Jiang Jiang,Yongxiang Xia,Sheng Xu,Hui-Liang Shen,Jiajing Wu

DOI: https://doi.org/10.1063/1.5139254

2020-01-01

Abstract:Cyber-physical systems (CPSs) are integrations of information technology and physical systems, which are more and more significant in society. As a typical example of CPSs, smart grids integrate many advanced devices and information technologies to form a safer and more efficient power system. However, interconnection with the cyber network makes the system more complex, so that the robustness assessment of CPSs becomes more difficult. This paper proposes a new CPS model from a complex network perspective. We try to consider the real dynamics of cyber and physical parts and the asymmetric interdependency between them. Simulation results show that coupling with the communication network makes better robustness of power system. But since the influences between the power and communication networks are asymmetric, the system parameters play an important role to determine the robustness of the whole system.

Philippa Ryan,Zoe Porter,Joanna Al-Qaddoumi,John McDermid,Ibrahim Habli

2023-12-30

Abstract:AI-Based Safety-Critical Systems (AI-SCS) are being increasingly deployed in the real world. These can pose a risk of harm to people and the environment. Reducing that risk is an overarching priority during development and operation. As more AI-SCS become autonomous, a layer of risk management via human intervention has been removed. Following an accident it will be important to identify causal contributions and the different responsible actors behind those to learn from mistakes and prevent similar future events. Many authors have commented on the "responsibility gap" where it is difficult for developers and manufacturers to be held responsible for harmful behaviour of an AI-SCS. This is due to the complex development cycle for AI, uncertainty in AI performance, and dynamic operating environment. A human operator can become a "liability sink" absorbing blame for the consequences of AI-SCS outputs they weren't responsible for creating, and may not have understanding of.

Computers and Society,Artificial Intelligence

Severin Kacianka,Alexander Pretschner

DOI: https://doi.org/10.1145/3442188.3445905

2021-01-20

Abstract:Accountability is an often called for property of technical systems. It is a requirement for algorithmic decision systems, autonomous cyber-physical systems, and for software systems in general. As a concept, accountability goes back to the early history of Liberalism and is suggested as a tool to limit the use of power. This long history has also given us many, often slightly differing, definitions of accountability. The problem that software developers now face is to understand what accountability means for their systems and how to reflect it in a system's design. To enable the rigorous study of accountability in a system, we need models that are suitable for capturing such a varied concept. In this paper, we present a method to express and compare different definitions of accountability using Structural Causal Models. We show how these models can be used to evaluate a system's design and present a small use case based on an autonomous car.

Software Engineering

Edgar W. Jatho,Logan O. Mailloux,Eugene D. Williams,Patrick McClure,Joshua A. Kroll

DOI: https://doi.org/10.48550/arXiv.2302.02972

2023-02-07

Abstract:Many stakeholders struggle to make reliances on ML-driven systems due to the risk of harm these systems may cause. Concerns of trustworthiness, unintended social harms, and unacceptable social and ethical violations undermine the promise of ML advancements. Moreover, such risks in complex ML-driven systems present a special challenge as they are often difficult to foresee, arising over periods of time, across populations, and at scale. These risks often arise not from poor ML development decisions or low performance directly but rather emerge through the interactions amongst ML development choices, the context of model use, environmental factors, and the effects of a model on its target. Systems safety engineering is an established discipline with a proven track record of identifying and managing risks even in high-complexity sociotechnical systems. In this work, we apply a state-of-the-art systems safety approach to concrete applications of ML with notable social and ethical risks to demonstrate a systematic means for meeting the assurance requirements needed to argue for safe and trustworthy ML in sociotechnical systems.

Machine Learning,Computers and Society,Software Engineering,Systems and Control

Samuel Judson,Joan Feigenbaum

DOI: https://doi.org/10.48550/arXiv.2201.07413

2023-08-17

Abstract:Insightful interdisciplinary collaboration is essential to the principled governance of complex technologies, like those produced by modern computing research and development. Technical research on the interaction between computation and society often focuses on how researchers model social and physical systems. These models underlie how computer scientists specify problems and propose algorithmic solutions. However, the social effects of computing can depend just as much on obscure and opaque technical caveats, choices, and qualifiers. Such artifacts are products of the particular algorithmic techniques and theory applied to solve a problem once modeled, and their nature can imperil thorough sociotechnical scrutiny of the often discretionary decisions made to manage them. We describe three classes of objects used to encode these choices and qualifiers: heuristic models, assumptions, and parameters. We raise six reasons these objects may be hazardous to comprehensive analysis of computing and argue they deserve deliberate consideration as researchers explain scientific work.

Computers and Society

Ashleigh Brady,Neelam Naikar

DOI: https://doi.org/10.1080/00140139.2021.2005823

IF: 2.5612

Ergonomics

Abstract:Besides radically altering work, advances in automation and intelligent technologies have the potential to bring significant societal transformation. These transitional periods require an approach to analysis and design that goes beyond human-machine interaction in the workplace to consider the wider sociotechnical needs of envisioned work systems. The Sociotechnical Influences Space, an analytical tool motivated by Rasmussen's risk management model, promotes a holistic approach to the design of future systems, attending to societal needs and challenges, while still recognising the bottom-up push from emerging technologies. A study explores the concept and practical potential of the tool when applied to the analysis of a large-scale, 'real-world' problem, specifically the societal, governmental, regulatory, organisational, human, and technological factors of significance in mixed human-artificial agent workforces. Further research is needed to establish the feasibility of the tool in a range of application domains, the details of the method, and the value of the tool in design. Practitioner summary: Emerging automation and intelligent technologies are not only transforming workplaces, but may be harbingers of major societal change. A new analytical tool, the Sociotechnical Influences Space, is proposed to support organisations in taking a holistic approach to the incorporation of advanced technologies into workplaces and function allocation in mixed human-artificial agent teams.

Severin Kacianka,Amjad Ibrahim,Alexander Pretschner

DOI: https://doi.org/10.48550/arXiv.2005.03294

2020-05-07

Software Engineering

Abstract:While the exact definition and implementation of accountability depend on the specific context, at its core accountability describes a mechanism that will make decisions transparent and often provides means to sanction "bad" decisions. As such, accountability is specifically relevant for Cyber-Physical Systems, such as robots or drones, that embed themselves into a human society, take decisions and might cause lasting harm. Without a notion of accountability, such systems could behave with impunity and would not fit into society. Despite its relevance, there is currently no agreement on its meaning and, more importantly, no way to express accountability properties for these systems. As a solution we propose to express the accountability properties of systems using Structural Causal Models. They can be represented as human-readable graphical models while also offering mathematical tools to analyze and reason over them. Our central contribution is to show how Structural Causal Models can be used to express and analyze the accountability properties of systems and that this approach allows us to identify accountability patterns. These accountability patterns can be catalogued and used to improve systems and their architectures.

Daniel Schneider,Jan Reich,Rasmus Adler,Peter Liggesmeyer

2024-05-06

Abstract:Cyber Physical Systems (CPS) enable new kinds of applications as well as significant improvements of existing ones in numerous different application domains. A major trait of upcoming CPS is an increasing degree of automation up to the point of autonomy, as there is a huge potential for economic success as well as for ecologic and societal improvements. However, to unlock the full potential of such (cooperative and automated) CPS, we first need to overcome several significant engineering challenges, where safety assurance is a particularly important one. Unfortunately, established safety assurance methods and standards do not live up to this task, as they have been designed with closed and less complex systems in mind. This paper structures safety assurance challenges of cooperative automated CPS, provides an overview on our vision of dynamic risk management and describes already existing building blocks.

Software Engineering

Sarah Hiller,Jobst Heitzig

DOI: https://doi.org/10.48550/arXiv.2111.02304

2021-11-03

Abstract:Many real-world situations of ethical and economic relevance, such as collective (in)action with respect to the climate crisis, involve not only diverse agents whose decisions interact in complicated ways, but also various forms of uncertainty, including both quantifiable risk and unquantifiable ambiguity. In such cases, an assessment of moral responsibility for ethically undesired outcomes or of the responsibility to avoid these is challenging and prone to the risk of under- or over determination. In contrast to existing approaches that employ notions of causation based on combinations of necessity and sufficiency or certain logics that focus on a binary classification of `responsible' vs `not responsible', we present a set of quantitative metrics that assess responsibility degrees in units of probability. To this end, we adapt extensive-form game trees as the framework for representing decision scenarios and evaluate the proposed responsibility functions based on the correct representation of a set of analytically assessed paradigmatic example scenarios. We test the best performing metrics on a reduced representation of a real-world decision scenario and are able to compute meaningful responsibility scores.

Physics and Society,Theoretical Economics

Daniel Kondor,Valerie Hafez,Sudhang Shankar,Rania Wazir,Fariba Karimi

DOI: https://doi.org/10.1098/rsta.2024.0109

2024-11-17

Philosophical Transactions of the Royal Society A Mathematical Physical and Engineering Sciences

Abstract:In this article, we identify challenges in the complex interaction between artificial intelligence (AI) systems and society. We argue that AI systems need to be studied in their socio-political context to be able to better appreciate a diverse set of potential outcomes that emerge from long-term feedback between technological development, inequalities and collective decision-making processes. This means that assessing the risks from the deployment of any specific technology presents unique challenges. We propose that risk assessments concerning AI systems should incorporate a complex systems perspective, with adequate models that can represent short- and long-term effects and feedback, along with an emphasis on increasing public engagement and participation in the process. This article is part of the theme issue ‘Co-creating the future: participatory cities and digital governance’.

multidisciplinary sciences

Georgios Bakirtzis,Tim Sherburne,Stephen Adams,Barry M. Horowitz,Peter A. Beling,Cody H. Fleming

DOI: https://doi.org/10.1007/s10270-021-00892-z

2021-06-01

Abstract:Abstract Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of “-ilities”, such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.

computer science, software engineering

Christel Baier,Sascha Klüppelholz,Johannes Lehmann

2024-12-07

Abstract:The enormous growth of the complexity of modern computer systems leads to an increasing demand for techniques that support the comprehensibility of systems. This has motivated the very active research field of formal methods that enhance the understanding of why systems behave the way they do. One important line of research within the verification community relies on formal notions that measure the degree of responsibility of different actors. In this paper, we first provide a uniform presentation of recent work on responsibility notions based on Shapley values for reactive systems modeled by transition systems and considering safety properties. The paper then discusses how to use these formal responsibility notions and corresponding algorithms for three different types of actor sets: the module-based notion serves to reason about the impact of system components on the satisfaction or violation of a safety property. Responsibility values for value-based actor sets and action-based actors allow for the identification of program instructions and control points that have the most influence on a specification violation. Beyond the theoretical considerations, this paper reports on experimental results that provide initial insights into applicability and scalability.

Formal Languages and Automata Theory

Nancy Leveson,Nicolas Dulac,Karen Marais,John Carroll

DOI: https://doi.org/10.1177/0170840608101478

2009-02-01

Organization Studies

Abstract:In this century society faces increasingly large-scale accidents and risks emerging from our own wondrous technologies. Two prominent organizational approaches to safety, Normal Accident Theory and High Reliability Organizations, have focused attention on a variety of industries that deal with hazardous situations, developed concepts to explicate organizational structure and culture, and debated whether accidents are inevitable in complex systems. We outline these approaches and identify some limitations, including narrow definitions, ambiguity about key concepts, confusion of reliability and safety, and overly pessimistic or optimistic conclusions. We believe that the debate between NAT and HRO can become a more productive three-way conversation by including a systems approach to safety emerging from engineering disciplines. The more comprehensive systems approach clarifies the strengths and weaknesses of NAT and HRO and offers a more powerful repertoire of analytic tools and intervention strategies to manage and control post modern risk in complex, high-tech, systems with their potential for catastrophic disruptions and losses.

management

Nir Douer,Joachim Meyer

DOI: https://doi.org/10.1109/TASE.2020.2965466

2020-04-29

Abstract:Intelligent systems and advanced automation are involved in information collection and evaluation, in decision-making and in the implementation of chosen actions. In such systems, human responsibility becomes equivocal. Understanding human casual responsibility is particularly important when intelligent autonomous systems can harm people, as with autonomous vehicles or, most notably, with autonomous weapon systems (AWS). Using Information Theory, we develop a responsibility quantification (ResQu) model of human involvement in intelligent automated systems and demonstrate its applications on decisions regarding AWS. The analysis reveals that human comparative responsibility to outcomes is often low, even when major functions are allocated to the human. Thus, broadly stated policies of keeping humans in the loop and having meaningful human control are misleading and cannot truly direct decisions on how to involve humans in intelligent systems and advanced automation. The current model is an initial step in the complex goal to create a comprehensive responsibility model, that will enable quantification of human causal responsibility. It assumes stationarity, full knowledge regarding the characteristic of the human and automation and ignores temporal aspects. Despite these limitations, it can aid in the analysis of systems designs alternatives and policy decisions regarding human responsibility in intelligent systems and advanced automation.

Human-Computer Interaction,Artificial Intelligence

Tom P. Huck,Yuvaraj Selvaraj,Constantin Cronrath,Christoph Ledermann,Martin Fabian,Bengt Lennartson,Torsten Kröger

DOI: https://doi.org/10.48550/arXiv.2209.12560

2022-09-26

Abstract:Safety critical systems are typically subjected to hazard analysis before commissioning to identify and analyse potentially hazardous system states that may arise during operation. Currently, hazard analysis is mainly based on human reasoning, past experiences, and simple tools such as checklists and spreadsheets. Increasing system complexity makes such approaches decreasingly suitable. Furthermore, testing-based hazard analysis is often not suitable due to high costs or dangers of physical faults. A remedy for this are model-based hazard analysis methods, which either rely on formal models or on simulation models, each with their own benefits and drawbacks. This paper proposes a two-layer approach that combines the benefits of exhaustive analysis using formal methods with detailed analysis using simulation. Unsafe behaviours that lead to unsafe states are first synthesised from a formal model of the system using Supervisory Control Theory. The result is then input to the simulation where detailed analyses using domain-specific risk metrics are performed. Though the presented approach is generally applicable, this paper demonstrates the benefits of the approach on an industrial human-robot collaboration system.

Robotics

Luyao Niu,Hongchao Zhang,Dinuka Sahabandu,Bhaskar Ramasubramanian,Andrew Clark,Radha Poovendran

2024-10-27

Abstract:Multi-agent cyber-physical systems are present in a variety of applications. Agent decision-making can be affected due to errors induced by uncertain, dynamic operating environments or due to incorrect actions taken by an agent. When an erroneous decision that leads to a violation of safety is identified, assigning responsibility to individual agents is a key step toward preventing future accidents. Current approaches to carrying out such investigations require human labor or high degree of familiarity with operating environments. Automated strategies to assign responsibility can achieve a significant reduction in human effort and associated cognitive burden. In this paper, we develop an automated procedure to assign responsibility for safety violations to actions of any single agent in a principled manner. We base our approach on reasoning about safety violations in road safety. Given a safety violation, we use counterfactual reasoning to create alternative scenarios, showing how different outcomes could have occurred if certain actions had been replaced by others. We introduce the degree of responsibility (DoR) metric for each agent. The DoR, using the Shapley value, quantifies each agent's contribution to the safety violation, providing a basis to explain and justify decisions. We also develop heuristic techniques and methods based on agent interaction structures to improve scalability as agent numbers grow. We examine three safety violation cases from the National Highway Traffic Safety Administration (NHTSA). We run experiments using CARLA urban driving simulator. Results show the DoR improves the explainability of decisions and accountability for agent actions and their consequences.

Systems and Control

Peter Winter,John Downer,James Wilson,Dhaminda B Abeywickrama,Suet Lee,Sabine Hauert,Shane Windsor

DOI: https://doi.org/10.1111/risa.17632

2024-08-23

Abstract:The past decade has seen efforts to develop new forms of autonomous systems with varying applications in different domains, from underwater search and rescue to clinical diagnosis. All of these applications require risk analyses, but such analyses often focus on technical sources of risk without acknowledging its wider systemic and organizational dimensions. In this article, we illustrate this deficit and a way of redressing it by offering a more systematic analysis of the sociotechnical sources of risk in an autonomous system. To this end, the article explores the development, deployment, and operation of an autonomous robot swarm for use in a public cloakroom in light of Macrae's structural, organizational, technological, epistemic, and cultural framework of sociotechnical risk. We argue that this framework provides a useful tool for capturing the complex "nontechnical" dimensions of risk in this domain that might otherwise be overlooked in the more conventional risk analyses that inform regulation and policymaking.

Georgios Bakirtzis,Garrett L. Ward,Christopher J. Deloglos,Carl R. Elks,Barry M. Horowitz,Cody H. Fleming

DOI: https://doi.org/10.1109/DSN-S50200.2020.00021

2020-05-01

Abstract:Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design. Security by design is a necessity in the age of safety critical cyber-physical systems, where security violations can cause hazards. Currently, the overlap between security and safety is narrow. But deploying cyber-physical systems means that today's adversaries can intentionally trigger accidents. By implementing security assessment tools for modeling languages we are better able to address threats earlier in the system's lifecycle and, therefore, assure their safe and secure behavior in their eventual deployment. We posit that cyber-physical systems security modeling is practiced insufficiently because it is still addressed similarly to information technology systems.

Cryptography and Security,Systems and Control

Mario Gleirscher

DOI: https://doi.org/10.48550/arXiv.1904.10386

2019-04-23

Software Engineering

Abstract:Inspired by widely-used techniques of causal modelling in risk, failure, and accident analysis, this work discusses a compositional framework for risk modelling. Risk models capture fragments of the space of risky events likely to occur when operating a machine in a given environment. Moreover, one can build such models into machines such as autonomous robots, to equip them with the ability of risk-aware perception, monitoring, decision making, and control. With the notion of a risk factor as the modelling primitive, the framework provides several means to construct and shape risk models. Relational and algebraic properties are investigated and proofs support the validity and consistency of these properties over the corresponding models. Several examples throughout the discussion illustrate the applicability of the concepts. Overall, this work focuses on the qualitative treatment of risk with the outlook of transferring these results to probabilistic refinements of the discussed framework.

Michael D. Norman,Matthew T. K. Koehler,Matthew T.K. Koehler

DOI: https://doi.org/10.48550/arXiv.1706.08598

2017-06-19

Physics and Society

Abstract:In a world of ever-increasing systems interdependence, effective cybersecurity policy design seems to be one of the most critically understudied elements of our national security strategy. Enterprise cyber technologies are often implemented without much regard to the interactions that occur between humans and the new technology. Furthermore, the interactions that occur between individuals can often have an impact on the newly employed technology as well. Without a rigorous, evidence-based approach to ground an employment strategy and elucidate the emergent organizational needs that will come with the fielding of new cyber capabilities, one is left to speculate on the impact that novel technologies will have on the aggregate functioning of the enterprise. In this paper, we will explore a scenario in which a hypothetical government agency applies a complexity science perspective, supported by agent-based modeling, to more fully understand the impacts of strategic policy decisions. We present a model to explore the socio-technical dynamics of these systems, discuss lessons using this platform, and suggest further research and development.