Robust Control for Safety and Security
Hamsa Balakrishnan
Joint work with H. Khadilkar, P. Park, V. Ramanujam and C. Tomlin
Page 2
* Today’s operations * Surveillance using ground-‐based radar systems * Primarily “procedural” approach to air traffic control * Manual handoffs between controllers with little prior coordination * Radio communications between pilots and controllers
* NextGen operational concepts * Satellite-‐based surveillance technologies: ADS-‐B * Increased potential for control and optimization algorithms * Increased availability of state information (onboard and ground) * Datalink capabilities
New Technologies Enable New Operational Concepts
10/28/13
Page 3
* Increased potential for control and optimization algorithms * Enhancing system capacity * Improving operational efficiency * Maintaining/improving system safety
* New challenges * Interactions between new and legacy infrastructure * Information security * GPS jamming/spoofing * Detecting adversaries in the presence of uncertainties
* Incentives for participation * Cost vs. potential benefit of collaboration * Risks associated with information-‐sharing
Opportunities and Challenges
10/28/13
Page 4
* Objectives: Safety and efficiency * Conflict detection and resolution * Optimize State Update Interval * Minimize flight times
* Decentralized at longer range * Low traffic density * ADS-‐B surveillance * Max transmit power
* Handover zone * Decentralized control * Adaptively adjust transmit power
* Centralized close to the airport * High traffic density * Min transmit power * Ground radar surveillance * Augmented by ADS-‐B
Hybrid Communication/Control Algorithms
10/28/13
−600 −400 −200 0 200 400 600
−600
−400
−200
0
200
400
600
x
y
Arr fixesDep fixesAirport
Centralized zone
Handover zone
Distributed zone
Park et al., IEEE Trans. on Intelligent Transp. Sys. 2013
Page 5
High Confidence Networked Control
10/28/13
A2A communication
ADS-B ground station
A2I communication
Ground radar systemGround infrastructure system
Airborne system
Satellite system
Safety msg Cryptographic materialADS-Bavionics
GPS receiver
INS
* Secure, fault-‐tolerant control in the presence of adversaries * Distributed control using onboard
threat detection * GPS and inertial sensor data fusion * Verification using Doppler effect and RSS of ADS-‐B messages from neighboring aircraft * Control objectives * Conflict avoidance, maintaining
separation in the presence of uncertainty * Minimizing flight times * Fault detection
INS (IV-B)
Doppler (IV-C)
GPS (IV-B)
KF (V)
TX
RXRSS (IV-C)
EKF (VI)
MMSE (VI-B)
Control (IX)+-
+-
Verification (VIII)
Verification (VIII)
Distance
Position
Receive ADS-B msg
Transmit ADS-B msg
GPS/INS System
Doppler/RSS System
Position
KF
RSS D
etection (VII)
Park et al., under review, 2013
Page 6
* Sequenced to land (takeoff) on a runway, and determine their landing (takeoff) times * Separation requirements (safety) * Limited flexibility afforded to air traffic
controllers * Operational constraints (including arrival/
departure time windows) * Precedence constraints
* Objectives: Throughput, robustness, equity * Results * Solution space can be represented as a
network whose size is linear in the number of aircraft
* Various interesting extensions can be solved in (pseudo-‐)polynomial time as shortest-‐path problems on variations of this network
* Can evaluate tradeoffs between multiple objectives
Safe, Efficient and Robust Scheduling
10/28/13
0
5
10
15
20
25
29 30 31 32 33 34 35 36 37 38 39
Throughput (# of aircraft / makespan)
Reliab
ilit
y
FCFS
k=1
k=2
FCFS with buffering
max. number of position shifts from FCFS
Baseline
Reliability = robustness of schedule robustness of baseline
Chandran & Balakrishnan, ACC 2008 Balakrishnan & Chandran, Oper. Res., 2010 Lee & Balakrishnan, Proc. of IEEE, 2008
Page 7
* Initial allocation of resources typically adopt an optimistic view of capacity * Algorithms for reallocating resources given stochastic capacity forecasts * Exchange mechanisms * Pareto-‐efficiency (no other allocation preferable to all airlines) * Voluntary participation (incentive to participate) * Incentive compatibility (incentive to report true preferences) * Core allocation (no incentive for airlines to deviate by forming coalitions)
* Stochastic optimization algorithms given scenario-‐tree forecasts * Evaluation of incentives to participate, using realistic aircraft delay costs * Evaluation of tradeoffs between adaptability (extent of dynamic replanning) and
flexibility available to airlines
* Mechanisms that combine optimization with (monetary) transfers
Resource Reallocation in the Presence of Uncertainty
10/28/13
Balakrishnan, CDC 2007 Ramanujam & Balakrishnan, under review, 2013
Page 8
* New technologies present opportunities for robust control algorithms * New challenges pertaining to * Safety * Security * Information-‐sharing * Interactions between new and legacy infrastructure systems * Integration and co-‐design of Economic Incentives (EI) and Robust
Control (RC) algorithms for better system performance
Summary
10/28/13