Bernhard Frömel

Towards an understanding of emergence in systems-of-systems

Emergence is a systemic phenomenon in an System-of-Systems (SoS) that cannot be reduced to the behavior of the isolated parts of a system. It is the objective of this paper to contribute to the understanding of emergent phenomena in SoSs. After a short look at the literature on emergence in the domains of philosophy and computer science, this paper continues with an elaboration on multi-level nearly-decomposable systems, gives a tentative definition of emergence and discusses how emergent behavior manifests itself in an SoS.

Direct versus stigmergic information flow in systems-of-systems

The information flow among the Constituent Systems of a System-of-Systems can take place via two different channels: the message transport along communication channels in cyber space which includes the human-to-human communication in natural language among the humans that are part of the Constituent Systems, and the indirect information flow via sensors and actuators to the physical environment, called the stigmergic information flow. In many cases the stigmergic information flow forms an important link for the closure of control loops that can lead to emergent behavior. This paper elaborates the concepts of stigmergy and compares the characteristics of the stigmergic information flow versus the message based information flow in a System-of-Systems.

A Holistic Viewpoint-Based SysML Profile to Design Systems-of-Systems

In recent decades more and more efforts have been devoted in supporting the design of Systems-of-Systems (SoSs). These systems are composed of autonomous Constituent Systems (CSs) which are integrated together to achieve a higher level goal that cannot be achieved by any of its CSs in isolation. Designing such an SoS is a multidisciplinary problem which involves considering emergent phenomena, assuring the achievement of dependability and security requirements, guaranteeing system responsiveness, supporting dynamicity and evolution and multi-criticality of provided services. We believe that a first step towards a viable design approach is to provide a conceptual model of SoSs which captures SoS concepts (e.g., methods, characteristics, and technologies related to SoSs) and their inter-relationships. Such a conceptual model should enhance the understandability of SoSs to stakeholders and provide the basis for further automated analysis. In this context, the AMADEOS European project is bringing together researchers and practitioners to provide the support to design SoSs starting from the definition of a domain specific ontology serving as a vocabulary for SoSs. Our contribution consists of semi-formalizing the key SoS concepts and relationships defined in AMADEOS adopting a SysML visual modeling language. We propose a SysML profile for SoSs and we show its applicability in a Smart Grid scenario.

Systems‐of‐systems modeling using a comprehensive viewpoint‐based SysML profile

In recent years, more and more efforts have been devoted in supporting the design of systems‐of‐systems (SoS). Designing such systems is a multidisciplinary problem which involves considering emergent phenomena, assuring the achievement of dependability/security requirements, guaranteeing system responsiveness, and supporting dynamicity/evolution and multicriticality of provided services. A first step towards a viable design approach is to provide a conceptual model of SoS which captures SoS concepts, and their interrelationships aiming at enhancing the understandability of SoS to stakeholders and providing the basis for further automated analysis. In this context, the AMADEOS European project is bringing together researchers and practitioners to provide the support to design SoS starting from the definition of a domain specific ontology serving as a vocabulary for SoS. Our contribution consists in the modeling of the key SoS concepts and relationships defined in AMADEOS adopting a systems modeling language visual modeling language. We propose a systems modeling language profile for SoS, and we show its applicability in a Smart Grid scenario. We show how to use the profile in a model‐driven engineering process to support different types of analyses, and we discuss how to integrate the profile in a user‐friendly model‐driven engineering tool for SoS rapid modeling, validation, code‐generation, and simulation.

Generic sensor fusion package for ROS

Sensor fusion combines multiple sensor measurements to improve a controllers knowledge about the internal state of an observed physical environment. Many such sensor fusion techniques exist and have been implemented for the Robot Operating System (ROS). However, they often have been developed for specific applications and cannot be easily reused for other applications. Reasons are the use of application-specific, partly undocumented interfaces, and the often limited reconfigurability caused by a tight coupling of the implementation to an application-specific purpose. Our approach is based on the concept of a fusion node which provides a configurable sensor fusion service with a generic interface. Fusion nodes can be interconnected to combine several sensor fusion techniques, can be attached to any single-dimension value sensor, can handle asynchronous multi-rate measurements and are robust regarding indeterministic, best-effort communication. This paper presents, to the best of our knowledge, the first generic sensor fusion package (GSFP) for ROS which collects various exemplary sensor fusion methods implemented as fusion nodes. We demonstrate the feasibility of our package in a small test application. Main benefits of our contribution are the developed ROS packages independence regarding specific sensors or applications, the easy integration of configurable fusion nodes in existing applications, and the composition of fusion nodes to realize complex sensor fusion scenarios.

Enhancing security in CAN systems using a star coupling router

Controller Area Network (CAN) is the most widely used protocol in the automotive domain. Bus-based CAN does not provide any security mechanisms to counter manipulations like eavesdropping, fabrication of messages, or denial-of-service attacks. The vulnerabilities in bus-based CAN are alarming, because safety-critical subsystems (e.g., the power train) often deploy a CAN bus, and hence a failure propagation from the security domain to the safety domain can take place. In this paper we propose a star coupling router and a trust model for this router to overcome some of the security deficiencies present in bus-based CAN systems. The CAN router establishes a partitioning of a CAN bus into separate CAN segments and allows to rigorously check the traffic within the CAN system, including the value and time domains. We evaluate the introduced trust model on a prototype implementation of the CAN router by performing attacks that would be successful on classic bus-based CAN, but are detected and contained on router-based CAN. The router can consequently increase the security in automotive applications and render some of the attacks described in the literature (e.g., fuzzying attack) on a car useless. Since the CAN router offers ports that are compatible to standard CAN, the router can be used to increase the security of legacy CAN based systems.

A router for the containment of timing and value failures in CAN

The dependability deficiencies and bandwidth constraints of the controller area network (CAN) can prevent its use in safety-relevant and performance-demanding applications. This paper introduces mechanisms for fault detection and fault isolation based on an intelligent CAN router, which exploits a priori knowledge about the permitted behavior of attached electronic control units (ECUs) in order to detect and contain failures. Experiments using an FPGA-based implementation of the CAN router evaluate these mechanisms under different failure modes (e.g., timing failures, masquerading failures). Due to its compatibility to the CAN standard, the router can improve the dependability and performance of systems with existing ECUs. In addition, we extend the application areas of CAN to systems with higher performance and dependability requirements than can be supported with a conventional bus-based network.

Interface design in cyber-physical Systems-of-Systems

A Cyber-Physical System-of-Systems (CPSoS) is a possibly huge information processing and energy transforming system. Its autonomous Constituent Systems (CSs), i.e., computer systems, and optionally physical systems and humans, interact in their common environment to realize often mutually beneficial emergent CPSoS services. Many key challenges in understanding, designing, and engineering such CPSoSs are related to the interactions of CSs. This paper conceptualizes these interactions of CSs, i.e., their interfaces, at three abstraction levels: cyberphysical, Itom, and service. The cyber-physical level concernes message-based interactions in cyber space, and stigmergic interactions in the physical environment. The Itom level involves the description of direct and indirect information transfers. The service level helps to tackle challenges related to the dynamicity and evolution of CPSoSs. The second part of the paper discusses design aspects of Relied Upon Interfaces (RUIs) which are the interfaces the overall emergent CPSoS service relies upon. The conceptualization of interfaces in CPSoSs and the proposed RUI design aspects are intended to simplify the modeling of CPSoSs and to facilitate their deployment with existing Internet-of-Things and cloud technologies.

Composability and compositionality in CAN-based automotive systems based on bus and star topologies

Controller Area Network (CAN) is the most widely used field bus protocol in the automotive domain. The development process of todays cars follows the well established automotive V-Model. Traditional bus-based CAN makes the development an ever increasing challenge. For example, the introduction of a single additional CAN message influences the timing of already existing messages and thereby increases testing and integration efforts. The lack of composability and compositionality of traditional CAN leads to an overhead in the whole development cycle. In this paper we propose a development process that is based on a time-triggered CAN router. We examine the influence of our proposed development approach on major phases of the automotive V-Model. Our evaluation is based on CAN traffic of a mass-produced car by a major car manufacturer and a Fiel Programmable Gate Array (FPGA) based prototype implementation of the CAN router. From the results we gathered during our evaluation we conclude that a CAN router based development approach has the potential to simplify the development efforts that have to be undertaken by car manufactures.

Emergence in Cyber-Physical Systems-of-Systems (CPSoSs)

The essence of the concept emergence is aptly communicated by the following quote, attributed to Aristotle, who lived more than 2000 years ago: The Whole is Greater than the Sum of its Parts.