Autumn School

An autumn school will be held right before the SERENE workshop. The autumn school will explore the resiliency of cyber physical systems.

Engineering Resilient Cyber Physical Systems

The director of the school is Henry Muccini, U. of L’Aquila, Italy.

The program of the autumn school:

Resilience in Cyber-Physical Systems: Challenges and Opportunities

Dr. Gabor KarsaiPresenter: Dr. Gabor Karsai, Professor of Electrical Engineering and Computer Science, Senior Research Scientist, Institute of Software-Integrated Systems, Vanderbilt University


Cyber-Physical Systems (CPS) integrate the physical with the computational synergistically: the sum is greater than its parts. They are inherently physical but they can’t function without the ‘cyber’, i.e. computation and communication. By design, intricate interactions take place between the physical and the cyber components in the system that make achieving resilience problematic. Physical parts and cyber parts can fail independently or together, but one can also fail because of a fault in the other. Resilience can be achieved using physical and/or cyber means, but the system has to be resilient to either type of faults.

The talk will discuss the challenges of achieving resilience in CPS. Next, model-based approaches will be introduced that provide a unifying framework to formally represent the physical and cyber components and their interactions, both in nominal and off-nominal states. Once the models are created, they can be used for the analysis and evaluation of the system, to calculate metrics for resilience, for instance. The models can also be used to facilitate resilience to physical faults, cyber faults, and faults that appear in one as a consequence of a fault in the other. We will show mechanisms, architectural patterns, and complete system architectures that serve as building blocks for resilience. We will use several example domains, covering both the physical and cyber aspects of the system. The talk will conclude with suggestions for further research.


Dr. Gabor Karsai is a Professor of Electrical Engineering and Computer Science at Vanderbilt University, and Senior Research Scientist at the Institute for Software-Integrated Systems. He conducts research in the design and implementation of cyber-physical systems, in programming tools for model-driven development environments, in the theory and practice of model-integrated computing, and in real-time fault diagnostics. He received his B.Sc., M.Sc., and Dr. Techn degrees from the Technical University of Budapest, Hungary, in 1982, 1984 and 1988, respectively, and his PhD from Vanderbilt University in 1988. Dr. Karsai has worked several large DARPA projects in the recent past: advanced scheduling and resource management algorithms, fault-adaptive control technology that has been transitioned into aerospace programs, and model-based integration of embedded systems whose resulting tools are being used in embedded software development tool chains.

System management overview

kocsis_zsoltPresenter: Zsolt Kocsis, IBM Hungary


What is this, and why is this important? Expectations : Visibility, control, automation. Strategic capability mapping. Data Providers and sensors. Infrastructure management concepts: Fault management , performance management : differences, typical use cases. Layers of systems management. Root cause analysis. Process frameworks, it’s importance, preprogrammed decisions. How does IT system management fit to cyber physical systems. Credibility check, error detection and mitigation. Functional and non functional requirements. Security concerns and best practices. Industry example.


Zsolt Kocsis is the Technical manager of IBM Cloud and Smarter Infrastructure and Security Software in the Central and Eastern Europe region, and Associate Professor h.c at Budapest University of Technology and Economics.  He holds a Masters Degree of Electrical Engineering and MBA, both from the Budapest University of Technology and Economics.

System-Level Concurrent Error Detection



Presenter: Dr. Luigi Pomante, Assistant Professor at “Università degli Studi dell’Aquila”


Error detection is one of the basic feature needed to support reliability and then resilience in CPS. So, this talk focuses on error detection issues in the cyber part of CPS. Such a part is normally a customized electronic digital system, with an ad-hoc HW/SW architecture, typically embedded in a more complex and heterogeneous system that heavily interacts with some physical processes. Error detection problems can be approached off-line, for instance before using a device or during maintenance, and/or concurrently, that is during its operational time. When dealing with critical applications, as often happens with CPS, concurrent error detection is the recommended approach since in critical operational environments error propagation can generate catastrophic effects.

However, typically, system reliability/resilience aspects are neglected while dealing with the higher levels of the (cyber) system design process. In fact, usually, the analysis and synthesis of the HW/SW mechanisms needed to support reliability and resilience are postponed to lower abstraction levels where a set of traditional techniques is already available. On the other hand, due to system complexity and time-to-market constraints, HW/SW co-design methodologies target devices while specified at system level. At this level of abstraction, the system specification describes the desired behaviour of the application without detailing with implementation aspects. The degrees of freedom intrinsically contained in the system level specifications allow postponing the decisions concerning the physical implementation to later design phases. At the same time, the designer provides both implementation objectives and implementation constraints. Given these elements, a design space exploration is performed to determine the set of admissible implementations fulfilling all the requirements: this step identifies the HW and the SW modules verifying constraints and objectives.

Since the insertion and the use of reliability/resilience methodologies could significantly impact on performance, timing, energy and size, it is necessary to transfer reliability/resilience aspects toward the upper levels of the design flow, by adding the reliability/resilience constraint to the classical parameters. The goal is to optimize the final solution by integrating reliability/resilience issues starting from the first steps of the design process. This talk investigates the problem of adopting design for reliability/resilience approaches at system level (Reliability/Resilience Co-Design Project), when all the solutions are still open for the implementation of the device, presenting a set of design methodologies for guaranteeing concurrent error detection (CED) properties to the final implementation.


Luigi Pomante has received the “Laurea” (i.e. BSc+MSc) Degree in Computer Science Engineering from “Politecnico di Milano” (Milano, Italy) in 1998, the 2nd Level University Master Degree in Information Technology from CEFRIEL (a Center of Excellence of “Politecnico di Milano”) in 1999, and the Ph.D. Degree in Computer Science Engineering from “Politecnico di Milano” in 2001. He has been a Researcher at CEFRIEL from 1999 to 2005 and, in the same period, he has been also a Temporary Professor at “Politecnico di Milano”. From 2006, he is an Academic Researcher at DEWS (a Center of Excellence for the research of “Università degli Studi dell’Aquila”, Italy) and a consultant at WEST Aquila (a SME, spin-off of the “Università degli Studi dell’Aquila”). From 2008 he is also Assistant Professor at “Università degli Studi dell’Aquila”. His activities focus mainly on Electronic Design Automation (EDA), Electronic System-Level Design (ESL) and Networked Embedded Systems (in particular Wireless Sensor Networks). In such a context, he has been author (or co-author) of more than 70 works published on international and national conference proceedings, journals and book chapters. He has been also reviewer and member of several TPCs related to his research topics. Finally, he is also the person in charge of scientific, technical and administrative issues in several DEWS European and national research projects.

Challenges in Cyber-Physical Systems

Presenter: Prof. András Pataricza, Professor, Budapest University of Technology and Economics


Prof. András Pataricza graduated in Electrical Engineering, holds a DsC. degree from the Hungarian Academy of Sciences, and a Dr-habil. from BUTE. Since 1994 he leads the Fault-Tolerant Systems Research Group of the Department of Measurements and Information Systems. He served twice as visiting professor at the University of Erlangen in Germany and received multiple recognition awards from different scientific and industrial organizations. Since 2006 he is a visiting professor at the IBM Budapest CAS (Center of Advanced studies). He has acted as technical leader and/or advisor to many international scientific projects and EU scientific research programs. He has published over 130 papers in international journals, conferences and workshops in the field of Dependable Computing, Embedded System and Model-Driven Engineering. He was the general chair of the Annual 43th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2013).

Incremental Model Queries over the Cloud

Daniel VarroPresenter: Prof. Dániel Varró, Professor, Budapest University of Technology and Economics


Prof. Dániel Varró is a full professor at the Budapest University of Technology and Economics. His main research interest is model-driven software and systems engineering. He regularly serves in the programme committee of various international conferences in the field like MODELS, ASE, FASE and ICMT and serves on the editorial board of the Software and Systems Modeling journal (Springer). He is a programme committee co-chair of FASE 2013 and ICMT 2014 conferences. He delivered a keynote talk at IEEE CSMR 2012 conference and at various international workshops (recently, VOLT 2013, GT-VMT 2014). He is a founder of the VIATRA2 model transformation tool and the EMF-IncQuery open source model query framework, and the principal investigator at his university of the SENSORIA, DIANA, SecureChange and MONDO European Projects. He is a three time recipient of the IBM Faculty Award. Previously, he was a visiting researcher at SRI International, at the University of Paderborn and twice at TU Berlin. In 2014, he was as a visiting professor at McGill University and Université de Montréal.

Measurement-Driven Resilience Design of Cloud-Based Cyber-Physical Systems

Imre KocsisPresenter: Imre Kocsis, Research Associate, Budapest University of Technology and Economics


The evolution of cyber-physical systems (CPSs) is inevitably leading to system designs where the in-field “cyber” components are connected to cloud services, resulting in a hierarchy of observation, perception and control that is not unlike the human nervous system. Cloud services have critical properties that make them the best choice for serving as the “brain” in CPSs; among these are ease of functional reconfiguration, elastic scalability of resources and the possibility to integrate external knowledge via the Internet. At the same time, partially cloud-resident cyber-physical systems offer new challenges to resilience engineering – timeliness, the maybe most important nonfunctional aspect of cyber-physical systems can be easily compromised by performance instability and inhomogeneity in cloud platforms.

The demonstration will give an overview of the emerging metrology of Infrastructure as a Service cloud platforms from the conceptual as well as tooling point of view, focusing on the popular OpenStack platform but also giving a lookout to public cloud offerings. Building on this foundation, measurement-based platform performability evaluation is discussed, with experiment design and the role of exploratory data analysis given special emphasis.

At the application level, we show how fault injection campaigns in the style of dependability benchmarking can be used to assess CPS resilience against performance inhomogeneity and instability. This is demonstrated on a “cloud over cloud” solution as a test harness. The session ends with an introduction into practical techniques for qualitatively reasoning about the effectiveness of runtime dependability mechanisms in system design variants, using the results of platform and application (component) sensitivity evaluation.