# Answer to Holger about Excellence initiative and accountability > Lieber Martina, Kathrin, Anne, > > You handed in the idea "Accountability of cyber-physical feedback control systems" in the early round of the ExStra-AI call. > > Here is a brief reaction: The idea is very much appreciated, and we would like to encourage you to work this out more. The link to accountability ("these things are getting very complex, so we better invest in correct-by-construction, hierarchy, and explanation") is a bit generic, but it is understood that the topic is important and needs to be addressed. > > We are especially interested in learning what a first concrete step might be that leverages synergies (regardless of the accountability spin really). We are currently starting three concrete cooperative research projects leveraging synergies of our expertise: 1. Anne & Martina -- participants: Satya (PhD student, Anne), Nils (PhD student, Martina) Here, we utilize game solving techniques from the formal methods community to synthesize reliable scheduling policies in real-time control systems. So far we have build an abstraction of the underlying scheduling problem to fit the formal methods context. We are currently looking for concrete real-world examples to determine the correct specification mechanism which is rich enough to encapsulate all relevant aspects of the real-time scheduling problem in the abstract synthesis task. We plan to submit this work to RTAS (deadline October 22). The final goal of this work is to move from single processes to multi-process scenarios where we can combine recent results from Anne's group on automatic design of most permissive contracts and recent results form Martina's group on enforcing computation termination by occasionally executing critical processes in the Trusted Execution Environment (TEE). Computing in a trusted execution environment is more costly, in terms of execution delays and cost for the execution. However, being able to execute the control process in a trusted execution environment and switch between normal and trusted execution is a fundamental building block of accountable systems, as it allows us to enforce the needed degree of safety. This will significantly enhance the state of the art in this domain w.r.t. accountability, as it ensures stability and performance of all processes despite physical and cyber disturbances interacting with them by a mostly local and thereby very robust scheduling scheme. 2. Anne & Kathrin -- participants: Nazerke (intern, Anne), Matheus (PhD student, Kathrin) Here, we integrate particular classes of motion primitives developed in Kathrin's group with game solving techniques developed in Anne's group to make motion-primitive based control of complex CPS resilient against logical disturbances. On a conceptual level, that requires moving from planning-based approaches to game-based synthesis techniques. Motion primitives allow to quantize the continuous-time dynamics of the physical system. Concretely, we are currently working on an autonomous driving example and a robot arm manipulator, where the system has to chaise a target which is subject to re-location while ensuring strong safety guarantees w.r.t. occurring obstacles. Here, the relocation of the target and the occurrence of obstacles are modeled as a logical disturbances. The fundamentally new contribution of this research is to use particular motion primitives developed in Kathrin's group which will allow to solve this problem without brute-force discretization giving smooth natural behaviors of the robots with very strong reliability guarantees. We are planning to implement the solution of this problem on a real robot arm available at MPI-SWS to allow humans as disturbance generators -- both as obstacles and as target re-locators. This showcases the importance of this work in terms of accountability, as it ensures safe and predictable co-working environments of humans and robots. While proven safety guarantees have to be given in the logical setting, considering system dynamics allows to design control systems that act intuitively to a human's perspective in the real world. We plan to submit a first version of this work to HSCC (deadline October 22). 3. Kathrin & Martina -- participants: Paolo (postdoc, Martina), Markus (PhD student, Kathrin) Model predictive control (MPC) allows systems to not only be regulated with respect to events that can happen in the execution environment, but also to calculate optimal trajectories that drive these systems. In particular, the receding horizon principle allows the controller to both optimize and react to disturbances and unpredictable events that occur in the physical environment. When faults are a reality and have to be tolerated, the control signals calculated by model predictive controllers can be used to replace a fresh control signal when the controller does not execute on time. Therefore, MPC is a technique that imitates key structures in human behavior, i.e. disturbance reaction and thrive for optimization. We plan to investigate both theoretical and practical limitations of the reuse of control signals calculated by model predictive controllers when the controller cannot act unhindered in the physical environment due to computational faults or security attacks. Control systems which are designed by the MPC paradigm and which can reuse past computation, if, e.g., suddenly the current calculation does not terminate, will show an improved reliability. Thereby, we develop computational design strategies for safe, predictable, and reliable control systems within the area of accountable informatics. We envision the first results to be submittable to CDC or ECRTS, depending on whether the spin is more on the control side or on the real-time systems side, both with submission deadline in March 2023. 4. Long-term perspective In the long term, the three projects are envisioned to merge, such that all developed techniques can be integrated, aiming for a fully accountable control software stack. While we utilize synergies of currently employed students/Post Docs in the beginning, we plan to define full research topics (for new PhD students or Post Docs to be hired) within the three areas based on the outcomes of the current research.