Himanshu Neema

Rapid synthesis of high-level architecture-based heterogeneous simulation: a model-based integration approach

Virtual evaluation of complex command and control concepts demands the use of heterogeneous simulation environments. Development challenges include how to integrate multiple simulation engines with varying semantics and how to integrate simulation models and manage the complex interactions between them. While existing simulation frameworks may provide many of the required run-time services needed to coordinate among multiple simulation engines, they lack an overarching integration approach that connects and relates the interoperability of heterogeneous domain models and their interactions. This paper outlines some of the challenges encountered in developing a command and control simulation environment and discusses our use of the Generic Modeling Environment tool suite to create a model-based integration approach that allows for rapid synthesis of complex high-level architecture-based simulation environments.

Towards Automated Exploration and Assembly of Vehicle Design Models

We describe the use of the Cyber-Physical Modeling Language (CyPhyML) to support trade studies and integration activities in system-level vehicle designs. CyPhyML captures integration interfaces across multiple design domains for system components, and generic design assembly rules given in terms of architecture alternatives. The CyPhyML tools support automated exploration of system-level architectural and parametric tradeoffs using a suite of design exploration tools that can be applied to models at different levels of fidelity and scale. Our overall approach includes exploration over the space of potential designs by evaluating structural combinations and then comparison of designs by simulating the dynamics of systems and subsystems with varying degrees of detail. In that flow, we use the DESERT toolkit for design tradeoffs that can be evaluated from the structure of the design model (i.e. interconnections of components and their parameters). DESERT extends a graphical modeling language with concepts and relations to define structural alternatives and constraints on system properties. Alternatives are given in an abstract way, decoupled from the details of the encoding of the combinatorial design space problem for the underlying binary decision diagram (BDD) solver. For desirable design instance models, the tools automatically assemble complete vehicle or subsystem computer-aided design (CAD) models from the associated component CAD models, and likewise create detailed finite-element structural analysis (FEA) models for selected component assemblies. Evaluation results are presented in a dashboard display which provides comparisons between different valid designs over all specified design metrics.Copyright

SOAMANET: A Tool for Evaluating Service-Oriented Architectures on Mobile Ad-Hoc Networks

Service-Oriented Architectures (SOAs) are increasingly being used for designing and building large-scale networked and distributed systems. Catering to the complex and dynamically varying needs of business applications/clients, these systems must usually be realized by dynamically composing a variety of network-available services. Evaluation of large-scale SOAs, particularly on dynamic network platforms, such as Mobile Ad-hoc Networks (MANETs), is a non-trivial problem that requires not only a correct modeling of SOAs and the network platform, but also their relationships. This paper describes a new tool – SOAMANET – to design and rapidly synthesize simulations for the experimental evaluation of SOAs on MANET platforms. With its modeling techniques and analysis capabilities, SOAMANET allows simulation-based and system execution-based analysis of dynamic SOA and/or MANET designs and implementations.

Synthesis of robust task schedules for minimum disruption repair

An off-line scheduling algorithm considers resource, precedence, and synchronization requirements of a task graph, and generates a schedule guaranteeing its timing requirements. This schedule must, however, be executed in a dynamic and unpredictable operating environment where resources may fail and tasks may execute longer than expected. To accommodate such execution uncertainties, this paper addresses the synthesis of robust task schedules using a slack-based approach and proposes a solution using integer linear programming (ILP). An ILP model, whose solution maximizes the temporal flexibility of the overall task schedule, is formulated. Two different ILP solvers are used to solve this model and their performance compared. For large task graphs, an efficient approximate method is presented and its performance evaluated.

SURE: A Modeling and Simulation Integration Platform for Evaluation of Secure and Resilient Cyber–Physical Systems

The exponential growth of information and communication technologies have caused a profound shift in the way humans engineer systems leading to the emergence of closed-loop systems involving strong integration and coordination of physical and cyber components, often referred to as cyber–physical systems (CPSs). Because of these disruptive changes, physical systems can now be attacked through cyberspace and cyberspace can be attacked through physical means. The paper considers security and resilience as system properties emerging from the intersection of system dynamics and the computing architecture. A modeling and simulation integration platform for experimentation and evaluation of resilient CPSs is presented using smart transportation systems as the application domain. Evaluation of resilience is based on attacker–defender games using simulations of sufficient fidelity. The platform integrates 1) realistic models of cyber and physical components and their interactions; 2) cyber attack models that focus on the impact of attacks to CPS behavior and operation; and 3) operational scenarios that can be used for evaluation of cybersecurity risks. Three case studies are presented to demonstrate the advantages of the platform: 1) vulnerability analysis of transportation networks to traffic signal tampering; 2) resilient sensor selection for forecasting traffic flow; and 3) resilient traffic signal control in the presence of denial-of-service attacks.

Demo Abstract: SURE: An Experimentation and Evaluation Testbed for CPS Security and Resilience

In-depth consideration and evaluation of security and resilience is necessary for developing the scientific foundations and technology of Cyber-Physical Systems (CPS). In this demonstration, we present SURE [1], a CPS experimentation and evaluation testbed for security and resilience focusing on transportation networks. The testbed includes (1) a heterogeneous modeling and simulation integration platform, (2) a Web-based tool for modeling CPS in adversarial environments, and (3) a framework for evaluating resilience using attacker-defender games. Users such as CPS designers and operators can interact with the testbed to evaluate monitoring and control schemes that include sensor placement and traffic signal configuration.

Performance evaluation of secure industrial control system design: A railway control system case study

Industrial control systems (ICS) are composed of sensors, actuators, control processing units, and communication devices all interconnected to provide monitoring and control capabilities. Due to the integral role of the networking infrastructure, such systems are vulnerable to cyber attacks. Indepth consideration of security and resilience and their effects to system performance are very important. This paper focuses on railway control systems (RCS), an important and potentially vulnerable class of ICS, and presents a simulation integration platform that enables (1) Modeling and simulation including realistic models of cyber and physical components and their interactions, as well as operational scenarios that can be used for evaluations of cybersecurity risks and mitigation measures and (2) Evaluation of performance impact and security assessment of mitigation mechanisms focusing on authentication mechanisms and firewalls. The approach is demonstrated using simulation results from a realistic RCS case study.

Integrated simulation testbed for security and resilience of CPS

Owing1 to an immense growth of internet-connected and learning-enabled cyber-physical systems (CPSs) [1], several new types of attack vectors have emerged. Analyzing security and resilience of these complex CPSs is difficult as it requires evaluating many subsystems and factors in an integrated manner. Integrated simulation of physical systems and communication network can provide an underlying framework for creating a reusable and configurable testbed for such analyses. Using a model-based integration approach and the IEEE High-Level Architecture (HLA) [2] based distributed simulation software; we have created a testbed for integrated evaluation of large-scale CPS systems. Our tested supports web-based collaborative metamodeling and modeling of CPS system and experiments and a cloud computing environment for executing integrated networked co-simulations. A modular and extensible cyber-attack library enables validating the CPS under a variety of configurable cyber-attacks, such as DDoS and integrity attacks. Hardware-in-the-loop simulation is also supported along with several hardware attacks. Further, a scenario modeling language allows modeling of alternative paths (Courses of Actions) that enables validating CPS under different what-if scenarios as well as conducting cyber-gaming experiments. These capabilities make our testbed well suited for analyzing security and resilience of CPS. In addition, the web-based modeling and cloud-hosted execution infrastructure enables one to exercise the entire testbed using simply a web-browser, with integrated live experimental results display.

Cyber-Physical System Development Environment for Energy Applications

Cyber-physical systems (CPS) are smart systems that include engineered interacting networks of physical and computational components. The tight integration of a wide range of heterogeneous components enables new functionality and quality of life improvements in critical infrastructures such as smart cities, intelligent buildings, and smart energy systems. One approach to study CPS uses both simulations and hardware-in-theloop (HIL) to test the physical dynamics of hardware in a controlled environment. However, because CPS experiment design may involve domain experts from multiple disciplines who use different simulation tool suites, it can be a challenge to integrate the heterogeneous simulation languages and hardware interfaces into a single experiment. The National Institute of Standards and Technology (NIST) is working on the development of a universal CPS environment for federation (UCEF) that can be used to design and run experiments that incorporate heterogeneous physical and computational resources over a wide geographic area. This development environment uses the High Level Architecture (HLA), which the Department of Defense has advocated for co-simulation in the field of distributed simulations, to enable communication between hardware and different simulation languages such as Simulink and LabVIEW. This paper provides an overview of UCEF and motivates how the environment could be used to develop energy experiments using an illustrative example of an emulated heat pump system. Introduction A cyber-physical system (CPS) consists of a set of interacting cyber-physical devices where each device contains some cyber computation that can sense events from and actuate changes on a physical infrastructure. Examples of CPS include smart cities, intelligent buildings, and the smart grid. One method to validate a CPS design uses hardware-in-the-loop (HIL) in conjunction with simulations to test the runtime dynamics of a cyberphysical device in a virtual test environment. A challenge of experiments that incorporate both HIL and simulations is that they often require a testbed that integrates hardware components with multiple, heterogeneous simulation environments. A large number of HIL testbeds which offer unique experimental opportunities cannot be replicated due to limitations in both hardware cost and development time [1–5]. These testbeds often have different architectures and utilize different simulation languages because of their independent development histories, and an experiment tailored for one testbed might not be compatOfficial contribution of the National Institute of Standards and Technology; not subject to copyright in the United States. Certain commercial products are identified in order to adequately specify the procedure; this does not imply endorsement or recommendation by NIST, nor does it imply that such products are necessarily the best available for the purpose. 1 ible with another architecture. The inability to exploit the full range of available resources in the CPS landscape leads to segregated groups of researchers who are experts in a single testbed environment but face challenges in the adoption of external research advances. In addition, integrated experiments for CPS require access to resources pooled from multiple domains to produce faithful models of the deployed system. For example, experiments on smart cities may involve collaboration across domains such as transportation, energy, and emergency response. An experiment should integrate models developed in those domains, which may involve domain-specific tools (e.g. a traffic simulator written in C++), to achieve the most realistic result. NIST envisions a universal CPS environment for federation (UCEF) which enables experiments to exploit multiple testbed architectures using a common interface. The United States Department of Defense mandated a common integration platform in the field of distributed simulators called the High Level Architecture (HLA) [6]. This paper demonstrates the use of HLA in the design and implementation of cyber-physical devices using an integration architecture that supports collaboration between physical hardware and simulations. The approach is highlighted using an example CPS implementation of an HVAC system controlled by a thermostat with a remote temperature sensor, which is a straightforward and well understood application that does not require deep domain expertise to comprehend. The rest of the paper is organized as follows. Section II provides an overview of HLA and the design process to implement an HLA federation. Section III demonstrates this design process in an example CPS through implementation of a distributed HVAC system. Section IV outlines other work on the integration of HLA with hardware, and the paper concludes with Section V. High Level Architecture HLA is an IEEE standard for distributed simulation in which individual simulations called federates join together to form a cooperative federation [6]. All federates in a federation interact using a Run-Time Infrastructure (RTI) software implementation of a set of HLA services such as publish-subscribe messaging, logical time management, and distributed object management. Data exchanges between the federates must adhere to a federation object model (FOM) which defines the set of messages understood by the federation. Although the original intent of HLA was to allow federated co-simulation of simulation platforms such as MATLAB and Modelica, a CPS federate could represent a cyberphysical device. This section provides a brief overview of this paper’s approach to designing an HLA federation with hardwarein-the-loop. The overview is based on a model-based simulation integration environment developed and maintained by Vanderbilt University called the Command and Control Wind Tunnel (C2WT) [7], but has been sufficiently generalized to be applicable to alternative HLA development environments. Federation Stack Architecture HLA does not mandate a specific RTI implementation, which can consist of two different types of components. A Local RTI Component (LRC) provides an Application Program Interface (API) to interface federates with the RTI, and a Central RTI Component (CRC) coordinates the other run-time components. A specific RTI implementation may provide a centralized CRC, multiple hierarchical CRCs, or no CRC. The results in this paper use an open-source RTI implementation called Portico which implements the LRC at each federate and requires no CRC [8]. Fig. 1 shows a federation stack architecture for this implementation that illustrates the necessary components for a federate. This figure contains three example federate types: a simulation, a cyber-physical device, and a federation manager that drives an experiment. FIGURE 1. Federation Stack Architecture Each federate has a Local RTI Component implementation which enables it to communicate with the federation, and all federates must use the same LRC implementation to ensure coherent communication between the federation members. The Portico LRC implementation uses either TCP/IP or UDP/IP sockets for its intra-federation communication. On top of this communication infrastructure, an HLA Interface exposes the set of standardized services available for federates. For the C2WT integration environment, the HLA interface is a Java abstract class which exposes the various HLA services as Java functions. The implementation of the LRC and its HLA interface are uniform across all of the federate types. For simulation platforms such as MATLAB, the federate must also contain a Simulation Engine that runs the simulation models. The simulation engine may not have a native RTI interface. In order to make these platforms compatible with HLA, an adapter labeled the Simulation Integration Wrapper must be

Evaluating the effects of cyber-attacks on cyber physical systems using a hardware-in-the-loop simulation testbed

Cyber-Physical Systems (CPS) consist of embedded computers with sensing and actuation capability, and are integrated into and tightly coupled with a physical system. Because the physical and cyber components of the system are tightly coupled, cyber-security is important for ensuring the system functions properly and safely. However, the effects of a cyberattack on the whole system may be difficult to determine, analyze, and therefore detect and mitigate. This work presents a model based software development framework integrated with a hardware-in-the-loop (HIL) testbed for rapidly deploying CPS attack experiments. The framework provides the ability to emulate low level attacks and obtain platform specific performance measurements that are difficult to obtain in a traditional simulation environment. The framework improves the cybersecurity design process which can become more informed and customized to the production environment of a CPS. The developed framework is illustrated with a case study of a railway transportation system.