Title: Cyber Physical Systems: The Need for New Models and Design Paradigms
1Cyber Physical Systems The Need for New Models
and Design Paradigms
- Bruce H. Krogh
- Carnegie Mellon University
2Cyber-Physical systems
- Cyber-Physical Systems (CPS) are integrations of
computation and physical processes.1 - Whats new?
- size and power of computational elements
- pervasive networking
- sensing technology
- actuation technology
- Whats old?
- modeling and design paradigms
1 Computing Foundations and Practice for
Cyber-Physical Systems A Preliminary
Report Technical Report No. UCB/EECS-2007-72, May
21, 2007 Edward Lee, University of California at
Berkeley
3More on Cyber-Physical Systems2
- Some defining characteristics
- Cyber capability in every physical component
- Networked at multiple and extreme scales
- Complex at multiple temporal and spatial scales
- Dynamically reorganizing/reconfiguring
- High degrees of automation, control loops must
close at all scales - Operation must be dependable, certified in some
cases - Goals of a CPS research program
- A new science for future engineered and monitored
systems (10-20 year perspective) - Physical and cyber design that is deeply
integrated - What cyber-physical systems are not
- Not desktop computing
- Not traditional, post-hoc embedded/real-time
systems - Not todays sensor nets
2 CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
4Example Health Care and Medicine
- National Health Information Network, Electronic
Patient Record initiative - Medical records at any point of service
- Hospital, OR, ICU, , EMT?
- Home care monitoring and control
- Pulse oximeters (oxygen saturation), blood
glucose monitors, infusion pumps (insulin),
accelerometers (falling, immobility), wearable
networks (gait analysis), - Operating Room of the Future (Goldman)
- Closed loop monitoring and control multiple
treatment stations, plug and play devices
robotic microsurgery (remotely guided?) - System coordination challenge
- Progress in bioinformatics gene, protein
expression systems biology disease dynamics,
control mechanisms
CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
Images thanks to Dr. Julian Goldman, Dr. Fred
Pearce
5Example Electric Power Grid
- Current picture
- Equipment protection devices trip locally,
reactively - Cascading failure August (US/Canada) and
October (Europe), 2003 - Better future?
- Real-time cooperative control of protection
devices - Or -- self-healing -- (re-)aggregate islands of
stable bulk power (protection, market motives) - Ubiquitous green technologies
- Issue standard operational control concerns
exhibit wide-area characteristics (bulk power
stability and quality, flow control, fault
isolation) - Technology vectors FACTS, PMUs
- Context market (timing?) behavior, power
routing transactions, regulation
CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
Images thanks to William H. Sanders, Bruce
Krogh, and Marija Ilic
6Pervasive Underlying Problems, Not Solved by
Current Technologies
- How to build predictable real-time, networked
systems at all scales with integrated models of
the physical world? - How to formulate and manage high-confidence,
dynamically-configured CPS? - How to organize inter-operable aggregated
systems? - How to cooperatively detect and manage
interference among systems in real time, avoid
cascading failure? - How to formulate an evidential (synthetic and
analytic) basis for trusting systems?
CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
7Impending Technical Challenges
- Shift FROM
- compartmentalized designs of physical systems,
control subsystems and software architecture - lack of knowledge on the cyber side of
engineering principles and physical laws (and
vice-versa) - cyclic executives human- and information-centric
operation - centralized
- separation in time and space
- TO
- integrated and optimized design
- CPS-awareness and expertise
- to highly-automated, autonomous, coordinated
frameworks - to federated, decentralized, open and
configurable - multi-scale systems, mixed synchronous/reactive
systems - Still
- real-time (perhaps wide-area, time-critical),
still safety- and security-critical, require
certification
CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
8Recent Workshops onCyber-Physical Systems
- High Confidence Medical Device Software and
Systems (HCMDSS), June 2 - 3, 2005,
Philadelphia, PAhttp//rtg.cis.upenn.edu/hcmdss/i
ndex.php3 - Aviation Software Systems Design for
Certifiably Dependable Systems, October 5-6,
2006, Alexandria http//chess.eecs.berkeley.edu/hc
ssas/index.html. - NSF Workshop on Cyber-Physical Systems, October
16-17, 2006, Austin, http//varma.ece.cmu.edu/CPS.
- Beyond SCADA Networked Embedded Control for
Cyber Physical Systems (NEC4CPS), November 8
9, 2006, Pittsburgh http//trust.eecs.berkeley.edu
/scada/. - High-Confidence Software Platforms for
Cyber-Physical Systems (HCSP-CPS), November 30
December 1, 2006, Alexandria http//www.isis.vande
rbilt.edu/HCSP-CPS/.
CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
9Industry Round-Table on CPSNSF, May 17, 2007
- Health-Care
- Doug Busch, VP and CTO of Digital Health Group,
Intel - David R. Jones, Director Quality Assurance,
Regulatory Affairs and Philips Business
Excellence, Philips Consumer Healthcare Solutions
- Automotive Systems
- Nady Boules, Director, Electrical and Controls
Integration, General Motors - Venkatesh Prasad, Director, Ford
- Building and Process Controls
- J. Michael McQuade, Senior VP, Science and
Technology, United Technologies - Steve Schilling, VP, Emerson Process Control
- Defense and Aviation Systems
- John Borgese , VP of Advanced Technology Center,
Rockwell Collins - Gary Hafen, Director of Software Engineering,
Lockheed Martin Corporate Headquarters - Peter Tufano, VP of Engineering for Network
Enabled Systems, BAE - Don Winter, VP of Engineering and Information
Technology, Boeing PhantomWorks - Critical Infrastructure
- Guido Bartels, Director, IBM Global Energy and
Utility Solutions - Henry Kluepfel, Vice-President, SAIC
- Venture Capital
- David Tennenhouse, General Partner, New Venture
Partners
CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
10Design of Embedded Control Systems
- Traditional approach Separation of Concerns
- Control-theoretic design of continuous dynamic
feedback loops - ignore implementation details mode switching,
fault detection, real-time constraints,
implementation platform, etc. - Event-based design to supervise real-time control
loops - ignore continuous dynamics stability, transient
response, parametric variations, etc.
11Design of Embedded Control Systems
- Traditional approach Separation of Concerns
- Control-theoretic design of continuous dynamic
feedback loops - ignore implementation details mode switching,
fault detection, real-time constraints,
implementation platform, etc. - Event-based design to supervise real-time control
loops - ignore continuous dynamics stability, transient
response, parametric variations, etc. - This works in most cases, BUT ...
12Demands from Emerging Applications
- New challenges
- increasingly complex applications
- safety critical systems
- autonomy
- multi-agent
- increasingly complex solutions
- heterogeneous, distributed platforms
- sophisticated numerical control algorithms
- Implications
- engineering insight is inadequate
- testing-based VV is insufficient
- move toward model-based design
13Tools for Design Implementation of Embedded
Control Systems
Control ImplementationDiscrete State/Events
automata, Petri nets, statecharts, etc.
Boolean algebra, formal logics, recursion, etc.
SCADE, Statemate, SMV, SAT, etc.
14Limitations of Conventional Control System
Design (CCSD)
- Inputs/outputs are not intrinsic
- From following commands to implementing intent
- Human-system interaction
- Deeply embedded CPS
15Inputs/outputs are not intrinsic
- CCSD assumes an I/O structure. In CPS, the
identity of input/output signals is context
dependent (at best).
steer-by-wire
temperature
door closer
(J. C. Willems)
16Inputs/outputs are not intrinsic
- CCSD assumes an I/O structure. In CPS, the
identity of input/output signals is context
dependent (at best).
Model context-dependence as hybrid systems
w/ mode switching
steer-by-wire
temperature
door closer
(J. C. Willems)
17Inputs/outputs are not intrinsic
- CCSD assumes an I/O structure. In CPS, the
identity of input/output signals is context
dependent (at best).
steer-by-wire
temperature
door closer
- Physical modeling languages
- bond graphs
- Omola/Dymola
- SimMechanics
(J. C. Willems)
18From following commands to realizing intent
CCSD assumes command-following performance
measures. CPS will realize the intent of the
user.
ABS
power grid?
Automated External Defibrillator
19From following commands to realizing intent
CCSD assumes command-following performance
measures. CPS will realize the intent of the
user.
Integration of logic/rules/events with
continuous/timed feedback control (hybrid systems)
ABS
power grid?
Automated External Defibrillator
20From following commands to realizing intent
CCSD assumes command-following performance
measures. CPS will realize the intent of the
user.
ABS
power grid?
Automated External Defibrillator
Automate system operation under stressed
conditions.
21Human-system interaction
- CCSD assumes only information feedback.
- CPS will include physical feedback.
building control?
aircraft
ABS
Boeing 777
Airbus 380
22Human-system interaction
- CCSD assumes only information feedback.
- CPS will include physical feedback.
building control?
Haptic systems design
aircraft
ABS
Boeing 777
Airbus 380
23Human-system interaction
- CCSD assumes only information feedback.
- CPS will include physical feedback.
building control?
aircraft
ABS
Integrate human behavior into the control loop
(e.g., make it uncomfortable so they will open
the windows)
Boeing 777
Airbus 380
24Deeply embedded CPS
- In CCSD embedded components close local inner
feedback loops. - CPS will enhance and leverage nature physical
feedback at all levels.
25Deeply embedded CPS
- In CCSD embedded components close local inner
feedback loops. - CPS will enhance and leverage nature physical
feedback at all levels.
E.g., medical implants that work with the
natural healing processes
26Physical is central to CPS
- We need
- new cross-cutting paradigms
- new architectures
- CPS will lead to
- more rapid transition of science/technology to
critical applications
27Possible Grand Challenges3
- Zero automotive traffic fatalities, injuries
minimized, and significantly reduced traffic
congestion and delays - Blackout-free electricity generation and
distribution - Reduce testing and integration time and costs of
complex CPS systems (e.g. avionics) by one to two
orders of magnitude - Perpetual life assistants for busy, older or
disabled people - Extreme-yield agriculture
- Energy-aware buildings
- Location-independent access to world-class
medicine - Physical critical infrastructure that calls for
preventive maintenance - Self-correcting and self-certifying
cyber-physical systems for one-off applications
3 Industry Roundtable on Cyber-Physical
Systems NSF, May 17, 2007 Raj Rajkumar, Carnegie
Mellon University
28Cyber Physical Systems orCyber for Physical
Systems
- How should the requirements for control (and
other) physical applications influence cyber
research? - Will the standard separation of concerns approach
(applications vs. computing infrastructure)
continue to work well?
29Issues in Education
- computer science
- focuses on discrete mathematics
- little emphasis on numerical methods
- limits the understanding of physical systems
- domain experts (engineers)
- focuses on mathematics for analysis and design
- little exposure to embed and real-time computing
- limits the understanding of real-time
implementation
We need to re-think how we educate domain experts
and computer scientists if we are going to
realize sustainable CPS.
30Core CPS Programmatic Themes
- Scientific foundations for building verifiably
correct and safe cyber-physical systems - Scalable infrastructure and components with which
cyber-physical systems can be deployed - Tools and Experimental Testbed
- Education that encompasses both the cyber and the
physical domains
CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
31Long-Term CPS Goal
- Transform how we interact with the physical world
just like the internet transformed how we
interact with one another. - Convergence of embedded systems, control theory,
hybrid systems, microcontrollers, sensors,
actuators, wireless networks, wide area networks,
distributed systems, operating systems, advances
in structures,
Seek scientific foundations and technologies to
integrate cyber-concepts with the dynamics of
physical and engineered systems.
Industry Roundtable on Cyber-Physical
Systems NSF, May 17, 2007 Raj Rajkumar, Carnegie
Mellon University