cyber physical systems: the need for new models and design paradigms bruce h. krogh carnegie mellon...

Cyber Physical Systems: The Need for New

Models and Design Paradigms

Bruce H. KroghCarnegie Mellon University

Cyber-Physical systems

Cyber-Physical Systems (CPS) are integrations of computation and physical processes.1

What’s new?• size and power of computational elements• pervasive networking• sensing technology• actuation technologyWhat’s old?• modeling and design paradigms

1 Computing Foundations and Practice for Cyber-Physical Systems: A Preliminary ReportTechnical Report No. UCB/EECS-2007-72, May 21, 2007Edward Lee, University of California at Berkeley

More on Cyber-Physical Systems2

• Some defining characteristics:– Cyber capability in every physical component– Networked at multiple and extreme scales– Complex at multiple temporal and spatial scales– Dynamically reorganizing/reconfiguring– High degrees of automation, control loops must close at all scales– Operation must be dependable, certified in some cases

• Goals of a CPS research program– A new science for future engineered and monitored systems (10-20 year

perspective) – Physical and cyber design that is deeply integrated

• What cyber-physical systems are not:– Not desktop computing– Not traditional, post-hoc embedded/real-time systems– Not today’s sensor nets

2 CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University

Example: Health Care and Medicine

• National Health Information Network, Electronic Patient Record initiative

– Medical records at any point of service– Hospital, OR, ICU, …, EMT?

• Home care: monitoring and control – Pulse oximeters (oxygen saturation), blood glucose

monitors, infusion pumps (insulin), accelerometers (falling, immobility), wearable networks (gait analysis), …

• Operating Room of the Future (Goldman)– Closed loop monitoring and control; multiple treatment

stations, plug and play devices; robotic microsurgery (remotely guided?)

– System coordination challenge• Progress in bioinformatics: gene, protein

expression; systems biology; disease dynamics, control mechanisms

Images thanks to Dr. Julian Goldman, Dr. Fred Pearce

CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University

Example: Electric Power Grid

• Current picture:– Equipment protection devices trip locally,

reactively– Cascading failure: August (US/Canada)

and October (Europe), 2003• Better future?

– Real-time cooperative control of protection devices

– Or -- self-healing -- (re-)aggregate islands of stable bulk power (protection, market motives)

– Ubiquitous green technologies– Issue: standard operational control

concerns exhibit wide-area characteristics (bulk power stability and quality, flow control, fault isolation)

– Technology vectors: FACTS, PMUs– Context: market (timing?) behavior,

power routing transactions, regulation

IT Layer

Images thanks to William H. Sanders, Bruce Krogh, and Marija Ilic


Pervasive Underlying Problems, Not Solved by Current Technologies

• How to build predictable real-time, networked systems at all scales with integrated models of the physical world?

• How to formulate and manage high-confidence, dynamically-configured CPS?

• How to organize inter-operable “aggregated” systems?• How to cooperatively detect and manage interference among

systems in real time, avoid cascading failure?• How to formulate an evidential (synthetic and analytic) basis for

trusting systems?


Impending Technical Challenges

Shift FROM• compartmentalized designs of physical systems, control

subsystems and software architecture • lack of knowledge on the cyber side of engineering

principles and physical laws (and vice-versa)• cyclic executives + human- and information-centric

operation • centralized • separation in time and spaceTO• integrated and optimized design• CPS-awareness and expertise• to highly-automated, autonomous, coordinated frameworks• to federated, decentralized, open and configurable • multi-scale systems, mixed synchronous/reactive systems

Still• real-time (perhaps wide-area, time-critical), still safety- and

security-critical, require certificationCPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University

Recent Workshops onCyber-Physical Systems

• “High Confidence Medical Device Software and Systems (HCMDSS)”, June 2 - 3, 2005, Philadelphia, PAhttp://rtg.cis.upenn.edu/hcmdss/index.php3

• “Aviation Software Systems: Design for Certifiably Dependable Systems”, October 5-6, 2006, Alexandria http://chess.eecs.berkeley.edu/hcssas/index.html.

• NSF Workshop on “Cyber-Physical Systems”, October 16-17, 2006, Austin, http://varma.ece.cmu.edu/CPS.

• “Beyond SCADA: Networked Embedded Control for Cyber Physical Systems (NEC4CPS)”, November 8 & 9, 2006, Pittsburgh http://trust.eecs.berkeley.edu/scada/.

• “High-Confidence Software Platforms for Cyber-Physical Systems (HCSP-CPS), November 30 – December 1, 2006, Alexandria http://www.isis.vanderbilt.edu/HCSP-CPS/.


• Health-Care– Doug Busch, VP and CTO of Digital Health Group, Intel– David R. Jones, Director Quality Assurance, Regulatory Affairs and Philips Business

Excellence, Philips Consumer Healthcare Solutions • Automotive Systems

– Nady Boules, Director, Electrical and Controls Integration, General Motors– Venkatesh Prasad, Director, Ford

• Building and Process Controls– J. Michael McQuade, Senior VP, Science and Technology, United Technologies– Steve Schilling, VP, Emerson Process Control

• Defense and Aviation Systems– John Borgese , VP of Advanced Technology Center, Rockwell Collins– Gary Hafen, Director of Software Engineering, Lockheed Martin Corporate Headquarters– Peter Tufano, VP of Engineering for Network Enabled Systems, BAE– Don Winter, VP of Engineering and Information Technology, Boeing PhantomWorks

• Critical Infrastructure– Guido Bartels, Director, IBM Global Energy and Utility Solutions– Henry Kluepfel, Vice-President, SAIC

• Venture Capital– David Tennenhouse, General Partner, New Venture Partners

Industry Round-Table on CPSNSF, May 17, 2007


Traditional approach: Separation of Concerns• Control-theoretic design of continuous dynamic

feedback loops– ignore implementation details: mode switching, fault detection, real-

time constraints, implementation platform, etc.

• Event-based design to supervise real-time control loops– ignore continuous dynamics: stability, transient response, parametric

variations, etc.

Design of Embedded Control Systems

Traditional approach: Separation of Concerns• Control-theoretic design of continuous dynamic

feedback loops– ignore implementation details: mode switching, fault detection, real-

time constraints, implementation platform, etc.

• Event-based design to supervise real-time control loops– ignore continuous dynamics: stability, transient response, parametric

variations, etc.

This works in most cases, BUT ...

Design of Embedded Control Systems

Demands from Emerging Applications

New challenges• increasingly complex applications

– safety critical systems– autonomy– multi-agent

• increasingly complex solutions– heterogeneous, distributed platforms– sophisticated numerical control algorithms

• Implications– engineering insight is inadequate– testing-based V&V is insufficient– move toward model-based design

Tools for Design & Implementation of Embedded Control Systems

Lyapunov functions, eigenspace analysis, etc.

Analytical Tools

MATLAB, MatrixX, VisSim, etc.,

Software Tools

Control Design:Continuous State

differential equations, transfer functions, etc.

Models

Boolean algebra, formal logics, recursion, etc.

SCADE, Statemate, SMV, SAT, etc.

Control Implementation:

Discrete State/Events

automata, Petri nets, statecharts, etc.

Limitations of Conventional Control System Design (CCSD)

• Inputs/outputs are not intrinsic• From following commands to

implementing intent• Human-system interaction• Deeply embedded CPS

Inputs/outputs are not intrinsic

CCSD assumes an I/O structure. In CPS, the identity of input/output signals is context dependent (at best).

steer-by-wire temperature door closer

(J. C. Willems)




(J. C. Willems)

Model context-dependence as hybrid systems w/

mode switching




(J. C. Willems)

Physical modeling “languages”:• bond graphs • Omola/Dymola• SimMechanics

From following commands to realizing intent

CCSD assumes command-following performance measures. CPS will realize the intent of the user.

ABS Automated External Defibrillator

power grid?




power grid? Integration of logic/rules/events with

continuous/timed feedback control(hybrid systems)




power grid? Automate system operation under

stressed conditions.

Human-system interaction

CCSD assumes only information feedback. CPS will include physical feedback.

aircraft building control?ABS

Boeing 777

Airbus 380




Boeing 777

Airbus 380

Haptic systems design




Boeing 777

Airbus 380

Integrate human behavior into the control loop (e.g.,

make it uncomfortable so they will open the

windows)

Deeply embedded CPS

In CCSD embedded components close local “inner” feedback loops.

CPS will enhance and leverage nature physical feedback at all levels.

Deeply embedded CPS

In CCSD embedded components close local “inner” feedback loops.

CPS will enhance and leverage nature physical feedback at all levels.

E.g., medical implants that work with the natural healing processes

Physical is central to CPS:

We need• new cross-cutting paradigms• new architecturesCPS will lead to• more rapid transition of science/technology to

critical applications

Possible Grand Challenges3

• Zero automotive traffic fatalities, injuries minimized, and significantly reduced traffic congestion and delays

• Blackout-free electricity generation and distribution• Reduce testing and integration time and costs of complex

CPS systems (e.g. avionics) by one to two orders of magnitude

• Perpetual life assistants for busy, older or disabled people• Extreme-yield agriculture• Energy-aware buildings• Location-independent access to world-class medicine• Physical critical infrastructure that calls for preventive

maintenance• Self-correcting and self-certifying cyber-physical systems

for “one-off” applications

3 Industry Roundtable on Cyber-Physical SystemsNSF, May 17, 2007Raj Rajkumar, Carnegie Mellon University

Cyber Physical Systems or

Cyber for Physical Systems

• How should the requirements for control (and other) physical applications influence “cyber” research?

• Will the standard separation of concerns approach (applications vs. computing infrastructure) continue to work well?

Issues in Education

• computer science – focuses on discrete mathematics– little emphasis on numerical methods– limits the understanding of physical systems

• domain experts (engineers)– focuses on mathematics for analysis and design– little exposure to embed and real-time computing– limits the understanding of real-time implementation

We need to re-think how we educate domain experts and computer scientists if we are going to realize

sustainable CPS.

Core CPS Programmatic Themes

• Scientific foundations for building verifiably correct and safe cyber-physical systems

• Scalable infrastructure and components with which cyber-physical systems can be deployed

• Tools and Experimental Testbed• Education that encompasses both the cyber and

the physical domains


Long-Term CPS Goal

• Transform how we interact with the physical world just like the internet transformed how we interact with one another.– Convergence of embedded systems, control theory, hybrid

systems, microcontrollers, sensors, actuators, wireless networks, wide area networks, distributed systems, operating systems, advances in structures, …

Seek scientific foundations and technologies to integrate cyber-concepts with the dynamics of physical

and engineered systems.

Industry Roundtable on Cyber-Physical SystemsNSF, May 17, 2007Raj Rajkumar, Carnegie Mellon University

cyber physical systems: the need for new models and design paradigms bruce h. krogh carnegie mellon...

Documents

cyber physical systems

networked systems

physical component

physical processes

physical world

embeddedrealtime systems

flow control

control loops