Zimmermann is part of the DIREC project Verifiable and Safe AI for Autonomous Systems. The aim of the project is to develop methods and tools for safety critical systems within a variety of domains. Here, he works on understanding the foundations of correct and secure systems.

Can you tell about your research area?
Software and embedded systems are everywhere in our daily lives, from medical devices to aircrafts and the airbags in our cars. These software systems are often very complex, and it is challenging to develop correct systems. Therefore, we need verification software that can check such systems for errors.

The news is full of stories of potential vulnerabilities in software and embedded systems. Some of these vulnerabilities have been there for several years and are very hard to find. They might not be seen in daily use – only when you try to exploit a system.

It is even more pronounced when you look at distributed systems made up of several components interacting with each other. Like a website for the seat reservation system in a cinema where you click on the seat, which you want to book, while others do it at the same time. The system must be able to deal with many concurrent requests. Verification tries to automate the reasoning and automatically proves that the system is correct and safe.

How can we make these systems more secure?
Personally, I am interested in viewing this as a kind of game. I want to design a system that lives in an environment, so I understand this as a game between the system and the environment. The system wants to satisfy a certain property and the environment wants to break the system. And by that game-view you can get very strong guarantees.

It’s very hard to get complex systems correct. And if you have a safety-critical system you need those guarantees to be obtained by verification software. If you employ software that controls an airbag, then you want to be sure that it works correctly. It’s easy to miss errors – so you cannot rely on humans to check the code.

What is the potential of verification?
Verification is a very challenging task. It is challenging for a human to argue that a system is correct, and it is also hard for a computer, so unfortunately, it is not applicable universally. Verification is used for systems that are safety-critical, but even here there is a tradeoff between verification cost and development cost. 

One of our goals is to develop techniques that are easy to use in practice. We work on the foundations of verification languages and try to understand how far we can push their expressiveness before it becomes infeasible to verify something. It can take hours or days to verify something, so it is a computationally expensive task. We try to understand what is possible and try to find problems and application areas where you can solve this task faster.

Another important thing is that we need precise specification languages for verification. You cannot use natural language. The verification algorithm needs a precise specification with precise semantics, so we are developing different logics to see if they can be used by engineers to actually write specifications. If it is too complicated for the practitioner, e.g., the engineer, it will not be used. You must find the sweet spot between expressiveness and usability.

Did you know Aalborg University before you were employed?
I have had a connection to Aalborg since my PhD where I worked on a European project with partners from all over Europe including the DEIS group in Aalborg. I was in Aalborg a few times during my PhD and knew people here. Aalborg is central in Europe when it comes to verification and design of systems. There are many collaborators and there is a good connection to the industry compared to other places. It is a very good location.

Christian Schilling from Germany is interested in formal verification and modeling and has come to Aalborg University to be part of the DEIS group. He is also part of the DIREC project Verifiable and safe AI for Autonomous Systems and explains how research in cyber-physical systems makes a difference for companies and society.

Can you tell a bit about your background and why you ended up in Denmark as a computer scientist?

I did my PhD at a German university (Freiburg) and was a postdoc at an Austrian research institute (IST Austria). Now I am a tenure-track Assistant Professor at Aalborg University. The DEIS group at Aalborg University has an international reputation and is a great fit for my interests. It is productive to work with people who “speak my language.” At the same time I can develop my own independent research directions.

What are you researching and what do you expect to get out of your research?

Broadly speaking, I am interested in the algorithmic analysis of systems. More precisely, I work on cyber-physical systems, which are systems consisting of a mix of digital (cyber) and analog (physical) components. Nowadays these systems are everywhere, from thermostats to aircraft. I want to answer the fundamental question of safety: Can a system end up in an error? My analysis is based on mathematical models, and I also work on the construction of such models from observational data.

We look at models of systems and then we try to find behaviors of that system and it might not be what you want. Or if you don’t find any errors you can get a mathematical proof that your model is correct. Of course you could make mistakes with the wiring when you implement the models in a practical system, we cannot cover that. That’s why there are still more practical aspects of our work.

What are the scientific challenges and perspectives in your project?

One of the grand challenges is to find approaches that scale to industrial systems, which are often large and complex. In full generality this goal cannot be achieved, so researchers focus on identifying a structure in practical systems that still allows us to analyze the system. The challenge is to find that structure and develop techniques that exploit this challenge.

Another recent relevant trend is the rise of artificial intelligence and how it can be safely integrated into systems without causing problems. Think about autonomous systems like vacuum cleaners, lawn mowers, and of course self-driving cars in the near future. 

It is certainly a challenge to analyze and verify systems that involve AI, because the way AI is used these days is really more like a black box where nobody understands what happens. It is very difficult to say that a self-driving car under no circumstance will kill a person. 

To make this kind of analysis you need a model, and of course you could say that an engineer could build this model, but at a certain size it becomes too complex and very difficult to do. So you want an automatic technique to do that. 

Another challenge is to go from academic models to real world systems, because usually you do some simplifications which you have to take into consideration and solve when you implement the models. 

How can your research make a difference for companies and communities?

Engineers design and build systems. Typically, they first develop a model and analyze that model. My research directly addresses this phase and helps engineers learn about the behavior only given a model. This means that they do not need to build a prototype to understand the system. This saves cost in the design phase, as changing a model is cheap but changing a prototype is expensive. On the level of a model you can actually have mathematical correctness guarantees. This is something you cannot achieve in the real world.

The DEIS group has a lot of industry collaboration, but so far I’ve been working with academic modeling. With these verification models you can make sure that intelligent traffic systems work as they should.