A position talk given at the Smart Designing of Smart Systems workshop: https://sdpsnet.org/sdps-2020/ws8.html
Engineers necessarily make assumptions during design and implementation of complex systems. These assumptions often set the expectations of one component towards the environment and other components. Assumptions are typically seen as implicit weak points of the system: should they be violated at run time, the system is likely to fall short of its required performance and safety. Although some recent work makes the assumptions explicit, they are still seen as liabilities. This talk will take a complementary perspective and explore how engineering assumptions enable intelligent behaviour in systems and design processes -- and how their violations can be managed at design time and run time.
QCon NYC: Distributed systems in practice, in theoryAysylu Greenberg
Modern systems in production rely on decades of computer science research. Over time, new architectural patterns emerge that enable more resilient and robust systems. In this talk, we'll discuss some of these patterns from systems I've worked on at Google and the related work that provide insights into the motivations behind them.
Distributed systems in practice, in theory (JAX London)Aysylu Greenberg
Modern systems in production rely on decades of computer science research. Over time, new architectural patterns emerge that enable more resilient and robust systems. In this talk, we’ll discuss some of these patterns from systems I’ve worked on at Google and the related work that provide insights into the motivations behind them.
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERINGIJMIT JOURNAL
Cloud computing systems need to be reliable so that they can be accessed and used for computing at any
given point in time. The complex nature of cloud systems is the motivation to conduct research in novel
ways of ensuring that cloud systems are built with reliability in mind. In building cloud systems, it is
expected that the cloud system will be able to deal with high demands and unexpected events that affect the
reliability and performance of the system.
In this paper, chaos engineering is considered a heuristic method that can be used to build reliable cloud
systems. Chaos engineering is aimed at exposing weaknesses in systems that are in production. Chaos
engineering will help identify system weaknesses and strengths when a system is exposed to unexpected
knocks and shocks while it is in production.
Chaos engineering allows system developers and administrators to get insights into how the cloud system
will behave when it is exposed to unexpected occurrences.
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERINGIJMIT JOURNAL
Cloud computing systems need to be reliable so that they can be accessed and used for computing at any
given point in time. The complex nature of cloud systems is the motivation to conduct research in novel
ways of ensuring that cloud systems are built with reliability in mind. In building cloud systems, it is
expected that the cloud system will be able to deal with high demands and unexpected events that affect the
reliability and performance of the system.
In this paper, chaos engineering is considered a heuristic method that can be used to build reliable cloud
systems. Chaos engineering is aimed at exposing weaknesses in systems that are in production. Chaos
engineering will help identify system weaknesses and strengths when a system is exposed to unexpected
knocks and shocks while it is in production.
Chaos engineering allows system developers and administrators to get insights into how the cloud system
will behave when it is exposed to unexpected occurrences.
A Framework for Contract-Based Composition of CPS AnalysesIvan Ruchkin
This is a collaboration between the Institute for Software Research and the Software Engineering Institute, also known as Virtual Integration of CPS Analyses.
These slides were presented at an SSSG @ ISR.
QCon NYC: Distributed systems in practice, in theoryAysylu Greenberg
Modern systems in production rely on decades of computer science research. Over time, new architectural patterns emerge that enable more resilient and robust systems. In this talk, we'll discuss some of these patterns from systems I've worked on at Google and the related work that provide insights into the motivations behind them.
Distributed systems in practice, in theory (JAX London)Aysylu Greenberg
Modern systems in production rely on decades of computer science research. Over time, new architectural patterns emerge that enable more resilient and robust systems. In this talk, we’ll discuss some of these patterns from systems I’ve worked on at Google and the related work that provide insights into the motivations behind them.
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERINGIJMIT JOURNAL
Cloud computing systems need to be reliable so that they can be accessed and used for computing at any
given point in time. The complex nature of cloud systems is the motivation to conduct research in novel
ways of ensuring that cloud systems are built with reliability in mind. In building cloud systems, it is
expected that the cloud system will be able to deal with high demands and unexpected events that affect the
reliability and performance of the system.
In this paper, chaos engineering is considered a heuristic method that can be used to build reliable cloud
systems. Chaos engineering is aimed at exposing weaknesses in systems that are in production. Chaos
engineering will help identify system weaknesses and strengths when a system is exposed to unexpected
knocks and shocks while it is in production.
Chaos engineering allows system developers and administrators to get insights into how the cloud system
will behave when it is exposed to unexpected occurrences.
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERINGIJMIT JOURNAL
Cloud computing systems need to be reliable so that they can be accessed and used for computing at any
given point in time. The complex nature of cloud systems is the motivation to conduct research in novel
ways of ensuring that cloud systems are built with reliability in mind. In building cloud systems, it is
expected that the cloud system will be able to deal with high demands and unexpected events that affect the
reliability and performance of the system.
In this paper, chaos engineering is considered a heuristic method that can be used to build reliable cloud
systems. Chaos engineering is aimed at exposing weaknesses in systems that are in production. Chaos
engineering will help identify system weaknesses and strengths when a system is exposed to unexpected
knocks and shocks while it is in production.
Chaos engineering allows system developers and administrators to get insights into how the cloud system
will behave when it is exposed to unexpected occurrences.
A Framework for Contract-Based Composition of CPS AnalysesIvan Ruchkin
This is a collaboration between the Institute for Software Research and the Software Engineering Institute, also known as Virtual Integration of CPS Analyses.
These slides were presented at an SSSG @ ISR.
Towards Automated Engineering for Collective Adaptive Systems: Vision and Res...Roberto Casadei
The opportunities and challenges of recent and
forthcoming distributed computing scenarios have been promot-
ing research on languages and paradigms aimed at modelling the
macro/collective behaviour of systems as well as mechanisms to
endow them with self-* capabilities. One example is the aggregate
computing paradigm, which supports the development of self-
organising systems (e.g., robot swarms, computational ecosys-
tems, and crowd-based services) through various formalisms and
tools developed over a decade. However, very limited work has
been done by a methodological and automation perspective. In
this paper, we explore the issue of organising the development
process of aggregate computing systems. Accordingly, we outline
novel research directions that arise from careful analysis of
the peculiar issues in collective and self-organising systems, the
cornerstones of effective software engineering practices, and
recent scientific trends and insights.
June 2020: Top Read Articles in Control Theory and Computer Modellingijctcm
International Journal of Control Theory and Computer Modelling (IJCTCM) is a Quarterly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Control Theory and Computer Modelling. The journal focuses on all technical and practical aspects of Control Theory and Computer Modelling. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced control engineering and modeling concepts and establishing new collaborations in these areas.
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTSIJCNCJournal
The pivotal role of data security in mobile edge-computing environments forms the foundation for the
proposed work. Anomalies and outliers in the sensory data due to network attacks will be a prominent
concern in real time. Sensor samples will be considered from a set of sensors at a particular time instant as
far as the confidence level on the decision remains on par with the desired value. A “true” on the
hypothesis test eventually means that the sensor has shown signs of anomaly or abnormality and samples
have to be immediately ceased from being retrieved from the sensor. A deep learning Actor-Criticbased
Reinforcement algorithm proposed will be able to detect anomalies in the form of binary indicators and
hence decide when to withdraw from receiving further samples from specific sensors. The posterior trust
value influences the value of the confidence interval and hence the probability of anomaly detection. The
paper exercises a single-tailed normal function to determine the range of the posterior trust metric. The
decision taken by the prediction model will be able to detect anomalies with a good percentage of anomaly
detection accuracy.
Actor Critic Approach based Anomaly Detection for Edge Computing EnvironmentsIJCNCJournal
The pivotal role of data security in mobile edge-computing environments forms the foundation for the
proposed work. Anomalies and outliers in the sensory data due to network attacks will be a prominent
concern in real time. Sensor samples will be considered from a set of sensors at a particular time instant as
far as the confidence level on the decision remains on par with the desired value. A “true” on the
hypothesis test eventually means that the sensor has shown signs of anomaly or abnormality and samples
have to be immediately ceased from being retrieved from the sensor. A deep learning Actor-Criticbased
Reinforcement algorithm proposed will be able to detect anomalies in the form of binary indicators and
hence decide when to withdraw from receiving further samples from specific sensors. The posterior trust
value influences the value of the confidence interval and hence the probability of anomaly detection. The
paper exercises a single-tailed normal function to determine the range of the posterior trust metric. The
decision taken by the prediction model will be able to detect anomalies with a good percentage of anomaly
detection accuracy
Design of various components using virtual-reality and CAD technology. The advanced technology provides a new preservative to computer aided design and drawing
This was my undergraduate final project presentation. Research paper of this presentation also published in IFOST,2013 and indexed in IEEE digital library.
PREDICTION OF AVERAGE TOTAL PROJECT DURATION USING ARTIFICIAL NEURAL NETWORKS...IAEME Publication
The prediction of project‘s expectancy life is an important issue for entrepreneurs since it helps them to avoid the expiration time of projects. To properly address this issue, Neural Network-based approach, fuzzy logic and regression methods are used to predict the necessary time that can be consumed to put an end to the targeted project. Before applying the three aforementioned approaches, the modeling and simulation of the activities network are introduced for calculating the total average time of project. Then, comparatively speaking, the neural network, fuzzy logic and regression method approach are compared in terms prediction’s accuracy. The generated error from the three methods is compared, namely different types of errors are calculated. Basically, the input variables consist of the probability of success (PS), the coefficient of improvement (Coef_PS) and the coefficient of learning (CofA), while the output variable is the average total duration of the project (DTTm). The Predicted mean square error (MSE) values are purposefully used to compare the three models. Interestingly, the results show that the optimum prediction model is the fuzzy logic model with accurate results. It is noteworthy to say that the application in this paper can be applied on a real case study.
About an Immune System Understanding for Cloud-native Applications - Biology ...Nane Kratzke
Presentation for 9th International Conference on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain, 2018.
There is no such thing as an impenetrable system, although the penetration of systems does get harder from year to year. The median days that intruders remained undetected on victim systems dropped from 416 days in 2010 down to 99 in 2016. Perhaps because of that, a new trend in security breaches is to compromise the forensic trail to allow the intruder to remain undetected for longer in victim systems and to retain valuable footholds for as long as possible. This paper proposes an immune system inspired solution which uses a more frequent regeneration of cloud application nodes to ensure that undetected compromised nodes can be purged. This makes it much harder for intruders to maintain a presence on victim systems. Basically the biological concept of cell-regeneration is combined with the information systems concept of append-only logs. Evaluation experiments performed on popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) have shown that between 6 and 40 nodes of elastic container platforms can be regenerated per hour. Even a large cluster of 400 nodes could be regenerated in somewhere between 9 and 66 hours. So, regeneration shows the potential to reduce the foothold of undetected intruders from months to just hours.
Overcoming Heterogeneity in Autonomous Cyber-Physical SystemsIvan Ruchkin
Presented at the following seminar series in Spring 2022:
- University of Arizona, SIE Department
- San Diego State University, CS Department
- University of Kansas, EECS Department
- Tulane University, CS Department
- Auburn University, CSSE Department
- University of Hawaii, ICS Department
- Virginia Tech, ISE Department
- Santa Clara University, CS Department
- University of Kentucky, CS Department
- Indiana University - Purdue University Indianapolis, CIS Department
- Michigan State University, CSE Department
- University of Florida, ECE Department
- Florida Atlantic University, EECS Department
Abstract:
From autonomous vehicles to smart grids, cyber-physical systems (CPS) play an increasingly important role in today's society. Often, CPS operate autonomously in highly critical settings, and thus it is imperative to engineer these systems to be safe and trustworthy. However, it is particularly difficult to do so due to CPS heterogeneity -- the high diversity of components and models used in these systems. This heterogeneity substantially contributes to fragmented, incoherent assurance as well as to inconsistencies between different models of the system.
This talk will present two complementary techniques for overcoming CPS heterogeneity: confidence composition and model integration. The former technique combines heterogeneous confidence monitors to produce calibrated estimates of the run-time probability of safety in CPS with machine learning components. The latter technique discovers inconsistencies between heterogeneous CPS models using a logic-based specification language and a verification algorithm. The application of these techniques will be demonstrated on an unmanned underwater vehicle and a power-aware service robot. These techniques serve as stepping stones towards the vision of engineering autonomous systems that are aware of their own limitations.
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...Ivan Ruchkin
Presented by Zhenjiang Mao at the Robot Trust for Symbiotic Societies (RTSS) Workshop, ICRA 2024.
Out-of-distribution (OOD) detection is essential in autonomous driving, to determine when learning-based components encounter unexpected inputs. Traditional detectors typically use encoder models with fixed settings, thus lacking effective human interaction capabilities. With the rise of large foundation models, multimodal inputs offer the possibility of taking human language as a latent representation, thus enabling language-defined OOD detection. In this paper, we use the cosine similarity of image and text representations encoded by the multimodal model CLIP as a new representation to improve the transparency and controllability of latent encodings used for visual anomaly detection. We compare our approach with existing pre-trained encoders that can only produce latent representations that are meaningless from the user's standpoint. Our experiments on realistic driving data show that the language-based latent representation performs better than the traditional representation of the vision encoder and helps improve the detection performance when combined with standard representations.
Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...Ivan Ruchkin
This poster was presented by Zhenjiang Mao at ICRA 2024.
Related paper: https://arxiv.org/abs/2404.00462
Abstract: A world model creates a surrogate world to train a controller and predict safety violations by learning the internal dynamic model of systems. However, the existing world models rely solely on statistical learning of how observations change in response to actions, lacking precise quantification of how accurate the surrogate dynamics are, which poses a significant challenge in safety-critical systems. To address this challenge, we propose foundation world models that embed observations into meaningful and causally latent representations. This enables the surrogate dynamics to directly predict causal future states by leveraging a training-free large language model. In two common benchmarks, this novel model outperforms standard world models in the safety prediction task and has a performance comparable to supervised learning despite not using any data. We evaluate its performance with a more specialized and system-relevant metric by comparing estimated states instead of aggregating observation-wide error.
More Related Content
Similar to On the Role of Assumptions in Engineering Smart Systems
Towards Automated Engineering for Collective Adaptive Systems: Vision and Res...Roberto Casadei
The opportunities and challenges of recent and
forthcoming distributed computing scenarios have been promot-
ing research on languages and paradigms aimed at modelling the
macro/collective behaviour of systems as well as mechanisms to
endow them with self-* capabilities. One example is the aggregate
computing paradigm, which supports the development of self-
organising systems (e.g., robot swarms, computational ecosys-
tems, and crowd-based services) through various formalisms and
tools developed over a decade. However, very limited work has
been done by a methodological and automation perspective. In
this paper, we explore the issue of organising the development
process of aggregate computing systems. Accordingly, we outline
novel research directions that arise from careful analysis of
the peculiar issues in collective and self-organising systems, the
cornerstones of effective software engineering practices, and
recent scientific trends and insights.
June 2020: Top Read Articles in Control Theory and Computer Modellingijctcm
International Journal of Control Theory and Computer Modelling (IJCTCM) is a Quarterly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Control Theory and Computer Modelling. The journal focuses on all technical and practical aspects of Control Theory and Computer Modelling. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced control engineering and modeling concepts and establishing new collaborations in these areas.
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTSIJCNCJournal
The pivotal role of data security in mobile edge-computing environments forms the foundation for the
proposed work. Anomalies and outliers in the sensory data due to network attacks will be a prominent
concern in real time. Sensor samples will be considered from a set of sensors at a particular time instant as
far as the confidence level on the decision remains on par with the desired value. A “true” on the
hypothesis test eventually means that the sensor has shown signs of anomaly or abnormality and samples
have to be immediately ceased from being retrieved from the sensor. A deep learning Actor-Criticbased
Reinforcement algorithm proposed will be able to detect anomalies in the form of binary indicators and
hence decide when to withdraw from receiving further samples from specific sensors. The posterior trust
value influences the value of the confidence interval and hence the probability of anomaly detection. The
paper exercises a single-tailed normal function to determine the range of the posterior trust metric. The
decision taken by the prediction model will be able to detect anomalies with a good percentage of anomaly
detection accuracy.
Actor Critic Approach based Anomaly Detection for Edge Computing EnvironmentsIJCNCJournal
The pivotal role of data security in mobile edge-computing environments forms the foundation for the
proposed work. Anomalies and outliers in the sensory data due to network attacks will be a prominent
concern in real time. Sensor samples will be considered from a set of sensors at a particular time instant as
far as the confidence level on the decision remains on par with the desired value. A “true” on the
hypothesis test eventually means that the sensor has shown signs of anomaly or abnormality and samples
have to be immediately ceased from being retrieved from the sensor. A deep learning Actor-Criticbased
Reinforcement algorithm proposed will be able to detect anomalies in the form of binary indicators and
hence decide when to withdraw from receiving further samples from specific sensors. The posterior trust
value influences the value of the confidence interval and hence the probability of anomaly detection. The
paper exercises a single-tailed normal function to determine the range of the posterior trust metric. The
decision taken by the prediction model will be able to detect anomalies with a good percentage of anomaly
detection accuracy
Design of various components using virtual-reality and CAD technology. The advanced technology provides a new preservative to computer aided design and drawing
This was my undergraduate final project presentation. Research paper of this presentation also published in IFOST,2013 and indexed in IEEE digital library.
PREDICTION OF AVERAGE TOTAL PROJECT DURATION USING ARTIFICIAL NEURAL NETWORKS...IAEME Publication
The prediction of project‘s expectancy life is an important issue for entrepreneurs since it helps them to avoid the expiration time of projects. To properly address this issue, Neural Network-based approach, fuzzy logic and regression methods are used to predict the necessary time that can be consumed to put an end to the targeted project. Before applying the three aforementioned approaches, the modeling and simulation of the activities network are introduced for calculating the total average time of project. Then, comparatively speaking, the neural network, fuzzy logic and regression method approach are compared in terms prediction’s accuracy. The generated error from the three methods is compared, namely different types of errors are calculated. Basically, the input variables consist of the probability of success (PS), the coefficient of improvement (Coef_PS) and the coefficient of learning (CofA), while the output variable is the average total duration of the project (DTTm). The Predicted mean square error (MSE) values are purposefully used to compare the three models. Interestingly, the results show that the optimum prediction model is the fuzzy logic model with accurate results. It is noteworthy to say that the application in this paper can be applied on a real case study.
About an Immune System Understanding for Cloud-native Applications - Biology ...Nane Kratzke
Presentation for 9th International Conference on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain, 2018.
There is no such thing as an impenetrable system, although the penetration of systems does get harder from year to year. The median days that intruders remained undetected on victim systems dropped from 416 days in 2010 down to 99 in 2016. Perhaps because of that, a new trend in security breaches is to compromise the forensic trail to allow the intruder to remain undetected for longer in victim systems and to retain valuable footholds for as long as possible. This paper proposes an immune system inspired solution which uses a more frequent regeneration of cloud application nodes to ensure that undetected compromised nodes can be purged. This makes it much harder for intruders to maintain a presence on victim systems. Basically the biological concept of cell-regeneration is combined with the information systems concept of append-only logs. Evaluation experiments performed on popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) have shown that between 6 and 40 nodes of elastic container platforms can be regenerated per hour. Even a large cluster of 400 nodes could be regenerated in somewhere between 9 and 66 hours. So, regeneration shows the potential to reduce the foothold of undetected intruders from months to just hours.
Overcoming Heterogeneity in Autonomous Cyber-Physical SystemsIvan Ruchkin
Presented at the following seminar series in Spring 2022:
- University of Arizona, SIE Department
- San Diego State University, CS Department
- University of Kansas, EECS Department
- Tulane University, CS Department
- Auburn University, CSSE Department
- University of Hawaii, ICS Department
- Virginia Tech, ISE Department
- Santa Clara University, CS Department
- University of Kentucky, CS Department
- Indiana University - Purdue University Indianapolis, CIS Department
- Michigan State University, CSE Department
- University of Florida, ECE Department
- Florida Atlantic University, EECS Department
Abstract:
From autonomous vehicles to smart grids, cyber-physical systems (CPS) play an increasingly important role in today's society. Often, CPS operate autonomously in highly critical settings, and thus it is imperative to engineer these systems to be safe and trustworthy. However, it is particularly difficult to do so due to CPS heterogeneity -- the high diversity of components and models used in these systems. This heterogeneity substantially contributes to fragmented, incoherent assurance as well as to inconsistencies between different models of the system.
This talk will present two complementary techniques for overcoming CPS heterogeneity: confidence composition and model integration. The former technique combines heterogeneous confidence monitors to produce calibrated estimates of the run-time probability of safety in CPS with machine learning components. The latter technique discovers inconsistencies between heterogeneous CPS models using a logic-based specification language and a verification algorithm. The application of these techniques will be demonstrated on an unmanned underwater vehicle and a power-aware service robot. These techniques serve as stepping stones towards the vision of engineering autonomous systems that are aware of their own limitations.
Similar to On the Role of Assumptions in Engineering Smart Systems (20)
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...Ivan Ruchkin
Presented by Zhenjiang Mao at the Robot Trust for Symbiotic Societies (RTSS) Workshop, ICRA 2024.
Out-of-distribution (OOD) detection is essential in autonomous driving, to determine when learning-based components encounter unexpected inputs. Traditional detectors typically use encoder models with fixed settings, thus lacking effective human interaction capabilities. With the rise of large foundation models, multimodal inputs offer the possibility of taking human language as a latent representation, thus enabling language-defined OOD detection. In this paper, we use the cosine similarity of image and text representations encoded by the multimodal model CLIP as a new representation to improve the transparency and controllability of latent encodings used for visual anomaly detection. We compare our approach with existing pre-trained encoders that can only produce latent representations that are meaningless from the user's standpoint. Our experiments on realistic driving data show that the language-based latent representation performs better than the traditional representation of the vision encoder and helps improve the detection performance when combined with standard representations.
Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...Ivan Ruchkin
This poster was presented by Zhenjiang Mao at ICRA 2024.
Related paper: https://arxiv.org/abs/2404.00462
Abstract: A world model creates a surrogate world to train a controller and predict safety violations by learning the internal dynamic model of systems. However, the existing world models rely solely on statistical learning of how observations change in response to actions, lacking precise quantification of how accurate the surrogate dynamics are, which poses a significant challenge in safety-critical systems. To address this challenge, we propose foundation world models that embed observations into meaningful and causally latent representations. This enables the surrogate dynamics to directly predict causal future states by leveraging a training-free large language model. In two common benchmarks, this novel model outperforms standard world models in the safety prediction task and has a performance comparable to supervised learning despite not using any data. We evaluate its performance with a more specialized and system-relevant metric by comparing estimated states instead of aggregating observation-wide error.
Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...Ivan Ruchkin
Presented by Sydney Pugh at the 15th ACM/IEEE International Conference on Cyber-Physical Systems.
Abstract: Deep learning models have shown promising predictive accuracy for time-series healthcare applications. However, ensuring the robustness of these models is vital for building trustworthy AI systems. Existing research predominantly focuses on robustness to synthetic adversarial examples, crafted by adding imperceptible perturbations to clean input data. However, these synthetic adversarial examples do not accurately reflect the most challenging real-world scenarios, especially in the context of healthcare data. Consequently, robustness to synthetic adversarial examples may not necessarily translate to robustness against naturally occurring adversarial examples, which is highly desirable for trustworthy AI. We propose a method to curate datasets comprised of natural adversarial examples to evaluate model robustness. The method relies on probabilistic labels obtained from automated weakly-supervised labeling that combines noisy and cheap-to-obtain labeling heuristics. Based on these labels, our method adversarially orders the input data and uses this ordering to construct a sequence of increasingly adversarial datasets. Our evaluation on six medical case studies and three non-medical case studies demonstrates the efficacy and statistical validity of our approach to generating naturally adversarial datasets.
Repairing Learning-Enabled Controllers While Preserving What WorksIvan Ruchkin
Presented at the 15th ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2024).
Abstract: Learning-enabled controllers have been adopted in various cyber-physical systems (CPS). When a learning-enabled controller fails to accomplish its task from a set of initial states, researchers leverage repair algorithms to fine-tune the controller's parameters. However, existing repair techniques do not preserve previously correct behaviors. Specifically, when modifying the parameters to repair trajectories from a subset of initial states, another subset may be compromised. Therefore, the repair may break previously correct scenarios, introducing new risks that may not be accounted for. Due to this issue, repairing the entire initial state space may be hard or even infeasible. As a response, we formulate the Repair with Preservation (RwP) problem, which calls for preserving the already-correct scenarios during repair. To tackle this problem, we design the Incremental Simulated Annealing Repair (ISAR) algorithm, which leverages simulated annealing on a barriered energy function to safeguard the already-correct initial states while repairing as many additional ones as possible. Moreover, formal verification is utilized to guarantee the repair results. Case studies on an Unmanned Underwater Vehicle (UUV) and OpenAI Gym Mountain Car (MC) show that ISAR not only preserves correct behaviors from previously verified initial state regions, but also repairs 81.4% and 23.5% of broken state spaces in the two benchmarks. Moreover, the average signal temporal logic (STL) robustnesses of the ISAR repaired controllers are larger than those of the controllers repaired using baseline methods.
Poster: Conservative Safety Monitors of Stochastic Dynamical SystemsIvan Ruchkin
Poster for the paper presented at the NASA Formal Methods Symposium (NFM) by Matthew Cleaveland on May 16, 2023.
Abstract:
Generating accurate runtime safety estimates for autonomous systems is vital to ensuring their continued proliferation. However, exhaustive reasoning about future behaviors is generally too complex to do at runtime. To provide scalable and formal safety estimates, we propose a method for leveraging design-time model checking results at runtime. Specifically, we model the system as a probabilistic automaton (PA) and compute bounded-time reachability probabilities over the states of the PA at design time. At runtime, we combine distributions of state estimates with the model checking results to produce a bounded time safety estimate. We argue that our approach produces well-calibrated safety probabilities, assuming the estimated state distributions are well-calibrated. We evaluate our approach on simulated water tanks.
Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...Ivan Ruchkin
This poster was presented at the University of Florida AI Days 2023. It is based on this paper: https://arxiv.org/abs/2308.12252
Title: How Safe Am I Given What I See? Calibrated Prediction of Safety Chances for Image-Controlled Autonomy
Abstract: End-to-end learning has emerged as a major paradigm for developing autonomous systems. Unfortunately, with its performance and convenience comes an even greater challenge of safety assurance. A key factor of this challenge is the absence of the notion of a low-dimensional and interpretable dynamical state, around which traditional assurance methods revolve. Focusing on the online safety prediction problem, this paper proposes a configurable family of learning pipelines based on generative world models, which do not require low-dimensional states. To implement these pipelines, we overcome the challenges of learning safety-informed latent representations and missing safety labels under prediction-induced distribution shift. These pipelines come with statistical calibration guarantees on their safety chance predictions based on conformal prediction. We perform an extensive evaluation of the proposed learning pipelines on two case studies of image-controlled systems: a racing car and a cartpole.
Verify-then-Monitor: Calibration Guarantees for Safety ConfidenceIvan Ruchkin
Presented at the Sixth International Workshop on
Design Automation for Cyber-Physical Systems (DACPS), co-located with the Design Automation Conference (DAC) 2023.
Abstract:
Autonomous cyber-physical systems (CPS) are increasingly deployed in complex and safety-critical environments. To help CPS interact with such environments, learning-enabled components, such as neural networks, often implement perception and control functions. Unfortunately, the complexity of the environments and learning components is a major challenge to ensuring the safety of CPS. An emerging assurance paradigm prescribes verifying as much of the CPS as possible at design time - and then monitoring the probability of safety at run time in case of unexpected situations. How can we guarantee that the monitor produces a probability that is well-calibrated to the true chance of safety? This talk will overview our recent answers in two settings. The first combines Bayesian filtering with probabilistic model checking of Markov decision processes. The second is based on confidence monitoring of assumptions behind closed-loop neural-network verification.
Causal Repair of Learning-Enabled Cyber-physical SystemsIvan Ruchkin
Presented by Pengyuan (Eric) Lu at the International Conference on Assured Autonomy 2023.
Abstract: Models of actual causality leverage domain knowledge to generate convincing diagnoses of events that caused an outcome. It is promising to apply these models to diagnose and repair run-time property violations in cyber-physical systems (CPS) with learning-enabled components (LEC). However, given the high diversity and complexity of LECs, it is challenging to encode domain knowledge (e.g., the CPS dynamics) in a scalable actual causality model that could generate useful repair suggestions. In this paper, we focus causal diagnosis on the input/output behaviors of LECs. Specifically, we aim to identify which subset of I/O behaviors of the LEC is an actual cause for a property violation. An important by-product is a counterfactual version of the LEC that repairs the run-time property by fixing the identified problematic behaviors. Based on this insights, we design a two-step diagnostic pipeline: (1) construct and Halpern-Pearl causality model that reflects the dependency of property outcome on the component's I/O behaviors, and (2) perform a search for an actual cause and corresponding repair on the model. We prove that our pipeline has the following guarantee: if an actual cause is found, the system is guaranteed to be repaired; otherwise, we have high probabilistic confidence that the LEC under analysis did not cause the property violation. We demonstrate that our approach successfully repairs learned controllers on a standard OpenAI Gym benchmark.
Conservative Safety Monitors of Stochastic Dynamical SystemsIvan Ruchkin
Presented at the NASA Formal Methods Symposium (NFM) by Matthew Cleaveland on May 16, 2023.
Abstract:
Generating accurate runtime safety estimates for autonomous systems is vital to ensuring their continued proliferation. However, exhaustive reasoning about future behaviors is generally too complex to do at runtime. To provide scalable and formal safety estimates, we propose a method for leveraging design-time model checking results at runtime. Specifically, we model the system as a probabilistic automaton (PA) and compute bounded-time reachability probabilities over the states of the PA at design time. At runtime, we combine distributions of state estimates with the model checking results to produce a bounded time safety estimate. We argue that our approach produces well-calibrated safety probabilities, assuming the estimated state distributions are well-calibrated. We evaluate our approach on simulated water tanks.
Confidence Composition for Monitors of Verification AssumptionsIvan Ruchkin
Presented at 13th ACM/IEEE Intl. Conf. on Cyber-Physical Systems, part of CPS-IoT Week, on May 4, 2022.
Presentation video: https://youtu.be/nnhcUhih-vQ
Abstract:
Closed-loop verification of cyber-physical systems with neural network controllers offers strong safety guarantees under certain assumptions. It is, however, difficult to determine whether these guarantees apply at run time because verification assumptions may be violated. To predict safety violations in a verified system, we propose a three-step confidence composition (CoCo) framework for monitoring verification assumptions. First, we represent the sufficient condition for verified safety with a propositional logical formula over assumptions. Second, we build calibrated confidence monitors that evaluate the probability that each assumption holds. Third, we obtain the confidence in the verification guarantees by composing the assumption monitors using a composition function suitable for the logical formula. Our CoCo framework provides theoretical bounds on the calibration and conservatism of compositional monitors. Two case studies show that compositional monitors are calibrated better than their constituents and successfully predict safety violations.
High-Confidence Data Programming for Evaluating Suppression of Physiological ...Ivan Ruchkin
Presented by Sydney Pugh at the IEEE/ACM international conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE) 2021.
Abstract: False alarms generated by physiological monitors can overwhelm clinical caretakers with a variety of alarms. The resulting alarm fatigue can be mitigated with alarm suppression. Before being deployed, such suppression mechanisms need to be evaluated through a costly observational study, which would determine and label the truly suppressible alarms. This paper proposes a lightweight method for evaluating alarm suppression without access to the true alarm labels. The method is based on the data programming paradigm, which combines noisy and cheap-to-obtain labeling heuristics into probabilistic labels. Based on these labels, the method estimates the sensitivity/specificity of a suppression mechanism and describes the likely outcomes of an observational study in the form of confidence bounds. We evaluate the proposed method in a case study of low SpO2 alarms using a dataset collected at Children's Hospital of Philadelphia and show that our method provides tight and accurate bounds that significantly outperform the naive comparative method.
Data Generation with PROSPECT: a Probability Specification ToolIvan Ruchkin
Presented at the Winter Simulation Conference 2021.
Abstract: Stochastic simulations of complex systems often rely on sampling dependent discrete random variables. Currently, their users are limited in expressing their intention about how these variables are distributed and related to each other over time. This limitation leads the users to program complex and error-prone sampling algorithms. This paper introduces a way to specify, declaratively and precisely, a temporal distribution over discrete variables. Our tool PROSPECT infers and samples this distribution by solving a system of polynomial equations. The evaluation on three simulation scenarios shows that the declarative specifications are easier to write, 3x more succinct than imperative sampling programs, and are processed correctly by PROSPECT.
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...Ivan Ruchkin
Presented at Formal Methods in Outer Space
Essays Dedicated to Klaus Havelund on the Occasion of His 65th Birthday. Link to the paper: https://link.springer.com/chapter/10.1007/978-3-030-87348-6_8
Abstract:
Design-time approaches to safety assurance for autonomous systems are limited because they must rely on assumptions about the behaviors of learned components in previously unseen environments. These assumptions may be violated at run time, thus invalidating the guarantees produced at design time. To overcome this limitation, we propose to complement design-time assurance with run-time monitoring that calculates the confidence that those assumptions are satisfied and, therefore, design-time guarantees continue to hold. As the first step in our vision, we elicit the logical relationship between assumption violations and safety violations. Then, we develop a probabilistic confidence monitor for each design-time assumption. Finally, we compose these assumption monitors based on their logical relation to safety violations, producing a system-wide assurance monitor. Our vision is illustrated with a case study of an autonomous underwater vehicle that performs pipeline inspection.
Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...Ivan Ruchkin
Authors: Ivan Ruchkin, Matthew Cleaveland, Shuo Li, Dominick Pastore, Sooyong Jang, Taylor Carpenter, Radoslav Ivanov, James Weimer, Oleg Sokolsky, and Insup Lee.
Presented in the DARPA Assured Autonomy Phase 2 Demonstration Workshop.
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...Ivan Ruchkin
A presentation at the Hot Topics Day "Application of DARPA Assured Autonomy Program Technologies to Autonomous Learning-Enabled Real-Time Systems" at RTSS 2020
http://2020.rtss.org/workshop-darpa
Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...Ivan Ruchkin
Authors: Ivan Ruchkin, Oleg Sokolsky, James Weimer, Tushar Hedaoo, and Insup Lee
Abstract: Run-time monitoring is a vital part of safety-critical systems. However, early-stage assurance of monitoring quality is currently limited: it relies either on complex models that might be inaccurate in unknown ways, or on data that would only be available once the system has been built. To address this issue, we propose a compositional framework for modeling and analysis of noisy monitoring systems. Our novel 3-value detector model uses probability spaces to represent atomic (non-composite) detectors, and it composes them into a temporal logic-based monitor. The error rates of these monitors are estimated by our analysis engine, which combines symbolic probability algebra, independence inference, and estimation from labeled detection data. Our evaluation on an autonomous underwater vehicle found that our framework produces accurate estimates of error rates while using only detector traces, without any monitor traces. Furthermore, when data is scarce, our approach shows higher accuracy than non-compositional data-driven estimates from monitor traces. Thus, this work enables accurate evaluation of logical monitors in early design stages before deploying them.
Original paper: http://dx.doi.org/10.1109/TCAD.2020.3...
Supplementary materials: https://www.researchgate.net/publication/342993188_Supplementary_Materials_for_Compositional_Probabilistic_Analysis_of_Temporal_Properties_over_Stochastic_Detectors
Video presentation: https://www.youtube.com/watch?v=q-9aHAQwd9Q
Source code and data: https://github.com/bisc/prob-comp-asst
Thesis Defense: Integration of Modeling Methods for Cyber-Physical SystemsIvan Ruchkin
A slide deck from my PhD thesis defense.
The video of the defense talk can be seen here: https://scs.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=aebd3567-e42b-4281-94a7-a98f011d1268
Abstract: "Cyber-physical systems (CPS) incorporate digital (cyber) and mechanical (physical) elements that interact in complex ways. Many safety-critical CPS, such as autonomous vehicles and drones, are becoming increasingly widespread and hence demand rigorous quality assurance. To this end, CPS engineering relies on modeling methods, which use models to represent the system and design-time analyses to interpret/change the models. Coming from diverse scientific and engineering fields, these modeling methods are difficult to combine, or integrate, due to implicit relations and dependencies between them. CPS failures can lead to substantial damage or loss of life, and are often due to two key integration challenges: (i) inconsistencies between models — contradictions in models that do not add up to a cohesive design, and (ii) incorrect interactions of analyses — out-of-order executions in mismatched contexts, leading to erroneous analysis outputs.
This thesis presents a novel approach to detect and prevent integration issues between CPS modeling methods during the design phase. To detect inconsistencies between models, the approach allows engineers to specify integration properties — quantified logical statements that relate various elements of multiple models — in the Integration Property Language (IPL). IPL statements describe verifiable conditions that are equivalent to an absence of inconsistencies. To interface with the models, IPL relies on integration abstractions — simplified representations of models for integration purposes. Two abstractions are proposed in this thesis: views (annotated component-and-connector models, inspired by software architecture) and behavioral properties (expressions in model-specific languages, such as the linear temporal logic). Combining these abstractions enables engineers to mix model structure and behavior in IPL statements. To ensure correct interactions of analyses, I introduce analysis contracts — a lightweight specification that captures inputs, outputs, assumptions, and guarantees for each analysis, in terms of the integration abstractions. Given these contracts, an analysis execution platform performs analyses in the order of their dependencies, and only in contexts that guarantee correct outputs.
My approach to integration was validated on four case studies of CPS modeling methods in different systems: energy-aware planning in a mobile robot, collision avoidance in a mobile robot, thread/battery scheduling in a quadrotor, and reliable/secure sensing in an autonomous vehicle. The validation has shown that the approach supports expressive integration properties, which can be soundly checked within practical constraints, all while being customizable to diverse models, analyses, and domains."
Towards a Formal Framework for Hybrid Planning in Self-AdaptationIvan Ruchkin
A presentation from SEAMS 2017 on formalization of hybrid planning.
Lead author: https://www.cs.cmu.edu/~ashutosp/
Full paper: http://www.cs.cmu.edu/~iruchkin/docs/pandey17-towards.pdf
Abstract: "Decision-making approaches in self-adaptation face a fundamental trade-off between quality and timeliness of adaptation plans. Due to this trade-off, designers often have to make an offline compromise between finding adaptation plans quickly and finding closer-to-optimal plans that demand longer computation times. Recent work has proposed that hybrid planning can resolve this trade-off dynamically, achieving higher utility than either fast or slow approaches individually. The promise of hybrid planning is to combine multiple decision-making approaches at run time to produce adaptation plans of the high quality within given time constraints. However, the diversity of decision-making approaches makes the problem of hybrid planning complex and multi-faceted. This paper advances the theory of hybrid planning by formalizing the central concepts and four sub-problems of hybrid planning. This formalization can serve as a foundation for creating and evaluating hybrid planners in the future."
IPL: An Integration Property Language for Multi-Model Cyber-Physical SystemsIvan Ruchkin
Our talk from the 22nd International Symposium on Formal Methods. Full paper: http://www.cs.cmu.edu/~iruchkin/docs/ruchkin18-ipl.pdf
Abstract: "Design and verification of modern systems requires diverse models, which often come from a variety of disciplines, and it is challenging to manage their heterogeneity -- especially in the case of cyber-physical systems. To check consistency between models, recent approaches map these models to flexible static abstractions, such as architectural views. This model integration approach, however, comes at a cost of reduced expressiveness because complex behaviors of the models are abstracted away. As a result, it may be impossible to automatically verify important behavioral properties across multiple models, leaving systems vulnerable to subtle bugs. This paper introduces the Integration Property Language (IPL) that improves integration expressiveness using modular verification of properties that depend on detailed behavioral semantics while retaining the ability for static system-wide reasoning. We prove that the verification algorithm is sound and analyze its termination conditions. Furthermore, we perform a case study on a mobile robot to demonstrate IPL is practically useful and evaluate its performance. "
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
The Art of the Pitch: WordPress Relationships and Sales
On the Role of Assumptions in Engineering Smart Systems
1. 1
On the Role of Assumptions
in Engineering Smart Systems
Ivan Ruchkin
PRECISE Center
Computer and Information Science
University of Pennsylvania
Smart Designing of Smart Systems Workshop
Society of Design and Process Science
November 20, 2020
4. 4
Defining assumptions
●
“Statement [...] taken for granted to be true” [1]
●
“Needs or decisions [...] not yet validated” [2]
Many taxonomies:
Problem- vs solution-oriented [3]
Implicit vs explicit [4]
Whether invalidation leads to defects [2]
[1] Marincic, Mader, Wieringa. Classifying Assumptions Made During Requirements Verification of Embedded Systems, REFSQ 2008.
[2] Bulandran. An Exploration of Assumptions in Requirements Engineering. PhD thesis, University of Western Australia, 2012.
[3] Dewar. Assumption-Based Planning A Tool for Reducing Avoidable Surprises, RAND, Cambridge University Press, 2002.
[4] Saqui-Sannes, Ludovic. Making Modeling Assumptions an Explicit Part of Real-Time Systems Models, ERTS 2016.
5. 5
Defining assumptions
●
“Statement [...] taken for granted to be true” [1]
●
“Needs or decisions [...] not yet validated” [2]
●
Many taxonomies:
– Problem- vs solution-oriented [3]
– Implicit vs explicit [4]
– Whether violation leads to defects [2]
[1] Marincic, Mader, Wieringa. Classifying Assumptions Made During Requirements Verification of Embedded Systems, REFSQ 2008.
[2] Bulandran. An Exploration of Assumptions in Requirements Engineering. PhD thesis, University of Western Australia, 2012.
[3] Dewar. Assumption-Based Planning A Tool for Reducing Avoidable Surprises, RAND, Cambridge University Press, 2002.
[4] Saqui-Sannes, Ludovic. Making Modeling Assumptions an Explicit Part of Real-Time Systems Models, ERTS 2016.
8. 8
Intuition about assumptions
From: Hehenberger, Egyed, Zeman. Consistency Checking of
Mechatronic Design Models, DETC 2009
●
Define a scope:
– Component
– Model
– System
Assumptions:
fixed expectations
of the scope’s inside
from its outside
9. 9
Intuition about assumptions
From: Hehenberger, Egyed, Zeman. Consistency Checking of
Mechatronic Design Models, DETC 2009
●
Define a scope:
– Component
– Model
– System
●
Assumptions:
– fixed expectations
– of the scope’s inside
– from its outside
11. 11
Canonical role: “ticking bomb”
●
An assumption can be violated, leading to undesired
consequences
Long history of critical failures due to unmet assumptions:
Mars climate orbiter: assumption about metric/imperial system
Challenger space shuttle: assumption about O-rings in cold
temps
GM ignition switch: assumption about mechanical/electrical
interaction
12. 12
Canonical role: “ticking bomb”
●
An assumption can be violated, leading to undesired
consequences
●
Long history of critical failures due to unmet assumptions:
Mars climate orbiter: assumption about metric/imperial system
Challenger space shuttle: assumption about O-rings in cold
temps
GM ignition switch: assumption about mechanical/electrical
interaction
13. 13
Canonical role: “ticking bomb”
●
An assumption can be violated, leading to undesired
consequences
●
Long history of critical failures due to unmet assumptions:
– Mars climate orbiter: assumption about metric/imperial system
– Challenger space shuttle: assumption about O-rings in cold
temps
– GM ignition switch: assumption about mechanical/electrical
interaction
14. 14
Response to “ticking bombs”
Document, model, and manage [1, 4, 5]
Validate at design time [2]
Monitor [6] and adapt [3] at run time
[1] Marincic, Mader, Wieringa. Classifying Assumptions Made During Requirements Verification of Embedded Systems, REFSQ 2008.
[2] Bulandran. An Exploration of Assumptions in Requirements Engineering. PhD thesis, University of Western Australia, 2012.
[3] Dewar. Assumption-Based Planning: A Tool for Reducing Avoidable Surprises, RAND, Cambridge University Press, 2002.
[4] Saqui-Sannes, Ludovic. Making Modeling Assumptions an Explicit Part of Real-Time Systems Models, ERTS 2016.
[5] Fu. A Framework for Managing Unspecified Assumptions in Safety-Critical Cyber-Physical Systems, PhD thesis, UChicago, 2020.
[6] Cimatti, Tian, Tonetta. Assumption-Based Runtime Verification with Partial Observability and Resets, RV 2019.
15. 15
Response to “ticking bombs”
●
Document, model, and manage [1, 4, 5]
Validate at design time [2]
Monitor [6] and adapt [3] at run time
[1] Marincic, Mader, Wieringa. Classifying Assumptions Made During Requirements Verification of Embedded Systems, REFSQ 2008.
[2] Bulandran. An Exploration of Assumptions in Requirements Engineering. PhD thesis, University of Western Australia, 2012.
[3] Dewar. Assumption-Based Planning: A Tool for Reducing Avoidable Surprises, RAND, Cambridge University Press, 2002.
[4] Saqui-Sannes, Ludovic. Making Modeling Assumptions an Explicit Part of Real-Time Systems Models, ERTS 2016.
[5] Fu. A Framework for Managing Unspecified Assumptions in Safety-Critical Cyber-Physical Systems, PhD thesis, UChicago, 2020.
[6] Cimatti, Tian, Tonetta. Assumption-Based Runtime Verification with Partial Observability and Resets, RV 2019.
16. 16
Response to “ticking bombs”
●
Document, model, and manage [1, 4, 5]
●
Validate at design time [2]
Monitor [6] and adapt [3] at run time
[1] Marincic, Mader, Wieringa. Classifying Assumptions Made During Requirements Verification of Embedded Systems, REFSQ 2008.
[2] Bulandran. An Exploration of Assumptions in Requirements Engineering. PhD thesis, University of Western Australia, 2012.
[3] Dewar. Assumption-Based Planning: A Tool for Reducing Avoidable Surprises, RAND, Cambridge University Press, 2002.
[4] Saqui-Sannes, Ludovic. Making Modeling Assumptions an Explicit Part of Real-Time Systems Models, ERTS 2016.
[5] Fu. A Framework for Managing Unspecified Assumptions in Safety-Critical Cyber-Physical Systems, PhD thesis, UChicago, 2020.
[6] Cimatti, Tian, Tonetta. Assumption-Based Runtime Verification with Partial Observability and Resets, RV 2019.
17. 17
Response to “ticking bombs”
●
Document, model, and manage [1, 4, 5]
●
Validate at design time [2]
●
Monitor [6] and adapt [3] at run time
[1] Marincic, Mader, Wieringa. Classifying Assumptions Made During Requirements Verification of Embedded Systems, REFSQ 2008.
[2] Bulandran. An Exploration of Assumptions in Requirements Engineering. PhD thesis, University of Western Australia, 2012.
[3] Dewar. Assumption-Based Planning: A Tool for Reducing Avoidable Surprises, RAND, Cambridge University Press, 2002.
[4] Saqui-Sannes, Ludovic. Making Modeling Assumptions an Explicit Part of Real-Time Systems Models, ERTS 2016.
[5] Fu. A Framework for Managing Unspecified Assumptions in Safety-Critical Cyber-Physical Systems, PhD thesis, UChicago, 2020.
[6] Cimatti, Tian, Tonetta. Assumption-Based Runtime Verification with Partial Observability and Resets, RV 2019.
21. 21
Another role: “enabler of complexity”
Often, assumptions are made for simplification
E.g., braking deceleration bounds simplify the analysis by limiting the state space
But assumptions can also lead to intelligible complexity
I.e., complexity understandable enough to serve as a foundation of complex design
As opposed to unintelligible complexity: “anything can happen”
Examples:
“All samples is i.i.d” → sequential probability ratio test
“Preemption is deadline-monotonic” → CPU frequency-scaling analysis
“Gaussian error in sensors” → probabilistic analysis of false positives in monitors
“Power consumption is a polynomial over the durations of robotic tasks”→ power-based planning
22. 22
Another role: “enabler of complexity”
●
Sometimes, assumptions are made for simplification
– E.g., bounds on braking deceleration simplify the state space
But assumptions can also lead to intelligible complexity
I.e., complexity understandable enough to serve as a foundation of complex design
As opposed to unintelligible complexity: “anything can happen”
Examples:
“All samples is i.i.d” → sequential probability ratio test
“Preemption is deadline-monotonic” → CPU frequency-scaling analysis
“Gaussian error in sensors” → probabilistic analysis of false positives in monitors
“Power consumption is a polynomial over the durations of robotic tasks”→ power-based planning
23. 23
Another role: “enabler of complexity”
●
Sometimes, assumptions are made for simplification
– E.g., bounds on braking deceleration simplify the state space
●
But assumptions can also lead to intelligible complexity
– I.e., complexity understandable enough to serve as a foundation of complex design
– As opposed to unintelligible complexity: “anything can happen”
Examples:
“All samples is i.i.d” → sequential probability ratio test
“Preemption is deadline-monotonic” → CPU frequency-scaling analysis
“Gaussian error in sensors” → probabilistic analysis of false positives in monitors
“Power consumption is a polynomial over the durations of robotic tasks”→ power-based planning
24. 24
Another role: “enabler of complexity”
●
Sometimes, assumptions are made for simplification
– E.g., bounds on braking deceleration simplify the state space
●
But assumptions can also lead to intelligible complexity
– I.e., complexity understandable enough to serve as a foundation of complex design
– As opposed to unintelligible complexity: “anything can happen”
– Examples:
●
“All samples are i.i.d” → sequential probability ratio test
●
“Preemption is deadline-monotonic” → CPU frequency-scaling analysis
●
“Gaussian error in sensors” → analysis of false positives in perception
●
“Power consumption is a polynomial over the durations of robotic tasks”→ power-based planning
26. 26
Complexities enabled by assumptions
●
Usage of multiple models
– A formalism may require certain assumptions
A variety of analyses
Fault-related and model-based
Certain system behaviors
Responses to violations of assumptions
27. 27
Complexities enabled by assumptions
●
Usage of multiple models
– A formalism may require certain assumptions
●
A variety of analyses
– Fault-related and model-based
Certain system behaviors
Responses to violations of assumptions
28. 28
Complexities enabled by assumptions
●
Usage of multiple models
– A formalism may require certain assumptions
●
A variety of analyses
– Fault-related and model-based
●
Certain system behaviors
– Responses to violations of assumptions
32. 32
Smartness enabled by complexity
●
Smart: “capable of making adjustments that resemble those resulting
from human decisions” (The Free Dictionary)
– Smartness arises when intelligence meets context
Complexity allows for adjustment
Smart systems can adjust their assumptions
Smart design can adjust its assumptions
E.g., the same robot used for delivery tasks and disaster relief
Different response to human behavior, mechanical/software breakdowns, ...
33. 33
Smartness enabled by complexity
●
Smart: “capable of making adjustments that resemble those resulting
from human decisions” (The Free Dictionary)
– Smartness arises when intelligence meets context
●
Complexity allows for smart adjustment
– Smart systems can adjust their assumptions
– Smart design can adjust its assumptions
●
E.g., the same robot used for delivery tasks and disaster relief
– Different response to human behavior, mechanical/software breakdowns, ...
34. 34
Smart design via assumptions
●
Not only document/model/validate, but also
automatically evaluate and choose assumptions
Example: a design environment that helps find an
appropriate assumption for sensor errors
“All independent” → safe system but mismatch w/ data
“Sequentially dependent” → better data fit but lower safety
“All dependent” → best fit but intractable analysis
35. 35
Smart design via assumptions
●
Not only document/model/validate, but also
automatically evaluate and choose assumptions
●
Example: a design environment that helps find an
appropriate assumption for sensor errors
“All independent” → safe system but mismatch w/ data
“Sequentially dependent” → better data fit but lower safety
“All dependent” → best fit but intractable analysis
36. 36
Smart design via assumptions
●
Not only document/model/validate, but also
automatically evaluate and choose assumptions
●
Example: a design environment that helps find an
appropriate assumption for sensor errors
– “All independent” → safe system but mismatch w/ data
– “Sequentially dependent” → better data fit but lower safety
– “All dependent” → best fit but intractable analysis
37. 37
Smart behavior via assumptions
●
Not only monitor/plan for violations, but also dynamically
adapt assumptions
E.g., an autonomous car notices that pedestrians in this
area are not consistent with the usual model
A database of plausible assumptions: “a sports game ended”
Quantification of assumption fit to perceived situation
Effect analysis for changing assumptions: “new assumption
increases commute time; old assumption increases crash chance”
38. 38
Smart behavior via assumptions
●
Not only monitor/plan for violations, but also dynamically
adapt assumptions
●
E.g., an autonomous car notices that pedestrians in some
area act inconsistently with the usual model
A database of plausible assumptions: “a sports game ended”
Quantification of assumption fit to perceived situation
Effect analysis for changing assumptions: “new assumption
increases commute time; old assumption increases crash chance”
39. 39
Smart behavior via assumptions
●
Not only monitor/plan for violations, but also dynamically
adapt assumptions
●
E.g., an autonomous car notices that pedestrians in some
area act inconsistently with the usual model
– A database of plausible assumptions: “a sports game ended”
– Quantification of assumption fit to the perceived situation
– Effect analysis for changing assumptions: “new assumption
increases commute time; old assumption increases crash chance”
41. 41
Summary
●
Assumptions are usually interpreted as
potential causes of system failure
– Need to be managed, validated, and monitored
●
A complementary viewpoint:
Engineering
assumptions
enable
Intelligible
complexity
enables
Smart behavior
Smart design
42. 42
References
[1] Marincic, Mader, Wieringa. Classifying Assumptions Made During Requirements Verification
of Embedded Systems, REFSQ 2008.
[2] Bulandran. An Exploration of Assumptions in Requirements Engineering. PhD thesis,
University of Western Australia, 2012.
[3] Dewar. Assumption-Based Planning: A Tool for Reducing Avoidable Surprises, RAND,
Cambridge University Press, 2002.
[4] Saqui-Sannes, Ludovic. Making Modeling Assumptions an Explicit Part of Real-Time
Systems Models, ERTS 2016.
[5] Fu. A Framework for Managing Unspecified Assumptions in Safety-Critical Cyber-Physical
Systems, PhD thesis, University of Chicago, 2020.
[6] Cimatti, Tian, Tonetta. Assumption-Based Runtime Verification with Partial Observability and
Resets, RV 2019.