"},{"id":"oppenheimEffectsFiniteRegister1972","abstract":"When digital signal processing operations are implemented on a computer or with special-purpose hardware, errors and constraints due to finite word length are unavoidable. The main categories of finite register length effects are errors due to A/D conversion, errors due to roundoffs in the arithmetic, constraints on signal levels imposed by the need to prevent overflow, and quantization of system coefficients. The effects of finite register length on implementations of linear recursive difference equation digital filters, and the fast Fourier transform (FFT), are discussed in some detail. For these algorithms, the differing quantization effects of fixed point, floating point, and block floating point arithmetic are examined and compared. The paper is intended primarily as a tutorial review of a subject which has received considerable attention over the past few years. The groundwork is set through a discussion of the relationship between the binary representation of numbers and truncation or rounding, and a formulation of a statistical model for arithmetic roundoff. The analyses presented here are intended to illustrate techniques of working with particular models. Results of previous work are discussed and summarized when appropriate. Some examples are presented to indicate how the results developed for simple digital filters and the FFT can be applied to the analysis of more complicated systems which use these algorithms as building blocks.","accessed":{"date-parts":[["2024",2,8]]},"author":[{"family":"Oppenheim","given":"A.V."},{"family":"Weinstein","given":"C.J."}],"citation-key":"oppenheimEffectsFiniteRegister1972","container-title":"Proceedings of the IEEE","DOI":"10.1109/PROC.1972.8820","ISSN":"1558-2256","issue":"8","issued":{"date-parts":[["1972",8]]},"page":"957-976","source":"IEEE Xplore","title":"Effects of finite register length in digital filtering and the fast Fourier transform","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/1450750?casa_token=kAczMhD2oroAAAAA:GjI24f6aTAdM8lKXQE0tQ6p-6g7wJ4divWdNyJY1VX9m6NnZcPmnlaWOLfl0grGcvpHxcFV7JQ","volume":"60"},{"id":"murakamiRecursiveRealizationFinite1977","abstract":"Recursive filter design techniques are described and developed for finite impulse filters using finite field arithmetic. The finite fields considered have the formGF(q^2), the Galois field ofq^2elements, and are analogous to the field of complex numbers whenqis a prime such that(-1)is not a quadratic residue. These filters can be designed to yield either a desired finite impulse or finite frequency response function. This filtering technique has other possible applications, including the encoding or decoding of information and signal design. Infinite signal trains can be decomposed naturally into orthogonal sequences which may be useful in the encoding and decoding process and may provide another approach to convolutional coding. Since the recursive filters developed here do not have the accumulation of round-off or truncation error that one might expect in recursive computations, such filters are noise-free transducers in the sense of Shannon.","accessed":{"date-parts":[["2024",2,8]]},"author":[{"family":"Murakami","given":"H."},{"family":"Reed","given":"I."}],"citation-key":"murakamiRecursiveRealizationFinite1977","container-title":"IEEE Transactions on Information Theory","DOI":"10.1109/TIT.1977.1055697","ISSN":"1557-9654","issue":"2","issued":{"date-parts":[["1977",3]]},"page":"232-242","source":"IEEE Xplore","title":"Recursive realization of finite impulse filters using finite field arithmetic","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/1055697?casa_token=WxaCaYsb6t0AAAAA:sIXU77P4LJE4QYM_kf0nh2-nMmhNE1hRY63bzbXShn4DLd3XMuXZDv3t-wUU7VU3bV9rrEsVAQ","volume":"23"},{"id":"adamsTypeTheoryProbabilistic2015","abstract":"This paper introduces a novel type theory and logic for probabilistic reasoning. Its logic is quantitative, with fuzzy predicates. It includes normalisation and conditioning of states. This conditioning uses a key aspect that distinguishes our probabilistic type theory from quantum type theory, namely the bijective correspondence between predicates and side-effect free actions (called instrument, or assert, maps). The paper shows how suitable computation rules can be derived from this predicate-action correspondence, and uses these rules for calculating conditional probabilities in two well-known examples of Bayesian reasoning in (graphical) models. Our type theory may thus form the basis for a mechanisation of Bayesian inference.","accessed":{"date-parts":[["2024",2,6]]},"author":[{"family":"Adams","given":"Robin"},{"family":"Jacobs","given":"Bart"}],"citation-key":"adamsTypeTheoryProbabilistic2015","DOI":"10.48550/arXiv.1511.09230","issued":{"date-parts":[["2015",11,30]]},"number":"arXiv:1511.09230","source":"arXiv.org","title":"A Type Theory for Probabilistic and Bayesian Reasoning","type":"article","URL":"http://arxiv.org/abs/1511.09230"},{"id":"nguyenPrivacyfirstManufacturingData2023","abstract":"Reducing their operating costs and optimizing manufacturing processes are main challenges for manufacturers that need no-doubt help from machine suppliers-OEMs. However, like 64% of Business entities, they do not intend to collaborate as long as their confidential data can be seen by anyone. Until now, some solutions on market using technologies like Confidential Computing, Differential Privacy, Multi Party Computation cannot completely fit to industrial requirements, data are sometimes partially encrypted or using trust execution environment (a bunker) to analyse in clear format. For this reason, until now, no secure computation and no solution for privacy-preserving data analysis are yet completely satisfactory (in terms of privacy and security constraints) and moreover they are often tested for different applications and on different datasets. Fully Homomorphic Encryption (FHE) technology is going to change the game. FHE allows service providers to work directly on encrypted data without ever decrypting it, which offers a privacy data protection for both customers and OEMs. In the collaboration with Siemens France, we provide FHE-based manufacturing data exchange space which is a part of RaiseSens© Data eXchange Platform (RS-DXP). In this respect, API-driven RS-DXP architecture allows the practical and easy integration of FHE techniques combined with optimisation engine, and non-moving data techniques applied in lightweight yet real-world manufacturing applications and deploying them in Cloud computing environment to offer a solution at low software engineering cost. This will pave the way for a wide deployment, boosting data-enabled manufacturing services.","accessed":{"date-parts":[["2024",2,1]]},"author":[{"family":"Nguyen","given":"Thanh-Hai"},{"family":"Heron","given":"Olivier"},{"family":"Riou","given":"Olivier"}],"citation-key":"nguyenPrivacyfirstManufacturingData2023","collection-title":"SOICT '23","container-title":"Proceedings of the 12th International Symposium on Information and Communication Technology","DOI":"10.1145/3628797.3628913","event-place":"New York, NY, USA","ISBN":"9798400708916","issued":{"date-parts":[["2023",12,7]]},"page":"801–807","publisher":"Association for Computing Machinery","publisher-place":"New York, NY, USA","source":"ACM Digital Library","title":"Towards Privacy-first Manufacturing Data Exchange Platform","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3628797.3628913"},{"id":"StructureInterpretationComputer1997","accessed":{"date-parts":[["2024",2,1]]},"citation-key":"StructureInterpretationComputer1997","container-title":"Computers & Mathematics with Applications","container-title-short":"Computers & Mathematics with Applications","DOI":"10.1016/S0898-1221(97)90051-1","ISSN":"08981221","issue":"4","issued":{"date-parts":[["1997",2]]},"language":"en","page":"133","source":"DOI.org (Crossref)","title":"Structure and interpretation of computer programs, (second edition)","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0898122197900511","volume":"33"},{"id":"abelsonStructureInterpretationComputer2022","abstract":"\"This classic text teaches fundamental principles of computer programming, including recursion, abstraction, modularity, and programming language design and implementation. The approach focuses on discovering general patterns for solving specific problems, and building software systems that make use of those patterns. This version uses JavaScript as the language of instruction\"--","author":[{"family":"Abelson","given":"Harold"},{"family":"Sussman","given":"Gerald Jay"},{"family":"Sussman","given":"Julie"},{"family":"Henz","given":"Martin"},{"family":"Wrigstad","given":"Tobias"}],"call-number":"QA76.6 .A255 2022","citation-key":"abelsonStructureInterpretationComputer2022","collection-title":"MIT electrical engineering and computer science series","edition":"JavaScript edition","event-place":"Cambridge, Massachusetts","ISBN":"978-0-262-54323-1","issued":{"date-parts":[["2022"]]},"language":"en","number-of-pages":"608","publisher":"The MIT Press","publisher-place":"Cambridge, Massachusetts","source":"Library of Congress ISBN","title":"Structure and interpretation of computer programs","type":"book"},{"id":"chlipalaCertifiedProgrammingDependent2022","abstract":"A handbook to the Coq software for writing and checking mathematical proofs, with a practical engineering focus.The technology of mechanized program verification can play a supporting role in many kinds of research projects in computer science, and related tools for formal proof-checking are seeing increasing adoption in mathematics and engineering. This book provides an introduction to the Coq software for writing and checking mathematical proofs. It takes a practical engineering focus throughout, emphasizing techniques that will help users to build, understand, and maintain large Coq developments and minimize the cost of code change over time.Two topics, rarely discussed elsewhere, are covered in detail: effective dependently typed programming (making productive use of a feature at the heart of the Coq system) and construction of domain-specific proof tactics. Almost every subject covered is also relevant to interactive computer theorem proving in general, not just program verification, demonstrated through examples of verified programs applied in many different sorts of formalizations. The book develops a unique automated proof style and applies it throughout; even experienced Coq users may benefit from reading about basic Coq concepts from this novel perspective. The book also offers a library of tactics, or programs that find proofs, designed for use with examples in the book. Readers will acquire the necessary skills to reimplement these tactics in other settings by the end of the book. All of the code appearing in the book is freely available online.","author":[{"family":"Chlipala","given":"Adam"}],"citation-key":"chlipalaCertifiedProgrammingDependent2022","ISBN":"978-0-262-54574-7","issued":{"date-parts":[["2022",6,7]]},"language":"en","number-of-pages":"437","publisher":"MIT Press","source":"Google Books","title":"Certified Programming with Dependent Types: A Pragmatic Introduction to the Coq Proof Assistant","title-short":"Certified Programming with Dependent Types","type":"book"},{"id":"mendelsonIntroductionMathematicalLogic","author":[{"family":"Mendelson","given":"Elliott"}],"citation-key":"mendelsonIntroductionMathematicalLogic","language":"en","source":"Zotero","title":"Introduction to Mathematical Logic, Sixth Edition","type":"article-journal"},{"id":"shumanABETProfessionalSkills2005","abstract":"In developing its new engineering accreditation criteria, ABET reaffirmed a set of “hard” engineering skills while introducing a second, equally important, set of six “professional” skills. These latter skills include communication, teamwork, and understanding ethics and professionalism, which we label process skills, and engineering within a global and societal context, lifelong learning, and a knowledge of contemporary issues, which we designate as awareness skills. We review these skills with an emphasis on how they can be taught, or more correctly learned, citing a number of examples of successful and/or promising implementations. We then examine the difficult issue of assessing these skills. We are very positive about a number of creative ways that these skills are being learned, particularly at institutions that are turning to global and/or service learning in combination with engineering design projects to teach and reinforce outcome combinations. We are also encouraged by work directed at assessing these skills, but recognize that there is considerable research that remains to be done.","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Shuman","given":"Larry J."},{"family":"Besterfield-Sacre","given":"Mary"},{"family":"McGourty","given":"Jack"}],"citation-key":"shumanABETProfessionalSkills2005","container-title":"Journal of Engineering Education","DOI":"10.1002/j.2168-9830.2005.tb00828.x","ISSN":"2168-9830","issue":"1","issued":{"date-parts":[["2005"]]},"language":"en","page":"41-55","source":"Wiley Online Library","title":"The ABET “Professional Skills” — Can They Be Taught? Can They Be Assessed?","title-short":"The ABET “Professional Skills” — Can They Be Taught?","type":"article-journal","URL":"https://onlinelibrary.wiley.com/doi/abs/10.1002/j.2168-9830.2005.tb00828.x","volume":"94"},{"id":"MethodQuantifyingProgram","accessed":{"date-parts":[["2024",1,30]]},"citation-key":"MethodQuantifyingProgram","title":"A Method of Quantifying Program and Course Performances against ABET Criteria - Knovel","type":"webpage","URL":"https://app-knovel-com.pitt.idm.oclc.org/web/view/khtml/show.v/rcid:kpANTECPS4/cid:kt003RZTC2/viewerType:khtml//root_slug:antec-2005-plastics-annual/url_slug:method-quantifying-program?b-q=designing%20and%20teaching%20courses%20to%20satisfy%20the%20abet%20engineering%20criteria&include_synonyms=no&s_page_no=0&sort_on=default&view=collapsed&zoom=1&page=1&q=designing%20and%20teaching%20courses%20to%20satisfy%20the%20abet%20engineering%20criteria"},{"id":"besterfield-sacreDefiningOutcomesFramework2000","abstract":"The \"new\" Accreditation Board for Engineering and Technology criteria, EC-2000, has caused engineering educators to focus on 11 intentionally undefined outcomes as a necessary step in the accreditation process. As part of a large study sponsored by the National Science Foundation, a framework, based on Bloom's taxonomy, has been developed for better specifying these outcomes. Using this framework, each outcome has been expanded into a set of attributes that can then be used by engineering faculty in adapting the outcomes to their own program. Also discussed are two ways in which this characterization of outcomes can be used as part of an assessment and feedback process. These outcome definitions are considered to be in a dynamic state; i.e., they will continue to be modified and updated as more is learned about their specificity and use.","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Besterfield-Sacre","given":"M."},{"family":"Shuman","given":"L.J."},{"family":"Wolfe","given":"H."},{"family":"Atman","given":"C.J."},{"family":"McGourty","given":"J."},{"family":"Miller","given":"R.L."},{"family":"Olds","given":"B.M."},{"family":"Rogers","given":"G.M."}],"citation-key":"besterfield-sacreDefiningOutcomesFramework2000","container-title":"IEEE Transactions on Education","DOI":"10.1109/13.848060","ISSN":"1557-9638","issue":"2","issued":{"date-parts":[["2000",5]]},"page":"100-110","source":"IEEE Xplore","title":"Defining the outcomes: a framework for EC-2000","title-short":"Defining the outcomes","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/848060?casa_token=Jpsiv1cWF_wAAAAA:3RukMC2EM9ZIIUhvq6gPSxj8Pp5mDlbUh-pZRVxsEjWgqeain-pbOt7RRo86x2io8DK-yflg8g","volume":"43"},{"id":"sahaNeuralIdentificationControl2021","abstract":"We present a new method for learning control law that stabilizes an unknown nonlinear dynamical system at an equilibrium point. We formulate a system identification task in a self-supervised learning setting that jointly learns a controller and corresponding stable closed-loop dynamics hypothesis. The input-output behavior of the unknown dynamical system under random control inputs is used as the supervising signal to train the neural network-based system model and the controller. The proposed method relies on the Lyapunov stability theory to generate a stable closed-loop dynamics hypothesis and corresponding control law. We demonstrate our method on various nonlinear control problems such as n-link pendulum balancing and trajectory tracking, pendulum on cart balancing, and wheeled vehicle path following.","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Saha","given":"Priyabrata"},{"family":"Egerstedt","given":"Magnus"},{"family":"Mukhopadhyay","given":"Saibal"}],"citation-key":"sahaNeuralIdentificationControl2021","container-title":"IEEE Robotics and Automation Letters","container-title-short":"IEEE Robot. Autom. Lett.","DOI":"10.1109/LRA.2021.3068099","ISSN":"2377-3766, 2377-3774","issue":"3","issued":{"date-parts":[["2021",7]]},"page":"4648-4655","source":"arXiv.org","title":"Neural Identification for Control","type":"article-journal","URL":"http://arxiv.org/abs/2009.11782","volume":"6"},{"id":"mengODERUDynamicalSystem2022","abstract":"<abstract><p>The core of the demonstration of this paper is to interpret the forward propagation process of machine learning as a parameter estimation problem of nonlinear dynamical systems. This process is to establish a connection between the Recurrent Neural Network and the discrete differential equation, so as to construct a new network structure: ODE-RU. At the same time, under the inspiration of the theory of ordinary differential equations, we propose a new forward propagation mode. In a large number of simulations and experiments, the forward propagation not only shows the trainability of the new architecture, but also achieves a low training error on the basis of main-taining the stability of the network. For the problem requiring long-term memory, we specifically study the obstacle shape reconstruction problem using the backscattering far-field features data set, and demonstrate the effectiveness of the proposed architecture using the data set. The results show that the network can effectively reduce the sensitivity to small changes in the input feature. And the error generated by the ordinary differential equation cyclic unit network in inverting the shape and position of obstacles is less than $ 10^{-2} $.</p></abstract>","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Meng","given":"Pinchao"},{"family":"Wang","given":"Xinyu"},{"family":"Yin","given":"Weishi"}],"citation-key":"mengODERUDynamicalSystem2022","container-title":"Electronic Research Archive","container-title-short":"era","DOI":"10.3934/era.2022014","ISSN":"2688-1594","issue":"1","issued":{"date-parts":[["2022"]]},"page":"257-271","source":"DOI.org (Crossref)","title":"ODE-RU: a dynamical system view on recurrent neural networks","title-short":"ODE-RU","type":"article-journal","URL":"http://www.aimspress.com/article/doi/10.3934/era.2022014","volume":"30"},{"id":"stiasnyPhysicsInformedNeuralNetworks2023","abstract":"The simulation of power system dynamics poses a computationally expensive task. Considering the growing uncertainty of generation and demand patterns, thousands of scenarios need to be continuously assessed to ensure the safety of power systems. Physics-Informed Neural Networks (PINNs) have recently emerged as a promising solution for drastically accelerating computations of non-linear dynamical systems. This work investigates the applicability of these methods for power system dynamics, focusing on the dynamic response to load disturbances. Comparing the prediction of PINNs to the solution of conventional solvers, we find that PINNs can be 10 to 1000 times faster than conventional solvers. At the same time, we find them to be sufficiently accurate and numerically stable even for large time steps. To facilitate a deeper understanding, this paper also present a new regularisation of Neural Network (NN) training by introducing a gradient-based term in the loss function. The resulting NNs, which we call dtNNs, help us deliver a comprehensive analysis about the strengths and weaknesses of the NN based approaches, how incorporating knowledge of the underlying physics affects NN performance, and how this compares with conventional solvers for power system dynamics.","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Stiasny","given":"Jochen"},{"family":"Chatzivasileiadis","given":"Spyros"}],"citation-key":"stiasnyPhysicsInformedNeuralNetworks2023","container-title":"Electric Power Systems Research","container-title-short":"Electric Power Systems Research","DOI":"10.1016/j.epsr.2023.109748","ISSN":"03787796","issued":{"date-parts":[["2023",11]]},"page":"109748","source":"arXiv.org","title":"Physics-Informed Neural Networks for Time-Domain Simulations: Accuracy, Computational Cost, and Flexibility","title-short":"Physics-Informed Neural Networks for Time-Domain Simulations","type":"article-journal","URL":"http://arxiv.org/abs/2303.08994","volume":"224"},{"id":"cuomoScientificMachineLearning2022","abstract":"Physics-Informed Neural Networks (PINN) are neural networks (NNs) that encode model equations, like Partial Differential Equations (PDE), as a component of the neural network itself. PINNs are nowadays used to solve PDEs, fractional equations, integral-differential equations, and stochastic PDEs. This novel methodology has arisen as a multi-task learning framework in which a NN must fit observed data while reducing a PDE residual. This article provides a comprehensive review of the literature on PINNs: while the primary goal of the study was to characterize these networks and their related advantages and disadvantages. The review also attempts to incorporate publications on a broader range of collocation-based physics informed neural networks, which stars form the vanilla PINN, as well as many other variants, such as physics-constrained neural networks (PCNN), variational hp-VPINN, and conservative PINN (CPINN). The study indicates that most research has focused on customizing the PINN through different activation functions, gradient optimization techniques, neural network structures, and loss function structures. Despite the wide range of applications for which PINNs have been used, by demonstrating their ability to be more feasible in some contexts than classical numerical techniques like Finite Element Method (FEM), advancements are still possible, most notably theoretical issues that remain unresolved.","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Cuomo","given":"Salvatore"},{"family":"Cola","given":"Vincenzo Schiano","non-dropping-particle":"di"},{"family":"Giampaolo","given":"Fabio"},{"family":"Rozza","given":"Gianluigi"},{"family":"Raissi","given":"Maziar"},{"family":"Piccialli","given":"Francesco"}],"citation-key":"cuomoScientificMachineLearning2022","issued":{"date-parts":[["2022",6,7]]},"number":"arXiv:2201.05624","publisher":"arXiv","source":"arXiv.org","title":"Scientific Machine Learning through Physics-Informed Neural Networks: Where we are and What's next","title-short":"Scientific Machine Learning through Physics-Informed Neural Networks","type":"article","URL":"http://arxiv.org/abs/2201.05624"},{"id":"wangPINNsBasedUncertaintyQuantification2023","abstract":"This paper addresses the challenge of transient stability in power systems with missing parameters and uncertainty propagation in swing equations. We introduce a novel application of Physics-Informed Neural Networks (PINNs), specifically an Ensemble of PINNs (E-PINNs), to estimate critical parameters like rotor angle and inertia coefficient with enhanced accuracy and reduced computational load. E-PINNs capitalize on the underlying physical principles of swing equations to provide a robust solution. Our approach not only facilitates efficient parameter estimation but also quantifies uncertainties, delivering probabilistic insights into the system behavior. The efficacy of E-PINNs is demonstrated through the analysis of $1$-bus and $2$-bus systems, highlighting the model's ability to handle parameter variability and data scarcity. The study advances the application of machine learning in power system stability, paving the way for reliable and computationally efficient transient stability analysis.","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Wang","given":"Ren"},{"family":"Zhong","given":"Ming"},{"family":"Xu","given":"Kaidi"},{"family":"Sánchez-Cortés","given":"Lola Giráldez"},{"family":"Guerra","given":"Ignacio de Cominges"}],"citation-key":"wangPINNsBasedUncertaintyQuantification2023","issued":{"date-parts":[["2023",11,21]]},"number":"arXiv:2311.12947","publisher":"arXiv","source":"arXiv.org","title":"PINNs-Based Uncertainty Quantification for Transient Stability Analysis","type":"article","URL":"http://arxiv.org/abs/2311.12947"},{"id":"stiasnyTransientStabilityAnalysis2023","abstract":"We explore the possibility to use physics-informed neural networks to drastically accelerate the solution of ordinary differential-algebraic equations that govern the power system dynamics. When it comes to transient stability assessment, the traditionally applied methods either carry a significant computational burden, require model simplifications, or use overly conservative surrogate models. Conventional neural networks can circumvent these limitations but are faced with high demand of high-quality training datasets, while they ignore the underlying governing equations. Physics-informed neural networks are different: they incorporate the power system differential algebraic equations directly into the neural network training and drastically reduce the need for training data. This paper takes a deep dive into the performance of physics-informed neural networks for power system transient stability assessment. Introducing a new neural network training procedure to facilitate a thorough comparison, we explore how physics-informed neural networks compare with conventional differential-algebraic solvers and classical neural networks in terms of computation time, requirements in data, and prediction accuracy. We illustrate the findings on the Kundur two-area system, and assess the opportunities and challenges of physics-informed neural networks to serve as a transient stability analysis tool, highlighting possible pathways to further develop this method.","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Stiasny","given":"Jochen"},{"family":"Misyris","given":"Georgios S."},{"family":"Chatzivasileiadis","given":"Spyros"}],"citation-key":"stiasnyTransientStabilityAnalysis2023","issued":{"date-parts":[["2023",3,15]]},"number":"arXiv:2106.13638","publisher":"arXiv","source":"arXiv.org","title":"Transient Stability Analysis with Physics-Informed Neural Networks","type":"article","URL":"http://arxiv.org/abs/2106.13638"},{"id":"alwanTheoryHybridSystems2018","abstract":"This book is the first to present the application of the hybrid system theory to systems with EPCA (equations with piecewise continuous arguments). The hybrid system paradigm is a valuable modeling tool for describing a wide range of real-world applications. Moreover, although new technology has produced, and continues to produce highly hierarchical sophisticated machinery that cannot be analyzed as a whole system, hybrid system representation can be used to reduce the structural complexity of these systems. That is to say, hybrid systems have become a modeling priority, which in turn has led to the creation of a promising research field with several application areas. As such, the book explores recent developments in the area of deterministic and stochastic hybrid systems using the Lyapunov and Razumikhin-Lyapunov methods to investigate the systems' properties. It also describes properties such as stability, stabilization, reliable control, H-infinity optimal control, input-to-state stability (ISS)/stabilization, state estimation, and large-scale singularly perturbed systems","author":[{"family":"Alwan","given":"Mohamad S."},{"family":"Liu","given":"Xinzhi"}],"call-number":"629.8","citation-key":"alwanTheoryHybridSystems2018","collection-title":"Nonlinear Physical Science","DOI":"10.1007/978-981-10-8046-3","edition":"1st ed. 2018","event-place":"Singapore","ISBN":"978-981-10-8046-3","issued":{"date-parts":[["2018"]]},"number-of-pages":"1","publisher":"Springer Singapore : Imprint: Springer","publisher-place":"Singapore","source":"Library of Congress ISBN","title":"Theory of Hybrid Systems: Deterministic and Stochastic","title-short":"Theory of Hybrid Systems","type":"book"},{"id":"communityLeanMathematicalLibrary2020","abstract":"This paper describes mathlib, a community-driven effort to build a unified library of mathematics formalized in the Lean proof assistant. Among proof assistant libraries, it is distinguished by its dependently typed foundations, focus on classical mathematics, extensive hierarchy of structures, use of large- and small-scale automation, and distributed organization. We explain the architecture and design decisions of the library and the social organization that has led us here.","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Community","given":"The","dropping-particle":"mathlib"}],"citation-key":"communityLeanMathematicalLibrary2020","container-title":"Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs","DOI":"10.1145/3372885.3373824","issued":{"date-parts":[["2020",1,20]]},"page":"367-381","source":"arXiv.org","title":"The Lean mathematical library","type":"paper-conference","URL":"http://arxiv.org/abs/1910.09336"},{"id":"voevodskyOriginsMotivationsUnivalent","author":[{"family":"Voevodsky","given":"Vladimir"}],"citation-key":"voevodskyOriginsMotivationsUnivalent","language":"en","source":"Zotero","title":"The Origins and Motivations of Univalent Foundations","type":"article-journal"},{"id":"sorensenLecturesCurryHowardIsomorphism","author":[{"family":"Sorensen","given":"Morten Heine B."},{"family":"Urzyczyn","given":"Pawel"}],"citation-key":"sorensenLecturesCurryHowardIsomorphism","title":"Lectures on the Curry-Howard Isomorphism","type":"document"},{"id":"rojasTutorialIntroductionLambda","abstract":"This paper is a short and painless introduction to the λ calculus. Originally developed in order to study some mathematical properties of eﬀectively computable functions, this formalism has provided a strong theoretical foundation for the family of functional programming languages. We show how to perform some arithmetical computations using the λ calculus and how to deﬁne recursive functions, even though functions in λ calculus are not given names and thus cannot refer explicitly to themselves.","author":[{"family":"Rojas","given":"Raul"}],"citation-key":"rojasTutorialIntroductionLambda","language":"en","source":"Zotero","title":"A Tutorial Introduction to the Lambda Calculus","type":"article-journal"},{"id":"viteriExplosiveProofsMathematical2022","abstract":"Mathematical proofs are both paradigms of certainty and some of the most explicitly-justiﬁed arguments that we have in the cultural record. Their very explicitness, however, leads to a paradox, because their probability of error grows exponentially as the argument expands. Here we show that under a cognitively-plausible belief formation mechanism that combines deductive and abductive reasoning, mathematical arguments can undergo what we call an epistemic phase transition: a dramatic and rapidly-propagating jump from uncertainty to near-complete conﬁdence at reasonable levels of claim-to-claim error rates. To show this, we analyze an unusual dataset of forty-eight machine-aided proofs from the formalized reasoning system Coq, including major theorems ranging from ancient to 21st Century mathematics, along with four hand-constructed cases from Euclid, Apollonius, Spinoza, and Andrew Wiles. Our results bear both on recent work in the history and philosophy of mathematics, and on a question, basic to cognitive science, of how we form beliefs, and justify them to others.","accessed":{"date-parts":[["2024",1,29]]},"author":[{"family":"Viteri","given":"Scott"},{"family":"DeDeo","given":"Simon"}],"citation-key":"viteriExplosiveProofsMathematical2022","container-title":"Cognition","container-title-short":"Cognition","DOI":"10.1016/j.cognition.2022.105120","ISSN":"00100277","issued":{"date-parts":[["2022",8]]},"language":"en","page":"105120","source":"arXiv.org","title":"Explosive Proofs of Mathematical Truths","type":"article-journal","URL":"http://arxiv.org/abs/2004.00055","volume":"225"},{"id":"hanDeepLinkEquating2023","abstract":"Mathematical logic and the code of computer programs are, in an exact way, mirror images of each other.","accessed":{"date-parts":[["2024",1,28]]},"author":[{"family":"Han","given":"Sheon"}],"citation-key":"hanDeepLinkEquating2023","issued":{"date-parts":[["2023",10,11]]},"title":"The Deep Link Equating Math Proofs and Computer Programs","type":"webpage","URL":"https://www.quantamagazine.org/the-deep-link-equating-math-proofs-and-computer-programs-20231011/"},{"id":"TLA2023","abstract":"TLA+ is a formal specification language developed by Leslie Lamport. It is used for designing, modelling, documentation, and verification of programs, especially concurrent systems and distributed systems. TLA+ is considered to be exhaustively-testable pseudocode, and its use likened to drawing blueprints for software systems; TLA is an acronym for Temporal Logic of Actions.\nFor design and documentation, TLA+ fulfills the same purpose as informal technical specifications. However, TLA+ specifications are written in a formal language of logic and mathematics, and the precision of specifications written in this language is intended to uncover design flaws before system implementation is underway.Since TLA+ specifications are written in a formal language, they are amenable to finite model checking. The model checker finds all possible system behaviours up to some number of execution steps, and examines them for violations of desired invariance properties such as safety and liveness. TLA+ specifications use basic set theory to define safety (bad things won't happen) and temporal logic to define liveness (good things eventually happen).\nTLA+ is also used to write machine-checked proofs of correctness both for algorithms and mathematical theorems. The proofs are written in a declarative, hierarchical style independent of any single theorem prover backend. Both formal and informal structured mathematical proofs can be written in TLA+; the language is similar to LaTeX, and tools exist to translate TLA+ specifications to LaTeX documents.TLA+ was introduced in 1999, following several decades of research into a verification method for concurrent systems. Ever since, a toolchain has been developed, including an IDE and a distributed model checker. The pseudocode-like language PlusCal was created in 2009; it transpiles to TLA+ and is useful for specifying sequential algorithms. TLA+2 was announced in 2014, expanding language support for proof constructs. The current TLA+ reference is The TLA+ Hyperbook by Leslie Lamport.","accessed":{"date-parts":[["2024",1,28]]},"citation-key":"TLA2023","container-title":"Wikipedia","issued":{"date-parts":[["2023",12,24]]},"license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1191589904","source":"Wikipedia","title":"TLA<sup>+</sup>","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=TLA%2B&oldid=1191589904"},{"id":"HoareLogic2023","abstract":"Hoare logic (also known as Floyd–Hoare logic or Hoare rules) is a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. It was proposed in 1969 by the British computer scientist and logician Tony Hoare, and subsequently refined by Hoare and other researchers. The original ideas were seeded by the work of Robert W. Floyd, who had published a similar system for flowcharts.","accessed":{"date-parts":[["2024",1,28]]},"citation-key":"HoareLogic2023","container-title":"Wikipedia","issued":{"date-parts":[["2023",11,8]]},"license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1184150662","source":"Wikipedia","title":"Hoare logic","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=Hoare_logic&oldid=1184150662"},{"id":"hartnettHackerProofCodeConfirmed2016","abstract":"Computer scientists can prove certain programs to be error-free with the same certainty that mathematicians prove theorems.","accessed":{"date-parts":[["2024",1,28]]},"author":[{"family":"Hartnett","given":"Kevin"}],"citation-key":"hartnettHackerProofCodeConfirmed2016","issued":{"date-parts":[["2016",9,20]]},"title":"Hacker-Proof Code Confirmed","type":"webpage","URL":"https://www.quantamagazine.org/formal-verification-creates-hacker-proof-code-20160920/"},{"id":"BuildingMathematicalLibrary2020","abstract":"A small community of mathematicians is using a software program called Lean to build a new digital repository. They hope it represents the future of their field.","accessed":{"date-parts":[["2024",1,28]]},"citation-key":"BuildingMathematicalLibrary2020","issued":{"date-parts":[["2020",10,1]]},"title":"Building the Mathematical Library of the Future","type":"webpage","URL":"https://www.quantamagazine.org/building-the-mathematical-library-of-the-future-20201001/"},{"id":"chlipalaProofAssistantsHardwaresoftware2020","abstract":"Some of the earliest applications of proof assistants were to correctness of digital hardware designs, but the subject doesn’t come up too frequently today at venues like CPP. I will try to make the case that proof assistants are a crucial tool for resolving both classical problems and new ones at the hardware-software interface. That is, it is important to understand exactly what guarantees a processor exports to software, it is important to verify that hardware exports those guarantees correctly, and it is important to prove end-to-end theorems covering both hardware and software. A few social developments make this an exciting time to tackle these problems: open instruction sets and open-source hardware designs are growing in real-world relevance, and surprising new classes of security vulnerabilities have gotten more practitioners thinking about precise hardware-software contracts. I will sketch the state of the research area and go into detail on a few of my own related projects. An ancillary goal is to convey that programming or proving digital hardware is a lot like programming or proving software, with a few fun distinctions, so more of the CPP crowd might want to give it a try!","accessed":{"date-parts":[["2024",1,27]]},"author":[{"family":"Chlipala","given":"Adam"}],"citation-key":"chlipalaProofAssistantsHardwaresoftware2020","collection-title":"CPP 2020","DOI":"10.1145/3372885.3378575","event-place":"New York, NY, USA","ISBN":"978-1-4503-7097-4","issued":{"date-parts":[["2020",1,22]]},"page":"2","publisher":"Association for Computing Machinery","publisher-place":"New York, NY, USA","source":"ACM Digital Library","title":"Proof assistants at the hardware-software interface (invited talk)","type":"paper-conference","URL":"https://dl.acm.org/doi/10.1145/3372885.3378575"},{"id":"MathlibStatistics","accessed":{"date-parts":[["2024",1,28]]},"citation-key":"MathlibStatistics","title":"Mathlib statistics","type":"webpage","URL":"https://leanprover-community.github.io/mathlib_stats.html"},{"id":"LeanCuriousMathematician","accessed":{"date-parts":[["2024",1,27]]},"citation-key":"LeanCuriousMathematician","title":"Lean for the Curious Mathematician 2020 - YouTube","type":"webpage","URL":"https://www.youtube.com/playlist?list=PLlF-CfQhukNlxexiNJErGJd2dte_J1t1N"},{"id":"UnivalentFoundationsMathematics2010","abstract":"The correspondence between homotopy types and higher categorical analogs of groupoids which was first conjectured by Alexander Grothendieck naturally leads to a view of mathematics where sets are used to parametrize collections of objects without \"internal structure\" while collections of objects with \"internal structure\" are parametrized by more general homotopy types. Univalent Foundations are based on the combination of this view with the discovery that it is possible to directly formalize reasoning about homotopy types using Martin-Lof type theories.","accessed":{"date-parts":[["2024",1,27]]},"citation-key":"UnivalentFoundationsMathematics2010","issued":{"date-parts":[["2010",12,16]]},"title":"Univalent Foundations of Mathematics","type":"webpage","URL":"https://www.ias.edu/video/univalent/voevodsky"},{"id":"ahmadi-javidPortfolioOptimizationEntropic2019","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Ahmadi-Javid","given":"Amir"},{"family":"Fallah-Tafti","given":"Malihe"}],"citation-key":"ahmadi-javidPortfolioOptimizationEntropic2019","container-title":"European Journal of Operational Research","container-title-short":"European Journal of Operational Research","DOI":"10.1016/j.ejor.2019.02.007","ISSN":"03772217","issue":"1","issued":{"date-parts":[["2019",11]]},"language":"en","page":"225-241","source":"DOI.org (Crossref)","title":"Portfolio optimization with entropic value-at-risk","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0377221719301183","volume":"279"},{"id":"pichlerEntropyBasedRisk2020","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Pichler","given":"Alois"},{"family":"Schlotter","given":"Ruben"}],"citation-key":"pichlerEntropyBasedRisk2020","container-title":"European Journal of Operational Research","container-title-short":"European Journal of Operational Research","DOI":"10.1016/j.ejor.2019.01.016","ISSN":"03772217","issue":"1","issued":{"date-parts":[["2020",8]]},"language":"en","page":"223-236","source":"DOI.org (Crossref)","title":"Entropy based risk measures","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0377221719300189","volume":"285"},{"id":"brandtnerEntropicRiskMeasures2018","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Brandtner","given":"Mario"},{"family":"Kürsten","given":"Wolfgang"},{"family":"Rischau","given":"Robert"}],"citation-key":"brandtnerEntropicRiskMeasures2018","container-title":"European Journal of Operational Research","container-title-short":"European Journal of Operational Research","DOI":"10.1016/j.ejor.2017.07.007","ISSN":"03772217","issue":"2","issued":{"date-parts":[["2018",1]]},"language":"en","page":"707-716","source":"DOI.org (Crossref)","title":"Entropic risk measures and their comparative statics in portfolio selection: Coherence vs. convexity","title-short":"Entropic risk measures and their comparative statics in portfolio selection","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0377221717306343","volume":"264"},{"id":"fleischhackerRelationshipEntropyDemand2015","abstract":"We analyze the effect of demand uncertainty, as measured by entropy, on expected costs in a stochastic inventory model. Existing models studying demand variability’s impact use either stochastic ordering techniques or use variance as a measure of uncertainty. Due to both axiomatic appeal and recent use of entropy in the operations management literature, this paper develops entropy’s use as a demand uncertainty measure. Our key contribution is an insightful proof quantifying how costs are non-increasing when entropy is reduced.","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Fleischhacker","given":"Adam J."},{"family":"Fok","given":"Pak-Wing"}],"citation-key":"fleischhackerRelationshipEntropyDemand2015","container-title":"European Journal of Operational Research","container-title-short":"European Journal of Operational Research","DOI":"10.1016/j.ejor.2015.03.014","ISSN":"03772217","issue":"2","issued":{"date-parts":[["2015",9]]},"language":"en","page":"623-628","source":"DOI.org (Crossref)","title":"On the relationship between entropy, demand uncertainty, and expected loss","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0377221715002076","volume":"245"},{"id":"fischerRemarksMeasureRisk2007","abstract":"Yang and Qiu [Yang, J., Qiu, W., 2005. A measure of risk and a decision-making model based on expected utility and entropy. European Journal of Operational Research 164, 792–799] suggest a new concept for decision making under risk. This concept relies on a combination of the well-known expected utility criterion and the so-called entropy. The authors claim that the approach might be used as a descriptive as well as a normative decision model.","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Fischer","given":"Kathrin"},{"family":"Kleine","given":"Andreas"}],"citation-key":"fischerRemarksMeasureRisk2007","container-title":"European Journal of Operational Research","container-title-short":"European Journal of Operational Research","DOI":"10.1016/j.ejor.2006.07.033","ISSN":"03772217","issue":"1","issued":{"date-parts":[["2007",10]]},"language":"en","page":"469-474","source":"DOI.org (Crossref)","title":"Remarks on “A measure of risk and a decision-making model based on expected utility and entropy” by Jiping Yang and Wanhua Qiu (EJOR 164 (2005), 792–799)","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0377221706007983","volume":"182"},{"id":"yangMeasureRiskDecisionmaking2005","abstract":"In this paper we extend the classical decision model under risk to a more general case, in which the state of nature corresponding to each risky action may have its own distribution. More speciﬁcally, we propose an expected utilityentropy (EU-E) measure of risk and a decision-making model based on expected utility and entropy. The EU-E measure of risk reﬂects an individual’s intuitive attitude toward risk. The decision model incorporates the expected utility decision criterion as a special case. Using this decision model, a class of decision problems, which cannot be dealt with the expected utility or mean–variance criterion reasonably, can be solved. Besides, some famous decision paradoxes can be interpreted. This decision model can either serve as a descriptive or a normative decision model involving risk.","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Yang","given":"Jiping"},{"family":"Qiu","given":"Wanhua"}],"citation-key":"yangMeasureRiskDecisionmaking2005","container-title":"European Journal of Operational Research","container-title-short":"European Journal of Operational Research","DOI":"10.1016/j.ejor.2004.01.031","ISSN":"03772217","issue":"3","issued":{"date-parts":[["2005",8]]},"language":"en","page":"792-799","source":"DOI.org (Crossref)","title":"A measure of risk and a decision-making model based on expected utility and entropy","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S0377221704000773","volume":"164"},{"id":"deutschbeinHardwareSecurityProperty2022","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Deutschbein","given":"Calvin"},{"family":"Meza","given":"Andres"},{"family":"Restuccia","given":"Francesco"},{"family":"Gregoire","given":"Matthew"},{"family":"Kastner","given":"Ryan"},{"family":"Sturton","given":"Cynthia"}],"citation-key":"deutschbeinHardwareSecurityProperty2022","container-title":"IEEE Security & Privacy","container-title-short":"IEEE Secur. Privacy","DOI":"10.1109/MSEC.2022.3155376","ISSN":"1540-7993, 1558-4046","issue":"3","issued":{"date-parts":[["2022",5]]},"language":"en","page":"43-51","source":"DOI.org (Crossref)","title":"Toward Hardware Security Property Generation at Scale","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9765633/","volume":"20"},{"id":"coferCyberassuredSystemsEngineering2022","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Cofer","given":"Darren"},{"family":"Amundson","given":"Isaac"},{"family":"Babar","given":"Junaid"},{"family":"Hardin","given":"David"},{"family":"Slind","given":"Konrad"},{"family":"Alexander","given":"Perry"},{"family":"Hatcliff","given":"John"},{"literal":"Robby"},{"family":"Klein","given":"Gerwin"},{"family":"Lewis","given":"Corey"},{"family":"Mercer","given":"Eric"},{"family":"Shackleton","given":"John"}],"citation-key":"coferCyberassuredSystemsEngineering2022","container-title":"IEEE Security & Privacy","container-title-short":"IEEE Secur. Privacy","DOI":"10.1109/MSEC.2022.3151733","ISSN":"1540-7993, 1558-4046","issue":"3","issued":{"date-parts":[["2022",5]]},"language":"en","page":"52-64","source":"DOI.org (Crossref)","title":"Cyberassured Systems Engineering at Scale","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9734792/","volume":"20"},{"id":"martinFormalMethodsScale2022","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Martin","given":"William"},{"family":"Lincoln","given":"Patrick"},{"family":"Scherlis","given":"William"}],"citation-key":"martinFormalMethodsScale2022","container-title":"IEEE Security & Privacy","container-title-short":"IEEE Secur. Privacy","DOI":"10.1109/MSEC.2022.3158842","ISSN":"1540-7993, 1558-4046","issue":"3","issued":{"date-parts":[["2022",5]]},"language":"en","page":"22-23","source":"DOI.org (Crossref)","title":"Formal Methods at Scale","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/9782881/","volume":"20"},{"id":"ConvergenceFacilitatingTransdisciplinary2014","accessed":{"date-parts":[["2024",1,26]]},"citation-key":"ConvergenceFacilitatingTransdisciplinary2014","DOI":"10.17226/18722","event-place":"Washington, D.C.","ISBN":"978-0-309-30151-0","issued":{"date-parts":[["2014",6,16]]},"language":"en","page":"18722","publisher":"National Academies Press","publisher-place":"Washington, D.C.","source":"DOI.org (Crossref)","title":"Convergence: Facilitating Transdisciplinary Integration of Life Sciences, Physical Sciences, Engineering, and Beyond","title-short":"Convergence","type":"book","URL":"http://www.nap.edu/catalog/18722"},{"id":"committeeonavisionforthefutureofcenter-basedmultidisciplinaryengineeringresearchNewVisionCenterBased2017","accessed":{"date-parts":[["2024",1,26]]},"author":[{"literal":"Committee on a Vision for the Future of Center-Based Multidisciplinary Engineering Research"},{"literal":"National Materials and Manufacturing Board"},{"literal":"Division on Engineering and Physical Sciences"},{"literal":"National Academy of Engineering"},{"literal":"National Academies of Sciences, Engineering, and Medicine"}],"citation-key":"committeeonavisionforthefutureofcenter-basedmultidisciplinaryengineeringresearchNewVisionCenterBased2017","DOI":"10.17226/24767","event-place":"Washington, D.C.","ISBN":"978-0-309-45905-1","issued":{"date-parts":[["2017",7,18]]},"language":"en","page":"24767","publisher":"National Academies Press","publisher-place":"Washington, D.C.","source":"DOI.org (Crossref)","title":"A New Vision for Center-Based Engineering Research","type":"book","URL":"https://www.nap.edu/catalog/24767"},{"id":"nationalmaterialsandmanufacturingboardVisionFutureCenterBased2016","accessed":{"date-parts":[["2024",1,26]]},"author":[{"literal":"National Materials and Manufacturing Board"},{"literal":"Division on Engineering and Physical Sciences"},{"literal":"National Academy of Engineering"},{"literal":"National Academies of Sciences, Engineering, and Medicine"}],"citation-key":"nationalmaterialsandmanufacturingboardVisionFutureCenterBased2016","DOI":"10.17226/23645","editor":[{"family":"Alper","given":"Joe"}],"event-place":"Washington, D.C.","ISBN":"978-0-309-44970-0","issued":{"date-parts":[["2016"]]},"language":"en","page":"23645","publisher":"National Academies Press","publisher-place":"Washington, D.C.","source":"DOI.org (Crossref)","title":"A Vision for the Future of Center-Based Multidisciplinary Engineering Research: Proceedings of a Symposium","title-short":"A Vision for the Future of Center-Based Multidisciplinary Engineering Research","type":"book","URL":"http://www.nap.edu/catalog/23645"},{"id":"EnhancingEffectivenessTeam2015","accessed":{"date-parts":[["2024",1,26]]},"citation-key":"EnhancingEffectivenessTeam2015","DOI":"10.17226/19007","event-place":"Washington, D.C.","ISBN":"978-0-309-31682-8","issued":{"date-parts":[["2015",7,15]]},"language":"en","page":"19007","publisher":"National Academies Press","publisher-place":"Washington, D.C.","source":"DOI.org (Crossref)","title":"Enhancing the Effectiveness of Team Science","type":"book","URL":"http://www.nap.edu/catalog/19007"},{"id":"felderABCENGINEERINGEDUCATION2004","author":[{"family":"Felder","given":"Richard M"},{"family":"Brent","given":"Rebecca"}],"citation-key":"felderABCENGINEERINGEDUCATION2004","issued":{"date-parts":[["2004"]]},"language":"en","source":"Zotero","title":"THE ABC’S OF ENGINEERING EDUCATION: ABET, BLOOM’S TAXONOMY, COOPERATIVE LEARNING, AND SO ON","type":"article-journal"},{"id":"CriteriaAccreditingEngineering","accessed":{"date-parts":[["2024",1,26]]},"citation-key":"CriteriaAccreditingEngineering","container-title":"ABET","language":"en-US","title":"Criteria for Accrediting Engineering Programs, 2022 - 2023","type":"post-weblog","URL":"https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-engineering-programs-2022-2023/"},{"id":"felderDesigningTeachingCourses2003","abstract":"Since the new ABET accreditation system was first introduced to American engineering education in the middle 1990s as Engineering Criteria 2000, most discussion in the literature has focused on how to assess Outcomes 3a-3k and relatively little has concerned how to equip students with the skills and attitudes specified in those outcomes. This paper seeks to fill this gap. Its goals are to (1) overview the accreditation process and clarify the confusing array of terms associated with it (objectives, outcomes, outcome indicators, etc.); (2) provide guidance on the formulation of course learning objectives and assessment methods that address Outcomes 3a-3k; (3) identify and describe instructional techniques that should effectively prepare students to achieve those outcomes by the time they graduate; and (4) propose a strategy for integrating program-level and course-level activities when designing an instructional program to meet the requirements of the ABET engineering criteria.","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Felder","given":"Richard M."},{"family":"Brent","given":"Rebecca"}],"citation-key":"felderDesigningTeachingCourses2003","container-title":"Journal of Engineering Education","DOI":"10.1002/j.2168-9830.2003.tb00734.x","ISSN":"2168-9830","issue":"1","issued":{"date-parts":[["2003"]]},"language":"en","license":"2003 American Society for Engineering Education","page":"7-25","source":"Wiley Online Library","title":"Designing and Teaching Courses to Satisfy the ABET Engineering Criteria","type":"article-journal","URL":"https://onlinelibrary.wiley.com/doi/abs/10.1002/j.2168-9830.2003.tb00734.x","volume":"92"},{"id":"biggsEnhancingTeachingConstructive1996","abstract":"Two lines of thinking are becoming increasingly important in higher educational practice. The first derives from constructivist learning theory, and the second from the instructional design literature. Constructivism comprises a family of theories but all have in common the centrality of the learner's activities in creating meaning. These and related ideas have important implications for teaching and assessment. Instructional designers for their part have emphasised alignment between the objectives of a course or unit and the targets for assessing student performance. “Constructive alignment” represents a marriage of the two thrusts, constructivism being used as a framework to guide decision-making at all stages in instructional design: in deriving curriculum objectives in terms of performances that represent a suitably high cognitive level, in deciding teaching/learning activities judged to elicit those performances, and to assess and summatively report student performance. The “performances of understanding” nominated in the objectives are thus used to systematically align the teaching methods and the assessment. The process is illustrated with reference to a professional development unit in educational psychology for teachers, but the model may be generalized to most units or programs in higher education.","accessed":{"date-parts":[["2024",1,26]]},"author":[{"family":"Biggs","given":"John"}],"citation-key":"biggsEnhancingTeachingConstructive1996","container-title":"Higher Education","container-title-short":"High Educ","DOI":"10.1007/BF00138871","ISSN":"1573-174X","issue":"3","issued":{"date-parts":[["1996",10,1]]},"language":"en","page":"347-364","source":"Springer Link","title":"Enhancing teaching through constructive alignment","type":"article-journal","URL":"https://doi.org/10.1007/BF00138871","volume":"32"},{"id":"rehtanzDigitalTwinBuzzword2024","abstract":"When we talk about digitization and digitalization, the term digital twin is not far away; data and information are the new oil for the economy. But hasn’t electrical power always been at the forefront with computational models and computer applications for the secure operation of power systems? With the development of computer systems in the middle of the last century, power systems were one of the first civilian applications. Many standard computing methods and models in power systems have been established for more than half a century. Why are we suddenly researching and talking so much about digital twins, and which new solutions will really be established in practice? In this special issue, we want to explore these questions and examine them from different perspectives.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Rehtanz","given":"Christian"},{"family":"Häger","given":"Ulf"},{"family":"Liu","given":"Chen-Ching"}],"citation-key":"rehtanzDigitalTwinBuzzword2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3339094","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"14-15","source":"IEEE Xplore","title":"Digital Twin: From Buzzword To Solutions [Guest Editorial]","title-short":"Digital Twin","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398570/","volume":"22"},{"id":"kamwaBuzzwordSolutionsDigital2024","abstract":"The digital twin concept has been around for a while—as early as 2002, according to Wikipedia and the authors in this issue. However, my first encounter with this concept was just about five or six years ago. Around that time, Gartner reported the entering of digital twins into mainstream use: 75% of companies implementing the Internet of Things were already using digital twins or planned to within a year. My organization was contemplating digital twins as an enabling technology for grid modernization. During the process of road mapping the strategic innovation, we were asked how/where to position and prioritize this emerging research field in the transmission portfolio. We had two camps: networks versus assets. In the end, upper management, advised probably by consulting firms, such as McKinsey or Gartner, assigned the digital twin track to the asset group and excluded it from network research activities. Applying the digital twin buzzword to “networks” was deemed an abuse of language—a source of confusion in use case definitions and business value analyses of digital twins.","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Kamwa","given":"Innocent"},{"family":"Badrzadeh","given":"Babak"}],"citation-key":"kamwaBuzzwordSolutionsDigital2024","container-title":"IEEE Power and Energy Magazine","DOI":"10.1109/MPE.2023.3331189","ISSN":"1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"page":"4-11","source":"IEEE Xplore","title":"From Buzzword To Solutions: Digital Twins in Power Systems [Editor’s Voice]","title-short":"From Buzzword To Solutions","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398547/","volume":"22"},{"id":"srivastavaDigitalTwinsServing2024a","accessed":{"date-parts":[["2024",3,13]]},"author":[{"family":"Srivastava","given":"Anurag"},{"family":"Liu","given":"Chen-Ching"},{"family":"Stefanov","given":"Alexandru"},{"family":"Basumallik","given":"Sagnik"},{"family":"Hussain","given":"Mohammed M."},{"family":"Somda","given":"Baza"},{"family":"Rajkumar","given":"Vetrivel S."}],"citation-key":"srivastavaDigitalTwinsServing2024a","container-title":"IEEE Power and Energy Magazine","container-title-short":"IEEE Power and Energy Mag.","DOI":"10.1109/MPE.2023.3325196","ISSN":"1540-7977, 1558-4216","issue":"1","issued":{"date-parts":[["2024",1]]},"language":"en","page":"61-71","source":"DOI.org (Crossref)","title":"Digital Twins Serving Cybersecurity: More Than a Model: Cybersecurity as a Future Benefit of Digital Twins 2","title-short":"Digital Twins Serving Cybersecurity","type":"article-journal","URL":"https://ieeexplore.ieee.org/document/10398550/","volume":"22"},{"id":"massotWhyFormalizeMathematics","abstract":"We’ve been doing mathematics for more than two thousand years with remarkable success. Hence it is natural to be puzzled by people investing a lot of time and energy into a very new and weird way of doing mathematics: the formalized way where human beings explain mathematical definitions and proofs to computers. Beyond puzzlement, some people are wary. They think the traditional way may disappear, or maybe even mathematicians may disappear, being replaced by AI agents. These events are extremely unlikely and they are not the goals of the mathematical formalization community. We want to add to our tool set, without loosing anything we already have. In this text I’ll explain what we want to add, distinguishing what already partially exists and what is currently science fiction. Examples will use Lean, a proof assistant software developed mostly by Leonardo de Moura at Microsoft Research, but everything I’ll write applies to other proof assistants such as Coq or Isabelle.","author":[{"family":"Massot","given":"Patrick"}],"citation-key":"massotWhyFormalizeMathematics","language":"en","source":"Zotero","title":"Why formalize mathematics?","type":"article-journal"},{"id":"charalambousNewEraSoftware2023","abstract":"In this paper we present a novel solution that combines the capabilities of Large Language Models (LLMs) with Formal Verification strategies to verify and automatically repair software vulnerabilities. Initially, we employ Bounded Model Checking (BMC) to locate the software vulnerability and derive a counterexample. The counterexample provides evidence that the system behaves incorrectly or contains a vulnerability. The counterexample that has been detected, along with the source code, are provided to the LLM engine. Our approach involves establishing a specialized prompt language for conducting code debugging and generation to understand the vulnerability's root cause and repair the code. Finally, we use BMC to verify the corrected version of the code generated by the LLM. As a proof of concept, we create ESBMC-AI based on the Efficient SMT-based Context-Bounded Model Checker (ESBMC) and a pre-trained Transformer model, specifically gpt-3.5-turbo, to detect and fix errors in C programs. Our experimentation involved generating a dataset comprising 1000 C code samples, each consisting of 20 to 50 lines of code. Notably, our proposed method achieved an impressive success rate of up to 80% in repairing vulnerable code encompassing buffer overflow and pointer dereference failures. We assert that this automated approach can effectively incorporate into the software development lifecycle's continuous integration and deployment (CI/CD) process.","accessed":{"date-parts":[["2024",3,7]]},"author":[{"family":"Charalambous","given":"Yiannis"},{"family":"Tihanyi","given":"Norbert"},{"family":"Jain","given":"Ridhi"},{"family":"Sun","given":"Youcheng"},{"family":"Ferrag","given":"Mohamed Amine"},{"family":"Cordeiro","given":"Lucas C."}],"citation-key":"charalambousNewEraSoftware2023","DOI":"10.48550/arXiv.2305.14752","issued":{"date-parts":[["2023",5,24]]},"number":"arXiv:2305.14752","publisher":"arXiv","source":"arXiv.org","title":"A New Era in Software Security: Towards Self-Healing Software via Large Language Models and Formal Verification","title-short":"A New Era in Software Security","type":"article","URL":"http://arxiv.org/abs/2305.14752"},{"id":"poluGenerativeLanguageModeling2020","abstract":"We explore the application of transformer-based language models to automated theorem proving. This work is motivated by the possibility that a major limitation of automated theorem provers compared to humans -- the generation of original mathematical terms -- might be addressable via generation from language models. We present an automated prover and proof assistant, GPT-f, for the Metamath formalization language, and analyze its performance. GPT-f found new short proofs that were accepted into the main Metamath library, which is to our knowledge, the first time a deep-learning based system has contributed proofs that were adopted by a formal mathematics community.","accessed":{"date-parts":[["2024",3,7]]},"author":[{"family":"Polu","given":"Stanislas"},{"family":"Sutskever","given":"Ilya"}],"citation-key":"poluGenerativeLanguageModeling2020","DOI":"10.48550/arXiv.2009.03393","issued":{"date-parts":[["2020",9,7]]},"number":"arXiv:2009.03393","publisher":"arXiv","source":"arXiv.org","title":"Generative Language Modeling for Automated Theorem Proving","type":"article","URL":"http://arxiv.org/abs/2009.03393"},{"id":"carterEC2000Criterion2001","accessed":{"date-parts":[["2024",1,30]]},"author":[{"family":"Carter","given":"Michael"},{"family":"Brent","given":"Rebecca"},{"family":"Rajala","given":"Sarah"}],"citation-key":"carterEC2000Criterion2001","container-title":"2001 Annual Conference Proceedings","DOI":"10.18260/1-2--9153","event-place":"Albuquerque, New Mexico","event-title":"2001 Annual Conference","issued":{"date-parts":[["2001",6]]},"language":"en","page":"6.400.1-6.400.11","publisher":"ASEE Conferences","publisher-place":"Albuquerque, New Mexico","source":"DOI.org (Crossref)","title":"EC 2000 Criterion 2: A Procedure For Creating, Assessing, And Documenting Program Educational Objectives","title-short":"Ec 2000 Criterion 2","type":"paper-conference","URL":"http://peer.asee.org/9153"},{"id":"hatcherListRecommendedBooks","author":[{"family":"Hatcher","given":"Allen"}],"citation-key":"hatcherListRecommendedBooks","language":"en","source":"Zotero","title":"A List of Recommended Books in Topology","type":"article-journal"},{"id":"morrisTOPOLOGYTEARS","author":[{"family":"Morris","given":"Sidney A"}],"citation-key":"morrisTOPOLOGYTEARS","language":"en","source":"Zotero","title":"TOPOLOGY WITHOUT TEARS","type":"article-journal"},{"id":"parksNewProofRouthHurwitz1962","abstract":"The second method of Liapunov is a useful technique for investigating the stability of linear and non-linear ordinary differential equations. It is well known that the second method of Liapunov, when applied to linear differential equations with real constant coefficients, gives rise to sets of necessary and sufficient stability conditions which are alternatives to the well-known Routh-Hurwitz conditions. In this paper a direct proof of the Routh-Hurwitz conditions themselves is given using Liapunov's second method. The new proof is ‘elementary’ in that it depends on the fundamental concept of stability associated with Liapunov's second method, and not on theorems in the complex integral calculus which are required in the usual proofs. A useful by-product of this new proof is a method of determining the coefficients of a linear differential equation with real constant coefficients in terms of its Hurwitz determinants.","accessed":{"date-parts":[["2024",3,5]]},"author":[{"family":"Parks","given":"P. C."}],"citation-key":"parksNewProofRouthHurwitz1962","container-title":"Mathematical Proceedings of the Cambridge Philosophical Society","DOI":"10.1017/S030500410004072X","ISSN":"1469-8064, 0305-0041","issue":"4","issued":{"date-parts":[["1962",10]]},"language":"en","page":"694-702","source":"Cambridge University Press","title":"A new proof of the Routh-Hurwitz stability criterion using the second method of Liapunov","type":"article-journal","URL":"https://www.cambridge.org/core/journals/mathematical-proceedings-of-the-cambridge-philosophical-society/article/new-proof-of-the-routhhurwitz-stability-criterion-using-the-second-method-of-liapunov/15C073E593E77B9A869252AC398F5408","volume":"58"},{"id":"benidirExtendedTableEliminating1990","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Benidir","given":"M."},{"family":"Picinbono","given":"B."}],"citation-key":"benidirExtendedTableEliminating1990","container-title":"IEEE Transactions on Automatic Control","container-title-short":"IEEE Trans. Automat. Contr.","DOI":"10.1109/9.45185","ISSN":"00189286","issue":"2","issued":{"literal":"Feb./1990"},"language":"en","page":"218-222","source":"DOI.org (Crossref)","title":"Extended table for eliminating the singularities in Routh's array","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/45185/","volume":"35"},{"id":"dattaStabilityInertia1999","abstract":"The purpose of this paper is to present a brief overview of matrix stability and inertia theory. A few applications of inertia and stability theorems, and a nonspectral implicit matrix equation method for determining stability and inertia of a nonhermitian matrix are also presented. Inter-relationships between different theorems are explicitly stated, whenever appropriate. The paper concludes with some problems for future research in this area. © 1999 Elsevier Science Inc. All rights reserved.","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Datta","given":"Biswa Nath"}],"citation-key":"dattaStabilityInertia1999","container-title":"Linear Algebra and its Applications","container-title-short":"Linear Algebra and its Applications","DOI":"10.1016/S0024-3795(99)00213-X","ISSN":"00243795","issued":{"date-parts":[["1999",12]]},"language":"en","page":"563-600","source":"DOI.org (Crossref)","title":"Stability and inertia","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/S002437959900213X","volume":"302-303"},{"id":"meinsmaElementaryProofRouthHurwitz1995","abstract":"This note presents an elementary proof of the familiar Routh-Hurwitz test. The proof is basically one continuity argument, it does not rely on Sturm chains, Cauchy index and the principle of the argument and it is fully self-contained. In the same style an extended Routh-Hurwitz test is derived, which finds the inertia of polynomials.","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Meinsma","given":"Gjerrit"}],"citation-key":"meinsmaElementaryProofRouthHurwitz1995","container-title":"Systems & Control Letters","container-title-short":"Systems & Control Letters","DOI":"10.1016/0167-6911(94)00089-E","ISSN":"01676911","issue":"4","issued":{"date-parts":[["1995",7]]},"language":"en","page":"237-242","source":"DOI.org (Crossref)","title":"Elementary proof of the Routh-Hurwitz test","type":"article-journal","URL":"https://linkinghub.elsevier.com/retrieve/pii/016769119400089E","volume":"25"},{"id":"branickyStabilityHybridSystems1997a","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Branicky","given":"M.S."}],"citation-key":"branickyStabilityHybridSystems1997a","container-title":"Proceedings of the 36th IEEE Conference on Decision and Control","DOI":"10.1109/CDC.1997.650600","event-place":"San Diego, CA, USA","event-title":"36th IEEE Conference on Decision and Control","ISBN":"978-0-7803-4187-6","issued":{"date-parts":[["1997"]]},"page":"120-125","publisher":"IEEE","publisher-place":"San Diego, CA, USA","source":"DOI.org (Crossref)","title":"Stability of hybrid systems: state of the art","title-short":"Stability of hybrid systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/650600/","volume":"1"},{"id":"shevitzLyapunovStabilityTheory1994","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Shevitz","given":"D."},{"family":"Paden","given":"B."}],"citation-key":"shevitzLyapunovStabilityTheory1994","container-title":"IEEE Transactions on Automatic Control","container-title-short":"IEEE Trans. Automat. Contr.","DOI":"10.1109/9.317122","ISSN":"00189286","issue":"9","issued":{"literal":"Sept./1994"},"page":"1910-1914","source":"DOI.org (Crossref)","title":"Lyapunov stability theory of nonsmooth systems","type":"article-journal","URL":"http://ieeexplore.ieee.org/document/317122/","volume":"39"},{"id":"peletiesAsymptoticStabilityMSwitched1991","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Peleties","given":"Philippos"},{"family":"DeCarlo","given":"Raymond"}],"citation-key":"peletiesAsymptoticStabilityMSwitched1991","container-title":"1991 American Control Conference","DOI":"10.23919/ACC.1991.4791667","event-place":"Boston, MA, USA","event-title":"1991 American Control Conference","ISBN":"978-0-87942-565-4","issued":{"date-parts":[["1991",6]]},"page":"1679-1684","publisher":"IEEE","publisher-place":"Boston, MA, USA","source":"DOI.org (Crossref)","title":"Asymptotic Stability of m-Switched Systems using Lyapunov-Like Functions","type":"paper-conference","URL":"https://ieeexplore.ieee.org/document/4791667/"},{"id":"petterssonStabilityRobustnessHybrid1996","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Pettersson","given":"S."},{"family":"Lennartson","given":"B."}],"citation-key":"petterssonStabilityRobustnessHybrid1996","container-title":"Proceedings of 35th IEEE Conference on Decision and Control","DOI":"10.1109/CDC.1996.572653","event-place":"Kobe, Japan","event-title":"35th IEEE Conference on Decision and Control","ISBN":"978-0-7803-3590-5","issued":{"date-parts":[["1996"]]},"page":"1202-1207","publisher":"IEEE","publisher-place":"Kobe, Japan","source":"DOI.org (Crossref)","title":"Stability and robustness for hybrid systems","type":"paper-conference","URL":"http://ieeexplore.ieee.org/document/572653/","volume":"2"},{"id":"instituteofelectricalandelectronicsengineersProceedings35thIEEE1996","citation-key":"instituteofelectricalandelectronicsengineersProceedings35thIEEE1996","editor":[{"family":"Institute of Electrical and Electronics Engineers","given":""},{"family":"IEEE Control Systems Society","given":""}],"event-place":"Piscataway, NJ","ISBN":"978-0-7803-3590-5 978-0-7803-3591-2 978-0-7803-3592-9 978-0-7803-3593-6","issued":{"date-parts":[["1996"]]},"language":"eng","publisher":"IEEE Service Center","publisher-place":"Piscataway, NJ","source":"K10plus ISBN","title":"Proceedings of the 35th IEEE Conference on Decision and Control: December 11 - 13, 1996, Portopia Hotel and International Convention Center, Kobe, Japan","title-short":"Proceedings of the 35th IEEE Conference on Decision and Control","type":"book"},{"id":"wallPolynomialsWhoseZeros1945","abstract":"(1945). Polynomials Whose Zeros Have Negative Real Parts. The American Mathematical Monthly: Vol. 52, No. 6, pp. 308-322.","accessed":{"date-parts":[["2024",3,4]]},"archive_location":"world","author":[{"family":"Wall","given":"H. S."}],"citation-key":"wallPolynomialsWhoseZeros1945","container-title":"The American Mathematical Monthly","DOI":"10.2307/2305291","ISSN":"0002-9890","issued":{"date-parts":[["1945",6,1]]},"language":"EN","license":"Copyright Taylor & Francis","publisher":"Taylor & Francis","source":"www.tandfonline.com","title":"Polynomials Whose Zeros Have Negative Real Parts","type":"article-journal","URL":"https://www.tandfonline.com/doi/abs/10.1080/00029890.1945.11991574"},{"id":"routhDynamicsSystemRigid1955","author":[{"family":"Routh","given":"Edward John"}],"citation-key":"routhDynamicsSystemRigid1955","container-title":"Dover Publications Inc., New York, USA","issued":{"date-parts":[["1955"]]},"title":"Dynamics of a system of rigid bodies. Part II: Of atreatise on the whole subject","type":"article-journal"},{"id":"hoElementaryDerivationRouthHurwitz1998","abstract":"In most undergraduate texts on control systems, the Routh-Hurwitz criterion is usually introduced as a mechanical algorithm for determining the Hurwitz stability of a real polynomial. Unlike many other stability criteria, such as the Nyquist criterion, root locus, etc., no attempt whatsoever is made to even allude to a proof of the Routh-Hurwitz criterion. Recent results using the Hermite-Biehler theorem have, however, succeeded in providing a simple derivation of Routh's algorithm for determining the Hurwitz stability or otherwise of a given real polynomial. However, this derivation fails to capture the fact that Routh's algorithm can also be used to count the number of open right half-plane roots of a given polynomial. This paper shows that by using appropriately generalized versions of the Hermite-Biehler theorem, it is possible to provide a simple derivation of the Routh-Hurwitz criterion which also captures its unstable root counting capability.","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Ho","given":"Ming-Tzu"},{"family":"Datta","given":"A."},{"family":"Bhattacharyya","given":"S.P."}],"citation-key":"hoElementaryDerivationRouthHurwitz1998","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/9.661607","ISSN":"1558-2523","issue":"3","issued":{"date-parts":[["1998",3]]},"page":"405-409","source":"IEEE Xplore","title":"An elementary derivation of the Routh-Hurwitz criterion","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/661607?casa_token=_ZTBBI78ASQAAAAA:bq5jusXOvFviT0kmkuMYTAYJQ0uAqdkmDTMjnEo03Q7KVhhp7azmgSqzIFK2r5bTMuIQNTTifg","volume":"43"},{"id":"chappellatElementaryProofsClassical1990","abstract":"Classical stability results and test on the stability of a given polynomial are proved and derived using a simple continuity property. The resulting proofs given of the Hermite-Bieler theorem and the Routh and Jury tests are elementary and full of insight. The proofs allow the instructor to present these fundamental topics of control theory to undergraduates in an elementary, rational, and meaningful way rather than as mere sets of rules and formulae.<>","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Chappellat","given":"H."},{"family":"Mansour","given":"M."},{"family":"Bhattacharyya","given":"S.P."}],"citation-key":"chappellatElementaryProofsClassical1990","container-title":"IEEE Transactions on Education","DOI":"10.1109/13.57067","ISSN":"1557-9638","issue":"3","issued":{"date-parts":[["1990",8]]},"page":"232-239","source":"IEEE Xplore","title":"Elementary proofs of some classical stability criteria","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/57067?casa_token=SodSTIZPpjcAAAAA:ONTyRX4k9bUtWJTm0CpJTswPYnu3yjEiqspACwSjdysCegdrs2_eASfrDg3GmkXXElkGYUJbcw","volume":"33"},{"id":"barnettRouthAlgorithmCentennial1977","abstract":"To decide whether a prescribed complex polynomial has all its zeros with negative real parts, there are available many tests involving the checking of rational or polynomial inequalities in the coefficients. It is shown that the generalized Routh–Hurwitz conditions are from a certain point of view not replaceable by simpler conditions.","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Barnett","given":"S."},{"family":"šiljak","given":"D. D."}],"citation-key":"barnettRouthAlgorithmCentennial1977","container-title":"SIAM Review","container-title-short":"SIAM Rev.","DOI":"10.1137/1019070","ISSN":"0036-1445","issue":"3","issued":{"date-parts":[["1977",7]]},"page":"472-489","publisher":"Society for Industrial and Applied Mathematics","source":"epubs.siam.org (Atypon)","title":"Routh’s Algorithm: A Centennial Survey","title-short":"Routh’s Algorithm","type":"article-journal","URL":"https://epubs.siam.org/doi/abs/10.1137/1019070","volume":"19"},{"id":"hauksdottirProvingRouthTheorem2020","abstract":"This paper presents a proof of Routh’s theorem for polynomials with real coefficients, determining the number of roots in the right half plane (RHP). The proof exploits the relationship of the Routh array to the Euclidean algorithm and applies Cauchy’s theorem in an analogous way to that of applying the Nyquist criterion to investigate the stability of a control system. While a number of papers have been published over the years with different proofs of Routh’s stability criterion or Routh’s theorem, the aim in this paper is to present a proof that may offer most insight to undergraduate students of engineering. Routh’s theorem and his array are introduced without any proof in most undergraduate texts on control theory, whereas the Nyquist criterion is typically treated quite extensively in such texts. As well as presenting a proof for the regular case when all the coefficients in the first column of the Routh array are non-zero, analogous proofs are given for the singular cases when some of the leading coefficients in a row, or the coefficients of the entire row, become zero. In the first case, these result in a statement on the number of roots in the RHP, more explicit than those typically presented in papers on Routh’s theorem. In the second case, the only case where there may be roots on the imaginary axis, use is made of the modified array introduced by Routh, often referred to as the Q-method, to determine the number of such roots, differentiating between simple and multiple roots. One can thus distinguish between exponential stability, marginal stability and polynomial instability, when there are no roots in the RHP, with these results.","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Hauksdóttir","given":"Anna Soffía"},{"family":"Sigurðsson","given":"Sven Þ."}],"citation-key":"hauksdottirProvingRouthTheorem2020","collection-title":"21st IFAC World Congress","container-title":"IFAC-PapersOnLine","container-title-short":"IFAC-PapersOnLine","DOI":"10.1016/j.ifacol.2020.12.446","ISSN":"2405-8963","issue":"2","issued":{"date-parts":[["2020",1,1]]},"page":"4460-4467","source":"ScienceDirect","title":"Proving Routh’s Theorem using the Euclidean Algorithm and Cauchy’s Theorem⁎","type":"article-journal","URL":"https://www.sciencedirect.com/science/article/pii/S2405896320307370","volume":"53"},{"id":"ferranteSimpleProofRouth1999","abstract":"An elementary proof of the classic Routh method for counting the number of left half-plane and right half-plane zeros of a real coefficient polynomial P/sub n/(s) of degree n is given. Such a proof refers to the polynomials P/sub i/(s) of degree i/spl les/n formed from the entries of the rows of order i and i-1 of the relevant Routh array. In particular, it is based on the consideration of an auxiliary polynomial P/sub i/(s; q), linearly dependent on a real parameter q, which reduces to either polynomial P/sub i/(s) or to polynomial P/sub i-1/(s) for particular values of q. In this way, it is easy to show that i-1 zeroes of P/sub i/(s) lie in the same half-plane as the zeros of P/sub i/(s), and the remaining zero lies in the left or in the right half-plane according to the sign of the ratio of the leading coefficients of P/sub i/(s) and P/sub i-1/(s). By successively applying this property to all pairs of polynomials in the sequence, starting from P/sub o/(s) and P/sub 1/(s), the standard rule for determining the zero distribution of P/sub n/(s) is immediately derived.","accessed":{"date-parts":[["2024",3,4]]},"author":[{"family":"Ferrante","given":"A."},{"family":"Lepschy","given":"A."},{"family":"Viaro","given":"U."}],"citation-key":"ferranteSimpleProofRouth1999","container-title":"IEEE Transactions on Automatic Control","DOI":"10.1109/9.769396","ISSN":"1558-2523","issue":"6","issued":{"date-parts":[["1999",6]]},"page":"1306-1309","source":"IEEE Xplore","title":"A simple proof of the Routh test","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/769396?casa_token=qEO0cTxWiXAAAAAA:-BTm1YxP6pWOUaC6hv8pF3OOIYGiwL4YqOTO3Qu-9oylO5EN-gn2yeEu45EAC2uq7oxUP88JUA","volume":"44"},{"id":"StrategyCyberPhysicalResilience","citation-key":"StrategyCyberPhysicalResilience","title":"Strategy for Cyber-Physical Resilience:  Fortifying our Critical Infrastructure for a Digital World","type":"report"},{"id":"20222023CriteriaAccrediting","citation-key":"20222023CriteriaAccrediting","publisher":"ABET Eningeering Accreditation Commission","title":"2022-2023 Criteria for Accrediting Engineering Programs","type":"document"},{"id":"TrustedComputerSystem2024","abstract":"Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information.The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. Initially issued in 1983 by the National Computer Security Center (NCSC), an arm of the National Security Agency, and then updated in 1985, TCSEC was eventually replaced by the Common Criteria international standard, originally published in 2005.","accessed":{"date-parts":[["2024",2,29]]},"citation-key":"TrustedComputerSystem2024","container-title":"Wikipedia","issued":{"date-parts":[["2024",2,25]]},"language":"en","license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1210281816","source":"Wikipedia","title":"Trusted Computer System Evaluation Criteria","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=Trusted_Computer_System_Evaluation_Criteria&oldid=1210281816"},{"id":"usdepartmentofdefenseDepartmentDefenseTrusted1985","accessed":{"date-parts":[["2024",2,29]]},"author":[{"literal":"US Department of Defense"}],"citation-key":"usdepartmentofdefenseDepartmentDefenseTrusted1985","container-title":"The ‘Orange Book’ Series","DOI":"10.1007/978-1-349-12020-8_1","editor":[{"literal":"US Department of Defense"}],"event-place":"London","ISBN":"978-0-333-53947-7 978-1-349-12020-8","issued":{"date-parts":[["1985"]]},"language":"en","page":"1-129","publisher":"Palgrave Macmillan UK","publisher-place":"London","source":"DOI.org (Crossref)","title":"Department of Defense Trusted Computer System Evaluation Criteria","type":"chapter","URL":"http://link.springer.com/10.1007/978-1-349-12020-8_1"},{"id":"CWECommonWeakness","accessed":{"date-parts":[["2024",2,29]]},"citation-key":"CWECommonWeakness","title":"CWE - Common Weakness Enumeration","type":"webpage","URL":"https://cwe.mitre.org/"},{"id":"CWECWECAPEC","accessed":{"date-parts":[["2024",2,29]]},"citation-key":"CWECWECAPEC","title":"CWE - CWE/CAPEC Board","type":"webpage","URL":"https://cwe.mitre.org/community/board.html"},{"id":"ISAIEC62443a","abstract":"The ISA/IEC 62443 standards set best practices for cybersecurity and provide a way to assess the level of security performance.","accessed":{"date-parts":[["2024",2,29]]},"citation-key":"ISAIEC62443a","container-title":"isa.org","language":"en","title":"ISA/IEC 62443 Series of Standards - ISA","type":"webpage","URL":"https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards"},{"id":"nicolCommonWeaknessEnumerations2023","abstract":"The storyline of MITRE’s common weakness enumeration framework illustrates how the security and privacy technical community can collaborate/cooperate with policy makers to advance policy, giving it specifics and filling gaps of technical knowledge to improve security and resilience of critical infrastructure.","accessed":{"date-parts":[["2024",2,29]]},"author":[{"family":"Nicol","given":"David M."},{"family":"Shannon","given":"Gregory"},{"family":"Akbar","given":"Monika"},{"family":"Bishop","given":"Matt"},{"family":"Chaney","given":"Michael"},{"family":"Luallen","given":"Matthew"}],"citation-key":"nicolCommonWeaknessEnumerations2023","container-title":"IEEE Security & Privacy","DOI":"10.1109/MSEC.2023.3279515","ISSN":"1558-4046","issue":"4","issued":{"date-parts":[["2023",7]]},"page":"84-93","source":"IEEE Xplore","title":"Toward Common Weakness Enumerations in Industrial Control Systems","type":"article-journal","URL":"https://ieeexplore.ieee.org/abstract/document/10194510","volume":"21"},{"id":"GenerativeModelingEstimating","accessed":{"date-parts":[["2024",2,28]]},"citation-key":"GenerativeModelingEstimating","title":"Generative Modeling by Estimating Gradients of the Data Distribution | Yang Song","type":"webpage","URL":"https://yang-song.net/blog/2021/score/"},{"id":"baanenHitchhikerGuideLogical","author":[{"family":"Baanen","given":"Anne"},{"family":"Bentkamp","given":"Alexander"},{"family":"Blanchette","given":"Jasmin"},{"family":"Hölzl","given":"Johannes"},{"family":"Limperg","given":"Jannis"}],"citation-key":"baanenHitchhikerGuideLogical","language":"en","source":"Zotero","title":"The Hitchhiker's Guide to Logical Verification","type":"article-journal"},{"id":"guckenheimerNonlinearOscillationsDynamical2013","author":[{"family":"Guckenheimer","given":"John"},{"family":"Holmes","given":"Philip"}],"citation-key":"guckenheimerNonlinearOscillationsDynamical2013","ISBN":"1-4612-1140-9","issued":{"date-parts":[["2013"]]},"publisher":"Springer Science & Business Media","title":"Nonlinear oscillations, dynamical systems, and bifurcations of vector fields","type":"book","volume":"42"},{"id":"sontagMathematicalControlTheory2013","author":[{"family":"Sontag","given":"Eduardo D."}],"citation-key":"sontagMathematicalControlTheory2013","ISBN":"1-4612-0577-8","issued":{"date-parts":[["2013"]]},"publisher":"Springer Science & Business Media","title":"Mathematical control theory: deterministic finite dimensional systems","type":"book","volume":"6"},{"id":"hsuCelltocellMappingMethod2013","author":[{"family":"Hsu","given":"Chieh Su"}],"citation-key":"hsuCelltocellMappingMethod2013","ISBN":"1-4757-3892-7","issued":{"date-parts":[["2013"]]},"publisher":"Springer Science & Business Media","title":"Cell-to-cell mapping: a method of global analysis for nonlinear systems","type":"book","volume":"64"},{"id":"boldoComputerArithmeticFormal2017a","author":[{"family":"Boldo","given":"Sylvie"},{"family":"Melquiond","given":"Guillaume"}],"citation-key":"boldoComputerArithmeticFormal2017a","ISBN":"0-08-101170-9","issued":{"date-parts":[["2017"]]},"publisher":"Elsevier","title":"Computer arithmetic and formal proofs: verifying floating-point algorithms with the Coq system","type":"book"},{"id":"sibirskijIntroductionTopologicalDynamics1975","author":[{"family":"Sibirskij","given":"Konstantin Sergeevič"},{"family":"Sibirsky","given":"K. S."}],"citation-key":"sibirskijIntroductionTopologicalDynamics1975","ISBN":"90-286-0174-0","issued":{"date-parts":[["1975"]]},"publisher":"Springer","title":"Introduction to topological dynamics","type":"book"},{"id":"huetLogicalFoundationsFunctional1990","author":[{"family":"Huet","given":"Gérard."}],"citation-key":"huetLogicalFoundationsFunctional1990","collection-title":"The UT year of programming series","event-place":"Reading, Mass","ISBN":"0-201-17234-8","issued":{"date-parts":[["1990"]]},"publisher":"Addison-Wesley","publisher-place":"Reading, Mass","title":"Logical foundations of functional programming","type":"book"},{"id":"friedmanLittleTyper2018","author":[{"family":"Friedman","given":"Daniel P."},{"family":"Christiansen","given":"David Thrane"}],"citation-key":"friedmanLittleTyper2018","ISBN":"0-262-35100-5","issued":{"date-parts":[["2018"]]},"publisher":"MIT Press","title":"The Little Typer","type":"book"},{"id":"hindleyLambdacalculusCombinatorsIntroduction2008","author":[{"family":"Hindley","given":"J. Roger"},{"family":"Seldin","given":"Jonathan P."}],"citation-key":"hindleyLambdacalculusCombinatorsIntroduction2008","ISBN":"1-139-47324-7","issued":{"date-parts":[["2008"]]},"publisher":"Cambridge University Press","title":"Lambda-calculus and combinators: an introduction","type":"book"},{"id":"PropositionsTypesExplained","accessed":{"date-parts":[["2024",2,22]]},"citation-key":"PropositionsTypesExplained","title":"Propositions as types: explained (and debunked)","type":"webpage","URL":"https://lawrencecpaulson.github.io/2023/08/23/Propositions_as_Types.html"},{"id":"wadlerPropositionsTypes2015","abstract":"Connecting mathematical logic and computation, it ensures that some aspects of programming are absolute.","accessed":{"date-parts":[["2024",2,22]]},"author":[{"family":"Wadler","given":"Philip"}],"citation-key":"wadlerPropositionsTypes2015","container-title":"Communications of the ACM","container-title-short":"Commun. ACM","DOI":"10.1145/2699407","ISSN":"0001-0782, 1557-7317","issue":"12","issued":{"date-parts":[["2015",11,23]]},"language":"en","page":"75-84","source":"DOI.org (Crossref)","title":"Propositions as types","type":"article-journal","URL":"https://dl.acm.org/doi/10.1145/2699407","volume":"58"},{"id":"wadlerPropositionTypes","author":[{"family":"Wadler","given":"Philip"}],"citation-key":"wadlerPropositionTypes","title":"Proposition as Types","type":"document"},{"id":"CalculusConstructions2023","abstract":"In mathematical logic and computer science, the calculus of constructions (CoC) is a type theory created by Thierry Coquand. It can serve as both a typed programming language and as constructive foundation for mathematics. For this second reason, the CoC and its variants have been the basis for Coq and other proof assistants.\nSome of its variants include the calculus of inductive constructions (which adds inductive types), the calculus of (co)inductive constructions (which adds coinduction), and the predicative calculus of inductive constructions (which removes some impredicativity).","accessed":{"date-parts":[["2024",2,22]]},"citation-key":"CalculusConstructions2023","container-title":"Wikipedia","issued":{"date-parts":[["2023",12,30]]},"language":"en","license":"Creative Commons Attribution-ShareAlike License","note":"Page Version ID: 1192670368","source":"Wikipedia","title":"Calculus of constructions","type":"entry-encyclopedia","URL":"https://en.wikipedia.org/w/index.php?title=Calculus_of_constructions&oldid=1192670368"},{"id":"huetInductionPrinciplesFormalized2015","accessed":{"date-parts":[["2024",2,22]]},"author":[{"family":"Huet","given":"Gérard"}],"citation-key":"huetInductionPrinciplesFormalized2015","issued":{"date-parts":[["2015",7,1]]},"title":"Induction Principles Formalized in the Calculus of Constructions","type":"document","URL":"https://web.archive.org/web/20150701130220/http://yquem.inria.fr/~huet/PUBLIC/induction.pdf"},{"id":"fradeCalculusInductiveConstructions2008","accessed":{"date-parts":[["2024",2,22]]},"author":[{"family":"Frade","given":"Maria João"}],"citation-key":"fradeCalculusInductiveConstructions2008","issued":{"date-parts":[["2008"],["2009"]]},"title":"Calculus of Inductive Constructions:  Software Formal Verification","type":"speech","URL":"https://web.archive.org/web/20140529103535/http://www3.di.uminho.pt/~mjf/pub/SFV-CIC-2up.pdf"},{"id":"coquandCalculusConstructions","author":[{"family":"Coquand","given":"T"},{"family":"Huet","given":"Gérard"}],"citation-key":"coquandCalculusConstructions","source":"Zotero","title":"The calculus of constructions","type":"article-journal"},{"id":"sohl-dicksteinDeepUnsupervisedLearning2015a","abstract":"A central problem in machine learning involves modeling complex data-sets using highly flexible families of probability distributions in which learning, sampling, inference, and evaluation are still analytically or computationally tractable. Here, we develop an approach that simultaneously achieves both flexibility and tractability. The essential idea, inspired by non-equilibrium statistical physics, is to systematically and slowly destroy structure in a data distribution through an iterative forward diffusion process. We then learn a reverse diffusion process that restores structure in data, yielding a highly flexible and tractable generative model of the data. This approach allows us to rapidly learn, sample from, and evaluate probabilities in deep generative models with thousands of layers or time steps, as well as to compute conditional and posterior probabilities under the learned model. We additionally release an open source reference implementation of the algorithm.","accessed":{"date-parts":[["2024",7,16]]},"author":[{"family":"Sohl-Dickstein","given":"Jascha"},{"family":"Weiss","given":"Eric A."},{"family":"Maheswaranathan","given":"Niru"},{"family":"Ganguli","given":"Surya"}],"citation-key":"sohl-dicksteinDeepUnsupervisedLearning2015a","DOI":"10.48550/arXiv.1503.03585","issued":{"date-parts":[["2015",11,18]]},"number":"arXiv:1503.03585","publisher":"arXiv","source":"arXiv.org","title":"Deep Unsupervised Learning using Nonequilibrium Thermodynamics","type":"article","URL":"http://arxiv.org/abs/1503.03585"},{"id":"IntroductionDiffusionModels2022","abstract":"The meteoric rise of Diffusion Models is one of the biggest developments in Machine Learning in the past several years. Learn everything you need to know about Diffusion Models in this easy-to-follow guide.","accessed":{"date-parts":[["2024",7,23]]},"citation-key":"IntroductionDiffusionModels2022","container-title":"News, Tutorials, AI Research","issued":{"date-parts":[["2022",5,12]]},"language":"en","title":"Introduction to Diffusion Models for Machine Learning","type":"webpage","URL":"https://www.assemblyai.com/blog/diffusion-models-for-machine-learning-introduction/"},{"id":"HttpsEnergySandia","accessed":{"date-parts":[["2024",8,8]]},"citation-key":"HttpsEnergySandia","title":"https://energy.sandia.gov/wp-content/uploads/2024/01/Maccarone_DCSA-FY23-M2.pdf","type":"webpage","URL":"https://energy.sandia.gov/wp-content/uploads/2024/01/Maccarone_DCSA-FY23-M2.pdf"},{"id":"maccaroneADVANCEDREACTORCYBER","author":[{"family":"Maccarone","given":"L T"},{"family":"Hahn","given":"A S"},{"family":"Valme","given":"R"},{"family":"Rowland","given":"M T"},{"family":"Kapuria","given":"A"},{"family":"Zhang","given":"Y"},{"family":"Cole","given":"D G"}],"citation-key":"maccaroneADVANCEDREACTORCYBER","language":"en","source":"Zotero","title":"ADVANCED REACTOR CYBER ANALYSIS AND DEVELOPMENT ENVIRONMENT (ARCADE) FOR UNIVERSITY RESEARCH","type":"article-journal"},{"id":"mihalicHardwareintheLoopSimulationsHistorical2022","type":"article-journal","abstract":"The design of modern industrial products is further improved through the hardware-in-the-loop (HIL) simulation. Realistic simulation is enabled by the closed loop between the hardware under test (HUT) and real-time simulation. Such a system involves a field programmable gate array (FPGA) and digital signal processor (DSP). An HIL model can bypass serious damage to the real object, reduce debugging cost, and, finally, reduce the comprehensive effort during the testing. This paper provides a historical overview of HIL simulations through different engineering challenges, i.e., within automotive, power electronics systems, and different industrial drives. Various platforms, such as National Instruments, dSPACE, Typhoon HIL, or MATLAB Simulink Real-Time toolboxes and Speedgoat hardware systems, offer a powerful tool for efficient and successful investigations in different fields. Therefore, HIL simulation practice must begin already during the university’s education process to prepare the students for professional engagements in the industry, which was also verified experimentally at the end of the paper.","container-title":"Electronics","DOI":"10.3390/electronics11152462","ISSN":"2079-9292","issue":"15","language":"en","license":"http://creativecommons.org/licenses/by/3.0/","note":"number: 15\npublisher: Multidisciplinary Digital Publishing Institute","page":"2462","source":"www.mdpi.com","title":"Hardware-in-the-Loop Simulations: A Historical Overview of Engineering Challenges","title-short":"Hardware-in-the-Loop Simulations","URL":"https://www.mdpi.com/2079-9292/11/15/2462","volume":"11","author":[{"family":"Mihalič","given":"Franc"},{"family":"Truntič","given":"Mitja"},{"family":"Hren","given":"Alenka"}],"accessed":{"date-parts":[["2024",8,8]]},"issued":{"date-parts":[["2022",1]]},"citation-key":"mihalicHardwareintheLoopSimulationsHistorical2022","library":"Cole Group","citekey":"mihalicHardwareintheLoopSimulationsHistorical2022"},{"id":"Kry10TechnicalOverview","type":"webpage","abstract":"Kry10 provides a secure operating system and other software for smart machines and other connected\nindustrial systems. Built on a secure foundation which is mathematically proven to be functionally correct, the\nOS removes many classes of vulnerabilities that most common operating systems are susceptible to. While\nsoftware backed by formal methods has been available for several decades, formal methods have not been\nadopted at scale because they weren’t usable.\nThe Kry10 suite of developer tools and libraries has solved the usability problem. Developers can now code on\na secure OS easily and efficiently. The Kry10 tools include familiar languages and development tools:\n• Support common languages such as Rust and C\n• Include build systems and libraries of reusable, attestable code.","title":"Kry10 Technical Overview","URL":"https://uploads-ssl.webflow.com/635675151c946163c2012450/66395a8a675c74f82097a749_kry10-technical-overview.pdf","accessed":{"date-parts":[["2024",8,12]]},"citation-key":"Kry10TechnicalOverview","library":"Cole Group","citekey":"Kry10TechnicalOverview"},{"id":"kleinFormallyVerifiedSoftware2018","type":"article-journal","abstract":"Verified software secures the Unmanned Little Bird autonomous helicopter against mid-flight cyber attacks.","container-title":"Commun. ACM","DOI":"10.1145/3230627","ISSN":"0001-0782","issue":"10","page":"68–77","source":"ACM Digital Library","title":"Formally verified software in the real world","URL":"https://dl.acm.org/doi/10.1145/3230627","volume":"61","author":[{"family":"Klein","given":"Gerwin"},{"family":"Andronick","given":"June"},{"family":"Fernandez","given":"Matthew"},{"family":"Kuz","given":"Ihor"},{"family":"Murray","given":"Toby"},{"family":"Heiser","given":"Gernot"}],"accessed":{"date-parts":[["2024",8,12]]},"issued":{"date-parts":[["2018",9,26]]},"citation-key":"kleinFormallyVerifiedSoftware2018","library":"Cole Group","citekey":"kleinFormallyVerifiedSoftware2018"}]