A. Benjamin Hocking- Doctor of Philosophy in Computer Science
- Principal Investigator at Dependable Computing
A. Benjamin Hocking
- Doctor of Philosophy in Computer Science
- Principal Investigator at Dependable Computing
About
35
Publications
11,725
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
136
Citations
Introduction
Current institution
Dependable Computing
Current position
- Principal Investigator
Publications
Publications (35)
Recent advances in artificial intelligence and machine learning may soon yield paradigm-shifting benefits for aerospace systems. However, complexity and possible continued on-line learning makes neural network control systems (NNCS) difficult or impossible to certify under the United States Military Airworthiness Certification Criteria defined in M...
This research considers the problem of identifying safety constraints and developing Run Time Assurance (RTA) for Deep Reinforcement Learning (RL) Tactical Autopilots that use neural network control systems (NNCS). This research studies a specific use case of an NNCS performing autonomous formation flight while an RTA system provides collision avoi...
This report details research into the construction of rationalized microstandards to guide and assure adequate reverse and reengineering of software modules for improved correctness. The microstandards included cover informal reverse engineering of a software module used by multiple systems, assurance through formal specification and proof, and ass...
While dimensional analysis is known to be useful in discovering potential logical inconsistency in scalar equations, there has not been significant effort to extend this analysis to vectors and matrices that use units. When vectors and matrices operate on measurements that contain units, dimensional analysis can uncover logical problems not just in...
Geometric algorithms can present significant challenges for formal methods. We describe the formalization and verification of an algorithm posing such challenges. Given two overlapping polygons A and B, the Polygon Merge algorithm derives a new polygon whose edges are outermost, partial edges of A and B. The algorithm has been verified to satisfy c...
Unit lemmas and a checklist of questions used to generate them can identify flaws in formal requirements and specifications early in the design process, reducing the overall cost and increasing confidence in the final product. We demonstrate how we can apply unit lemmas and the checklist to a tri-valued logic system.
To address the problem of assuring complex modern systems, we propose assurance driven development where the inferences of assurance are themselves directly tested. We refer to this as test-driven-assurance-based development, or TDABD. TDABD focuses development on continuously testable argument reasoning with incremental and improving delivery of i...
SPARK Ada's support for proofs of correctness make the programming language ideal for implementing a PVS specification. Algorithmically implementing a PVS specification in SPARK Ada allows users to maintain the rigor of PVS in executable code. The goal of such an implementation is to maintain the validity of the proofs showing the specification imp...
The kinds of systems we are building, and the ways we are building them, are evolving. This evolution is invalidating analyses and assumptions upon which we have relied as bases for design assurance, imposing a need for new criteria and means of compliance for many autonomy-enabling technologies. While significant investigation activity into assura...
Real-world applications often include large, empirically defined discrete-valued functions. When proving properties about these applications, the proof naturally breaks into one case per entry in the first function reached, and again into one case per entry in the next function, and continues splitting. This splitting yields a combinatorial explosi...
Software for which development artifacts are missing is increasingly common and difficult to avoid, including in embedded systems. The lack of development artifacts leaves doubt about whether the software possesses critical security properties and makes enhancement of the software extremely difficult. Embedded systems often have strict resource res...
Establishing properties of binary programs by proof is a desirable goal when the properties of interest are crucial, such as those that arise in safety- and security-critical applications. Practical development of proofs for binary programs requires a substantial infrastructure to disassemble the program, define the machine semantics, and actually...
Model-based development of software using tools such as MathWorks Simulink has become common in the engineering of safety-critical systems. When working with Simulink, engineers need to be able to assure that the subject models possess crucial properties such as: (1) safety properties are met, (2) the use of measurement units is consistent, (3) fre...
Real-world types, machine-world types, and their correspondence capture critical information about how a cyber-physical system is situated with respect to its environment. Formal analysis of systems necessarily abstracts away some details of the real-world in creating models of how the environment and system of interest interact. However, this abst...
Software verification is a critical component of software development. Software verification techniques include different forms of testing, inspection, static analysis, and formal verification. Formal verification offers the advantage that it corresponds, at least informally, to testing all possible paths through the software.
There are two primar...
We introduce the concept of constrained equivalence of models in model-based development and present a proof technology for establishing constrained equivalence for models documented in Math Works Simulink. We illustrate the approach using a simple model of an automobile anti-lock braking system.
SCT is a safety case toolkit designed to support the development and maintenance of safety cases for large, safety-critical systems. SCT supports safety case development by providing facilities to manage the file structure associated with the safety case, editors for various notations including GSN, and a build system that creates a custom web site...
ISO 26262 is a safety standard for electrical and/or electronic systems in automobiles and includes specific requirements for software. Compliance with the standard requires a safety case. In this paper we present an approach to structuring a software assurance case that complies with ISO 26262 and argues explicitly that the subject software meets...
An example system is executable by one or more processors to retrieve a development model and a production model; translate the development model and the production model into formal specifications; generate a set of theorems for checking constrained equivalence between the development model and the production model; combine formal specification of...
The objective of this investigation was to develop an innovative methodology for life and reliability prediction of hot-section components in advanced turbopropulsion systems. A set of three generic time-dependent crack growth models was implemented and integrated into the DARWIN® probabilistic life-prediction code. Using the enhanced risk analysis...
The Levy model is a neural network model of the CA3 region of the hippocampus. Previous work with the Levy model has shown success in modeling such hippocampally dependent tasks as trace conditioning, configural learning, spatial navigation, and sequence learning. Learning these tasks require network-scale behavior over simulated timescales of minu...
Introducing theta-modulated input into a minimal model of the CA3 region of the hippocampus has significant effects on gamma oscillations. In the absence of theta-modulated input, the gamma oscillations are robust across a range of parameters. Introducing theta-modulated input weakens the gamma oscillations to a power more consistent with power spe...
A minimal model of the CA3 region of the hippocampus produces gamma oscillations. These oscillations exist across a broad range of conditions. For instance, the oscillations exist in the presence or absence of external input. Additionally, quantal synaptic failures do not eliminate the gamma oscillations. More importantly, there is a sensitivity to...
This paper introduces a generic theoretical framework for predictive learning, and relates it to data-driven and learning applications in earth and environmental sciences. The issues of data quality, selection of the error function, incorporation of ...
A model of hippocampal function, centered on region CA3, reproduces many of the cognitive and behavioral functions ascribed to the hippocampus. Where there is precise stimulus control and detailed quantitative data, this model reproduces the quantitative behavioral results. Underlying the model is a recoding conjecture of hippocampal computational...
The function of the CA3 region of the hippocampus can be explained in terms of a sequence predicting recoder. For the CA3 to act as a neural prediction device, each CA3 neuron must also act as a predictor. Thus, such neurons, as prediction devices, compute something that might approximate a conditional probability. In particular, we conjecture that...
This report is a compendium of results uncovered in CS 851, spring semester 2002.
Three new metrics are proposed as possible solutions to Einstein’s equations of general relativity. The motivation for the general form these metrics should take is explained, and a linear approximation is derived from the motivation. From this linear approximation, the new metrics are suggested. The new metrics are then used to calculate gravitati...
Questions
Question (1)
My general research area is in formal methods (computer science), but I recently did some work that is more general than just CS, related to Kalman filters, but really generally applicable to analysis of matrices that contain unit information (e.g., Newtons, Pascals, m/s, etc.). Generally when people discuss dimensional (or unit) analysis they're considering scalar values, but this research involves matrices with heterogeneous unit information. Does anyone have an opinion on what would be a good venue for submitting a paper on a topic like that?
