Fig 1 - uploaded by Scott R. Graham
Content may be subject to copyright.
Source publication
Managing risk is a central problem in the design and operation of networked control systems, and due to the increasing role and growing complexity of software in such systems, managing software related failures is becoming a central challenge. Even simple programming errors can cause catastrophic failures. Hence, it is vital to contain risks due to...
Contexts in source publication
Context 1
... is usually accomplished through modular design, where the various software modules are designed in a decoupled Component based design of networked control systems software is a modular approach where the software is de- signed as a set of interacting modules, each implementing a well defined functionality. For instance, the software for the control system shown in Figure 1(a), can be designed as in Figure 1(b) with Sensor, Filter, Controller, Supervisor, and Actuator as software components. With such design, programming errors in a component such as the Supervisor can be contained and other connected components such as the Controller can be insulated from the resulting failures. ...
Context 2
... is usually accomplished through modular design, where the various software modules are designed in a decoupled Component based design of networked control systems software is a modular approach where the software is de- signed as a set of interacting modules, each implementing a well defined functionality. For instance, the software for the control system shown in Figure 1(a), can be designed as in Figure 1(b) with Sensor, Filter, Controller, Supervisor, and Actuator as software components. With such design, programming errors in a component such as the Supervisor can be contained and other connected components such as the Controller can be insulated from the resulting failures. ...
Context 3
... the rest of the paper, we will assume component based design of software, and by the term component, we will mean software components as in Figure 1. ...
Citations
... Traditional methods for IT system surveillance are focused on the IT infrastructure and software applications (Figure 1), and have limited ability to detect complex problems that emerge from interactions among separate software and hardware components. 14 Yet it is these interactional failures that characterize HIT system problems, which often comprise multiple software and hardware components. Monitoring at the data level can overcome these limitations. ...
Objective:
To summarize the research literature evaluating automated methods for early detection of safety problems with health information technology (HIT).
Materials and methods:
We searched bibliographic databases including MEDLINE, ACM Digital, Embase, CINAHL Complete, PsycINFO, and Web of Science from January 2010 to June 2021 for studies evaluating the performance of automated methods to detect HIT problems. HIT problems were reviewed using an existing classification for safety concerns. Automated methods were categorized into rule-based, statistical, and machine learning methods, and their performance in detecting HIT problems was assessed. The review was conducted in accordance with the Preferred Reporting Items for Systematic Reviews and Meta Analyses extension for Scoping Reviews statement.
Results:
Of the 45 studies identified, the majority (n = 27, 60%) focused on detecting use errors involving electronic health records and order entry systems. Machine learning (n = 22) and statistical modeling (n = 17) were the most common methods. Unsupervised learning was used to detect use errors in laboratory test results, prescriptions, and patient records while supervised learning was used to detect technical errors arising from hardware or software issues. Statistical modeling was used to detect use errors, unauthorized access, and clinical decision support system malfunctions while rule-based methods primarily focused on use errors.
Conclusions:
A wide variety of rule-based, statistical, and machine learning methods have been applied to automate the detection of safety problems with HIT. Many opportunities remain to systematically study their application and effectiveness in real-world settings.
... Software is inevitably complex, and errors can be difficult to detect. 9 Most health information systems consist of multiple disparate components. Individual components can interact to produce system behavior in ways not intended by the original designers. ...
Objective To explore the applicability of a syndromic surveillance method to the early detection of health information technology (HIT) system failures.
Methods A syndromic surveillance system was developed to monitor a laboratory information system at a tertiary hospital. Four indices were monitored: (1) total laboratory records being created; (2) total records with missing results; (3) average serum potassium results; and (4) total duplicated tests on a patient. The goal was to detect HIT system failures causing: data loss at the record level; data loss at the field level; erroneous data; and unintended duplication of data. Time-series models of the indices were constructed, and statistical process control charts were used to detect unexpected behaviors. The ability of the models to detect HIT system failures was evaluated using simulated failures, each lasting for 24 h, with error rates ranging from 1% to 35%.
Results In detecting data loss at the record level, the model achieved a sensitivity of 0.26 when the simulated error rate was 1%, while maintaining a specificity of 0.98. Detection performance improved with increasing error rates, achieving a perfect sensitivity when the error rate was 35%. In the detection of missing results, erroneous serum potassium results and unintended repetition of tests, perfect sensitivity was attained when the error rate was as small as 5%. Decreasing the error rate to 1% resulted in a drop in sensitivity to 0.65–0.85.
Conclusions Syndromic surveillance methods can potentially be applied to monitor HIT systems, to facilitate the early detection of failures.
... CSL intends to describe ISR missions for networks of UAVs. Its research is motivated by the need to program controllers for these distributed ad-hoc mobile sensor networks [30,32], and the desired ability to significantly change those controllers during execution [33,34]. The information to be collected is regarded as important, not the servo commands that lead to how it is collected. ...
This paper compares some of the common tools and tech-niques that enable state-of-the-art systems to provide high-level control of Mobile Sensor Networks (MSNs). There is currently a great deal of interest in having autonomous vehicles carrying sensors and communication devices that can conduct ISR (intel-ligence, surveillance and reconnaissance) operations. Although this paper will discuss some issues common to mobile sensor networks, the applications will generally be associated with au-tonomous vehicles. Areas that are addressed are: 1. Mission definition languages that allow human users to compose mis-sions defined in terms of tasks; 2. Communication issues includ-ing hardware, software, and network connectivity; and 3. Task allocation among the assets. INTRODUCTION Recently there has been a great deal of interest in mobile sensor nodes connected by a communication network due in part to their low cost, small size and the ability to control them au-tonomously [1–3]. They are of interest to many applications in-cluding military ISR (Intelligence, Surveillance and Reconnais-sance) missions [4, 5] and remote environmental monitoring [6]. Steinberg [7] described the need for intelligent autonomy technologies for the control of heterogeneous unmanned naval air and sea vehicles, in particular the need for modular tech-nologies that support highly automated ISR missions that in-* Address all correspondence to this author.
... While the possibility of controlling systems over established wireless, shared, or public networks has many benefits, it also requires that security join established performance characteristics such as performance, reliability, and efficiency during the design process. With this in mind, researchers have begun to address security issues specific to control systems, e.g. [1], [2], and have continued to develop control schemes to identify malfunctioning or malicious systems components, e.g. [3], [4], [5]. ...
... For an arbitrary distribution, finding the set Z * that satisfies (10) analytically may not be possible. To find an approximate Z * numerically, one can search [0, 1] for the optimal π * . This is done by choosing π i , the value to check at step i of the algorithm and approximating Z * (π i ). ...
In this paper, we propose a method to detect an unauthorized control signal being sent to a remote-controlled system (deemed an ldquointrusion faultrdquo or ldquointrusionrdquo) despite attempts to conceal the intrusion. We propose adding a random perturbation to the control signal and using signal detection techniques to determine the presence of that signal in observations of the system. Detection of these perturbations indicates that an authorized or ldquotrustedrdquo operator is in control of the system. We analyze a worst case scenario (in terms of detection of the intrusion), discuss construction of signal detectors, and demonstrate our method through a simple example of a point robot with dynamics.
... The syntax of the language, its interactions, its motivations, and results from its initial implementation will all be discussed. CSL's research efforts, and its two sub-languages, are motivated by two coupled problems: the need to program controllers for distributed ad-hoc mobile sensor networks [1]–[8], and the desired ability to significantly change those controllers during execution [9], [10]. Both abilities simplify the control of mobile sensor networks and are therefore necessary parts of CSL. ...
The Collaborative Sensing Language (CSL) is a high-level feedback control language for mobile sensor networks (MSN). It specifies MSN controllers to accomplish network objectives with a dynamically changing ad-hoc resource pool. Furthermore, CSL is designed to allow the updating of controllers during execution (patching). This enables hierarchical control with simpler controllers at lower levels. The CSL Execution Engine contains the intelligence to allocate resources to tasks dynamically and adjust in real time to resource motion, this enables CSL controllers to be simple, intuitive and scalable. Experimental results show that the CSL Execution Engine performs these services with the addition of very little overhead.
... 10) How to prioritize requests for clearance?: Although a first come first serve approach is sufficient, the ability to prioritize some vehicles is useful for, say, approving emergency vehicles [23] . A local component that immediately approves simple area requests could allow some simultaneous processing. ...
In this paper we describe the application architecture for a collision avoidance system developed for a fleet of sensorless mobile vehicles. The system has been deployed in the IT Convergence Lab in the Coordinated Science Laboratory at the University of Illinois at Urbana-Champaign, which is a testbed for studying system architecture for networked embedded control systems. We describe several factors that a well designed collision avoidance algorithm needs to address, and discuss some of the tradeoffs and design decisions that need to be made. The solution that we have developed has a minimal effect on existing components for higher level functionality, as well their interfaces. The architecture and algorithm provide a low level safety guarantee regardless of higher level objectives. The architecture exploits the infrastructure and services provided by the control domain middleware, called Etherware, which has been developed in the laboratory. Indeed, the development of the collision avoidance system shows the usefulness of the specific services and abstractions that Etherware provides to the application designer in facilitating rapid system design and deployment.
