Modern real-time scheduling theory was started by Professor David Liu at UIUC with his seminal paper Scheduling Algorithms for Multiprogramming in a Hard Real-Time Environment. Built upon this pioneering work, Professor Lui Sha and his collaborators created the modern real-time scheduling theory that transformed the real-time computing standards and impacted many national high technology projects.
In human in the loop CPS system (CPS-H) research, the system design is driven by both the computational model and by the physical system model. Physical system model shapes the architectures of the cyber system. In return, the optimized computational model facilities the design and verification of domain specific applications. Concurrently, we are working on safety critical CPS-H systems such as control systems and emergence care decision support systems where dependability is critical. National Academy of Science’s study on dependable software systems has concluded, “One key to achieving dependability at reasonable cost is a serious and sustained commitment to simplicity, including simplicity of critical functions and simplicity in system interactions. This commitment is often the mark of true expertise.”
The principle of complexity reduction and control governs our system architecture, application architecture and user interactions. Currently, the three main areas of research are: 1) Dependable Real Time Computing Architecture; 2) Secure and Robust Control architectures; and 3) Medical Best Practice Guidance Systems.
Dependable Real Time Computing Architecture
Our dependable real time computing architecture is called Virtual Single Core Computer (VSCC). Using the VSCC abstraction, a networked real time control system can be programmed, verified and deployed as if the networked multicore control system were a high performance single core computer. The two key component technologies are:
- Physically Asynchronous Logically Synchronous (PALS) architecture, which provides real time virtual synchrony to applications. PALS won David Lubkowski Memorial Award for the Advancement of Digital Avionics, after Rockwell Collins has demonstrated with PALS, the model checking time of a dual redundant flight guidance system dropped from over 35 hours to less than 30 seconds.
- Single Core Equivalence (SCE) technology for real time multicore computing. Under SCE, currently each core of a multicore chip can be used as if it were a stand-alone single core chip. SCE technology has since become the framework for the development of multicore avionics certification requirements.
Click here to see an overview.
Secure and Robust CPS Architectures
The concern about UASes security is growing with the increasing demand on advanced functionalities and thus their increasing capabilities. The increased computational power and connectivity in modern UASes will expose hitherto unknown security flaws, as threats to such systems grow. At the platform level, our SecureCore architecture has the following two distinguishing requirements that have guided the research directions:
- One-Way Observability: The monitoring activity of the SecureCore must be invisible to the untrustworthy entities, i.e., the monitored cores. The secured core should be able to observe the state of the physical system under control, the processor state of the monitored cores, and the I/O data to/from them.
- One-Way Controllability: The SecureCore must be able to intercept and to control the I/O. When a malicious activity is detected, the SecureCore should be able to stop the malicious activity and/or the system should be recovered
In addition, SecureCore also incorporates zero day intrusion detection capability by taking advantage of the fact that embedded control applications have distinct CPU, memory, I/O and system call patterns.
SecureCore is a system level architecture, which has been first integrated with software application architecture known as Simplex architecture, which consists of a normal controller and a safety controller that maximizes system stability. The normal controller flies the drone in normal operations. However, the safety controller will takeover, if under the control of normal controller, the drone’s states approaches the stability boundary of the safety controller or the drone breaches the permitted flight space.
The normal controller is running in the applications cores, while the safety controller and the security supervisor are running inside the SecureCore. Intuitively, we may think of the SecureCore as the “police station” embedded into the UAS architecture. The normal controller or compromised normal controller can fly the drone as it see fit, provided that i) it obeys the rules and regulations, and 2) it was compromised and exhibits abnormal resource usage patterns. Recently, we replaced the safety controller in Simplex controller with L1 Adaptive Controller which is robust against disturbance and partial mechanical Failures. The integration results in L1Simplex architecture.
For an initial demonstration against cyber-attacks and the enforcement of flight space, see here. When the technologies are fully integrated, we will let users/testers to control the drone and upload buggy controller and/or virus infected controllers. We will show that we can keep the drone stable and fly within the allocated space, despite the bugs and attacks. We may even be able stop the attack before it starts with a high probability.
Medical Best Practice Guidance Systems
At a 2014 US Senate Healthcare subcommittee hearing, it was shown that preventable medical errors in hospitals kill as many as 400,000 people each year, making it the third most common cause of death in America. These preventable medical errors cost US a colossal $1 trillion each year. Preventable medical errors are those that fail to correctly use known medical best practice.
We have been developing a medical best practice guidance system to promote a fundamental transformation in the delivery of health care services in the many regions of the United States, where the care of an individual patient is often distributed across providers at different locations throughout the course of treatment. Providers consist of both small town and rural hospitals and the affiliate tertiary care centers, with ambulances providing patient transportation between them. Providers’ nurses and physicians have different levels of expertise and experience. Emergency Medical Technicians (EMTs) provide limited patient care during transport.
Our system will support the delivery of distributed, yet integrated patient care by promoting maximal adherence to best medical practices in the treatment of life threatening medical events such as heart attack, stroke, and sepsis.
With a GPS-enabled navigation system in an automobile or aircraft, less skilled or experienced practitioners will have best practices readily available to them to be followed, akin to the way a driver or pilot can follow a computer-recommended route of travel. More skilled or experienced practitioners, in contrast, will still benefit by information on best practices in times of high workload or distraction, and will, like a driver or pilot, be able to over-ride the guidance a system provides when deemed necessary.
The research includes i) the translation of medical knowledge written in natural language to executable organ state automata and workflow automata; ii) system design and quality assurance and iii) clinical validation in collaboration with physicians.
Click here to see an overview.