Cyber-physical systems (CPS) are subject to environmental uncertainties such as adverse operating conditions, malicious attacks, and hardware degradation. These uncertainties may lead to failures that put the system in a sub-optimal or unsafe state. Systems that are resilient to such uncertainties rely on two types of operations: (1) graceful degradation, to ensure that the system maintains an acceptable level of safety during unexpected environmental conditions and (2) recovery, to facilitate the resumption of normal system functions. Typically, mechanisms for degradation and recovery are developed independently from each other, and later integrated into a system, requiring the designer to develop an additional, ad-hoc logic for activating and coordinating between the two operations. In this paper, we propose a self-adaptation approach for improving system resiliency through automated triggering and coordination of graceful degradation and recovery.The key idea behind our approach is to treat degradation and recovery as requirement-driven adaptation tasks: Degradation can be thought of as temporarily weakening an original (i.e., ideal) system requirement to be achieved by the system, and recovery as strengthening the weakened requirement when the environment returns within an expected operating boundary. Furthermore, by treating weakening and strengthening as dual operations, we argue that a single requirement-based adaptation method is sufficient to enable coordination between degradation and recovery. Given system requirements specified in signal temporal logic (STL), we propose a run-time adaptation framework that automatically performs degradation and recovery in response to environmental changes. We describe a prototype implementation of our framework and demonstrate the feasibility of the proposed approach using a case study in unmanned underwater vehicles (UUVs).

翻译：信息物理系统（CPS）面临恶劣运行条件、恶意攻击和硬件退化等环境不确定性。这些不确定性可能导致系统进入次优或不安全状态的故障。能够抵御此类不确定性的系统依赖两种操作：(1) 优雅降级——确保系统在意外环境条件下仍能维持可接受的安全水平；(2) 恢复——促进系统恢复正常功能。通常情况下，降级与恢复机制是相互独立开发的，随后再集成到系统中，这要求设计者额外开发一种临时逻辑来激活并协调这两种操作。本文提出一种通过自动化触发与协调优雅降级和恢复来提升系统韧性的自适应方法。该方法的核心思想是将降级和恢复视为需求驱动的自适应任务：降级可被视为暂时弱化系统需实现的原始（即理想）需求，而恢复则是在环境回归预期运行边界时强化已弱化的需求。此外，通过将弱化与强化视为对偶操作，我们认为单一基于需求的自适应方法即可实现降级与恢复的协调。基于以信号时序逻辑（STL）表示的系统需求，我们提出一种运行时自适应框架，能够根据环境变化自动执行降级与恢复。我们描述了该框架的原型实现，并通过无人水下航行器（UUV）案例研究验证了所提出方法的可行性。