Pajic, Miroslav
Email Address
ORCID
Disciplines
relationships.isProjectOf
relationships.isOrgUnitOf
Position
Introduction
Research Interests
Collection
47 results
Search Results
Now showing 1 - 10 of 47
Publication Demo Abstract: A Platform for Implantable Medical Device Validation(2010-10-01) Pajic, Miroslav; Jiang, Zhihao; Mangharam, Rahul; Connolly, Allison; Dixit, SanjayPublication Modeling and Verification of a Dual Chamber Implantable Pacemaker(2012-04-16) Jiang, Zhihao; Pajic, Miroslav; Moarref, Salar; Alur, Rajeev; Mangharam, RahulThe design and implementation of software for medical devices is challenging due to their rapidly increasing functionality and the tight coupling of computation, control, and communication. The safety-critical nature and the lack of existing industry standards for verification, make this an ideal domain for exploring applications of formal modeling and analysis. In this paper, we use a dual chamber implantable pacemaker as a case study for modeling and verification of control algorithms for medical devices in UPPAAL. We present detailed models of different components of the pacemaker based on the algorithm descriptions from Boston Scientific. We formalize basic safety requirements based on specifications from Boston Scientific as well as additional physiological knowledge. The most critical potential safety violation for a pacemaker is that it may lead the closed-loop system into an undesirable pattern (for example, Tachycardia). Modern pacemakers are implemented with termination algorithms to prevent such conditions. We show how to identify these conditions and check correctness of corresponding termination algorithms by augmenting the basic models with monitors for detecting undesirable patterns. Along with emerging tools for code generation from UPPAAL models, this effort enables model driven design and certification of software for medical devices.Publication Resilient Multidimensional Sensor Fusion Using Measurement History(2014-02-01) Ivanov, Radoslav; Pajic, Miroslav; Lee, InsupThis work considers the problem of performing resilient sensor fusion using past sensor measurements. In particular, we consider a system with n sensors measuring the same physical variable where some sensors might be attacked or faulty. We consider a setup in which each sensor provides the controller with a set of possible values for the true value. Here, more precise sensors provide smaller sets. Since a lot of modern sensors provide multidimensional measurements (e.g., position in three dimensions), the sets considered in this work are multidimensional polyhedra. Given the assumption that some sensors can be attacked or faulty, the paper provides a sensor fusion algorithm that obtains a fusion polyhedron which is guaranteed to contain the true value and is minimal in size. A bound on the volume of the fusion polyhedron is also proved based on the number of faulty or attacked sensors. In addition, we incorporate system dynamics in order to utilize past measurements and further reduce the size of the fusion polyhedron. We describe several ways of mapping previous measurements to current time and compare them, under di erent assumptions, using the volume of the fusion polyhedron. Finally, we illustrate the implementation of the best of these methods and show its e ectiveness using a case study with sensor values from a real robot.Publication Attack-Resilient Sensor Fusion for Safety-Critical Cyber-Physical(2016-02-01) Ivanov, Radoslav; Pajic, Miroslav; Lee, InsupThis paper focuses on the design of safe and attack-resilient Cyber-Physical Systems (CPS) equipped with multiple sensors measuring the same physical variable. A malicious attacker may be able to disrupt system performance through compromising a subset of these sensors. Consequently, we develop a precise and resilient sensor fusion algorithm that combines the data received from all sensors by taking into account their specified precisions. In particular, we note that in the presence of a shared bus, in which messages are broadcast to all nodes in the network, the attacker’s impact depends on what sensors he has seen before sending the corrupted measurements. Therefore, we explore the effects of communication schedules on the performance of sensor fusion and provide theoretical and experimental results advocating for the use of the Ascending schedule, which orders sensor transmissions according to their precision starting from the most precise. In addition, to improve the accuracy of the sensor fusion algorithm, we consider the dynamics of the system in order to incorporate past measurements at the current time. Possible ways of mapping sensor measurement history are investigated in the paper and are compared in terms of the confidence in the final output of the sensor fusion. We show that the precision of the algorithm using history is never worse than the no-history one, while the benefits may be significant. Furthermore, we utilize the complementary properties of the two methods and show that their combination results in a more precise and resilient algorithm. Finally, we validate our approach in simulation and experiments on a real unmanned ground robot.Publication Real-time Heart Model for Implantable Cardiac Device Validation and Verification(2010-03-26) Jiang, Zhihao; Pajic, Miroslav; Connolly, Allison T; Dixit, Sanjay; Mangharam, RahulDesigning bug-free medical device software is difficult, especially in complex implantable devices that may be used in unanticipated contexts. Safety recalls of pacemakers and implantable cardioverter defibrillators due to firmware problems between 1990 and 2000 affected over 200,000 devices, comprising 41% of the devices recalled and are increasing in frequency. There is currently no formal methodology or open experimental platform to validate and verify the correct operation of medical device software. To this effect, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning (i.e. during normal sinus rhythm) and malfunctioning (i.e. during arrhythmia) heart. We present a methodology to extract timing properties of the heart to construct a timed-automata model. The platform exposes functional and formal interfaces for validation and verification of implantable cardiac devices. We demonstrate the VHM is capable of generating clinically-relevant response to intrinsic (i.e. premature stimuli) and external (i.e. artificial pacemaker) signals for a variety of common arrhythmias. By connecting the VHM with a pacemaker model, we are able to pace and synchronize the heart during the onset of irregular heart rhythms. The VHM has also been implemented on a hardware platform for closed-loop experimentation with existing and virtual medical devices. The VHM allows for exploratory electrophysiology studies for physicians to evaluate their diagnosis and determine the appropriate device therapy. This integrated functional and formal device design approach will potentially help expedite medical device certification for safer operation.Publication Robustness of Attack-Resilient State Estimators(2014-04-01) Pajic, Miroslav; Weimer, James; Bezzo, Nicola; Tabuada, Paulo; Sokolsky, Oleg; Lee, Insup; Pappas, GeorgeThe interaction between information technology and physical world makes Cyber-Physical Systems (CPS) vulnerable to malicious attacks beyond the standard cyber attacks. This has motivated the need for attack-resilient state estimation. Yet, the existing state-estimators are based on the non-realistic assumption that the exact system model is known. Consequently, in this work we present a method for state estimation in presence of attacks, for systems with noise and modeling errors. When the the estimated states are used by a state-based feedback controller, we show that the attacker cannot destabilize the system by exploiting the difeerence between the model used for the state estimation and the real physical dynamics of the system. Furthermore, we describe how implementation issues such as jitter, latency and synchronization errors can be mapped into parameters of the state estimation procedure that describe modeling errors, and provide a bound on the state-estimation error caused by modeling errors. This enables mapping control performance requirements into real-time (i.e., timing related) specifications imposed on the underlying platform. Finally, we illustrate and experimentally evaluate this approach on an unmanned ground vehicle case-study.Publication Spatio-Temporal Techniques for Anti-Jamming in Embedded Wireless Networks(2010-02-10) Mangharam, Rahul; Pajic, MiroslavElectromagnetic jamming results in a loss of link reliability, increased energy consumption and packet delays. In the context of energy-constrained wireless networks, nodes are scheduled to maximize the common sleep duration and coordinate communication to extend their battery life. This coordination results in statistical and predictable activity patterns that may be easily detected and jammed. To eliminate spatio-temporal patterns of communication in the link and network layers, we present WisperNet, an energy-efficient anti-jamming protocol.WisperNet employs hardware-based time synchronization and lightweight cryptographic hashing for coordinated temporal randomization of slot schedules at the link layer and adapts routes to avoid static jammers in the network layer.We demonstrate thatWisperNet reduces the efficiency of any statistical jammer to that of a random jammer, which has the lowest censorship-to-link utilization ratio. In the presence of a statistical jammer,WisperNet provides sub- 2% packet drop ratios for link utilization up to 50%. In addition, the jammer’s censorship efficiency is linear with link utilization as it is unable to extract any communication patterns. WisperNet is more efficient than low-power CSMA protocols in terms of energy, effective network throughput, reliability and delay.Publication Closing the Loop: A Simple Distributed Method for Control over Wireless Networks(2012-01-01) Pajic, Miroslav; Sundaram, Shreyas; LE NY, Jerome; Pappas, George J.; Mangharam, RahulWe present a distributed scheme used for control over a network of wireless nodes. As opposed to traditional networked control schemes where the nodes simply route information to and from a dedicated controller (perhaps performing some encoding along the way), our approach, Wireless Control Network (WCN), treats the network itself as the controller. In other words, the computation of the control law is done in a fully distributed way inside the network. We extend the basic WCN strategy, where at each time-step, each node updates its internal state to be a linear combination of the states of the nodes in its neighborhood. This causes the entire network to behave as a linear dynamical system, with sparsity constraints imposed by the network topology. We demonstrate that with observer style updates, the WCN's robustness to link failures is substantially improved. Furthermore, we show how to design a WCN that can maintain stability even in cases of node failures. We also address the problem of WCN synthesis with guaranteed optimal performance of the plant, with respect to standard cost functions. We extend the synthesis procedure to deal with continuous-time plants and demonstrate how the WCN can be used on a practical, industrial application, using a process-in-the-loop setup with real hardware.Publication Networked Realization of Discrete-Time Controllers(2013-03-01) Miao, Fei; Pajic, Miroslav; Mangharam, Rahul; Pappas, GeorgeWe study the problem of mapping discrete-time linear controllers into potentially higher order linear controllers with predefined structural constraints. Our work has been motivated by the Wireless Control Network (WCN) architecture, where the network itself behaves as a distributed, structured dynamical compensator. We make connections to model reduction theory to derive a method for the controller embedding based on minimization of the H∞-norm of the error system. This allows us to frame the problem as synthesis of optimal structured linear controllers, which enables the utilization of design-time iterative procedures for systems’ approximation. Finally, we illustrate the use of the mapping procedure by embedding PID controllers into the WCN substrate, and show how to reduce the computation overhead of the approximation procedure.Publication Embedded Virtual Machines for Robust Wireless Control and Actuation(2010-04-01) Pajic, Miroslav; Mangharam, RahulEmbedded wireless networks have largely focused on open-loop sensing and monitoring. To address actuation in closed-loop wireless control systems there is a strong need to re-think the communication architectures and protocols for reliability, coordination and control. As the links, nodes and topology of wireless systems are inherently unreliable, such time-critical and safety-critical applications require programming abstractions and runtime systems where the tasks are assigned to the sensors, actuators and controllers as a single component rather than statically mapping a set of tasks to a specific physical node at design time. To this end, we introduce the Embedded Virtual Machine (EVM), a powerful and flexible programming abstraction where virtual components and their properties are maintained across node boundaries. In the context of process and discrete control, an EVM is the distributed runtime system that dynamically selects primary-backup sets of controllers to guarantee QoS given spatial and temporal constraints of the underlying wireless network. The EVM architecture defines explicit mechanisms for control, data and fault communication within the virtual component. EVM-based algorithms introduce new capabilities such as predictable outcomes and provably minimal graceful degradation during sensor/actuator failure, adaptation to mode changes and runtime optimization of resource consumption. Through case studies in process control we demonstrate the preliminary capabilities of EVM-based wireless networks.