A cyber-physical system consists of computing devices communicating with one another and interacting with the physical world via sensors and actuators. Increasingly, such systems are everywhere, from smart buildings to autonomous vehicles to mission-critical military systems. Model-based design offers a promising approach for assisting developers to build cyber-physical systems in a systematic manner. In this methodology, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements before generating the implementation from the model [1], [2], [3]. However, as new vulnerabilities are discovered, requirements evolve aimed at ensuring resiliency. Current methodology demands an expensive, and at times infeasible, redesign and reimplementation of the system from scratch. The goal of the proposed methodology and the associated toolkit, which we call REAFFIRM, is to facilitate integration of evolving resiliency requirements in model-based design and verification. Traditionally a model of a cyber-physical system consists of block diagrams describing the system architecture and a combination of state machines and differential equations describing the system dynamics [4]. Building a behavioral model at design time that offers resiliency for all kinds of failures is notoriously difficult. The REAFFIRM solution to design for resiliency is to allow a designer to specify scenarios as a separate part of the model description. A scenario describes a finite execution of the system corresponding to a specific situation, and consists of the sequences of actions by different agents including interaction among them. Such scenarios were first used in design of telecommunication software to specify different features separately, and were formalized. Our insight is that scenarios can be used naturally to describe how a system should respond when a particular sensor fails or a previously unanticipated attack is discovered. Furthermore, negative scenarios can express
[1]
Thomas A. Henzinger,et al.
The Algorithmic Analysis of Hybrid Systems
,
1995,
Theor. Comput. Sci..
[2]
Edward A. Lee,et al.
What's Ahead for Embedded Software?
,
2000,
Computer.
[3]
Mahesh Viswanathan,et al.
Java-MaC: A Run-Time Assurance Approach for Java Programs
,
2004,
Formal Methods Syst. Des..
[4]
Thomas A. Henzinger,et al.
The Embedded Systems Design Challenge
,
2006,
FM.
[5]
Sriram Sankaranarayanan,et al.
S-TaLiRo: A Tool for Temporal Logic Falsification for Hybrid Systems
,
2011,
TACAS.
[6]
Rajeev Alur,et al.
TRANSIT: specifying protocols with concolic snippets
,
2013,
PLDI.
[7]
Wei Chen,et al.
dReach: δ-Reachability Analysis for Hybrid Systems
,
2015,
TACAS.
[8]
Rajeev Alur,et al.
Principles of Cyber-Physical Systems
,
2015
.
[9]
Insup Lee,et al.
Data-driven Adaptive Safety Monitoring Using Virtual Subjects in Medical Cyber-Physical Systems: A Glucose Control Case Study
,
2016,
J. Comput. Sci. Eng..
[10]
Houssam Abbas,et al.
Relaxed Decidability and the Robust Semantics of Metric Temporal Logic
,
2017,
HSCC.
[11]
Rajeev Alur,et al.
Automatic Synthesis of Distributed Protocols
,
2017,
SIGA.
[12]
Houssam Abbas,et al.
Computer-aided design for safe autonomous vehicles
,
2017,
2017 Resilience Week (RWS).