search menu icon-carat-right cmu-wordmark

Safety Analysis and Fault Detection Isolation and Recovery (SAFIR) Synthesis for Time-Sensitive Cyber-Physical Systems

SAFIR addresses safety analysis of time-sensitive CPS in both its theoretical and practical dimensions.

Software Engineering Institute


Implementing the DoD’s AI vision requires advances in safety analysis, and fault detection isolation and recovery synthesis (or SAFIR) to (1) model and analyze dynamic reconfiguration and fault propagation due to fault sequences, and (2) enforce safe reconfiguration. In the first two years, SAFIR has investigated the properties a CPS architecture must demonstrate to integrate autonomy functions and fulfill safety objectives and how to integrate them into a model-based systems engineering (MBSE) practice:

  • SAFIR improved the IA-CPS systems engineering body of knowledge, focusing on safety mechanisms, from design to verification and validation (V&V), using model-based engineering (MBE) techniques.
  • SAFIR delivered an updated taxonomy to express fault models of IA-CPS and derive efficient detection mechanisms. Together with Georgia Tech, we explored the techniques to detect tampering with sensors data either in case of faults or cyber attacks, conditions for detectability of these attacks, and the possibility to derive a controller for an IA-CPS in the case of timing errors.
  • SAFIR delivered formally backed reasoning and simulation capabilities for IA-CPS architectures by mechanizing the SAE AADL language using the Coq theorem prover, expanding V&V capabilities for MBE tooling.
  • SAFIR defined and implemented the Architecture-Supported Audit Processor (ASAP): a tool that generates a number of safety- specific system views that deeply integrate a system’s architecture and arguments.