September 7, 2015
Prof. John Fitzgerald – School of Computing Science, Newcastle University (http://www.ncl.ac.uk/
Title: Engineering Resilient Cyber-Physical Systems – From Tools to Toolchains
Cyber-Physical Systems (CPSs) integrate networked computational and physical processes in an effort to achieve goals that include improved resilience. The engineering of such systems is inherently collaborative, multidisciplinary and challenging. Although model-based formal methods give developers ways to manage the risks of dependable product development, they often focus on a narrow range of model elements and design activities. In this talk, we discuss the need for better integrated formal methods and tool chains for CPS engineering. We focus on the challenges posed by semantically heterogeneous models, the need to support design space exploration, and the requirements for traceability and provenance in the CPS design set. We outline an approach to the development of a tool chain based on integrations of existing tools, and discuss future research opportunities in this area.
John Fitzgerald is Director of the Centre for Software Reliability (CSR) at Newcastle. He is a specialist in the
engineering of resilient computing systems, particularly in rigorous analysis and design tools. In his research, he
develops model-based methods and tools to help in the design of particularly challenging types of product,
especially systems that require collaboration between engineering teams of differing backgrounds and disciplines.
For example, he currently leads the international COMPASS project, which is developing technology for
engineering complex “Systems-of-Systems” that are built from pre-existing systems that might never have been
designed with collaboration in mind. On a different scale, he leads Newcastle’s research into co-modelling and cosimulation
in the design of fault-tolerant embedded systems (in the DESTECS project and in our EPSRC platform
grant on Trustworthy Ambient Systems). John is probably most closely associated with the Vienna Development
Method (VDM) which has been developed from its logical foundations to a commercial tool-supported method,
with industry applications in areas as diverse as options trading and firmware design. He recently led work in the
Deploy project on achieving and demonstrating dependability through the deployment of formal methods in four
industry sectors. His project on the use of formal models to support collaborative modelling and simulation in the
design of embedded systems (DESTECS), started in January 2010. John studied formal proof (PhD, Manchester
Univ.), before joining Newcastle, where he worked on formal design techniques for avionic systems with British
Aerospace in the 1990s. He went on to study the potential for industrial application of formal modelling
(specifically VDM) as a SERC Fellow and later as a Lecturer at Newcastle. He returned to the University in 2003,
having established the design and validation team at Transitive, a successful SME in the embedded processor
market. John is Chairman of FME, the main European body bringing together researchers and practitioners in
rigorous methods of systems development. He is a Fellow of the BCS, and a member of the EPSRC College. He is
a member of the ACM and IEEE.
September 8, 2015
Assist. Prof. Davide Scaramuzza – University of Zurich (http://rpg.ifi.uzh.ch/people_scaramuzza.html)
Title: Towards Robust and Safe Autonomous Drones
With drones becoming more and more popular, safety is a big concern. A critical situation occurs when a drone temporarily loses its GPS position information, which might lead it to crash. This can happen, for instance, when flying close to buildings where GPS signal is lost. In such situations, it is desirable that the drone can rely on fall-back systems and regain stable flight as soon as possible. In this talk, I will present novel methods to automatically recover and stabilize a quadrotor from any initial condition or execute emergency landing. On the one hand, this new technology will allow quadrotors to be launched by simply tossing them in the air, like a “baseball ball”. On the other hand, it will allow them to recover back into stable flight or land on a safe area after a system failure. Since this technology does not rely on any external infrastructure, such as GPS, it enables the safe use of drones in both indoor and outdoor environments. Thus, it can become relevant for commercial use of drones, such as parcel delivery.
- Automatic failure recovery without GPS: https://youtu.be/pGU1s6Y55JI
- Autonomous Landing-site detection and landing: https://youtu.be/phaBKFwfcJ4
Bio: Davide Scaramuzza (1980, Italian) is Assistant Professor of Robotics at the University of Zurich. He is founder and director of the Robotics and Perception Group (http://rpg.ifi.uzh.ch), where he develops cutting-edge research on low-latency vision and visually-guided micro aerial vehicles. He received his PhD in Robotics and Computer Vision at ETH Zurich (with Roland Siegwart). He was Postdoc at both ETH Zurich and the University of Pennsylvania (with Vijay Kumar). From 2009 to 2012, he led the European project “sFly”, which introduced the world’s first autonomous navigation of micro quadrotors in GPS-denied environments using vision as the main sensor modality. For his research contributions, he was awarded an ERC Starting Grant (2014), the IEEE Robotics and Automation Early Career Award (2014), a Google Research Award (2014), the European Young Researcher Award (2012), and the Robotdalen Scientific Award (2009). He coauthored the book “Introduction to Autonomous Mobile Robots” (MIT Press). His research interests are field and service robotics, intelligent vehicles, and computer vision. Specifically, he investigates the use of cameras as the main sensors for robot navigation, mapping, exploration, reasoning, and interpretation. His interests encompass both ground and flying vehicles.
1/2 INDUSTRY DAY
September 7, 2015
Dr. Sebastien Keller – Thales, France
Title: How to increase STS trustworthiness
Since many years, Thales explores different ways in order to increase the trust of its customers in
systems delivered. In Software area, different R&D activities were conducted of which major one was to
define a list of software characteristics (based on ISO25010) and to evaluate them at design time and at
runtime. The idea was to assess fine-grained characteristics which can be consolidated at an upper level
to give Security, Safety, Resilience, etc. confidence level. With this approach, improving one
characteristic increases globally the trustworthiness of an application, or a system. This talk presents the
major outcomes of this research.
Bio: Dr. Sebastien Keller (male) received his PhD in 1997 from university of Nancy in France in Electrical
engineering. He has more than 15 years of experience in computer science in Thales group where he
worked as Software Project Leader, System architect and System Integration Leader on several projects
like SGEA (Electronic Warfare system for French land forces), FAST (Platform of dematerialization for the
French administration), SIV (new French system for vehicles registration), Thales Hypervisor (integration
framework for transport and security applications) and for Mexico Ciudad Segura (urban security project
for Mexico city). He has joined the Application Security Lab in 2012 and is currently project coordinator
of CHOReVOLUTION (H2020 project started at January 2015), of OPTET (FP7 project started at November
2012 and was previously in charge of CHOReOS (FP7 project ended). He is in charge of trust/trustworthy
Andreas Roth – SAP
Title: Live Testing Cloud Business Applications
Business applications are increasingly delivered through cloud platforms. These offer increased speed of adding new features to the applications, driven by the feedback from the customers. With this delivery model, there are new opportunities and challenges for the engineering of these business applications, such as a more intense exchange between development and operations (“DevOps”), but also in particular for ensuring their availability, resilience, scalability, and performance. For ensuring these properties, many vendors of cloud applications put an increasing focus on extending their testing stack towards applying tests to applications in their productive environment (“Live Testing”). In this talk, we have a look at the state of practice on DevOps and Live Testing as well as challenges arising from them.
Bio: Dr. Andreas Roth received his PhD in 2006 from Karlsruhe University, Germany, on the topic of formal software engineering methods. He then joined the research department of SAP where he was the technical lead of European and national research projects for SAP on topics of software modelling, testing, model mining, and formal specification and verification, among them DEPLOY on achieving dependability through the deployment of formal methods for business applications. He was responsible for several internal research transfer projects on model-based testing and performance analysis tools, and later worked in the central technology platform team of the SuccessFactors company acquired by SAP. Since 2013 he is development architect in the SAP technology group, working on HANA database consumption, innovative development tools, and on DevOps tools.
Fausto Del Villano – Ansaldo STS
Title: Hot Stand-By Disaster Recovery Solutions for Ensuring the Resilience of Railway Control Systems
Specifications of modern railway control systems often include resilience requirements in order to quickly and safely recovery from disasters (e.g. system-level failures). To that aim, spatial redundancy is required, with main and backup systems installed in fully isolated buildings, together with very short switchover times from main to backup systems in case of disasters. In order to fulfil those requirements, Ansaldo STS has developed a system-level hot stand-by solution allowing to quickly and smoothly switch from the main system to the back-up one, ensuring the necessary continuity of service and transparency to train supervisors and other operators. The functional architecture of such a solution is able to keep aligned the safety-critical nucleuses, typically based on N-modular redundancy (i.e. ‘KooM’ voting), of the main and the back-up systems. Such a coherent alignment must be kept in terms of both interfaced field devices (e.g. interlocking signals, track circuits, switch points, etc.) – on the ‘bottom’ level – and control room Human Machine Interfaces (HMI) – on the ‘top’ level. The solution is based on heterogeneous and redundant network links (copper/fiber Ethernet/HyperRing) at different levels of system architecture. In this speech, the reference architecture and the fault-tolerance functionalities for disaster recovery are provided, considering the requirements of real railway and mass-transit installations.
Fausto Del Villano holds a degree in Electronic Engineering and has worked in Ansaldo STS for 12 years. He started working in the RAMS Department on the Verification and Validation of Metro Railways, High Speed Railways and Generic Architectures for railway control systems. In 2011, he has moved to the Development Department to manage the `Safe Architectures’ development team. He has been involved in both installation and innovation projects. His current research interests regard novel techniques for the optimization of hardware architectures in order to reduce costs (e.g. footprint, materials, energy consumptions).