Ensuring the safety of control systems often requires the satisfaction of constraints on states (such as position or velocity), control inputs (such as force), and a mixture of states and inputs (such as power that depends on both velocity and force). This paper presents a safety-critical control framework for enforcing mixed state-input constraints through a generalization of backup control barrier functions (backup CBFs). First, we extend the backup CBF approach to maintain multiple decoupled state and input constraints using a single backup set-backup controller pair. Second, we address mixed state-input constraints by converting them into state constraints using a projection from the state-input space to the state space along the backup controller. In the special case of decoupled state and input constraints, the proposed method simplifies the synthesis of backup CBFs by eliminating the need for saturating backup control laws. Finally, we demonstrate the efficacy of the proposed method on an inverted pendulum example, where constraints on the angle (state), torque (input), and power (mixture of state and input) are satisfied simultaneously.
This paper revisits three backup-based safety filters -- Backup Control Barrier Functions (Backup CBF), Model Predictive Shielding (MPS), and gatekeeper -- through a unified comparative framework. Using a common safety-filter abstraction and shared notation, we make explicit both their common backup-policy structure and their key algorithmic differences. We compare the three methods through their filter-inactive sets, i.e., the states where the nominal policy is left unchanged. In particular, we show that MPS is a special case of gatekeeper, and we further relate gatekeeper to the interior of the Backup CBF inactive set within the implicit safe set. This unified view also highlights a key source of conservatism in backup-based safety filters: safety is often evaluated through the feasibility of a backup maneuver, rather than through the nominal policy's continued safe execution. The paper is intended as a compact tutorial and review that clarifies the theoretical connections and differences among these methods.
Residential batteries increasingly serve two roles: they can earn money by arbitraging wholesale prices and providing grid services, and they provide backup power during outages. This dual use creates a basic tradeoff between earning market value and preserving outage readiness. Coordination across many batteries can help, but a provider cannot treat the fleet as a single virtual battery when each household is promised its own backup protection. We compare standalone control, in which each home is dispatched independently, with pooling, in which homes are coordinated while each battery retains its own state of charge and household-specific backup requirement. Both regimes are implemented as model predictive control problems with 15-minute decision intervals and evaluated using household telemetry together with ERCOT market inputs. The empirical design focuses on the 543 homes in our sample that can support at least one backup product in standalone operation and studies backup caps ranging from 2 to 24 hours. Lower caps relax backup obligations, while the 24-hour cap coincides with assigning each home its own longest feasible backup tier. Pooling remains beneficial in this service-c
Guaranteeing the safety of nonlinear systems with bounded inputs remains a key challenge in safe autonomy. Backup control barrier functions (bCBFs) provide a powerful mechanism for constructing controlled invariant sets by propagating trajectories under a pre-verified backup controller to a forward invariant backup set. While effective, the standard bCBF method utilizes the same backup controller for both set expansion and safety certification, which can restrict the expanded safe set and lead to conservative dynamic behavior. In this study, we generalize the bCBF framework by separating the set-expanding controller from the verified backup controller, thereby enabling a broader class of expansion strategies while preserving formal safety guarantees. We establish sufficient conditions for forward invariance of the resulting implicit safe set and show how the generalized construction recovers existing bCBF methods as special cases. Moreover, we extend the proposed framework to parameterized controller families, enabling online adaptation of the expansion controller while maintaining safety guarantees in the presence of input bounds.
Ransomware continues encrypting files during the delay between attack onset and detection. ROFBS mitigates this problem by backing up pre-modification files in real time upon file-open events. However, because the Linux file-open path traverses multiple kernel functions, it remains unclear how the choice of hook point affects defense effectiveness. In this study, we kept the ROFBS mechanism fixed and changed only the hook points on the Linux file-open path. We compared may_open, inode_permission, do_dentry_open, security_file_open, and xfs_file_open on AlmaLinux with XFS using three ransomware families: AvosLocker, Conti, and IceFire. We used Backup Ratio as the main metric and also compared the number of encrypted files with backups and the total number of encrypted files. The results showed that hook-point selection substantially affected both recoverability and damage scale. For AvosLocker, security_file_open achieved the highest Backup Ratio (82.5%). For Conti and IceFire, xfs_file_open achieved the highest values (100.0% and 63.2%, respectively). Moreover, xfs_file_open minimized the total number of encrypted files for all three ransomware families. These results indicate that
This study introduces ROFBS$α$, a new defense architecture that addresses delays in detection in ransomware detectors based on machine learning. It builds on our earlier Real Time Open File Backup System, ROFBS, by adopting an asynchronous design that separates backup operations from detection tasks. By using eBPF to monitor file open events and running the backup process independently, the system avoids performance limitations when detection and protection contend for resources. We evaluated ROFBS$α$ against three ransomware strains, AvosLocker, Conti, and IceFire. The evaluation measured the number of files encrypted, the number of files successfully backed up, the ratio of backups to encrypted files, and the overall detection latency. The results show that ROFBS$α$ achieves high backup success rates and faster detection while adding minimal extra load to the system. However, defending against ransomware that encrypts files extremely quickly remains an open challenge that will require further enhancements.
This paper presents a safety-critical control framework to maintain bounded lateral motions for vehicles braking on asymmetric surfaces. We synthesize a brake controller that assists drivers and guarantees safety against excessive lateral motions (i.e., prevents the vehicle from spinning out) while minimizing the stopping distance. We address this safety-critical control problem in the presence of input constraints, since braking forces are limited by the available friction on the road. We use backup control barrier functions for safe control design. As this approach requires the construction of a backup set and a backup controller, we propose a novel, systematic method to creating valid backup set-backup controller pairs based on feedback linearization and continuous-time Lyapunov equations. We use simple examples to demonstrate our proposed safety-critical control method. Finally, we implement our approach on a four-wheel vehicle model for braking on asymmetric surfaces and present simulation results.
We study feasibility guarantees for safety filters developed using Control Barrier Functions (CBFs) when a safe set is defined using the pointwise minimum of continuously differentiable functions, a construction that is common for the backup CBF (BCBF) method and typically nonsmooth. We replace the minimum by its log-sum-exp (soft-min) smoothing and show that, under a strict safety condition, the smooth function becomes a CBF (or extended CBF) for a range of the smoothing parameter. For compact safe sets, we derive an explicit lower bound on the smoothing parameter that makes the smooth function a CBF and hence renders the corresponding safety constraint feasible. For unbounded sets, we introduce tail conditions under which the smooth function satisfies an extended CBF condition uniformly. Finally, we apply these results to BCBFs. We show that safety of a compact (terminal) backup set under a backup controller, together with a condition ensuring safety of the backup trajectories on the relevant boundary of the safe set, is sufficient for constraint feasibility for BCBFs. These results provide a recipe for a priori feasibility guarantees for smooth inner approximations of nonsmooth
Backup storage systems often remove redundancy across backups via inline deduplication, which works by referring duplicate chunks of the latest backup to those of existing backups. However, inline deduplication degrades restore performance of the latest backup due to fragmentation, and complicates deletion of ex- pired backups due to the sharing of data chunks. While out-of-line deduplication addresses the problems by forward-pointing existing duplicate chunks to those of the latest backup, it introduces additional I/Os of writing and removing duplicate chunks. We design and implement RevDedup, an efficient hybrid inline and out-of-line deduplication system for backup storage. It applies coarse-grained inline deduplication to remove duplicates of the latest backup, and then fine-grained out-of-line reverse deduplication to remove duplicates from older backups. Our reverse deduplication design limits the I/O overhead and prepares for efficient deletion of expired backups. Through extensive testbed experiments using synthetic and real-world datasets, we show that RevDedup can bring high performance to the backup, restore, and deletion operations, while maintaining high storage effici
Designing safe controllers is crucial and notoriously challenging for input-constrained safety-critical control systems. Backup control barrier functions offer an approach for the construction of safe controllers online by considering the flow of the system under a backup controller. However, in the presence of model uncertainties, the flow cannot be accurately computed, making this method insufficient for safety assurance. To tackle this shortcoming, we integrate backup control barrier functions with uncertainty estimators and calculate the flow under a reconstruction of the model uncertainty while refining this estimate over time. We prove that the controllers resulting from the proposed Uncertainty Estimator Backup Control Barrier Function (UE-bCBF) approach guarantee safety, are robust to unknown disturbances, and satisfy input constraints.
Ensuring robot safety in complex environments is a difficult task due to actuation limits, such as torque bounds. This paper presents a safety-critical control framework that leverages learning-based switching between multiple backup controllers to formally guarantee safety under bounded control inputs while satisfying driver intention. By leveraging backup controllers designed to uphold safety and input constraints, backup control barrier functions (BCBFs) construct implicitly defined control invariance sets via a feasible quadratic program (QP). However, BCBF performance largely depends on the design and conservativeness of the chosen backup controller, especially in our setting of human-driven vehicles in complex, e.g, off-road, conditions. While conservativeness can be reduced by using multiple backup controllers, determining when to switch is an open problem. Consequently, we develop a broadcast scheme that estimates driver intention and integrates BCBFs with multiple backup strategies for human-robot interaction. An LSTM classifier uses data inputs from the robot, human, and safety algorithms to continually choose a backup controller in real-time. We demonstrate our method's
Due to the increasing security standards of modern smartphones, forensic data acquisition from such devices is a growing challenge. One rather generic way to access data on smartphones in practice is to use the local backup mechanism offered by the mobile operating systems. We study the suitability of such mechanisms for forensic data acquisition by performing a thorough evaluation of iOS's and Android's local backup mechanisms on two mobile devices. Based on a systematic and generic evaluation procedure comparing the contents of local backup to the original storage, we show that in our exemplary practical evaluations, in most cases (but not all) local backup actually yields a correct copy of the original data from storage. Our study also highlights corner cases, such as database files with pending changes, that need to be considered when assessing the integrity and authenticity of evidence acquired through local backup.
Verifying the safety of controllers is critical for many applications, but is especially challenging for systems with bounded inputs. Backup control barrier functions (bCBFs) offer a structured approach to synthesizing safe controllers that are guaranteed to satisfy input bounds by leveraging the knowledge of a backup controller. While powerful, bCBFs require solving a high-dimensional quadratic program at run-time, which may be too costly for computationally-constrained systems such as aerospace vehicles. We propose an approach that optimally interpolates between a nominal controller and the backup controller, and we derive the solution to this optimization problem in closed form. We prove that this closed-form controller is guaranteed to be safe while obeying input bounds. We demonstrate the effectiveness of the approach on a double integrator and a nonlinear fixed-wing aircraft example.
Data backup is a core technology for improving system resilience to system failures. Data backup in enterprise systems is required to minimize the impacts on business processing, which can be categorized into two factors: system slowdown and downtime. To eliminate system slowdown, asynchronous data copy (ADC) technology is prevalent, which copies data asynchronously with original data updates. However, the ADC can collapse backup data when applied to enterprise systems with multiple resources. Then, the demonstration system employed consistency group technology, which makes the order of data updates the same between the original and backup data. In addition, we developed a container platform operator to unravel the complicated correspondence between storage volumes and applications. The operator automates the configuration of the ADC with the setting of consistency groups. We integrated the storage and container technologies into the demonstration system, which can eliminate both system slowdown and downtime.
Job scheduling under various constraints to achieve global optimization is a well-studied problem. However, in scenarios that involve time-dependent constraints, such as scheduling backup jobs, achieving global optimization may not always be desirable. This paper presents a framework for scheduling new backup jobs in the presence of existing job schedules, focusing on satisfying intent-based constraints without disrupting current schedules. The proposed method accommodates various scheduling intents and constraints, and its effectiveness is validated through extensive testing against a variety of backup scenarios on real-world data from Veritas Netbackup customer policies.
This paper presents a systematic approach to construct control barrier functions for nonlinear control affine systems subject to arbitrary state and input constraints. Taking inspiration from the reference governor literature, the proposed method defines a family of backup policies, parametrized by the equilibrium manifold of the system. The control barrier function is defined on the augmented state-and-reference space: given a state-reference pair, the approach quantifies the distance to constraint violation at any time in the future. The proposed method is applied to an inverted pendulum on cart.
This paper introduces the reinforcement learning backup shield (RLBUS), an algorithm that guarantees safe exploration in reinforcement learning (RL) by incorporating backup control barrier functions (BCBFs). RLBUS constructs an implicit control forward invariant subset of the safe set using multiple backup policies, ensuring safety in the presence of input constraints. While traditional BCBFs often result in conservative control forward-invariant sets due to the design of backup controllers, RLBUS addresses this limitation by leveraging model-free RL to train an additional backup policy, which enlarges the identified control forward invariant subset of the safe set. This approach enables the exploration of larger regions in the state space with zero safety violations during training. The effectiveness of RLBUS is demonstrated on an inverted pendulum example, where the expanded invariant set allows for safe exploration over a broader state space, enhancing performance without compromising safety.
The backup control barrier function (CBF) was recently proposed as a tractable formulation that guarantees the feasibility of the CBF quadratic programming (QP) via an implicitly defined control invariant set. The control invariant set is based on a fixed backup policy and evaluated online by forward integrating the dynamics under the backup policy. This paper is intended as a tutorial of the backup CBF approach and a comparative study to some benchmarks. First, the backup CBF approach is presented step by step with the underlying math explained in detail. Second, we prove that the backup CBF always has a relative degree 1 under mild assumptions. Third, the backup CBF approach is compared with benchmarks such as Hamilton Jacobi PDE and Sum-of-Squares on the computation of control invariant sets, which shows that one can obtain a control invariant set close to the maximum control invariant set under a good backup policy for many practical problems.
Data backup in data center networks (DCNs) is critical to minimize the data loss under disaster. This paper considers the cost-efficient data backup for DCNs against a disaster with $\varepsilon$ early warning time. Given geo-distributed DCNs and such a $\varepsilon$-time early warning disaster, we investigate the issue of how to back up the data in DCN nodes under risk to other safe DCN nodes within the $\varepsilon$ early warning time constraint, which is significant because it is an emergency data protection scheme against a predictable disaster and also help DCN operators to build a complete backup scheme, i.e., regular backup and emergency backup. Specifically, an Integer Linear Program (ILP)-based theoretical framework is proposed to identify the optimal selections of backup DCN nodes and data transmission paths, such that the overall data backup cost is minimized. Extensive numerical results are also provided to illustrate the proposed framework for DCN data backup.
We evaluate the resource efficiency of Mode Group Division Multiplexing (MGDM) with shared path protection (SPP) in optical networks. On our case studies, SPP with MGDM obtains significant savings in terms of both additional backup spectrum occupation and MIMO-computing resources compared to other few-mode-transmission scenarios.