Abstract
Unlike faults in classical systems, faults in Cyber-Physical Systems will often be caused by the system’s interaction with its physical environment and social context, rendering these faults harder to diagnose. To complicate matters further, knowledge about the behavior and failure modes of a system are often collected in different models. We show how three of those models, namely attack trees, fault trees, and timed failure propagation graphs can be converted into Halpern-Pearl causal models, combined into a single holistic causal model, and analyzed with actual causality reasoning to detect and explain unwanted events. Halpern-Pearl models have several advantages over their source models, particularly that they allow for modeling preemption, consider the non-occurrence of events, and can incorporate additional domain knowledge. Furthermore, such holistic models allow for analysis across model boundaries, enabling detection and explanation of events that are beyond a single model. Our contribution here delineates a semi-automatic process to (1) convert different models into Halpern-Pearl causal models, (2) combine these models into a single holistic model, and (3) reason about system failures. We illustrate our approach with the help of an Unmanned Aerial Vehicle case study.
This work was supported by the Deutsche Forschungsgemeinschaft (DFG) under grant no. PR1266/3-1, Design Paradigms for Societal-Scale Cyber-Physical Systems. Amjad Ibrahim and Severin Kacianka contributed equally to this paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Accessible at http://modelbasedassurance.org.
- 2.
For more details on the notations see Sect. 2.
References
Abdelwahed, S., Dubey, A., Karsai, G., Mahadevan, N.: Model-based tools and techniques for real-time system and software health management. In: Srivastava, A., Han, J. (eds.) Machine Learning and Knowledge Discovery for Engineering Systems Health Management. Chapman and Hall/CRC, London (2011). Chapter 9
Abdelwahed, S., Karsai, G., Biswas, G.: A consistency-based robust diagnosis approach for temporal causal systems. In: The 16th International Workshop on Principles of Diagnosis, pp. 73–79 (2005)
Alrajeh, D., Chockler, H., Halpern, J.Y.: Combining experts’ causal judgments. In: Thirty-Second AAAI Conference on Artificial Intelligence (AAAI-2018) (2018)
Bruns, G., Anderson, S.: Validating safety models with fault trees. In: Górski, J. (ed.) SAFECOMP 1993, pp. 21–30. Springer, London (1993). https://doi.org/10.1007/978-1-4471-2061-2_3
DJI: Fly safe - geo zone map (2018). https://www.dji.com/en/flysafe/geo-map. Accessed 03 Dec 2018
Dubey, A., Karsai, G., Mahadevan, N.: Model-based software health management for real-time systems. In: 2011 Aerospace Conference, pp. 1–18, March 2011. https://doi.org/10.1109/AERO.2011.5747559
Eurocontrol: Useful information on UAS no-fly areas (2018). https://www.eurocontrol.int/articles/useful-information-uas-no-fly-areas. Accessed 03 Dec 2018
FAA: Airspace restrictions (2018). https://www.faa.gov/uas/where_to_fly/airspace_restrictions/. Accessed 03 Dec 2018
Friedenberg, M., Halpern, J.Y.: Combining the causal judgments of experts with possibly different focus areas (2018). http://www.cs.cornell.edu/home/halpern/papers/focus.pdf
Halpern, J.Y.: A modification of the Halpern-Pearl definition of causality. In: International Joint Conference on Artificial Intelligence, pp. 3022–3033 (2015). https://www.aaai.org/ocs/index.php/IJCAI/IJCAI15/paper/view/11058/11085
Halpern, J.Y., Pearl, J.: Causes and explanations: a structural-model approach. Part I: causes. Br. J. Philos. Sci. 56(4), 843–887 (2005). https://doi.org/10.1093/bjps/axi147
Halpern, J.Y., Pearl, J.: Causes and explanations: a structural-model approach. Part II: explanations. Br. J. Philos. Sci. 56(4), 889–911 (2005). https://doi.org/10.1093/bjps/axi148
Hansen, K.M., Ravn, A.P., Stavridou, V.: From safety analysis to software requirements. IEEE Trans. Software Eng. 24, 573–584 (1998). https://doi.org/10.1109/32.708570. doi.ieeecomputersociety.org/10.1109/32.708570
Ibrahim, A., Rehwald, S., Pretschner, A.: Efficiently checking actual causality with sat solving. In: Dependable Software Systems Engineering (2019, to appear)
Kacianka, S., Pretschner, A.: Understanding and formalizing accountability for cyber-physical systems. In: IEEE International Conference on Systems, Man, and Cybernetics (SMC), October 2018. https://arxiv.org/abs/1810.09704
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1–38 (2014)
Leitner-Fischer, F., Leue, S.: Causality checking for complex system models. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 248–267. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35873-9_16
Lewis, D.: Causation. J. Philos. 70(17), 556–567 (1973). https://doi.org/10.2307/2025310
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_17
Narayanan, N.H., Viswanadham, N.: A methodology for knowledge acquisition and reasoning in failure analysis of systems. IEEE Trans. Syst. Man Cybern. 17(2), 274–288 (1987)
Papadopoulos, Y.: Model-based system monitoring and diagnosis of failures using statecharts and fault trees. Reliab. Eng. Syst. Saf. 81(3), 325–341 (2003)
Pearl, J., Mackenzie, D.: The Book of Why. Basic Books, New York (2018)
Poolsapassit, N., Ray, I.: Investigating computer attacks using attack trees. In: Craiger, P., Shenoi, S. (eds.) DigitalForensics 2007. ITIFIP, vol. 242, pp. 331–343. Springer, New York (2007). https://doi.org/10.1007/978-0-387-73742-3_23
Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005). https://doi.org/10.1007/11555827_14
Ruijters, E., Stoelinga, M.: Fault tree analysis: a survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15, 29–62 (2015)
Schneier, B.: Attack trees - modeling security threats. DR DOBBS J. (1999). http://www.schneier.com/paper-attacktrees-ddj-ft.html
Schneier, B.: Secrets and Lies - Digital Security in a Networked World: With New Information About Post-9/11 Security. Wiley, Indianapolis (2004)
Simon, G., et al.: Model-based fault-adaptive control of complex dynamic systems. In: Proceedings of the 20th IEEE Instrumentation Technology Conference (Cat. No. 03CH37412), vol. 1, pp. 176–181, May 2003. https://doi.org/10.1109/IMTC.2003.1208147
Triantafillou, S., Tsamardinos, I.: Constraint-based causal discovery from multiple interventions over overlapping variable sets. J. Mach. Learn. Res. 16, 2147–2205 (2015)
Vesely, W., Goldberg, F., Roberts, N., Haasl, D.: Fault tree handbook (1981)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ibrahim, A., Kacianka, S., Pretschner, A., Hartsell, C., Karsai, G. (2019). Practical Causal Models for Cyber-Physical Systems. In: Badger, J., Rozier, K. (eds) NASA Formal Methods. NFM 2019. Lecture Notes in Computer Science(), vol 11460. Springer, Cham. https://doi.org/10.1007/978-3-030-20652-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-20652-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20651-2
Online ISBN: 978-3-030-20652-9
eBook Packages: Computer ScienceComputer Science (R0)