Cyber-physical systems (CPS) are subject to environmental uncertainties such as adverse operating conditions, malicious attacks, and hardware degradation. These uncertainties may lead to failures that put the system in a sub-optimal or unsafe state. Systems that are resilient to such uncertainties rely on two types of operations: (1) graceful degradation, to ensure that the system maintains an acceptable level of safety during unexpected environmental conditions and (2) recovery, to facilitate the resumption of normal system functions. Typically, mechanisms for degradation and recovery are developed independently from each other, and later integrated into a system, requiring the designer to develop an additional, ad-hoc logic for activating and coordinating between the two operations. In this paper, we propose a self-adaptation approach for improving system resiliency through automated triggering and coordination of graceful degradation and recovery. The key idea behind our approach is to treat degradation and recovery as requirement-driven adaptation tasks: Degradation can be thought of as temporarily weakening original (i.e., ideal) system requirements to be achieved by the system, and recovery as strengthening the weakened requirements when the environment returns within an expected operating boundary. Furthermore, by treating weakening and strengthening as dual operations, we argue that a single requirement-based adaptation method is sufficient to enable coordination between degradation and recovery. Given system requirements specified in signal temporal logic (STL), we propose a run-time adaptation framework that performs degradation and recovery in response to environmental changes. We describe a prototype implementation of our framework and demonstrate the feasibility of the proposed approach using a case study in unmanned underwater vehicles.

翻译：信息物理系统（CPS）易受不利运行条件、恶意攻击及硬件退化等环境不确定性的影响。这些不确定性可能导致系统陷入次优或非安全状态的故障。具有鲁棒性的系统依赖于两种操作：（1）优雅降级——确保在意外环境下维持可接受的安全水平；（2）恢复——促进正常系统功能的恢复。通常，降级与恢复机制相互独立开发，后续集成时需设计者额外开发激活与协调两者的特定逻辑。本文提出一种通过自动化触发与协调优雅降级和恢复来提升系统鲁棒性的自适应方法。该方法的核心思想是将降级与恢复视为需求驱动的自适应任务：降级可理解为系统临时弱化原有（即理想）的系统需求，而恢复则是当环境回到预期运行边界时强化被弱化的需求。通过将弱化与强化视为对偶操作，我们论证单一基于需求的自适应方法足以实现降级与恢复的协调。基于以信号时态逻辑（STL）形式化的系统需求，本文提出一种运行时自适应框架，使其能根据环境变化执行降级与恢复。我们描述了该框架的原型实现，并通过无人水下航行器案例研究验证了方法的可行性。