Development  of Secure and Safe

Multi-Robot Systems

The SESAME project is developing advanced technologies that will deliver an open, modular, configurable, model-based approach for the systematic engineering of dependable multi-robot systems.


Challenges in Developing Multi-Robot Systems

1. Multiple Dimensions of Uncertainty

2. Complicated Configuration Tools

3. Safety and Security Interdependency

4. Reliability and Resilience


The heart of the project innovations is a model-based approach where SESAME models are automatically composable and are also algorithmically analysable both at design-time and run-time. SESAME further advances multi-robot systems engineering by providing:

  • Domain-specific languages to hide the complexity and intricacies of robotic simulators and platforms

  • Machine Learning based libraries of well-designed scenarios that are adaptable and reusable across applications

  • Design-time analysis of safety and security via composition, reuse and automated analysis

  • Novel safety and security assurance achieved by shifting part of the assurance to runtime

  • Seamless (re)configuration at design and runtime

Multi-robot systems will be capable of operating dependably in open configurations, and in conditions of uncertainty that include the possibility of cyber-attacks.

Key SESAME Technology Innovations

SESAME builds on a novel and advanced synthesis of the state-of-the-art in model-based development, nature-inspired technologies, and AI data-driven techniques. Model-based techniques are used to capture pertinent engineering knowledge and assumptions about multi-robot system operation, failures and their effects, in verifiable and executable at runtime models that can be used to assess, verify and ensure security and safety. Two key technology advances that will be developed in the project are Executable Scenarios (ExSce) and Executable Digital Dependability Identities (EDDI).

Executable Scenarios

Executable Scenarios (ExSces) are model-based narrative descriptions of robotic missions guiding the design, development, configuration and deployment of multi-robot systems. ExSces simplify multi-robot system configuration by using domain-specific languages to hide the complexity and intricacies of robotic simulators and platforms, and are generalisable via machine learning thereby providing libraries of well-designed scenarios adaptable and reusable across applications, and able to exploit past knowledge and experience.

Executable Digital Dependability Identities

Executable Digital Dependability Identities (EDDI) are model-based artefacts spanning the multi-robot system lifecycle that carry verifiable dependability models of their reference robotic systems produced at design-time based on ExSce, capturing safety and security hazards, their causes, effects and possible corrective actions. EDDIs are executed at runtime alongside MRS and steer dynamic dependability management via event monitoring, runtime diagnostics, risk prediction, and recovery planning.


European Industrial Impacts

New methods for robust multi-robot systems capabilities

New model-based languages and methods to manage multi-robot systems missions

New methods for safety and security specification of multi-robot systems

New intelligent methods and tools for quality assurance of multi-robot systems

New multifaceted methods for runtime dependability management of multi-robot systems

Accuracy: The accuracy of robot self-localization will be improved by combining data from multiple sensors from multiple robots (i.e. collaborative
sensor-fusion) compared to using only sensors of a single robot.

Robustness: The collaborative intelligence algorithms will increase the multi-robot system robustness and enable the robotic team to cope with more severe
failures than is currently possible.

Efficiency: Novel perception-aware trajectory planning will reduce the time required for task execution by multi-robot systems.

Performance: The effort required to collect, describe and verify requirements of a multi-robot system using the SESAME executable scenario approach will be reduced compared to current manual and semi-automated state-of-practice.

Tailorability: The scenario workbench can be instantiated for performing scenario specification, verification and management.

Safety: The SESAME safety analysis will improve the coverage of hazards, especially those related to emergent behaviour and uncertainty, and will expand the scope of assurance to cover previously unaddressed hazards.

Security: Analysis techniques will increase coverage of cyber risks compared to the current state of practice in threat modelling and vulnerability analysis and extend the scope of robotics security assurance.

Productivity: Ease of design-time safety and security analysis through automation and reusability of safety and security models across applications will result in a reduction of effort in safety analysis compared to the current state-of-practice.

Testability: Engineers will be able to test the robustness and resilience of substantially more scenarios and test cases using the SESAME quality assurance framework compared to physical testing, which is the current state-of-practice.

Adaptability: The capacity of the developed methods to adapt the multi-robot systems based on the observed conditions at runtime will enable substantial performance gains when compared to the worst-case assumed conditions for
safety and security concerns.

Explainability: The use of Explainable AI and digital twin techniques will significantly reduce the time to trace failures back to assumed or newly identified root causes compared to state-of-the-art.