Biblio

In the future, mixed traffic Highly Automated Vehicles (HAV) will have to resolve interactions with human operated traffic. A particular problem for HAVs is the detection of human states influencing safety, critical decisions, and driving behavior of humans. We demonstrate the value proposition of neurophysiological sensors and driver models for optimizing performance of HAVs under safety constraints in mixed traffic applications.

We study conflict situations that dynamically arise in traffic scenarios, where different agents try to achieve their set of goals and have to decide on what to do based on their local perception.
We distinguish several types of conflicts for this setting. In order to enable modelling of conflict situations and the reasons for conflicts, we present a logical framework that adopts concepts from epistemic and modal logic, justification and temporal logic. Using this framework, we illustrate how conflicts can be identified and how we derive a chain of justifications leading to this conflict. We discuss how conflict resolution can be done when a vehicle has local, incomplete information, vehicle to vehicle communication (V2V) and partially ordered goals.

The possible interactions between a controller and its environment can naturally be modelled as the arena of a two-player game, and adding an appropriate winning condition permits to specify desirable behavior. The classical model here is the positional game, where both players can (fully or partially) observe the current position in the game graph, which in turn is indicative of their mutual current states. In practice, neither sensing or actuating the environment through physical devices nor data forwarding to and signal processing in the controller are instantaneous. The resultant delays force the controller to draw decisions before being aware of the recent history of a play. It is known that existence of a winning strategy for the controller in games with such delays is decidable over finite game graphs and with respect to ω-regular objectives. The underlying reduction, however, is impractical for non-trivial delays as it incurs a blow-up of the game graph which is exponential in the magnitude of the delay. For safety objectives, we propose a more practical incremental algorithm synthesizing a series of controllers handling increasing delays and reducing game-graph size in between. It is demonstrated using benchmark examples that even a simplistic explicit-state implementation of this algorithm outperforms state-of-the-art symbolic synthesis algorithms as soon as non-trivial delays have to be handled. We furthermore shed some light on the practically relevant case of non-order-preserving delays, as arising in actual networked control, thereby considerably extending the scope of regular game theory under delay pioneered by Klein and Zimmermann.

NIST, in collaboration with Vanderbilt University, has assembled an open-source tool set for designing and implementing federated, collaborative and interactive experiments with cyber-physical systems (CPS). These capabilities are used in our research on CPS at scale for Smart Grid, Smart Transportation, IoT and Smart Cities. This tool set, "Universal CPS Environment for Federation (UCEF)," includes a virtual machine (VM) to house the development environment, a graphical experiment designer, a model repository, and an initial set of integrated tools including the ability to compose Java, C++, MATLABTM, OMNeT++, GridLAB-D, and LabVIEWTM based federates into consolidated experiments. The experiments themselves are orchestrated using a ‘federation manager federate,’ and progressed using courses of action (COA) experiment descriptions. UCEF utilizes a method of uniformly wrapping federates into a federation. The UCEF VM is an integrated toolset for creating and running these experiments and uses High Level Architecture (HLA) Evolved to facilitate the underlying messaging and experiment orchestration. Our paper introduces the requirements and implementation of the UCEF technology and indicates how we intend to use it in CPS Measurement Science.

In the past couple of years, railway infrastructure has been growing more connected, resembling more of a traditional Cyber-Physical System model. Due to the tightly coupled nature between the cyber and physical domains, new attack vectors are emerging that create an avenue for remote hijacking of system components not designed to withstand such attacks. As such, best practice cybersecurity techniques need to be put in place to ensure the safety and resiliency of future railway designs, as well as infrastructure already in the field. However, traditional large-scale experimental evaluation that involves evaluating a large set of variables by running a design of experiments (DOE) may not always be practical and might not provide conclusive results. In addition, to achieve scalable experimentation, the modeling abstractions, simulation configurations, and experiment scenarios must be designed according to the analysis goals of the evaluations. Thus, it is useful to target a set of key operational metrics for evaluation and configure and extend the traditional DOE methods using these metrics. In this work, we present a metrics-driven evaluation approach for evaluating the security and resilience of railway critical infrastructure using a distributed simulation framework. A case study with experiment results is provided that demonstrates the capabilities of our testbed.

Owing¹ to an immense growth of internet-connected and learning-enabled cyber-physical systems (CPSs) [1], several new types of attack vectors have emerged. Analyzing security and resilience of these complex CPSs is difficult as it requires evaluating many subsystems and factors in an integrated manner. Integrated simulation of physical systems and communication network can provide an underlying framework for creating a reusable and configurable testbed for such analyses. Using a model-based integration approach and the IEEE High-Level Architecture (HLA) [2] based distributed simulation software; we have created a testbed for integrated evaluation of large-scale CPS systems. Our tested supports web-based collaborative metamodeling and modeling of CPS system and experiments and a cloud computing environment for executing integrated networked co-simulations. A modular and extensible cyber-attack library enables validating the CPS under a variety of configurable cyber-attacks, such as DDoS and integrity attacks. Hardware-in-the-loop simulation is also supported along with several hardware attacks. Further, a scenario modeling language allows modeling of alternative paths (Courses of Actions) that enables validating CPS under different what-if scenarios as well as conducting cyber-gaming experiments. These capabilities make our testbed well suited for analyzing security and resilience of CPS. In addition, the web-based modeling and cloud-hosted execution infrastructure enables one to exercise the entire testbed using simply a web-browser, with integrated live experimental results display.

Despite the known benefits of simulations in the study of mixed energy systems in the context of smart grid, the lack of collaboration facilities between multiple domain experts prevents a holistic analysis of smart grid operations. Current solutions do not provide a unified tool-chain that supports a secure and collaborative platform for not only the modeling and simulation of mixed electrical energy systems, but also the elastic execution of co-simulation experiments. To address above limitations, this paper proposes a design studio that provides an online collaborative platform for modeling and simulation of smart grids with mixed energy resources.

Cyber-Physical Systems (CPS) consist of embedded computers with sensing and actuation capability, and are integrated into and tightly coupled with a physical system. Because the physical and cyber components of the system are tightly coupled, cyber-security is important for ensuring the system functions properly and safely. However, the effects of a cyberattack on the whole system may be difficult to determine, analyze, and therefore detect and mitigate. This work presents a model based software development framework integrated with a hardware-in-the-loop (HIL) testbed for rapidly deploying CPS attack experiments. The framework provides the ability to emulate low level attacks and obtain platform specific performance measurements that are difficult to obtain in a traditional simulation environment. The framework improves the cybersecurity design process which can become more informed and customized to the production environment of a CPS. The developed framework is illustrated with a case study of a railway transportation system.

The exponential growth of information and communication technologies have caused a profound shift in the way humans engineer systems leading to the emergence of closed-loop systems involving strong integration and coordination of physical and cyber components, often referred to as cyber-physical systems (CPSs). Because of these disruptive changes, physical systems can now be attacked through cyberspace and cyberspace can be attacked through physical means. The paper considers security and resilience as system properties emerging from the intersection of system dynamics and the computing architecture. A modeling and simulation integration platform for experimentation and evaluation of resilient CPSs is presented using smart transportation systems as the application domain. Evaluation of resilience is based on attacker-defender games using simulations of sufficient fidelity. The platform integrates 1) realistic models of cyber and physical components and their interactions; 2) cyber attack models that focus on the impact of attacks to CPS behavior and operation; and 3) operational scenarios that can be used for evaluation of cybersecurity risks. Three case studies are presented to demonstrate the advantages of the platform: 1) vulnerability analysis of transportation networks to traffic signal tampering; 2) resilient sensor selection for forecasting traffic flow; and 3) resilient traffic signal control in the presence of denial-of-service attacks.

To reshape energy systems towards renewable energy resources, decision makers need to decide today on how to make the transition. Energy scenarios are widely used to guide decision making in this context. While considerable effort has been put into developing energy scenarios, researchers have pointed out three requirements for energy scenarios that are not fulfilled satisfactorily yet: The development and evaluation of energy scenarios should (1) incorporate the concept of sustainability, (2) provide decision support in a transparent way and (3) be replicable for other researchers. To meet these requirements, we combine different methodological approaches: story-and-simulation (SAS) scenarios, multi-criteria decision-making (MCDM), information modeling and co-simulation. We show in this paper how the combination of these methods can lead to an integrated approach for sustainability evaluation of energy scenarios with automated information exchange. Our approach consists of a sustainability evaluation process (SEP) and an information model for modeling dependencies. The objectives are to guide decisions towards sustainable development of the energy sector and to make the scenario and decision support processes more transparent for both decision makers and researchers.

The gradual deployment of intelligent and coordinated devices in the electrical power system needs careful investigation of the interactions between the various domains involved. Especially due to the coupling between ICT and power systems a holistic approach for testing and validating is required. Taking existing (quasi-) standardised smart grid system and test specification methods as a starting point, we are developing a holistic testing and validation approach that allows a very flexible way of assessing the system level aspects by various types of experiments (including virtual, real, and mixed lab settings). This paper describes the formal holistic test case specification method and applies it to a particular co-simulation experimental setup. The various building blocks of such a simulation (i.e., FMI, mosaik, domain-specific simulation federates) are covered in more detail. The presented method addresses most modeling and specification challenges in cyber-physical energy systems and is extensible for future additions such as uncertainty quantification.

Traditional power systems education and training is flanked by the demand for coping with the rising complexity of energy systems, like the integration of renewable and distributed generation, communication, control and information technology. A broad understanding of these topics by the current/future researchers and engineers is becoming more and more necessary. This paper identifies educational and training needs addressing the higher complexity of intelligent energy systems. Education needs and requirements are discussed, such as the development of systems-oriented skills and cross-disciplinary learning. Education and training possibilities and necessary tools are described focusing on classroom but also on laboratory-based learning methods. In this context, experiences of using notebooks, co-simulation approaches, hardware-in-the-loop methods and remote labs experiments are discussed.

The increasing integration of distributed renewable energy resources into the power grid calls for employment of information and communication technology, transforming the grid into a cyber-physical energy system with new options for stable and optimized control. In order to evaluate and validate new control technologies, test systems are necessary. When the future extensibility of an approach is to be tested, laboratory and field tests reach their limits. Instead, simulation-based testing is required, like co-simulation, which allows the reuse of pre-existing simulation components. However, some co-simulation approaches designed for generic applicability tend to ignore certain setup characteristics like the need for remote coupling or exchange of complex data. This paper presents a co-simulation case study with distributed, heterogeneous simulation components. Challenges are discussed and it is shown how the framework MOSAIK helps to bridge the gap between special interfacing requirements and high system usability.

The recent attention towards research and development in cyber-physical energy systems has introduced the necessity of emerging multi-domain co-simulation tools. Different educational, research and industrial efforts have been set to tackle the co-simulation topic from several perspectives. The majority of previous works has addressed the standardization of models and interfaces for data exchange, automation of simulation, as well as improving performance and accuracy of co-simulation setups. Furthermore, the domains of interest so far have involved communication, control, markets and the environment in addition to physical energy systems. However, the current characteristics and state of co-simulation testbeds need to be re-evaluated for future research demands. These demands vary from new domains of interest, such as human and social behavior models, to new applications of co-simulation, such as holistic prognosis and system planning. This paper aims to formulate these research demands that can then be used as a road map and guideline for future development of co-simulation in cyber-physical energy systems.

The complex and often safety-critical nature of cyber-physical energy systems makes validation a key challenge in facilitating the energy transition, especially when it comes to the testing on system level. Reliable and reproducible validation experiments can be guided by the concept of design of experiments, which is, however, so far not fully adopted by researchers. This paper suggests a structured guideline for design of experiments application within the holistic testing procedure suggested by the European ERIGrid project. In this paper, a general workflow as well as a practical example are provided with the aim to give domain experts a basic understanding of design of experiments compliant testing.

Evaluating new technological developments for energy systems is becoming more and more complex. The overall application environment is a continuously growing and interconnected cyber-physical system so that analytical assessment is practically impossible to realize. Consequently, new solutions must be evaluated in simulation studies. Due to the interdisciplinarity of the simulation scenarios, various heterogeneous tools must be connected. This approach is known as co-simulation. During the last years, different approaches have been developed or adapted for applications in energy systems. In this paper, two co-simulation approaches are compared that follow generic, versatile concepts. The tool MOSAIK, which has been explicitly developed for the purpose of co-simulation in complex energy systems, is compared to the High Level Architecture (HLA), which possesses a domain-independent scope but is often employed in the energy domain. The comparison is twofold, considering the tools’ conceptual architectures as well as results from the simulation of representative test cases. It suggests that MOSAIK may be the better choice for entry-level, prototypical co-simulation while HLA is more suited for complex and extensive studies.

Smart grid systems are characterized by high complexity due to interactions between a traditional passive network and active power electronic components, coupled using communication links. Additionally, automation and information technology plays an important role in order to operate and optimize such cyber-physical energy systems with a high(er) penetration of fluctuating renewable generation and controllable loads. As a result of these developments the validation on the system level becomes much more important during the whole engineering and deployment process, today. In earlier development stages and for larger system configurations laboratory-based testing is not always an option. Due to recent developments, simulation-based approaches are now an appropriate tool to support the development, implementation, and roll-out of smart grid solutions. This paper discusses the current state of simulation-based approaches and outlines the necessary future research and development directions in the domain of power and energy systems.

We propose a series of methods based on learning key structural properties from traffic data-basis and on statistical model checking, ultimately leading to the construction of a scenario catalogue capturing requirements for controlling criticality for highly autonomous vehicles. We sketch underlying mathematical foundations which allow to derive formal confidence levels that vehicles tested by such a scenario catalogue will maintain the required control of criticality in real traffic matching the probability distributions of key parameters of data recorded in the reference data base employed for this process.

Autonomous systems are on everyone's lips, driven by current discussions in the automotive sector. In fact, automated systems of varying degrees of autonomy are part of current roadmaps and projections in many industries. In this article, the various industry-specific taxonomies and standards are summarized and characterized in terms of their functional capabilities and requirements for methods, processes and tools from the perspective of software engineering.

Driver's uncertainty during decision-making in overtaking results in long reaction times and potentially dangerous lane change maneuvers. Current lane change assistance systems focus on safety assessments providing either too conservative or excessive warnings, which influence driver's acceptance and trust in these systems. Inspired by the emancipation theory of trust, we expect systems providing information adapted to driver's uncertainty states to simultaneously help to reduce long reaction times and build the overall trust in automation. In previous work, we presented an adaptive lane change assistance system based on this concept utilizing a probabilistic model of driver's uncertainty. In this paper, we investigate whether the proposed system is able to improve reaction times and build trust in the automation as expected. A simulator study was conducted to compare the proposed system with an unassisted baseline and three reference systems not adaptive to driver's uncertainty. The results show while all systems reduce reaction times compared to the baseline, the proposed adaptive system is the most trusted and accepted.