guaranteeing proper-temporal-embedding safety rules in …csqwang/research/dsn2013.lease... ·...

Guaranteeing Proper-Temporal-Embedding Safety Rules in Wireless CPS: A Hybrid

Formal Modeling Approach

Feng Tan*, Yufei Wang*, Qixin Wang*, Lei Bu†, Rong Zheng‡, Neeraj Suri*** Embedded Systems & Networking Lab, Dept. of Computing, The Hong Kong Polytechnic Univ.

† State Key Lab for Novel Software Tech., Dept. of Computer Sci. & Tech., Nanjing Univ., China‡ Dept. of Computing and Software, McMaster Univ., Canada

** Dept. of Computer Science, TU Darmstadt, GermanyJune 26, 2013

http://www.google.com.hk/url?sa=i&source=images&cd=&cad=rja&docid=tnuQqzuBPDEgYM&tbnid=u5Cdg6X7lv8UFM:&ved=0CAgQjRwwAA&url=http%3A%2F%2Fwww2.kau.se%2Ftp%2Fworkshopnanjing%2F&ei=pde7UY2QFZCUiAet4YCwDw&psig=AFQjCNH9oCTYbVxxNiSWOe2ygU2FpXs8Rw&ust=1371351333417891http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=9XR5TMVX-Lew2M&tbnid=Rya821O9a9XClM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.iap.tu-darmstadt.de%2Flqo%2F&ei=wNi7UfbjEuaviQf73oG4Bg&psig=AFQjCNG4YYQNQtRmlPn7HAIPoT7O-Buxpw&ust=1371351532231294

Evaluation

Related Work

Background

Problem

Solution

Demand

Overview

Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.

Life/Mission critical CPS demand wireless

Wireless is unreliable

Conflict

https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260




ConflictPTE Safety Guarantee






Design Pattern Hybrid Modeling


Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystems

Medical

Manufacturing

Avionics

http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348

CPS Features

Typically distributed and life/mission-critical

Real-time (in addition to logical time) matters

Modeling must integrate both discrete and continuous aspects


Distributed life/mission critical CPS demand wireless communications.


http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=NDrY3pXl9XSNdM&tbnid=XbDWJe2hNKRTkM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.globalrobots.ae%2Frobots_applications%2Findex.html&ei=-9e-UeimH4GGiQfXv4FA&psig=AFQjCNHctciLpMsT7pWCuAQv8W_-kgEtOA&ust=1371547967472450



http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=NDrY3pXl9XSNdM&tbnid=XbDWJe2hNKRTkM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.globalrobots.ae%2Frobots_applications%2Findex.html&ei=-9e-UeimH4GGiQfXv4FA&psig=AFQjCNHctciLpMsT7pWCuAQv8W_-kgEtOA&ust=1371547967472450http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348

How to guarantee the safety of life/mission critical wireless CPS?



Conflict


How to guarantee the Proper-Temporal-Embedding (PTE) safety rule of life/mission critical wireless CPS?





What is Proper-Temporal-Embedding (PTE) safety rule?

CPS Feature 2: real-time (in addition to logical time) matters!


risky state dwelling time upper bound

risky state dwelling time upper bound


enter-risky safeguard interval


exit-risky safeguard interval

How to guarantee PTE safety despite of arbitrary wireless link failures?


Leasing Design Pattern: risky state dwelling time must be leased.

General concepts of Leasing design pattern: each CPS entity takes one of the 3 roles.

Initiator

Supervisor

ParticipantParticipant

1. request2. lease2. l

ease

3. approve

http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191

CPS Features: 1. real-time matters; 2. real-time PTE even when aborting/canceling. (+ 3. arbitrary comm. failures)

Initiator

Participant

Participant

active

fallback

active

fallback

active

fallback

http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191

How to formally describe, analyze, and use Leasing design pattern in the context of CPS?

How to formally describe, analyze, and use Leasing design pattern in the context of CPS?

CPS Feature 3 implies the use of hybrid automata modeling

Hybrid Automaton is a state-of-the-art modeling tool for CPS.

Bouncing Ball Example

Leasing Design Pattern for PTE Safety Rules: detailed Supervisor's hybrid automaton

Leasing Design Pattern for PTE Safety Rules: detailed Initiator's hybrid automaton

Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton

Validity of the design pattern

Theorem 1: If the temporal parameters of the design pattern hybrid automata satisfy a certain set of linear inequalities, then PTE safety is guaranteed despite of arbitrary communications link failures.

Validity of the design pattern

Using the design pattern: how to turn design pattern into detailed CPS designs?

We proposed a formal procedure to elaborate a design pattern hybrid automaton into a detailed design hybrid automaton.

Elaborate

Validity of elaboration

Theorem 2: If detailed design hybrid automata are respectively derived by elaborating corresponding design pattern hybrid automata, then PTE safety is guaranteed despite of arbitrary communications link failures.

Laser Tracheotomy Medical CPS: interconnect/interlock smart medical devices to increase safety

Laser Tracheotomy without Device Interlock

Laser Tracheotomy CPS

Laser Tracheotomy Medical CPS: interconnect/interlock smart medical devices to increase safety

Demand to use wireless links for safety and efficiency concerns.


wireless links

wireless links



wireless links

wireless links

Laser Tracheotomy CPS PTE safety rule.

≥3sec ≥1.5sec≤60sec

System architecture and roles of the design pattern: Initiator, Supervisor, Participant

Following the Leasing design pattern and Elaboration procedure, we derive detailed designs

Emulation Scheme

Emulation Results

Related Work

Leasing Protocol [7,8,9,10,11,12][24]

check-point & roll-back

logical time vs. real-time PTE

uncontrollable physical world parameters

Related Work

Use of formal modeling in design pattern [30~33].

Hybrid modeling mostly used for verification [3],[13~16].

Tichakorn [34] proposes use a subclass of hybrid automata for designing periodical hybrid control systems.

Conclusion

1. Proposed a Lease based design pattern to guarantee PTE safety rules in wireless CPS, under arbitrary communication link failures.

2. Derived the corresponding closed-form linear constraints for temporal configuration parameters.

3. Formal description of design pattern with hybrid modeling.

4. Proposed a formal methodology to elaborate design pattern hybrid automata to detailed design hybrid automata, while maintaining PTE safety properties.

Thank you!Life/Mission critical CPS demand wireless



Design Pattern Hybrid Modeling



Anesthesiology

Surgical Medicine

Nursing

Communications

Mechanics

Computer

Control


Chemical Engineering

Control Mechanics

Thermal Engineering

Communications

Computer

http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AoKD79CSip3aYM&tbnid=PvFxzfT8MaaLZM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.icsindustrialservices.co.uk%2Fchemical---filter-ccleaning%2F&ei=d86-Ucm5OKWwiQet0oCYBA&psig=AFQjCNEikfjrweJc924s2nIehw76GQGSmw&ust=1371545561438032


Computer Mechanics Aerodynamics

Control

Material

Communications


The Operation Room Spider Web


The Operation Room Spider Web, after medical CPS safety interlocks


Spider Web OR vs. Wireless OR


Leasing Design Pattern

Hybrid Automata Modeling: formally describe, analyze, and use the design pattern

General concept of Leasing Design Pattern for CPS PTE guarantee

Initiator

Supervisor




Initiator

Supervisor


FallbackFallback

Fallback

Fallback



Initiator

Supervisor


FallbackFallback

Fallback

Request



Initiator

Supervisor


Fallback

RequestLease

Fallback



Initiator

Supervisor


Fallback

RequestLease



Initiator

Supervisor


RequestLeaseLea

se

Fallback



Initiator

Supervisor


RequestLeaseLea

se



Initiator

Supervisor


RequestLeaseLea

se

Approve



Initiator

Participant

Participant

active

fallback

active

fallback

active

fallback


The same scenario can also apply to purely cyber systems. What's the difference that CPS makes?

Initiator

Participant

Participant

active

fallback

active

fallback

active

fallback


CPS Features: 1. real-time matters; 2. real-time PTE even when aborting/canceling. (+ 3. arbitrary comm. failures)

Initiator

Participant

Participant

active

fallback

active

fallback

active

fallback


Leasing Design Pattern for PTE Safety Rules: sketch of Supervisor's hybrid automaton

Leasing Design Pattern for PTE Safety Rules: sketch of Initiator's hybrid automaton

Leasing Design Pattern for PTE Safety Rules: sketch of Participant's hybrid automaton

Emulation Scheme

)(5.1),(3:intervals safeguard PTE

)(6),(35),(3 :Ventilator

)(5.1),(20),(10),(5 :Initiator

)(3),(13 :Supervisor

min12:

min21:

1,max

1,max

1,

2,max

2,max

2,max

2,

maxmin0,

sTsT

sTsTsT

sTsTsTsT

sTsT

saferisky

exitrunenter

exitrunenterreq

waitfb

Example Scenario

Patient

SpO2 Sensor

Ventilator Laser Scalpel

SurgeonSupervisor

Example Scenario

Patient

SpO2 Sensor

Laser Scalpel

SurgeonSupervisor

VentilatorPausing

Example Scenario

Patient

SpO2 Sensor

VentilatorPausing Laser

Scalpel

SurgeonSupervisor

Example Scenario

Patient

SpO2 Sensor

VentilatorPausing Laser Scalpel

Shooting

SurgeonSupervisor

Example Scenario

Patient

SpO2 Sensor


Scalpel

SurgeonSupervisor

Example Scenario

Patient

SpO2 Sensor


Scalpel

SurgeonSupervisor

lost

Example Scenario

Patient

SpO2 Sensor


Scalpel

SurgeonSupervisor

Example Scenario

Patient

SpO2 Sensor


SurgeonSupervisor

Example Scenario

Patient

SpO2 Sensor

Laser Scalpel

SurgeonSupervisor

VentilatorPausing

http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086

Example Scenario

Patient

SpO2 Sensor


Scalpel

SurgeonSupervisor


Example Scenario

Patient

SpO2 Sensor

VentilatorPausing Laser Scalpel

Shooting

SurgeonSupervisor

http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086

Example Scenario

Patient

SpO2 Sensor


Scalpel

SurgeonSupervisor


Example Scenario

Patient

SpO2 Sensor


Scalpel

SurgeonSupervisor

lost


Example Scenario

Patient

SpO2 Sensor


Scalpel

SurgeonSupervisor


Example Scenario

Patient

SpO2 Sensor


SurgeonSupervisor

Guaranteeing Proper-Temporal-Embedding Safety Rules in Wireless CPS: A Hybrid Formal Modeling ApproachSlide Number 2Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystemsCPS FeaturesSlide Number 8Slide Number 9Slide Number 10Distributed life/mission critical CPS demand wireless communications.How to guarantee the safety of life/mission critical wireless CPS?How to guarantee the Proper-Temporal-Embedding (PTE) safety rule of life/mission critical wireless CPS?What is Proper-Temporal-Embedding (PTE) safety rule?CPS Feature 2: real-time (in addition to logical time) matters!CPS Feature 2: real-time (in addition to logical time) matters!CPS Feature 2: real-time (in addition to logical time) matters!CPS Feature 2: real-time (in addition to logical time) matters!How to guarantee PTE safety despite of arbitrary wireless link failures?How to guarantee PTE safety despite of arbitrary wireless link failures?General concepts of Leasing design pattern: each CPS entity takes one of the 3 roles.CPS Features: 1. real-time matters; 2. real-time PTE even when aborting/canceling. (+ 3. arbitrary comm. failures)How to formally describe, analyze, and use Leasing design pattern in the context of CPS?How to formally describe, analyze, and use Leasing design pattern in the context of CPS?Hybrid Automaton is a state-of-the-art modeling tool for CPS.Leasing Design Pattern for PTE Safety Rules: detailed Supervisor's hybrid automaton Leasing Design Pattern for PTE Safety Rules: detailed Initiator's hybrid automaton Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton Validity of the design pattern Validity of the design pattern Using the design pattern: how to turn design pattern into detailed CPS designs?We proposed a formal procedure to elaborate a design pattern hybrid automaton into a detailed design hybrid automaton.Validity of elaboration Laser Tracheotomy Medical CPS: interconnect/interlock smart medical devices to increase safetySlide Number 37Demand to use wireless links for safety and efficiency concerns.Demand to use wireless links for safety and efficiency concerns.Demand to use wireless links for safety and efficiency concerns.Laser Tracheotomy CPS PTE safety rule.System architecture and roles of the design pattern: Initiator, Supervisor, ParticipantSystem architecture and roles of the design pattern: Initiator, Supervisor, ParticipantSystem architecture and roles of the design pattern: Initiator, Supervisor, ParticipantSystem architecture and roles of the design pattern: Initiator, Supervisor, ParticipantFollowing the Leasing design pattern and Elaboration procedure, we derive detailed designsEmulation SchemeEmulation ResultsRelated WorkRelated WorkConclusionThank you!Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystemsCyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystemsCyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystemsDemand to use wireless links for safety and efficiency concerns.Demand to use wireless links for safety and efficiency concerns.Demand to use wireless links for safety and efficiency concerns.How to guarantee PTE safety despite of arbitrary wireless link failures?General concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeThe same scenario can also apply to purely cyber systems. What's the difference that CPS makes?CPS Features: 1. real-time matters; 2. real-time PTE even when aborting/canceling. (+ 3. arbitrary comm. failures)Leasing Design Pattern for PTE Safety Rules: sketch of Supervisor's hybrid automaton Leasing Design Pattern for PTE Safety Rules: sketch of Initiator's hybrid automaton Leasing Design Pattern for PTE Safety Rules: sketch of Participant's hybrid automaton Emulation SchemeExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample Scenario

guaranteeing proper-temporal-embedding safety rules in …csqwang/research/dsn2013.lease... ·...

Documents