Cyber Physical Systems: The Need for New Models and Design Paradigms

1
Cyber Physical Systems The Need for New Models
and Design Paradigms

• Bruce H. Krogh
• Carnegie Mellon University

2
Cyber-Physical systems

• Cyber-Physical Systems (CPS) are integrations of
  computation and physical processes.1
• Whats new?
• size and power of computational elements
• pervasive networking
• sensing technology
• actuation technology
• Whats old?
• modeling and design paradigms

1 Computing Foundations and Practice for
Cyber-Physical Systems A Preliminary
Report Technical Report No. UCB/EECS-2007-72, May
21, 2007 Edward Lee, University of California at
Berkeley
3
More on Cyber-Physical Systems2

• Some defining characteristics
• Cyber capability in every physical component
• Networked at multiple and extreme scales
• Complex at multiple temporal and spatial scales
• Dynamically reorganizing/reconfiguring
• High degrees of automation, control loops must
  close at all scales
• Operation must be dependable, certified in some
  cases
• Goals of a CPS research program
• A new science for future engineered and monitored
  systems (10-20 year perspective)
• Physical and cyber design that is deeply
  integrated
• What cyber-physical systems are not
• Not desktop computing
• Not traditional, post-hoc embedded/real-time
  systems
• Not todays sensor nets

2 CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
4
Example Health Care and Medicine

• National Health Information Network, Electronic
  Patient Record initiative
• Medical records at any point of service
• Hospital, OR, ICU, , EMT?
• Home care monitoring and control
• Pulse oximeters (oxygen saturation), blood
  glucose monitors, infusion pumps (insulin),
  accelerometers (falling, immobility), wearable
  networks (gait analysis),
• Operating Room of the Future (Goldman)
• Closed loop monitoring and control multiple
  treatment stations, plug and play devices
  robotic microsurgery (remotely guided?)
• System coordination challenge
• Progress in bioinformatics gene, protein
  expression systems biology disease dynamics,
  control mechanisms

CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
Images thanks to Dr. Julian Goldman, Dr. Fred
Pearce
5
Example Electric Power Grid

• Current picture
• Equipment protection devices trip locally,
  reactively
• Cascading failure August (US/Canada) and
  October (Europe), 2003
• Better future?
• Real-time cooperative control of protection
  devices
• Or -- self-healing -- (re-)aggregate islands of
  stable bulk power (protection, market motives)
• Ubiquitous green technologies
• Issue standard operational control concerns
  exhibit wide-area characteristics (bulk power
  stability and quality, flow control, fault
  isolation)
• Technology vectors FACTS, PMUs
• Context market (timing?) behavior, power
  routing transactions, regulation

CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
Images thanks to William H. Sanders, Bruce
Krogh, and Marija Ilic
6
Pervasive Underlying Problems, Not Solved by
Current Technologies

• How to build predictable real-time, networked
  systems at all scales with integrated models of
  the physical world?
• How to formulate and manage high-confidence,
  dynamically-configured CPS?
• How to organize inter-operable aggregated
  systems?
• How to cooperatively detect and manage
  interference among systems in real time, avoid
  cascading failure?
• How to formulate an evidential (synthetic and
  analytic) basis for trusting systems?

CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
7
Impending Technical Challenges

• Shift FROM
• compartmentalized designs of physical systems,
  control subsystems and software architecture
• lack of knowledge on the cyber side of
  engineering principles and physical laws (and
  vice-versa)
• cyclic executives human- and information-centric
  operation
• centralized
• separation in time and space
• TO
• integrated and optimized design
• CPS-awareness and expertise
• to highly-automated, autonomous, coordinated
  frameworks
• to federated, decentralized, open and
  configurable
• multi-scale systems, mixed synchronous/reactive
  systems
• Still
• real-time (perhaps wide-area, time-critical),
  still safety- and security-critical, require
  certification

CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
8
Recent Workshops onCyber-Physical Systems

• High Confidence Medical Device Software and
  Systems (HCMDSS), June 2 - 3, 2005,
  Philadelphia, PAhttp//rtg.cis.upenn.edu/hcmdss/i
  ndex.php3
• Aviation Software Systems Design for
  Certifiably Dependable Systems, October 5-6,
  2006, Alexandria http//chess.eecs.berkeley.edu/hc
  ssas/index.html.
• NSF Workshop on Cyber-Physical Systems, October
  16-17, 2006, Austin, http//varma.ece.cmu.edu/CPS.
  
• Beyond SCADA Networked Embedded Control for
  Cyber Physical Systems (NEC4CPS), November 8
  9, 2006, Pittsburgh http//trust.eecs.berkeley.edu
  /scada/.
• High-Confidence Software Platforms for
  Cyber-Physical Systems (HCSP-CPS), November 30
  December 1, 2006, Alexandria http//www.isis.vande
  rbilt.edu/HCSP-CPS/.

CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
9
Industry Round-Table on CPSNSF, May 17, 2007

• Health-Care
• Doug Busch, VP and CTO of Digital Health Group,
  Intel
• David R. Jones, Director Quality Assurance,
  Regulatory Affairs and Philips Business
  Excellence, Philips Consumer Healthcare Solutions
  
• Automotive Systems
• Nady Boules, Director, Electrical and Controls
  Integration, General Motors
• Venkatesh Prasad, Director, Ford
• Building and Process Controls
• J. Michael McQuade, Senior VP, Science and
  Technology, United Technologies
• Steve Schilling, VP, Emerson Process Control
• Defense and Aviation Systems
• John Borgese , VP of Advanced Technology Center,
  Rockwell Collins
• Gary Hafen, Director of Software Engineering,
  Lockheed Martin Corporate Headquarters
• Peter Tufano, VP of Engineering for Network
  Enabled Systems, BAE
• Don Winter, VP of Engineering and Information
  Technology, Boeing PhantomWorks
• Critical Infrastructure
• Guido Bartels, Director, IBM Global Energy and
  Utility Solutions
• Henry Kluepfel, Vice-President, SAIC
• Venture Capital
• David Tennenhouse, General Partner, New Venture
  Partners

CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
10
Design of Embedded Control Systems

• Traditional approach Separation of Concerns
• Control-theoretic design of continuous dynamic
  feedback loops
• ignore implementation details mode switching,
  fault detection, real-time constraints,
  implementation platform, etc.
• Event-based design to supervise real-time control
  loops
• ignore continuous dynamics stability, transient
  response, parametric variations, etc.

11
Design of Embedded Control Systems

• Traditional approach Separation of Concerns
• Control-theoretic design of continuous dynamic
  feedback loops
• ignore implementation details mode switching,
  fault detection, real-time constraints,
  implementation platform, etc.
• Event-based design to supervise real-time control
  loops
• ignore continuous dynamics stability, transient
  response, parametric variations, etc.
• This works in most cases, BUT ...

12
Demands from Emerging Applications

• New challenges
• increasingly complex applications
• safety critical systems
• autonomy
• multi-agent
• increasingly complex solutions
• heterogeneous, distributed platforms
• sophisticated numerical control algorithms
• Implications
• engineering insight is inadequate
• testing-based VV is insufficient
• move toward model-based design

13
Tools for Design Implementation of Embedded
Control Systems
Control ImplementationDiscrete State/Events
automata, Petri nets, statecharts, etc.
Boolean algebra, formal logics, recursion, etc.
SCADE, Statemate, SMV, SAT, etc.
14
Limitations of Conventional Control System
Design (CCSD)

• Inputs/outputs are not intrinsic
• From following commands to implementing intent
• Human-system interaction
• Deeply embedded CPS

15
Inputs/outputs are not intrinsic

• CCSD assumes an I/O structure. In CPS, the
  identity of input/output signals is context
  dependent (at best).

steer-by-wire
temperature
door closer
(J. C. Willems)
16
Inputs/outputs are not intrinsic

• CCSD assumes an I/O structure. In CPS, the
  identity of input/output signals is context
  dependent (at best).

Model context-dependence as hybrid systems
w/ mode switching
steer-by-wire
temperature
door closer
(J. C. Willems)
17
Inputs/outputs are not intrinsic

• CCSD assumes an I/O structure. In CPS, the
  identity of input/output signals is context
  dependent (at best).

steer-by-wire
temperature
door closer

• Physical modeling languages
• bond graphs
• Omola/Dymola
• SimMechanics

(J. C. Willems)
18
From following commands to realizing intent
CCSD assumes command-following performance
measures. CPS will realize the intent of the
user.
ABS
power grid?
Automated External Defibrillator
19
From following commands to realizing intent
CCSD assumes command-following performance
measures. CPS will realize the intent of the
user.
Integration of logic/rules/events with
continuous/timed feedback control (hybrid systems)
ABS
power grid?
Automated External Defibrillator
20
From following commands to realizing intent
CCSD assumes command-following performance
measures. CPS will realize the intent of the
user.
ABS
power grid?
Automated External Defibrillator
Automate system operation under stressed
conditions.
21
Human-system interaction

• CCSD assumes only information feedback.
• CPS will include physical feedback.

building control?
aircraft
ABS
Boeing 777
Airbus 380
22
Human-system interaction

• CCSD assumes only information feedback.
• CPS will include physical feedback.

building control?
Haptic systems design
aircraft
ABS
Boeing 777
Airbus 380
23
Human-system interaction

• CCSD assumes only information feedback.
• CPS will include physical feedback.

building control?
aircraft
ABS
Integrate human behavior into the control loop
(e.g., make it uncomfortable so they will open
the windows)
Boeing 777
Airbus 380
24
Deeply embedded CPS

• In CCSD embedded components close local inner
  feedback loops.
• CPS will enhance and leverage nature physical
  feedback at all levels.

25
Deeply embedded CPS

• In CCSD embedded components close local inner
  feedback loops.
• CPS will enhance and leverage nature physical
  feedback at all levels.

E.g., medical implants that work with the
natural healing processes
26
Physical is central to CPS

• We need
• new cross-cutting paradigms
• new architectures
• CPS will lead to
• more rapid transition of science/technology to
  critical applications

27
Possible Grand Challenges3

• Zero automotive traffic fatalities, injuries
  minimized, and significantly reduced traffic
  congestion and delays
• Blackout-free electricity generation and
  distribution
• Reduce testing and integration time and costs of
  complex CPS systems (e.g. avionics) by one to two
  orders of magnitude
• Perpetual life assistants for busy, older or
  disabled people
• Extreme-yield agriculture
• Energy-aware buildings
• Location-independent access to world-class
  medicine
• Physical critical infrastructure that calls for
  preventive maintenance
• Self-correcting and self-certifying
  cyber-physical systems for one-off applications

3 Industry Roundtable on Cyber-Physical
Systems NSF, May 17, 2007 Raj Rajkumar, Carnegie
Mellon University
28
Cyber Physical Systems orCyber for Physical
Systems

• How should the requirements for control (and
  other) physical applications influence cyber
  research?
• Will the standard separation of concerns approach
  (applications vs. computing infrastructure)
  continue to work well?

29
Issues in Education

• computer science
• focuses on discrete mathematics
• little emphasis on numerical methods
• limits the understanding of physical systems
• domain experts (engineers)
• focuses on mathematics for analysis and design
• little exposure to embed and real-time computing
• limits the understanding of real-time
  implementation

We need to re-think how we educate domain experts
and computer scientists if we are going to
realize sustainable CPS.
30
Core CPS Programmatic Themes

• Scientific foundations for building verifiably
  correct and safe cyber-physical systems
• Scalable infrastructure and components with which
  cyber-physical systems can be deployed
• Tools and Experimental Testbed
• Education that encompasses both the cyber and the
  physical domains

CPS Briefing NSF, May 10, 2007 Raj Rajkumar,
Carnegie Mellon University
31
Long-Term CPS Goal

• Transform how we interact with the physical world
  just like the internet transformed how we
  interact with one another.
• Convergence of embedded systems, control theory,
  hybrid systems, microcontrollers, sensors,
  actuators, wireless networks, wide area networks,
  distributed systems, operating systems, advances
  in structures,

Seek scientific foundations and technologies to
integrate cyber-concepts with the dynamics of
physical and engineered systems.
Industry Roundtable on Cyber-Physical
Systems NSF, May 17, 2007 Raj Rajkumar, Carnegie
Mellon University