Quantum resilience makes two very important claims. First, resilience cannot be characterized without recognizing both the system and the valued function it provides. Second, resilience is not about disturbances, insults, threats, or perturbations. To avoid crippling infinities, characterization of resilience must be accomplishable without disturbances in mind. In light of this, quantum resilience defines resilience as the extent to which a system delivers its valued functions, and characterizes resilience as a function of system productivity and complexity. System productivity vis-à-vis specified “valued functions” involves (1) the quanta of the valued function delivered, and (2) the number of systems (within the greater system) which deliver it. System complexity is defined structurally and relationally and is a function of a variety of items including (1) system-of-systems hierarchical decomposition, (2) interfaces and connections between systems, and (3) inter-system dependencies.
Among the important features of quantum resilience is that it can be implemented in any system engineering tool that provides sufficient design and specification rigor (i.e., one that supports standards like the Lifecycle and Systems Modeling languages and frameworks like the DoD Architecture Framework). Further, this can be accomplished with minimal software development and has been demonstrated in three model-based system engineering tools, two of which are commercially available, well-respected, and widely used. This pragmatic approach assures transparency and consistency in characterization of resilience in any discipline.
1) Falsification: given a CPS, and a property of interest that the CPS must satisfy under all allowed operating conditions, does the CPS violate, i.e. falsify, the property?
2) Conformance testing: given a model of a CPS, and an implementation of that CPS on an embedded platform, how can we characterize the properties satisfied by the implementation, given the properties satisfied by the model?
Both problems arise in the context of Model-Based Design (MBD) of CPS: in MBD, the designers start from a set of formal requirements that the system-to-be-designed must satisfy.
A first model of the system is created.
Because it may not be possible to formally verify the CPS model against the requirements, falsification tries to verify whether the model satisfies the requirements by searching for behavior that violates them.
In the first part of this dissertation, I present improved methods for finding falsifying behaviors of CPS when properties are expressed in Metric Temporal Logic (MTL).
These methods leverage the notion of robust semantics of MTL formulae: if a falsifier exists, it is in the neighborhood of local minimizers of the robustness function.
The proposed algorithms compute descent directions of the robustness function in the space of initial conditions and input signals, and provably converge to local minima of the robustness function.
The initial model of the CPS is then iteratively refined by modeling previously ignored phenomena, adding more functionality, etc., with each refinement resulting in a new model.
Many of the refinements in the MBD process described above do not provide an a priori guaranteed relation between the successive models.
Thus, the second problem above arises: how to quantify the distance between two successive models M_n and M_{n+1}?
If M_n has been verified to satisfy the specification, can it be guaranteed that M_{n+1} also satisfies the same, or some closely related, specification?
This dissertation answers both questions for a general class of CPS, and properties expressed in MTL.
The majority of trust research has focused on the benefits trust can have for individual actors, institutions, and organizations. This “optimistic bias” is particularly evident in work focused on institutional trust, where concepts such as procedural justice, shared values, and moral responsibility have gained prominence. But trust in institutions may not be exclusively good. We reveal implications for the “dark side” of institutional trust by reviewing relevant theories and empirical research that can contribute to a more holistic understanding. We frame our discussion by suggesting there may be a “Goldilocks principle” of institutional trust, where trust that is too low (typically the focus) or too high (not usually considered by trust researchers) may be problematic. The chapter focuses on the issue of too-high trust and processes through which such too-high trust might emerge. Specifically, excessive trust might result from external, internal, and intersecting external-internal processes. External processes refer to the actions institutions take that affect public trust, while internal processes refer to intrapersonal factors affecting a trustor’s level of trust. We describe how the beneficial psychological and behavioral outcomes of trust can be mitigated or circumvented through these processes and highlight the implications of a “darkest” side of trust when they intersect. We draw upon research on organizations and legal, governmental, and political systems to demonstrate the dark side of trust in different contexts. The conclusion outlines directions for future research and encourages researchers to consider the ethical nuances of studying how to increase institutional trust.
Mission aviation groups operate aircraft in areas with limited infrastructure. Existing airdrop methods pose significant risk due to their lack of steerability. This thesis details the development of Manna, a system built to address these concerns. Manna provides an automated, low cost, safe steerable delivery platform, through a custom designed parafoil and guidance unit. Flight tests and simulations show that Manna can provide a safer alternative for critical air deliveries.
Infrastructure is not static, but dynamic. Institutions play a significant role in designing, building, maintaining, and upgrading dynamic infrastructures. Institutions create the appearance of infrastructure stability while dynamically changing infrastructures over time, which is resilience work. The resilience work of different institutions and organizations sustains, recovers, adapts, reconfigures, and transforms the physical structure on short, medium, and long temporal scales.
To better understand and analyze the dynamics of sociotechnical infrastructure resilience, this research examines several case studies. The first is the social and institutional arrangements for the allocation of resources from Hoover Dam. This research uses an institutional analysis framework and draws on the institutional landscape of water and energy systems in Arizona. In particular, this research illustrates how institutions contribute to differing resilience work at temporal scales while fabricating three types of institutional threads: lateral, vertical, and longitudinal threads.
This research also highlights the importance of institutional interdependence as a critical challenge for improving infrastructure resilience. Institutional changes in one system can disrupt other systems’ performance. The research examines this through case studies that explore how changes to water governance impact the energy system in Arizona. Groundwater regulations affect the operation of thermoelectric power plants which withdraw groundwater for cooling. Generation turbines, droughts, and water governance are all intertwined via institutions in Arizona.
This research, finally, expands and applies the interdependence perspective to a case study of forest management in Arizona. In a nutshell, the perilous combination of chronic droughts and the engineering resilience perspective jeopardizes urban water and energy systems. Wildfires caused by dense forests have legitimized an institutional transition, from thickening forests to thinning trees in Arizona.
Through a qualitative, grounded theory analysis, this dissertation examines the phenomena of the students engaging in Luminosity’s model, who have demonstrated their ability to serve as the principal investigators and innovators in conducting substantial discovery, research, and innovation work through full project life cycles. This study supports a theory that highly talented students often feel limited by the pace and scope of their college educations, and yearn for experiences that motivate them with agency, achievement, mastery, affinity for colleagues, and a desire to impact society. Through the cumulative effect of these motivators and an organizational design that facilitates a bottom-up approach to student-driven innovation, Luminosity has established itself as a novel model of research and development in the collegiate space.