FAULT TOLERANT AUTONOMOUS MOBILE ROBOTIC SYSTEMS

Lord, Dale

10 1900

ITC/USA 2006 Conference Proceedings / The Forty-Second Annual International Telemetering Conference and Technical Exhibition / October 23-26, 2006 / Town and Country Resort & Convention Center, San Diego, California / Recent emphasis has been placed on mobile robotics performing in unstructured environments. This realm of operations requires many different algorithms to interpret the various situations. This not only requires a system that is able to support, and facilitate, the fusion of the results, but it also needs to be tolerant of system errors. In modern operating systems, separate processes are able to fail without affecting other processes. Using this ability, along with fault tolerant inter-process communications, and supervisory process managers, allows the total system to continue to operate under adverse conditions. While this paper focuses primarily on the challenges faced by mobile robotics, the approach can be extended to a wide range of systems which must autonomously identify and adapt to failures/situations.

Mobile robots

Operating systems

Autonomous Systems

Fault-Tolerant Systems

Fault Tolerant Control of Large Flexible Space Structures under Sensor and Actuator Failures

Huang, Samuel Tien-Chieh

08 August 2013

In this thesis, we study fault tolerant control (FTC) for the decentralized robust servomechanism problem (DRSP) of a colocated large flexible space structure (LFSS) under sensor and actuator failures (SAF). The control objective is to devise a decentralized controller that maintains the stability of the LFSS, tracks a constant reference for healthy outputs, regulates against an unknown constant disturbance for healthy outputs, and is robust against parametric uncertainties, so that ``spillover effects'' do not occur. Two FTC frameworks are considered: An active FTC framework that assumes SAF are known, and a passive FTC framework for which SAF are unknown. The active FTC framework extends existing work on DRSP of a nominal LFSS, and applies a PID controller that has fault-dependent adjustments. Necessary and sufficient conditions for a solution to exist are determined, notably an easy-to-test rank condition. For the passive FTC framework, a PD controller that stabilizes an LFSS under unknown SAF is found. Although perfect tracking and regulation are not attained under the PD controller, by applying high gains, the errors for healthy outputs can be reduced to any desired level. However, outputs with failed sensors and healthy actuators can reach undesirably high magnitude under high gains. To improve performance under low gains, insights on steady-state outputs are applied to develop a feed-forward control that has good performance in tracking, but not regulation. Further analysis on the PD controller reveals a method to diagnose SAF using steady-state outputs. As a result, the PD controller and PID controller are found to have complementary advantages, leading to an 3-stage integrated FTC procedure. First, the PD controller can stabilize the LFSS under unknown SAF (passive FTC). Next, fault diagnosis is performed while the LFSS is stabilized. Finally, a reconfigured PID controller applying diagnosed SAF enables healthy outputs to meet control objectives (active FTC). Three examples, including a benchmark space platform with 200 states obtained by finite-element analysis, are used to illustrate the results throughout this thesis.

Fault tolerant systems

Flexible structures

Robust control

Linear systems

Aerospace

0544

Fault Tolerant Control of Large Flexible Space Structures under Sensor and Actuator Failures

Huang, Samuel Tien-Chieh

08 August 2013

In this thesis, we study fault tolerant control (FTC) for the decentralized robust servomechanism problem (DRSP) of a colocated large flexible space structure (LFSS) under sensor and actuator failures (SAF). The control objective is to devise a decentralized controller that maintains the stability of the LFSS, tracks a constant reference for healthy outputs, regulates against an unknown constant disturbance for healthy outputs, and is robust against parametric uncertainties, so that ``spillover effects'' do not occur. Two FTC frameworks are considered: An active FTC framework that assumes SAF are known, and a passive FTC framework for which SAF are unknown. The active FTC framework extends existing work on DRSP of a nominal LFSS, and applies a PID controller that has fault-dependent adjustments. Necessary and sufficient conditions for a solution to exist are determined, notably an easy-to-test rank condition. For the passive FTC framework, a PD controller that stabilizes an LFSS under unknown SAF is found. Although perfect tracking and regulation are not attained under the PD controller, by applying high gains, the errors for healthy outputs can be reduced to any desired level. However, outputs with failed sensors and healthy actuators can reach undesirably high magnitude under high gains. To improve performance under low gains, insights on steady-state outputs are applied to develop a feed-forward control that has good performance in tracking, but not regulation. Further analysis on the PD controller reveals a method to diagnose SAF using steady-state outputs. As a result, the PD controller and PID controller are found to have complementary advantages, leading to an 3-stage integrated FTC procedure. First, the PD controller can stabilize the LFSS under unknown SAF (passive FTC). Next, fault diagnosis is performed while the LFSS is stabilized. Finally, a reconfigured PID controller applying diagnosed SAF enables healthy outputs to meet control objectives (active FTC). Three examples, including a benchmark space platform with 200 states obtained by finite-element analysis, are used to illustrate the results throughout this thesis.

Fault tolerant systems

Flexible structures

Robust control

Linear systems

Aerospace

0544

Modelling, control and monitoring of high redundancy actuation

Davies, Jessica

January 2010

The High Redundancy Actuator (HRA) project investigates a novel approach to fault tolerant actuation, which uses a high number of small actuation elements, assembled in series and parallel in order to form a single intrinsically fault tolerant actuator. Element faults affect the maximum capability of the overall actuator, but through control techniques, the required performance can be maintained. This allows higher levels of reliability to be attained in exchange for less over-dimensioning in comparison to conventional redundancy techniques. In addition, the combination of both serial and parallel elements provides intrinsic accommodation of both lock-up and loose faults. Research to date has concentrated on HRAs based on electromechanical technology, of relatively low order, controlled through passive Fault Tolerant Control (FTC) methods. The objective of this thesis is to expand upon this work. HRA configurations of higher order, formed from electromagnetic actuators are considered. An element model for a moving coil actuator is derived from first principles and verified experimentally. This element model is then used to form high-order, non-linear HRA models for simulation, and reduced-order representations for control design. A simple, passive FTC law is designed for the HRA configurations, the results of which are compared to a decentralised, active FTC approach applied through a framework based upon multi-agent concepts. The results indicate that limited fault tolerance can be achieved through simple passive control, however, performance degradation occurs, and requirements are not met under theoretically tolerable fault levels. Active FTC offers substantial performance improvements, meeting the requirements of the system under the vast majority of theoretically tolerable fault scenarios. However, these improvements are made at the cost of increased system complexity and a reliance on fault detection. Fault Detection (FD) and health monitoring of the HRA is explored. A simple rule-based FD method, for use within the active FTC, is described and simulated. An interacting multiple model FD method is also examined, which is more suitable for health monitoring in a centralised control scheme. Both of these methods provide the required level of fault information for their respective purposes. However, they achieve this through the introduction of complexity. The rule-based method increases system complexity, requiring high levels of instrumentation, and conversely the interacting multiple model approach involves complexity of design and computation. Finally, the development of a software demonstrator is described. Experimental rigs at the current project phase are restricted to relatively low numbers of elements for practical reasons such as cost, space and technological limitations. Hence, a software demonstrator has been developed in Matlab/Simulink which provides a visual representation of HRAs with larger numbers of elements, and varied configuration for further demonstration of this concept.

621

Toward Cyber-Secure and Resilient Networked Control Systems

Teixeira, André

January 2014

Resilience is the ability to maintain acceptable levels of operation in the presence of abnormal conditions. It is an essential property in industrial control systems, which are the backbone of several critical infrastructures. The trend towards using pervasive information technology systems, such as the Internet, results in control systems becoming increasingly vulnerable to cyber threats. Traditional cyber security does not consider the interdependencies between the physical components and the cyber systems. On the other hand, control-theoretic approaches typically deal with independent disturbances and faults, thus they are not tailored to handle cyber threats. Theory and tools to analyze and build control system resilience are, therefore, lacking and in need to be developed. This thesis contributes towards a framework for analyzing and building resilient control systems. First, a conceptual model for networked control systems with malicious adversaries is introduced. In this model, the adversary aims at disrupting the system behavior while remaining undetected by an anomaly detector The adversary is constrained in terms of the available model knowledge, disclosure resources, and disruption capabilities. These resources may correspond to the anomaly detector’s algorithm, sniffers of private data, and spoofers of control commands, respectively. Second, we address security and resilience under the perspective of risk management, where the notion of risk is defined in terms of a threat’s scenario, impact, and likelihood. Quantitative tools to analyze risk are proposed. They take into account both the likelihood and impact of threats. Attack scenarios with high impact are identified using the proposed tools, e.g., zero-dynamics attacks are analyzed in detail. The problem of revealing attacks is also addressed. Their stealthiness is characterized, and how to detect them by modifying the system’s structure is also described. As our third contribution, we propose distributed fault detection and isolation schemes to detect physical and cyber threats on interconnected second-order linear systems. A distributed scheme based on unknown input observers is designed to jointly detect and isolate threats that may occur on the network edges or nodes. Additionally, we propose a distributed scheme based on local models and measurements that is resilient to changes outside the local subsystem. The complexity of the proposed methods is decreased by reducing the number of monitoring nodes and by characterizing the minimum amount of model information and measurements needed to achieve fault detection and isolation. Finally, we tackle the problem of distributed reconfiguration under sensor and actuator faults. In particular, we consider a control system with redundant sensors and actuators cooperating to recover from the removal of individual nodes. The proposed scheme minimizes a quadratic cost while satisfying a model-matching condition, which maintains the nominal closed-loop behavior after faults. Stability of the closed-loop system under the proposed scheme is analyzed. / Ett resilient system har förmågan att återhämta sig efter en kraftig och oväntad störning. Resiliens är en viktig egenskap hos industriella styrsystem som utgör en viktig komponent i många kritiska infrastrukturer, såsom processindustri och elkraftnät. Trenden att använda storskaliga IT-system, såsom Internet, inom styrsystem resulterar i en ökad sårbarhet för cyberhot. Traditionell IT-säkerhet tar inte hänsyn till den speciella koppling mellan fysikaliska komponenter och ITsystem som finns inom styrsystem. Å andra sidan så brukar traditionell reglerteknik fokusera på att hantera naturliga fel och inte cybersårbarheter. Teori och verktyg för resilienta och cybersäkra styrsystem saknas därför och behöver utvecklas. Denna avhandling bidrar till att ta fram ett ramverk för att analysera och konstruera just sådana styrsystem. Först så tar vi fram en representativ abstrakt modell för nätverkade styrsystem som består av fyra komponenter: den fysikaliska processen med sensorer och ställdon, kommunikationsnätet, det digitala styrsystemet och en feldetektor. Sedan införs en konceptuell modell för attacker gentemot det nätverkade styrsystemet. I modellen så beskrivs attacker som försöker undgå att skapa alarm i feldetektorn men ändå stör den fysikaliska processen. Dessutom så utgår modellen ifrån att den som utför attacken har begränsade resurser i fråga om modellkännedom och kommunikationskanaler. Det beskrivna ramverket används sedan för att studera resilens gentemot attackerna genom en riskanalys, där risk definieras utifrån ett hots scenario, konsekvenser och sannolikhet. Kvantitativa metoder för att uppskatta attackernas konsekvenser och sannolikheter tas fram, och speciellt visas hur hot med hög risk kan identifieras och motverkas. Resultaten i avhandlingen illustreras med ett flertal numeriska och praktiska exempel. / <p>QC 20141016</p>

Cyber Security

Resilience

Industrial Control Systems

Fault-Tolerant Systems

Risk Management

Cyber säkerhet

Resiliens

Industriella Styrsystem

Riskanalys

Transient-fault robust systems exploiting quasi-delay insensitive asynchronous circuits / Sistemas robustos a falhas transientes explorando circuitos assíncronos quase-insensíveis aos atrasos

Bastos, Rodrigo Possamai

January 2010

Os circuitos integrados recentes baseados em tecnologias nanoeletrônicas estão significativamente mais vulneráveis a falhas transientes. Os erros gerados são assim também mais críticos do que eram antes. Esta tese apresenta uma nova virtude em termos de confiabilidade dos circuitos assíncronos quase-insensíveis aos atrasos (QDI): a sua grande habilidade natural para mitigar falhas transientes de longa duração, que são severas em circuitos síncronos modernos. Uma metodologia para avaliar comparativamente os efeitos de falhas transientes tanto em circuitos síncronos como em circuitos assíncronos QDI é apresentada. Além disso, um método para obter a habilidade de mitigação de falhas transientes dos elementos de memória de circuitos QDI (ou seja, os C-elements) é também proposto. Por fim, técnicas de mitigação são sugeridas para aumentar ainda mais a atenuação de falhas transientes por parte dos Celements e, por consequência, também a robustez dos sistemas assíncronos QDI. / Recent deep-submicron technology-based ICs are significantly more vulnerable to transient faults. The arisen errors are thus also more critical than they have ever been before. This thesis presents a further novel benefit of the Quasi-Delay Insensitive (QDI) asynchronous circuits in terms of reliability: their strong natural ability to mitigate longduration transient faults that are severe in modern synchronous circuits. A methodology to evaluate comparatively the transient-fault effects on synchronous and QDI asynchronous circuits is presented. Furthermore, a method to obtain the transient-fault mitigation ability of the QDI circuits’ memory elements (i.e., the C-elements) is also proposed. Finally, mitigation techniques are suggested to increase even more the Celements’ transient-fault attenuation, and thus also the QDI asynchronous systems’ robustness.

Microeletrônica

Microprocessadores

Tolerancia : Falhas

QDI asynchronous circuits

Transient faults

Soft errors

Evaluation of transient-fault effects

Transient-fault robust systems exploiting quasi-delay insensitive asynchronous circuits / Sistemas robustos a falhas transientes explorando circuitos assíncronos quase-insensíveis aos atrasos

Bastos, Rodrigo Possamai

January 2010

Os circuitos integrados recentes baseados em tecnologias nanoeletrônicas estão significativamente mais vulneráveis a falhas transientes. Os erros gerados são assim também mais críticos do que eram antes. Esta tese apresenta uma nova virtude em termos de confiabilidade dos circuitos assíncronos quase-insensíveis aos atrasos (QDI): a sua grande habilidade natural para mitigar falhas transientes de longa duração, que são severas em circuitos síncronos modernos. Uma metodologia para avaliar comparativamente os efeitos de falhas transientes tanto em circuitos síncronos como em circuitos assíncronos QDI é apresentada. Além disso, um método para obter a habilidade de mitigação de falhas transientes dos elementos de memória de circuitos QDI (ou seja, os C-elements) é também proposto. Por fim, técnicas de mitigação são sugeridas para aumentar ainda mais a atenuação de falhas transientes por parte dos Celements e, por consequência, também a robustez dos sistemas assíncronos QDI. / Recent deep-submicron technology-based ICs are significantly more vulnerable to transient faults. The arisen errors are thus also more critical than they have ever been before. This thesis presents a further novel benefit of the Quasi-Delay Insensitive (QDI) asynchronous circuits in terms of reliability: their strong natural ability to mitigate longduration transient faults that are severe in modern synchronous circuits. A methodology to evaluate comparatively the transient-fault effects on synchronous and QDI asynchronous circuits is presented. Furthermore, a method to obtain the transient-fault mitigation ability of the QDI circuits’ memory elements (i.e., the C-elements) is also proposed. Finally, mitigation techniques are suggested to increase even more the Celements’ transient-fault attenuation, and thus also the QDI asynchronous systems’ robustness.

Microeletrônica

Microprocessadores

Tolerancia : Falhas

QDI asynchronous circuits

Transient faults

Soft errors

Evaluation of transient-fault effects

Transient-fault robust systems exploiting quasi-delay insensitive asynchronous circuits / Sistemas robustos a falhas transientes explorando circuitos assíncronos quase-insensíveis aos atrasos

Bastos, Rodrigo Possamai

January 2010

Os circuitos integrados recentes baseados em tecnologias nanoeletrônicas estão significativamente mais vulneráveis a falhas transientes. Os erros gerados são assim também mais críticos do que eram antes. Esta tese apresenta uma nova virtude em termos de confiabilidade dos circuitos assíncronos quase-insensíveis aos atrasos (QDI): a sua grande habilidade natural para mitigar falhas transientes de longa duração, que são severas em circuitos síncronos modernos. Uma metodologia para avaliar comparativamente os efeitos de falhas transientes tanto em circuitos síncronos como em circuitos assíncronos QDI é apresentada. Além disso, um método para obter a habilidade de mitigação de falhas transientes dos elementos de memória de circuitos QDI (ou seja, os C-elements) é também proposto. Por fim, técnicas de mitigação são sugeridas para aumentar ainda mais a atenuação de falhas transientes por parte dos Celements e, por consequência, também a robustez dos sistemas assíncronos QDI. / Recent deep-submicron technology-based ICs are significantly more vulnerable to transient faults. The arisen errors are thus also more critical than they have ever been before. This thesis presents a further novel benefit of the Quasi-Delay Insensitive (QDI) asynchronous circuits in terms of reliability: their strong natural ability to mitigate longduration transient faults that are severe in modern synchronous circuits. A methodology to evaluate comparatively the transient-fault effects on synchronous and QDI asynchronous circuits is presented. Furthermore, a method to obtain the transient-fault mitigation ability of the QDI circuits’ memory elements (i.e., the C-elements) is also proposed. Finally, mitigation techniques are suggested to increase even more the Celements’ transient-fault attenuation, and thus also the QDI asynchronous systems’ robustness.

Microeletrônica

Microprocessadores

Tolerancia : Falhas

QDI asynchronous circuits

Transient faults

Soft errors

Evaluation of transient-fault effects

Mechanismy zvýšení spolehlivosti vestavěných systémů pracujících v reálném čase / Mechanisms for Dependability Enhancement of Real-Time Embedded Systems

Slimařík, František

January 2010

This thesis deals with issue of reliability of real-time embedded systems. Contains a summary of basic concepts related to field in real-time embedded systems and mechanisms for dependability enhancement through redundancy techniques and control flow checking. Describes the implementation of selected control flow checking mechanisms, the technique uses software watchdog timers, use of hardware n-modular redundancy in software environment and technique of process pairs using operating system uC/OS-II. The different mechanisms are validated by method injection of faults into the chosen data structures of system uC/OS-II.