Patricia Derler

Modeling Cyber–Physical Systems

This paper focuses on the challenges of modeling cyber-physical systems (CPSs) that arise from the intrinsic heterogeneity, concurrency, and sensitivity to timing of such systems. It uses a portion of an aircraft vehicle management system (VMS), specifically the fuel management subsystem, to illustrate the challenges, and then discusses technologies that at least partially address the challenges. Specific technologies described include hybrid system modeling and simulation, concurrent and heterogeneous models of computation, the use of domain-specific ontologies to enhance modularity, and the joint modeling of functionality and implementation architectures.

Cyber-physical system design contracts

This paper introduces design contracts between control and embedded software engineers for building Cyber-Physical Systems (CPS). CPS design involves a variety of disciplines mastered by teams of engineers with diverse backgrounds. Many system properties influence the design in more than one discipline. The lack of clearly defined interfaces between disciplines burdens the interaction and collaboration. We show how design contracts can facilitate interaction between 2 groups: control and software engineers. A design contract is an agreement on certain properties of the system. Every party specifies requirements and assumptions on the system and the environment. This contract is the central point of inter-domain communication and negotiation. Designs can evolve independently if all parties agree to a contract or designs can be modified iteratively in negotiation processes. The main challenge lies in the definition of a concise but sufficient contract. We discuss design contracts that specify timing and functionality, two important properties control and software engineers have to agree upon. Various design approaches have been established and implemented successfully to address timing and functionality. We formulate those approaches as design contracts and propose guidelines on how to choose, derive and employ them. Modeling and simulation support for the design contracts is discussed using an illustrative example.

Execution Strategies for PTIDES, a Programming Model for Distributed Embedded Systems

We define a family of execution policies for a programming model called PTIDES (Programming Temporally Integrated Distributed Embedded Systems). A PTIDES application (factory automation, for example) is given as a discrete-event (DE) model of a distributed real-time system that includes sensors and actuators. The time stamps of DE events are bound to physical time at the sensors and actuators, turning the DE model into an executable specification of the system with explicit real-time constraints. This paper first defines a general execution strategy that conforms to the DE semantics, and then specializes this strategy to give practical, implementable and distributed policies. Our policies leverage network time synchronization to eliminate the need for null messages, allow independent events to be processed out of time stamp order, thus increasing concurrency and making more models feasible (w.r.t. real-time constraints), and improve fault isolation in distributed systems. The policies are given in terms of a safe to process predicate on events that depends on the time stamp of the events and the local notion of physical time. In a simple case we show how to statically check whether program execution satisfies timing constraints.

Aspect-oriented Modeling of Attacks in Automotive Cyber-Physical Systems

This paper introduces aspect-oriented modeling (AOM) as a powerful, model-based design technique to assess the security of Cyber-Physical Systems (CPS). Particularly in safety-critical CPS such as automotive control systems, the protection against malicious design and interaction faults is paramount to guaranteeing correctness and reliable operation. Essentially, attack models are associated with the CPS in an aspect-oriented manner to evaluate the system under attack. This modeling technique requires minimal changes to the model of the CPS. Using application-specific metrics, the designer can gain insights into the behavior of the CPS under attack.

Distributed Simulation of Heterogeneous and Real-Time Systems

This work describes a framework for distributed simulation of cyber-physical systems (CPS). Modern CPS comprise large numbers of heterogeneous components, typically designed in very different tools and languages that are not or not easily compose able. Evaluating such large systems requires tools that integrate all components in a systematic, well-defined manner. This work leverages existing frameworks to facilitate the integration offers validation by simulation. A framework for distributed simulation is the IEEE High-Level Architecture (HLA) compliant tool CERTI, which provides the infrastructure for co-simulation of models in various simulation environments as well as hardware components. We use CERTI in combination with Ptolemy II, an environment for modeling and simulating heterogeneous systems. In particular, we focus on models of a CPS, including the physical dynamics of a plant, the software that controls the plant, and the network that enables the communication between controllers. We describe the Ptolemy extensions for the interaction with HLA and demonstrate the approach on a flight control system simulation.

Models and tools for SOA governance

Organizations are moving rapidly towards Service-Oriented Architectures (SOAs). Benefits include cost reduction through reuse, better integration through standardization, and new business opportunities through agility. The successful implementation of an SOA requires not only protocols and technologies like SOAP and WSDL but also support for the processes of creating, validating and managing services in an enterprise. Tools for SOA governance and management are evolving to be the heart of enterprise SOAs. We present an approach for supporting SOA governance activities. Notable aspects of our approach are an extensible model for describing service metadata of arbitrary service types (not only Web services), the concept of service proposals for the process of service specification and service creation, a service browser for service reuse, and support for service evolution through information about service versioning, service dependencies and service installations.

Simulation and Implementation of the PTIDES Programming Model

We have previously proposed PTIDES (programming temporally integrated distributed embedded systems), a discrete-event framework that binds realtime with model time at sensors, actuators, and network interfaces. In this experimental effort we focus on performance issues and tradeoffs in PTIDES implementation. We address event processing performance with respect to other distributed discrete event approaches that can be applied in a similar setting. The procedure is experimentally evaluated on a distributed setup with standard software and networking components.

Systems Engineering for Industrial Cyber–Physical Systems Using Aspects

One of the biggest challenges in cyber-physical system (CPS) design is their intrinsic complexity, heterogeneity, and multidisciplinary nature. Emerging distributed CPSs integrate a wide range of heterogeneous aspects such as physical dynamics, control, machine learning, and error handling. Furthermore, system components are often distributed over multiple physical locations, hardware platforms, and communication networks. While model-based design (MBD) has tremendously improved the design process, CPS design remains a difficult task. Models are meant to improve understanding of a system, yet this quality is often lost when models become too complicated. In this paper, we show how to use aspect-oriented (AO) modeling techniques in MBD as a systematic way to segregate domains of expertise and cross-cutting concerns within the model. We demonstrate these concepts on actor-oriented models of an industrial robotic swarm application and illustrate the use of AO modeling techniques to manage the complexity. We also show how to use AO modeling for design-space exploration.

Using Ptides and synchronized clocks to design distributed systems with deterministic system wide timing

This paper discusses the use of the Ptides model of computation as a coordination language for the design of deterministic, event-driven, real-time, distributed embedded systems. Specifically, the paper shows how the use of synchronized clocks in the context of Ptides enables explicit, platform independent specification of functionality and timing. From this specification, we generate code for two target platforms: Renesas and XMOS. The generated code includes a lightweight operating system which performs scheduling, I/O and network handling as well as application specific tasks. Ptides models are developed in Ptolemy, a design and simulation environment for heterogeneous systems. This framework also contains a code generation framework which is leveraged to derive Ptides implementations from the models. We illustrate our approach by designing a simple Ptides application, a small component in a printing press responsible for on-the-fly changeover between paper rolls. We demonstrate the design process and show that the generated code exhibits identical timing at the cyber-physical boundary on multiple implementation platforms.

Network latency and packet delay variation in cyber-physical systems

The problem addressed in this paper is the limitation imposed by network elements, especially Ethernet elements, on the real-time performance of timecritical systems. Most current network elements are concerned only with data integrity, connection, and throughput with no mechanism for enforcing temporal semantics. Existing safety-critical applications and other applications in industry require varying degrees of control over system-wide temporal semantics. In addition, there are emerging commercial applications that require or will benefit from tighter enforcement of temporal semantics in network elements than is currently possible. This paper examines these applications and requirements and suggests possible approaches to imposing temporal semantics on networks. Modelbased design and simulation is used to evaluate the effects of network limitations on time-critical systems.