1st disim workshop on engineering cyber-physical systems
TRANSCRIPT
Fon any information please contact Alessandro D’Innocenzo – [email protected] -
or Henry Muccini - [email protected]
1ST DISIM WORKSHOP ON
ENGINEERING CYBER-PHYSICAL SYSTEMS
TUESDAY 26, JANUARY 2016, 2:00 PM
MEETING ROOM 2.3, II FLOOR, COPPITO 1
UNIVERSITY OF L’AQUILA, ITALY
PROGRAM
14:00 - Alessandro D’Innocenzo & Henry Muccini - Welcome & Introduction to CPS
14:20 - Alessandro D’Innocenzo - Modeling and Co-design of Control Tasks over Wireless
Networking Protocols: State of the Art and Challenges
14:40 - Giordano Pola – Formal methods for analysis and control of CPS
15:00 - Elena De Santis - Safe Communication in Power Systems: application to a DC microgrid
control - Safe Human-Inspired Model for Vehicle Control
15:20 – Henry Muccini – Architecting (Self-Adaptive) Cyber-Physical Systems: a View on the State of
the Art
15:40 - Luigi Pomante: Electronic Design Automation & Embedded Systems Development
16:00 - Stefania Costantini - Agent-based hybrid architecture for Smart Cyber-Physical Systems and
applications to eHealth
16:20 - Discussion
Alessandro D’Innocenzo, Henry Muccini [email protected]
Dept. of Information Engineering, Computer Science and Mathematics
University of L’Aquila, Italy
DEWS
Centre of Excellence on Design Methodologies of Embedded Controllers,
Wireless Interconnect and Systems-on-chip - University of L’Aquila, Italy
SEA Group
The Next Computing Revolution
Mainframe computing (60’s – 70’s)
Large computers to execute big data processing applications
Desktop computing & Internet (80’s – 90’s)
One computer at every desk to do business/personal activities
Ubiquitous computing (00’s)
Numerous computing devices in every place/person
Millions for desktops vs. billions for embedded processors
Cyber Physical Systems (10’s)
SEA Group
What are Cyber Physical Systems?
Cyber-Physical Systems (CPS) as ``engineered systems that are
built from, and depend upon, the seamless integration of
computational and physical components” [NSF12]
Cyber-Physical Systems (CPS) are integrations of computation
with physical processes. Embedded computers and networks
monitor and control the physical processes, usually with
feedback loops where physical processes affect computations
and vice versa [Lee08]
A cyber-physical system (CPS) is a system of collaborating
computational elements controlling physical entities
[Wikipedia].
SEA Group
HW/SW
component
HW/SW
component
HW/SW
component
HW/SW
component
HW/SW
component
Monitor and
controlAffect
Feedback loop
Collaborate
SEA Group
Different names for same things…
Cyberphysical Systems (CPS),
Networked Embedded Systems,
SCADA,
Swarm Robotics,
Drone Sensor Networks,
Internet of Things (IoT),
Wireless Sensor Networks (WSN),
SEA Group
Main characteristics
- Networked embedded components
- Feedback loop
- Adaptable, re-configurable, dynamic
- Distributed control
SEA Group
CPS versus Embedded Systems
CPS represents an evolution of embedded systems,
where components are immersed in and interacting
with the physical world
CPS has to satisfy new requirements, such as
continuous evolution and adaptability, due to the
computational complexity, distribution and system
adaptability of those systems.
SEA Group
Example #1 (taken from Luca Mottola slides)
SEA Group
Example #1 (taken from Luca Mottola slides)
SEA Group
Example #2: self-driving cars
SEA Group
Example #3: smart buildings
INCIPICT SER2: Building automation systems:
Motivations
Physical modeling, automatic
control, communication:
Cyber-Physical Systems
Rule Based DR
Model Based DR
Data-Driven DR
Building automation systems: SoA
Courtesy of Madhur Behl
SEA Group
CPS versus Networked Systems
CPS represents an evolution of networked control
systems, where physical systems and controllers
interact via a communication system
CPS inherit from NCS challenges on distributed control
and dynamic reconfiguration
Networked Control Systems
Plantu y
x
• Let a plant model be given by input/output/internal variables and
differential/difference equations, e.g.:
� � + 1 = �� � + �� � , � = ��(�)
Networked Control Systems
Plantu y
x
• Let a plant model be given by input/output/internal variables and
differential/difference equations, e.g.:
� � + 1 = �� � + �� � , � = ��(�)
• Let some specifications be given on the desired behavior of the variables,
e.g. stability or some temporal logic formula
Networked Control Systems
PlantControlleru y
x
• Let a plant model be given by input/output/internal variables and
differential/difference equations, e.g.:
� � + 1 = �� � + �� � , � = ��(�)
• Let some specifications be given on the desired behavior of the variables,
e.g. stability or some temporal logic formula
• Design a controller such that the closed-loop interconnection satisfies the
specifications, e.g.
ℎ � + 1 = �ℎ � + � � , u � = �ℎ(�)
Networked Control Systems
PlantController
• Let a plant model be given by input/output/internal variables and
differential/difference equations, e.g.:
� � + 1 = �� � + �� � , � = ��(�)
• Let some specifications be given on the desired behavior of the variables,
e.g. stability or some temporal logic formula
• Design a controller such that the closed-loop interconnection satisfies the
specifications, e.g.
ℎ � + 1 = �ℎ � + � � , u � = �ℎ �
• What if plant and controller exchange data via a communication network?R. Alur, A. D'Innocenzo, K.H. Johansson, G.J. Pappas, G. Weiss. Compositional Modeling and Analysis of Multi-Hop
Control Networks. IEEE Transactions on Automatic Control, Special Issue on Wireless Sensor and Actuator
Networks, full paper, 56(10):2345-2357, 2011.
u y
xComm.
Network
SEA Group
Bibliography
[NSF12] National Science Foundation, Cyber-Physical
Systems Program Solicitation NSF 13-502, October
2012
[Lee08] Edward A. Lee. Cyber Physical Systems: Design
Challenges.Technical Report No. UCB/EECS-2008-8,
January 23, 2008
SEA Group
ModelingandCo-designofControlTasksoverWirelessNetworkingProtocols:
StateoftheArtandChallenges
AlessandroD’Innocenzo
1st DISIMWorkshoponEngineeringCyberPhysicalSystemsJanuary26,2016– UniversityofL’Aquila
Objective1:Robust&securedesignofcontroltasksoverwirelesscommunicationprotocols
Objective2:Co-simulationandemulationofcontrolalgorithms,communicationprotocolsandphysicalsystems
• Formalcompositionalinterfacesbetweencontrolalgorithmsandwirelesscommunicationprotocols
• Quantifyimpactofwirelessnetworkingoncontrolperformance• Robustnesswithrespecttopacketlossesanddelays• Resiliencewithrespecttofailuresandmaliciousintrusions• Formalverificationtoolsandco-simulationenvironments
Goal:todevelopnovelmethodsforco-designofcontrolalgorithmsandcommunicationprotocolconfiguration
Method:Interdisciplinaryresearchacrossthe“3C”:controltheory,computerscienceandcommunicationtheory
Output:novelmethodsthatimproveperformanceandsecurityoftechnologicalsolutionsforwirelessautomationsystems
Contactinfo:[email protected]
Controltask
Plantu y
x
• Let aplantmodelbegiven byinput/output/internal variables anddifferential/difference equations,e.g.:
𝑥 𝑘 + 1 = 𝐴𝑥 𝑘 + 𝐵𝑢 𝑘 , 𝑦 𝑘 = 𝐶𝑥(𝑘)
Controltask
Plantu y
x
• Let aplantmodelbegiven byinput/output/internal variables anddifferential/difference equations,e.g.:
𝑥 𝑘 + 1 = 𝐴𝑥 𝑘 + 𝐵𝑢 𝑘 , 𝑦 𝑘 = 𝐶𝑥(𝑘)• Let somespecifications begiven onthedesired behavior ofthevariables,
e.g.stability orsometemporal logic formula
Controltask
PlantControlleru y
x
• Let aplantmodelbegiven byinput/output/internal variables anddifferential/difference equations,e.g.:
𝑥 𝑘 + 1 = 𝐴𝑥 𝑘 + 𝐵𝑢 𝑘 , 𝑦 𝑘 = 𝐶𝑥(𝑘)• Let somespecifications begiven onthedesired behavior ofthevariables,
e.g.stability orsometemporal logic formula• Designacontrollersuch that theclosed-loop interconnectionsatisfies the
specifications,e.g.ℎ 𝑘 + 1 = 𝐸ℎ 𝑘 + 𝐹𝑦 𝑘 , u 𝑘 = 𝐺ℎ(𝑘)
Controltask
PlantController
• Let aplantmodelbegiven byinput/output/internal variables anddifferential/difference equations,e.g.:
𝑥 𝑘 + 1 = 𝐴𝑥 𝑘 + 𝐵𝑢 𝑘 , 𝑦 𝑘 = 𝐶𝑥(𝑘)• Let somespecifications begiven onthedesired behavior ofthevariables,
e.g.stability orsometemporal logic formula• Designacontrollersuch that theclosed-loop interconnectionsatisfies the
specifications,e.g.ℎ 𝑘 + 1 = 𝐸ℎ 𝑘 + 𝐹𝑦 𝑘 , u 𝑘 = 𝐺ℎ 𝑘
• What if plant andcontrollerexchangedataviaawirelessnetwork?R.Alur,A.D'Innocenzo,K.H.Johansson, G.J.Pappas,G.Weiss. Compositional Modeling andAnalysis ofMulti-HopControlNetworks.IEEETransactions onAutomatic Control, SpecialIssue onWireless SensorandActuatorNetworks,fullpaper,56(10):2345-2357, 2011.
u y
xWirelessNetwork
ChallengeswithWiredControlNetworks
Wires areexpensive• Wires as well as installationcosts• Wire/connectorwear andtear
Lack offlexibility• Wires constrain sensor/actuatormobility• Limitedreconfigurationoptions
Restricted controlarchitectures• Centralizedcontrolparadigm
Paradigmshifttowardswirelesscontrolarchitectures
“Removing cables undoubtedly saves cost, but often the real cost gains lie in the radicallydifferent design approach that wireless solutions permit. […] In order to fully benefit fromwireless technologies, a rethink of existing automation concepts and the complete designand functionality of an application is required.” Jan-Erik Frey, R&D Manager ABB
WirelessControlNetworkA collection of cooperating algorithms (controllers) designed to achievea set of common goals, aided by interactions with the environmentthrough distributed measurements (sensors) and actions (actuators)exchanged via a wireless communication network
WirelessControlNetworkA collection of cooperating algorithms (controllers) designed to achievea set of common goals, aided by interactions with the environmentthrough distributed measurements (sensors) and actions (actuators)exchanged via a wireless communication network
ApplicationsofWirelessControlNetworks
Industrialautomation
EnvironmentalMonitoring,Disaster Recovery andPreventiveConservation
SupplyChainandAssetManagement
PhysicalSecurityandControl
OpportunitiesvschallengeswithWirelessControlNetworksLowercosts,easierinstallation• SuitableforemergingmarketsBroadensscopeofsensingandcontrol• Easiertosense/monitor/actuate:opensnewapplicationdomainsCompositionality• Enablessystemevolutionviacomposable controlloopsRuntimeadaptationandreconfiguration• Controlcanbemaintainedinresponsetofailuresandmaliciousattacks
Complexity• Systemsdesignersandprogrammersneedsuitableabstractionstohidethe
complexityfromwirelessdevicesandcommunicationprotocolsReliability• Needforrobustandpredictablebehaviordespitewirelessnon-idealitiesSecurity• Wirelesstechnologyisvulnerable:securitymechanismsforcontrolloops
Takeintoaccountcommunicationprotocolbehavior!
ISO/OSImodelfor(wireless)communicationprotocols
Application
Session
Presentation
Transport
Network
Data/Link
Physical
Application
Session
Presentation
Transport
Network
Data/Link
PhysicalWirelesslink))) (((
• Opensystemsinterconnection(OSI)modelseparatesfunctionalelementsofanetworkintosevenlayers
HostA HostB
ISO/OSImodelfor(wireless)communicationprotocols
Application
Session
Presentation
Transport
Network
Data/Link
Physical
Application
Session
Presentation
Transport
Network
Data/Link
PhysicalWirelesslink))) (((
Interference,datalosses,delays,limited
energy,channelcapacity,failures,
maliciousintrusions
Coding,modulation,tx power
Scheduling,accesstothewireless
channel
Routingstrategy
• Opensystemsinterconnection(OSI)modelseparatesfunctionalelementsofanetworkintosevenlayers
• OSImodelhasallowedrefinementofeachlayerindependently
Skype,youTube…
TCP,UDP
HostA HostB
ISO/OSImodelfor(wireless)communicationprotocols
Application
Session
Presentation
Transport
Network
Data/Link
Physical
Application
Session
Presentation
Transport
Network
Data/Link
PhysicalWirelesslink))) (((
• Opensystemsinterconnection(OSI)modelseparatesfunctionalelementsofanetworkintosevenlayers
• OSImodelhasallowedrefinementofeachlayerindependently• Eachlayeronlytalkswiththecorrespondinglayer…byexchangingpacketswith
thelayersabove&below
HostA HostB
Classicalcontrolloop
𝑢 𝑘 = 𝑓(𝑦 𝑘 )
Application
Session
Presentation
Transport
Network
Data/Link
Physical
Application
Session
Presentation
Transport
Network
Data/Link
PhysicalWirelesslink))) (((
S1
• Communicationstackandmediumistransparenttothecontrolalgorithm
A1 A2
RobustandFault-tolerantControl
𝑢5 𝑘 𝑢6 𝑘y 𝑘
𝑢5 𝑘 𝑢6 𝑘 y 𝑘
Plantcontrollaw
Controlloopoverawirelessnetwork
𝐮 𝐤 = 𝐟(𝐲 𝐤 )
Session
Presentation
Transport
Network
Data/Link
Physical
Sensing/actuation
Session
Presentation
Transport
Network
Data/Link
PhysicalWirelesslink))) (((
• Sensingandactuationdataarerelayedviatheprotocolstacklayers
S1A1 A2
Controlloops overawirelessnetwork
A1 A2 S1
𝐮 𝐤 = 𝐟(𝐲 𝐤 )
Session
Presentation
Transport
Network
Data/Link
Physical
Sensing/actuation
Session
Presentation
Transport
Network
Data/Link
PhysicalWirelesslink))) (((
Plantcontrollaw
• Sensingandactuationdataarerelayedviatheprotocolstacklayers• Severalfeedbackcontrolmechanismswithinseparatecommunicationlayers
TCPcongestioncontrol
Routingcontrol
Mediumaccesscontrol
Power,coding&modulationcontrol
Intra-layer controlloops
Controlloops overareal wirelessnetwork
Wirelessnetwork
Controlloops overareal wirelessnetwork
Wirelessnetwork
Borderlinebetweencontrolover networkandcontrolof networkdisappears
M.C.Escher,RelativityLithograph,1953
Controlloops overareal wirelessnetwork
Wirelessnetwork
Borderlinebetweencontrolover networkandcontrolof networkdisappears
M.C.Escher,RelativityLithograph,1953
Differentperspectivesintermsof• Time-scales
• Mathematicalsetting• Performancemetrics
• Constraints&non-idealities
HandlecomplexityofCPSviahybridsystemstheoryJ.Lygeros,S.Sastry,C.J.Tomlin.Agametheoreticapproachtocontrollerdesignforhybridsystems.InProc.
OfIEEE88(7):949-970,July2000• DiscreteVariables:
– Heateroff:q0– Heateron:q1
• ContinuousVariables:– Roomtemperature:x
• Transitions:– TurnheaterONwhenthetemperatureissmallerthan70degrees:x≤70.– TurnheaterOFFwhenthetemperatureisgreaterthan80degrees:x≥80.
• Analysisandcontrolofhybridsystemsviaformalmethods:– Discretizestatespace:Pola etal.[…]– Discretizetrajectories:YiDeng,A.D'Innocenzo,M.D.DiBenedetto,S.DiGennaro,A.A.Julius.
VerificationofHybridAutomataDiagnosability withMeasurementUncertainty.IEEETransactionsonAutomaticControl
Challenge:Co-designthecontrolalgorithmandthecommunicationprotocol
Controller
Application
Session
Presentation
Transport
Network
Data/Link
Physical
HandlecomplexityofCPSviatailoredmodelinganddesign
Co-designovertime-triggeredcommunicationprotocols
Challenge:Co-designthecontrolalgorithmandthecommunicationprotocol(scheduling,routingandcontrol)
Controller
Application
Session
Presentation
Transport
Network
Data/Link
Physical
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ
27
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ
28
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ§ Enablesredundancyindatarouting
29
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ§ Enablesredundancyindatarouting
30
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ§ Enablesredundancyindatarouting
31
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ§ Enablesredundancyindatarouting§ Schedulingmustguaranteerelayviamultiplepaths
32
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ§ Enablesredundancyindatarouting§ Schedulingmustguaranteerelayviamultiplepaths
33
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ§ Enablesredundancyindatarouting§ Schedulingmustguaranteerelayviamultiplepaths
34
WirelessHART MAC(scheduling) andNetwork(routing) layers
§ Time-triggered access tothechannel§ Timedivided inperiodic frames§ Each framedivided inΠ timeslots ofduration Δ§ Enablesredundancyindatarouting§ Schedulingmustguaranteerelayviamultiplepaths
Protocolsdesignedfor“slow”controltasks:exploitredundancytouseiton“fast”controltasks
Redundancyindatarouting…
§ …makessystemtoleranttolong-termlinkfailures
§ …enablesdetectionandisolationoffailuresandmaliciousattacks
§ …makessystemrobusttoshort-termlinkfailures(e.g.packetlosses)
Redundancyindatarouting…
Closeacontrolloopinvestigatingtworoutingstrategies:1. Single-pathdynamicrouting:switchingbehaviorduetodynamicrouting2. Multi-pathstaticrouting: algorithmstomergeredundantdata
§ …makessystemtoleranttolong-termlinkfailures
§ …enablesdetectionandisolationoffailuresandmaliciousattacks
§ …makessystemrobusttoshort-termlinkfailures(e.g.packetlosses)
Redundancyindatarouting…
§ …makessystemtoleranttolong-termlinkfailures
§ …enablesdetectionandisolationoffailuresandmaliciousattacks
§ …makessystemrobusttoshort-termlinkfailures(e.g.packetlosses)
Closeacontrolloopinvestigatingtworoutingstrategies:1. Single-pathdynamicrouting:switchingbehaviorduetodynamicrouting2. Multi-pathstaticrouting: algorithmstomergeredundantdata
Wirelesscontrolnetworksas switching systems
𝐾(𝑡)
Wirelesscontrolnetworksas switching systems
𝑡
𝐾(𝑡)
Wirelesscontrolnetworksas switching systems
t+1
𝐾(𝑡)
Wirelesscontrolnetworksas switching systems
t+…
𝐾(𝑡)
Different paths are associatedwith different delays.
Wirelesscontrolnetworksas switching systems
𝑡+…
𝐾(𝑡)
𝐴 =
𝐴I 𝐵I 00 0 𝐼⋮ ⋮ ⋮
⋯ 0 0⋯ 0 0⋱ ⋮ ⋮
0 0 00 0 00 0 0
⋯ 𝐼 0⋯ 0 𝐼⋯ 0 0
𝐵 𝜎 𝑡 =
𝐵𝛿Q R ,S𝐼𝛿Q R ,5
⋮𝐼𝛿Q R ,TU6𝐼𝛿Q R ,TU5𝐼𝛿Q R ,T
Different paths are associatedwith different delays.Mathematical model: 𝑥 𝑡 + 1 = 𝐴𝑥 𝑡 + 𝐵 𝜎 𝑡 𝑣 𝑡 , 𝑡 ∈ ℕ, where 𝑥 𝑡 is the plantand network state, 𝜎 𝑡 ∈ Σdepends on routing/scheduling. The switching signal isconsidered as a disturbance.
Wirelesscontrolnetworksas switching systems
𝑡+…
Problem:Designacontroller𝐾(𝑡) s.t.theclosedloopsystemisasymptoticallystable.Given astate-feedbackstatic controller𝐾(𝑡),theclosed loop systems is asymptoticallystable iff theJointSpectral Radius of 𝐴 + 𝐵 𝜎 𝑡 𝐾 𝑡 Q R ∈Z is smaller than 1.
Insights:Switchingsystemsanalysisanddesignisacrowdedresearcharea:• Leveragespecialstructureofmatrices𝐴 and𝐵 𝜎 𝑡 toprovidetailoredresults
thatoutperformclassicalresultsongeneralswitchingsystems
𝐾(𝑡)
Different paths are associatedwith different delays.Mathematical model: 𝑥 𝑡 + 1 = 𝐴𝑥 𝑡 + 𝐵 𝜎 𝑡 𝑣 𝑡 , 𝑡 ∈ ℕ, where 𝑥 𝑡 is the plantand network state, 𝜎 𝑡 ∈ Σdepends on routing/scheduling. The switching signal isconsidered as a disturbance.
Wirelesscontrolnetworksas switching systems
R. M. Jungers, A. D'Innocenzo, M. D. Di Benedetto. Modeling, analysis and design of linear systems withswitching delays. IEEE Transactions on Automatic Control, to appear.A. Cicone, A. D'Innocenzo, N. Guglielmi, L. Laglia. A sub-optimal solution for optimal control of linearsystems with unmeasurable switching delays. 54th IEEE Conference on Decision and Control, Osaka,Japan, December 15-18, 2015.R. M. Jungers, A. D'Innocenzo, M. D. Di Benedetto. Further results on controllability of linear systemswith switching delays. 9th IFAC World Congress, Cape Town, South Africa, August 24-29, 2014.R. M. Jungers, A. D'Innocenzo, M. D. Di Benedetto. How to control Linear Systems with switching delays.13th European Control Conference (ECC14), Strasbourg, France, June 24-27, 2014.R.M. Jungers, A. D'Innocenzo, M.D. Di Benedetto. Feedback stabilization of dynamical systems withswitched delays. 51st IEEE Conference on Decision and Control, Maui, Hawaii, December 10-13 2012.
𝐾(𝑡)
Redundancyindatarouting…
Closeacontrolloopinvestigatingtworoutingstrategies:1. Single-pathdynamicrouting: takeintoaccountswitchingbehaviordueto
dynamicrouting2. Multi-pathstaticrouting: takeintoaccountalgorithmstomergeredundantdata
§ …makessystemtoleranttolong-termlinkfailures
§ …enablesdetectionandisolationoffailuresandmaliciousattacks
§ …makessystemrobusttoshort-termlinkfailures(e.g.packetlosses)
Multi-pathstaticrouting
§ …makessystemtoleranttolong-termlinkfailures
§ …enablesdetectionandisolationoffailuresandmaliciousattacks
§ …makessystemrobusttoshort-termlinkfailures(e.g.packetlosses)
Investigatealgorithmstomergeredundantdata:• Objective:stabilizetheclosed-loopsystem• Beststrategy:keepmostrecentpacketvs.computecombination?• Differentpathsareassociatedwithdifferentdelays• Notatrivialquestion,beststrategyfromthepointofviewofstabilitystrongly
dependsonplantandnetwork:needforacontrol-theoreticapproach
Multi-pathstaticrouting
§ …makessystemtoleranttolong-termlinkfailures
§ …enablesdetectionandisolationoffailuresandmaliciousattacks
§ …makessystemrobusttoshort-termlinkfailures(e.g.packetlosses)
Investigatealgorithmstomergeredundantdata:• Objective:stabilizetheclosed-loopsystem• Beststrategy:keepmostrecentpacketvs.computecombination?• Differentpathsareassociatedwithdifferentdelays• Notatrivialquestion,beststrategyfromthepointofviewofstabilitystrongly
dependsonplantandnetwork:needforacontrol-theoreticapproach
Syntax:§ Linear plant
𝒫 = (𝐴, 𝐵, 𝐶)
MIMOMCNmodel
Syntax:§ Linear plant§ Weight function 𝑊 determines data processing through the network -
reminiscent of network coding
𝐺ℛ = 𝑉ℛ,𝐸ℛ,𝑊ℛ𝑊ℛ_: 𝐸ℛ → ℝ 𝑖 = 1,⋯ ,𝑚
𝒫 = (𝐴, 𝐵, 𝐶) 𝐺𝒪 = 𝑉𝒪,𝐸𝒪,𝑊𝒪𝑊𝒪_: 𝐸𝒪 → ℝ 𝑖 = 1,⋯ , 𝑙
MIMOMCNmodel
Syntax:§ Linear plant§ Weight function 𝑊 determines data processing through the network -
reminiscent of network coding§ Communication scheduling 𝜂 assigns transmission of nodes
𝐺ℛ = 𝑉ℛ,𝐸ℛ,𝑊ℛ𝑊ℛ_: 𝐸ℛ → ℝ 𝑖 = 1,⋯ ,𝑚
𝜂ℛ_: 1, … , Π → 2jℛ
𝐺𝒪 = 𝑉𝒪,𝐸𝒪,𝑊𝒪𝑊𝒪_: 𝐸𝒪 → ℝ 𝑖 = 1,⋯ , 𝑙
𝜂𝒪_: 1, … , Π → 2j𝒪
𝒫 = (𝐴, 𝐵, 𝐶)
MIMOMCNmodel
Syntax:§ Linear plant§ Weight function 𝑊 determines data processing through the network -
reminiscent of network coding§ Communication scheduling 𝜂 assigns transmission of nodes§ Model at time scale of frames instead of time-slots (no switching behavior)
𝑇 = ΠΔ
𝐺ℛ = 𝑉ℛ,𝐸ℛ,𝑊ℛ𝑊ℛ_: 𝐸ℛ → ℝ 𝑖 = 1,⋯ ,𝑚
𝜂ℛ_: 1, … , Π → 2jℛ
𝐺𝒪 = 𝑉𝒪,𝐸𝒪,𝑊𝒪𝑊𝒪_: 𝐸𝒪 → ℝ 𝑖 = 1,⋯ , 𝑙
𝜂𝒪_: 1, … , Π → 2j𝒪
𝒫 = (𝐴, 𝐵, 𝐶)
MIMOMCNmodel
Resilientcontrol
𝐹 setofall configurations oflinks subject toafailureoramalicious intrusion
Resilientcontrol
𝐹 setofall configurations oflinks subject toafailureoramalicious intrusion
Resilientcontrol
𝐹 setofall configurations oflinks subject toafailureoramalicious intrusion
Resilientcontrol
Mf
𝐹 setofall configurations oflinks subject toafailureoramalicious intrusion
Resilientcontrol
Mf
𝐹 setofall configurations oflinks subject toafailureoramalicious intrusion
Resilientcontrol
Mf
𝐹 setofall configurations oflinks subject toafailureoramalicious intrusion
§ Benefit: Do not reconfigure the whole network (i.e. scheduling and routing) whena failure occurs: instead, only reconfigure neighbors of faulty nodes
§ Benefit: Do not add complexity to local communication to detect faulty ormalicious nodes: instead, use plant dynamics and path redundancy
§ Technical challenge: Exploit graph theory and control-theoretic approaches formodel-based failure detection and isolation
BANK OF LUENBERGER OBSERVERS
𝑓l 𝑘𝑇 = [𝑓l5 𝑘𝑇 ,𝑓l6 𝑘𝑇 ,… , 𝑓l|o| 𝑘𝑇 ]
Observer-based diagonalFDIproblem
BANK OF LUENBERGER OBSERVERS
𝑓l 𝑘𝑇 = [𝑓l5 𝑘𝑇 ,𝑓l6 𝑘𝑇 ,… , 𝑓l|o| 𝑘𝑇 ]
Observer-based diagonalFDIproblem
BANK OF LUENBERGER OBSERVERS
𝑓l 𝑘𝑇 = [𝑓l5 𝑘𝑇 ,𝑓l6 𝑘𝑇 ,… , 𝑓l|o| 𝑘𝑇 ]
Observer-based diagonalFDIproblem
BANK OF LUENBERGER OBSERVERS
𝑓l 𝑘𝑇 = [𝑓l5 𝑘𝑇 ,𝑓l6 𝑘𝑇 ,… , 𝑓l|o| 𝑘𝑇 ]
Observer-based diagonalFDIproblem
Derive a common mathematical model for network topology (graph) and plant (LTI system):exploit structured systems theory that translates LTI system into a graph
Resilientcontrol
A. D'Innocenzo, F. Smarra, M.D. Di Benedetto. Fault Tolerant Control of MIMO Multi-Hop Control Networks.Automatica, full paper, to appear.A. D'Innocenzo, F. Smarra, M. D. Di Benedetto. Further results on fault detection and isolation of maliciousnodes in Multi-hop Control Networks. 14th European Control Conference (ECC 2015), Linz, Austria, July 15-17, 2015. Best application paper award.M.D. Di Benedetto, A. D'Innocenzo, F. Smarra. Fault-tolerant control of a wireless HVAC control system.ISCCSP2014, 2014A. D'Innocenzo, M.D. Di Benedetto, F. Smarra. Fault detection and isolation of malicious nodes in MIMOMulti-hop Control Networks. 52nd IEEE CDC, 2013F. Smarra, A. D'Innocenzo, M.D. Di Benedetto. Fault Tolerant Stabilizability of MIMO Multi-Hop ControlNetworks. 3rd IFAC NecSys 2012A. D'Innocenzo, M.D. Di Benedetto, E. Serra. Fault Tolerant Control of Multi-Hop Control Networks. IEEETransactions on Automatic Control, 58(6):1377-1389, 2013.
ChallengesinWirelessControlNetworks
Modeling• Formalinterfacesbetweencontrolalgorithmsandwirelesscommunicationprotocols• Compositional modelsforscalableanalysisanddesignofmultiplecontrol loopsAnalysis• Quantify impactofwirelessnetworking oncontrolperformanceDesign• Controllerdesignincorporating wirelessnetworkproperties• Control-networkco-designRobustness• Robustwithrespecttopacketlossesanddelays• Tolerantwithrespecttofailuresandmaliciousintrusions– CPSSecurity(SafeCOP)Tools• Formalverificationandautomatic(co-)designofsafe&secureWCN(SafeCOP)• Co-simulationofcontrolalgorithms,communicationprotocolsandphysicalsystemsExperimentalset-up• WirelessHART laboratory(INCIPICT+SafeCOP)• Buildingautomation laboratory(INCIPICT)
Formal Methods for the Analysis and Control
of Cyber-Physical Systems
Giordano Pola
Department of Information Engineering,
Computer Science and
Mathematics,
Center of Excellence DEWS,
University of L’ Aquila, Italy
At DISIM & DEWS:
Marika Di Benedetto
Pierdomenico Pepe
Elena De Santis
Costanzo Manes
Outside:
Paulo Tabuada (UCLA, USA)
Karl Henrik Johansson (KTH, Sweden)
Arjan J. van der Schaft (University of Groningen, The Netherlands)
Antoine Girard (Universite’ Joseph Fourier, France)
Alessandro Borri (IASI-CNR, Italy)
Majid Zamani (TU Munich, The Netherlands)
Manuel Mazo (TU Delft, The Netherlands)
Acknowledgments: 01/13
Collaborations
02/13
http://CyberPhysicalSystems.org
Cyber Physical Systems (CPS) – a concept map
02/13
http://CyberPhysicalSystems.org
Cyber Physical Systems (CPS) – a concept map
03/13
Network of plants Pi and computing units Ci
communicating via
non-ideal communication infrastructures
Our model of CPS
P1 P2 PN
C1 C2 CN
Our model of CPS 04/13
P1 P2 PN
C1 C2 CN
Plants:
nonlinear control systems with possible disturbances and
time-varying (states and inputs) delays
dx(t) / dt = f (x(t),x(t-x(t)),u(t-u(t)),d(t))
: Pi
Our model of CPS 05/13
P1 P2 PN
C1 C2 CN
Computing Units:
Labelled transition systems
T = (Q, Q0, L, ,O,H)
: Ci
Our model of CPS 06/13
Non-idealities in communication infrastructures:
Quantization errors
Bounded time-varying network access times
Bounded time-varying communication delays
Limited bandwidth
Bounded number of packet losses
P1 P2 PN
C1 C2 CN
:
07/13
Goals:
Synthesis of correct-by-design embedded control software
enforcing complex specifications
Detection of faults and/or criticalities in safety-critical CPS
Our model of CPS
P1 P2 PN
C1 C2 CN
Approach based on a three phases process:
#1. construct the finite/symbolic model T of the plant system
#2. design a finite/symbolic controller C that solves the specification S for T
#3. design a controller C’ for on the basis of C
Advantages:
Integration of software and hardware constraints in the control design of purely
continuous processes
Use of computer science techniques to address complex logic specifications
Correct-by-design embedded control software
Symbolic domain
Physical domain
Plant: Continuous or Hybrid system
Symbolic model Finite controller Software & hardware
Hybrid controller
08/13
stable control systems
[Automatica-2008]
stable switched systems
[IEEE-TAC-2010]
stable time-delay systems
[SCL-2010]
stable time-varying
delay systems
[IJRNC-2014]
[IJC-2012]
unstable control
systems
[IEEE-TAC-2012]
efficient control
algorithms
[IEEE-TAC-2012]
approximate bisimulation
[Girard & Pappas,IEEE-TAC-2007] incremental stability
[Angeli,IEEE-TAC-2002]
networked
control systems
[HSCC-2012]
[IEEE-CDC-2012]
[ERCIM News ‘97]
[IEEE-TAC-2016 ?]
Research at DEWS (IAB meeting 2014)
PWA systems
[IEEE-TAC-2014]
networks of control
systems
[IEEE-ACC-2014]
[IEEE-TAC-2016 ?]
decentralized symbolic
control & application to
vehicle platooning
[NecSys 2013]
stable control systems
with disturbances
[SIAM-2009]
09/13
#1. Construct the symbolic model T of the plant system Done:
1.1 CPS with one plant and one computing unit communicating via nonideal communication infrastructure
[Borri et al; HSCC-2012], [Liu et al.; HSCC-2014], [Zamani et al; IEEE-CDC-2015],]
1.2 CPS with multiple plants and computing units communicating via ideal communication infrastructure
[Tazaki et al.; HSCC-2008], [Pola et al.; IEEE-TAC-2016 ?]
To be done: 1.1 + 1.2 = ?
Incremental stability notions for CPS
Symbolic models for CPS with multiple plants and computing units communicating via nonideal communication infrastructure
Correct-by-design embedded control software 10/13
#2. Design a symbolic controller C that solves the specification S for T Done: [Borri et al; HSCC-2012]
Model: CPS with one plant and one computing unit communicating via nonideal communication infrastructure
Specifications: non-deterministic transition systems
To be done:
Extension to symbolic control design with specifications in terms of Linear Temporal Logic
Extension to symbolic control design for CPS with multiple plants and computing units communicating via nonideal communication infrastructure
Correct-by-design embedded control software 11/13
Model: Networks of Finite State Machines
Assumptions:
no continuous and/or hybrid dynamics
ideal communication infrastructure
Done: [Pola et al.; Automatica-2016 ?]
Decentralized observers detecting instantaneously faults/criticalities in CPS
Model reduction via bisimulation theory
To be done:
Extension to CPS with continuous and/or hybrid dynamics and with nonideal communication infrastructure
Extension to opacity [Mazare et., WITS 2004], i.e. to keep secret a set of states of an FSM with respect to all possible measurements on the system
Detection of Faults and/or Criticalities in CPS 12/13
Additional expertise required:
From Telecommunication Engineering
to set up a comprehensive model of communication infrastructures
From Embedded Systems Engineering
to set up a comprehensive model of hardware/software infrastructures
From Computer Science
to design efficient algorithms for analysis and controllers’ synthesis
The need for an interdisciplinary approach 13/13
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Autonomous Vehicle and MicroGridsas CPS:
Challenges and Opportunities
Elena De Santis
L’Aquila UniversityCenter of Excellence DEWS
L’Aquila, Jenuary 26th 2016
1/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Index
1 Introduction
2 Traffic ControlMotivationsAutonomous Vehicle
3 Power SystemsMotivationsDC Microgrid
4 Conclusions
2/172/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Presentation outline
Traffic Control: Development of an Adaptive Cruise Controlmodel able to imitate human driver behaviour
Power Systems Control: Analysis and control of a DirectCurrent microgrid connected to renewables, storage systemsand loads
3/173/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
CPS
4/174/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Traffic Control
Microscopic approach: each element is analyzed(ex: mechanical laws)
Macroscopic approach: the elements together are analyzed(ex: kinetic gas theory)
Mesoscopic approach: macroscopic quantities are introducedin the microscopic approach!
5/175/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Why Human-Inspired?
BREAKING NEWS!
6/176/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
State of the art
7/177/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Hybrid systemsH = (Q, X , f , Init, Dom, E , G, R)
Q = {q1, q2, ...} is the set of discrete states;X = Rn is the continuous state space;f = {fi , qi ∈ Q} is a vector field;Init ⊆ Q × X is the set of initial conditions;Dom(·) : Q → 2X ;E ⊆ Q × Q is the set of edges;G(·) : E → 2X is a map describing guard conditions;R(·, ·) : E × X → 2X is a reset.
8/178/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Discrete States and related Domains
ImportantControl based on information fromLEADER + ENVIRONMENT
9/179/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Power Systems Control
10/1710/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Change of paradigm
Energy Production
Energy Transportation
11/1711/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
DC Microgrid
DefinitionMicrogrid concept: a cluster of loads and microsourcesoperating as a single controllable system that providespower to its local area.
12/1712/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Framework
13/1713/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Compressed Sensing
Problem:Find a sparse solution to the under-determined set ofequations:
14/1714/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Why is interesting?
15/1715/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
References
Safe Human-Inspired Mesoscopic Hybrid Automaton forLongitudinal Vehicle Control, A. Iovine, F. Valentini, E. De Santis,M. Di Benedetto, M. Pratesi, 5th IFAC Conference on Analysis andDesign of Hybrid Systems (ADHS’15), Atlanta, 14-16 October 2015A Safe Human-Inspired Mesoscopic Hybrid Automaton forAutonomous Vehicles, A. Iovine, F. Valentini, E. De Santis, M. DiBenedetto, M. Pratesi, to be submitted to IFAC journal NonlinearAnalysis: Hybrid Systems (NAHS)Management of the Interconnection of Renewables and Storagesinto a DC Microgrid, A. Iovine, S. B. Siad, G. Damm, A. Benchaib,F. Lamnabhi-Lagarrigue, E. De Santis, M. D. Di Benedetto, draftSecure Estimation for Wireless Tracking Control underDenial-of-Service Attacks G.Fiore, Y.H. Chang, Q.Hu, C. Tomlin,M.D. Di Benedetto, draft
16/1716/17
Autonomous Vehicle and MicroGrids as CPS
Autonomous Vehicleand MicroGrids as CPS
Elena De Santis
Introduction
Traffic ControlMotivations
Autonomous Vehicle
Power SystemsMotivations
DC Microgrid
Conclusions
Thanks for your attention!
Any Questions?17/1717/17
Autonomous Vehicle and MicroGrids as CPS
Henry [email protected]
DISIM
Dept. of Information Engineering, Computer Science and Mathematics
University of L’Aquila, Italy
DEWS
Centre of Excellence on Design Methodologies of Embedded Controllers,
Wireless Interconnect and Systems-on-chip - University of L’Aquila, Italy
SEA Group
Which architectural styles?
Objective 1: Discovering best practices in
Architecting Cyber-Physical Systems
Objective 2: Discovering self-adaptation
practices in Architecting Cyber-Physical Systems
Collaborating CPS components• Which architectural
style?
• How to describe the
architecture of a CPS?
• Which are the critical
architecture decisions?
• How to assess the
quality of such a
model?
SEA Group
Goal: to analyze the state-of-the art in architecting
(self-adaptive) CPS
Method: Systematic Literature Review
Output: a classification of the most frequent practices
used for architecting CPS
More info: http://dl.acm.org/citation.cfm?id=2797453
Contact info: [email protected]
SEA Group
Models
Interoperability
Multi View
Management
(DS)Language
Extensibility
Usable &
Analytic DSL
Group
Design
Decision
Resilience
SA-based
Testing and
MC
Needs and Challenges Domains
CPS
Mobile
any
Technical Foundations
Metamodel
Composition
ModelTransformation
Model
Weaving
Semantic
Wiki
DLSs
Editors
Megamodeling
Survey TSE 2013
+
Software Architecture
4
MDE
Architecting complex systems
Software and System Architecture
CompComp
Comp
Comp
Comp
Comp
Comp
SYSTEM
SEA Group
Architecting challenges
How to build an
architecture that satisfies
the functional and non
functional requirements
and constraints?
Which architectural
decisions to be made?
Which architectural style to
be used?
How to validate such a
design model?
SEA Group
Views and
Viewpoints
Distributed team
management
SA Styles
SA Languages
Components and
ConnectorsTechnologies
25 years of work on
Software Architectures
Problem Statement9
Q: How the Software Architecture community can
contribute to engineering CPSs?
Q: How our theories and methods can be adaptedto fruitfully design CPSs?
Q: What are the new design challenges in architecting CPS?
Architecting Cyber Physical Systems
More abstractionNew design processes
New middlw
components
Multiple levels of
abstractions
Still, the trends of research on architecting CPS is unclear!
Università degli Studi dell’Aquila
Architecting
Henry MucciniDISIM, University of L’Aquila, Italy
Joint work with Ivano Malavolta and Mohammad Sharaf
[email protected], @muccinihenry
How?11
4 Research Questions
Search and Selection Protocol
Keywording
Inclusion and Exclusion
Search on Scholar
Search on Conferences
RQ1 – What are the
application
domains in
which the activity of architecting CPSs has been used so
far?
RQ2 – What are the type of
quality
attributes
(challenges)encountered when architecting CPSs?
RQ3 – What are
the goals and
focus areas of
the activity of architecting CPSs?
RQ4 – What are the types of
solutions to
support the activity of
architecting CPSs?
4
9
13
14
20
23
24
26
44
51
52
0 10 20 30 40 50 60
TESTABILITY
SECURITY
MAINTAINABILITY
FLEXIBILITY
RELIABILITY
DEPENDABILITY
COMPATIBILITY
MODIFIABILITY
PORTABILITY
SURVIVABILITY
PERFORMANCE
RQ2: Quality Attributes (challenges) 12
PERFORMANCE
timing: 30
resource utilization: 8energy/power consumption: 8efficiency: 6
SURVIVABILITY
heterogeneity: 29
distribution: 7reconfigurability:7mobility: 4autonomy: 4
PORTABILITY
integrability: 20
adaptability: 19
portability: 3independency: 2
RQ4: Solutions13
10
10
13
13
18
22
22
24
26
72
76
77
0 10 20 30 40 50 60 70 80 90
MIDDLEWARE
RESOURCE
RECONFIGURATION
VIRTUALIZATION
SOFTWARE AGENTS
COMPONENT-BASED
COMMUNICATION INFRASTRUCTURE
MODELING AND VALIDATION FRAMEWORKS
MODELING LANGUAGES
DESIGN
ARCHITECTURE
PATTERNS
PATTERNS
SOA: 31
multi-tier : 15
event-driven: 11
cloud: 11
ARCHITECTURE
cloud architecture: 11
system architecture: 8
Integration architecture: 4
DESIGN
modeling: 34
quality driven for system design: 12
platform: 7
RQ1: domains and applications14
2
4
8
9
12
18
27
34
47
0 5 10 15 20 25 30 35 40 45 50
MILITARY
CONSUMER
INFRASTRUCTURE
ROBOTICS
HEALTH CARE
MANUFACTURING
COMMUNICATION
ENERGY
TRANSPORTATION
TRANSPORTATION
-vehicular CPS
-avionics and aerospace
-intelligent transportation (traffic control)
ENERGY
-smart grids
-building control systems (smart building and smart city)
-distributed energy systems
COMMUNICATION
-WSNs
-Mobile CPS
-IoT
RQ1 – What are the
application domains in which
the activity of architecting CPSs has
been used so far?
Case studies15
Military 1
2%Consumer 2
4%
Infrastructure 1
2%
Robotics 4
8%
Health Care 5
10%
Manufacturing:
11
23%
Communication 1
2%
Energy
7 papers
15%
Transportati
on: 16
33%
Architectural Methods and
Techniques
languages;
18; 4%middleware;
26; 6%tactics; 28;
6%reference
architecture;
31; 7%
Framework;
34; 8%
views; 55;
12%
models;
60; 14%
architect
ure; 94;
21%
style; 96;
22%
8
13
32
119
0 20 40 60 80 100 120 140
WORKSHOP PAPER
BOOK CHAPTER
JOURNAL PAPER
CONFERENCE PAPER
Publication Venue
Università degli Studi dell’Aquila
Self-Adaptation
Henry Muccini, Mohammad Sharaf, Danny Weyns
DISIM, University of L’Aquila
KU Leuven, Sweden
SEA Group
RQ1: How is self-adaptation applied in cyber physical
systems?
• Concerns, technology stack, application domains
RQ2: How do existing approaches for self-adaptation in
cyber physical systems handle self-adaptation
concerns?
• feedback loops, models
RQ3: What type of evidence is provided by existing
approaches for self-adaptation in cyber physical
systems?
• Empirical methods, assurances
SEA Group
Feedback Loops
Technology stack
SEA Group
Main Findings
Application layer
Middleware layer
Communication layer
Service layer
.. layer
Feedback loop
Feedback loop
Feedback loop
performance and
reliability
Security and
interoperabiliy
Technolgy stack vs Feedback loop Concerns
Università degli Studi dell’Aquila
Security
Henry Muccini, Mohammad Sharaf, Deepak Khrisna,
Vikas Kumar
DISIM, University of L’Aquila
Università degli Studi dell’Aquila
A modellig platform
Ivano Malavolta, Henry MucciniGSSI, L’Aquila
DISIM, University of L’Aquila
SEA Group
Modeling
environment
Programming
Framework
Analysis
and
Code
Generati
on
Università degli Studi dell’Aquila
Ivano Malavolta, Henry MucciniGSSI, L’Aquila
DISIM, University of L’Aquila
SEA Group
AMUSE
MUSEUM:
To mitigate waiting queues
To manage emergencies
To provide ICT services
SEA Group
References
Ivano Malavolta, Henry Muccini, Mohammad Sharaf:A Preliminary Study on Architecting Cyber-PhysicalSystems. ECSA Workshops 2015: 20:1-20:6
Ivica Crnkovic, Ivano Malavolta, Henry Muccini, Mohammad Sharaf: On the Use of Component-Based Principles and Practices for Architecting Cyber-Physical Systems. CBSE 2016 (to appear)
Henry Muccini, Mohammad Sharaf, Danny Weyns: Self-Adaptation for Cyber-Physical Systems: A SystematicLiterature Review. SEAMS 2016 (to appear)
Electronic Design Automation &Embedded Systems Development
Luigi Pomante
First DISIM Workshop on Engineering Cyber-Physical Systems,
L’Aquila, 26/01/2016
2
Overview
Cyber-Physical Systems
M3 research line: main research topics
Electronic System-Level HW/SW Co-Design
Networked Embedded Systems
Mixed-Criticality Systems
Smart monitoring systems for Embedded SoC architectures
Advanced Processing Architectures
M3 research line: main research projects
3
Cyber-physical systems
A cyber-physical system (CPS) is an integration of computation with
physical processes.
Embedded computers and networks monitor and control the physical
processes, usually with feedback loops where physical processes
affect computations and vice versa.
As an intellectual challenge, CPS is about the intersection, not the
union, of the physical and the cyber.
E. A. Lee, S. A. Seshia
Introduction to Embedded Systems, a Cyber-Physical Systems approach
LeeSeshia.org, 2011
4
Cyber-physical systems
CYBER
PHYSICAL
EMBEDDED
REAL
TIMENETWORKED
5
M3 Main Research Topics
Networked Embedded Systems
HW/SW Technologies for (Networked) Embedded Systems
Wireless Sensor Networks
Middleware, Localization/Tracking, Security, EDA tools for WSN
Mixed-Criticality Systems
Hypervisor technologies for mixed-criticality multi-core platforms
Mixed-criticality Network-On-Chip
Electronic System-Level HW/SW Co-Design
HW/SW Co-Design of Heterogeneous Parallel Dedicated/Embedded
Systems
HEPSYCODE
6
M3 Main Research Topics
Smart monitoring systems for Embedded SoC architectures
Distributed HW Profiling System for Parallel Architectures on FPGA
Platforms
4-LOOP, A-LOOP
Advanced Processing Architectures
SDR Platforms
Many-core chips for TSR
Insights on
Research Topics
7
8
Networked Embedded Systems: Wireless Sensor Networks
Middleware for WSN
Heterogeneous HW/SW/radio platforms
Virtual Machines (support to cooperations and distributed SW development)
Services
Indoor Localization
Security (cryptography, intrusion detection system)
Remote Lab and Testbed (LabSMILING)
Up to 100 nodes remotely programmable and monitorable
WSN data collection and analysis
9
Technologies
Hardware
CrossBow/Memsic: Mica2, MicaZ, IRIS, Imote2, TelosB
Advanticsys: TelosB-like
Texas Instruments: CC2xxx, CC4xxx
IBM: Moterunner
Atmel: ZigBit
10
Technologies
Software
C + HAL
OS: TinyOS, FreeRTOS, Contiki
Middleware
Agilla/Agilla 2
Communication protocols
IEEE 802.15.4 (Atmel and TinyOS implementations)
Specific routing algorithms
Atmel, TinyOS and OpenZigBee implementations
11
Mixed-Criticality Systems
In a mixed criticality system different functions with different
insurance levels are allocated on the same component
A mixed criticality system requires a rigorous temporal and spatial
partitioning
Robust hardware and software mechanisms to prevent interference
between the various functions
Multi-core and many-core devices have considerable advantages
A much higher computational capacity per footprint, allowing a
substantial reduction of energy consumption
Disadvantage: they are less predictable, given the heavy use of
shared resources by the various processing elements
Mixed-Criticality Systems
Use of hypervisors on multi-processor architectures
Virtualization appears to be apromising technique toimplement robust softwarearchitectures in multi-coreavionics platforms
Analysis of paravirtualizationtools on a multi-processorLEON4 platform specificallydesigned for the aerospacedomain
FentISS XtratuM SYSGO PikeOS
Porting and analysis of hypervisorsolutions on FPGA based SoCs
12
PARTITION 1
HYPERCALL INTERFACE
KE
RN
EL
MO
DE
US
ER
MO
DE
PARTITION 2 PARTITION 3
XTRATUM
USER
PARTITIONS
SUPERVISOR
PARTITIONS
PIKEOS SYSTEM SOFTWARE
PARTITION 1 PARTITION 2 PARTITION 3
PIKEOS SEPARATION MICROKERNEL
ARCHITECTURE
SUPPORT PACKAGE
PLATFORM
SUPPORT PACKAGE
KE
RN
EL
MO
DE
US
ER
MO
DE
13
Mixed-Criticality Systems
Picture: OpenSynergy/SYSGO - Mixed-Criticality: Hypervisors in networked cyber- physical systems
Mixed-Criticality Systems
Hardware mechanisms to supportisolation in a network-on-a-chip
Isolation of different applicationclasses on NoC architectures
Hardware mechanisms supportingisolation to be introduced into existingnetwork interfaces
Support for the execution of multipleapplications with different criticalitylevels
Strategy: message exchange supervision
14
R1
T7(c1),
TM
NI4
R4
T1(c1),
T2(c2)
NI1
R2
T5(c1),
T6(c2)
NI3
R3
T3(c1),
T4(c1)
NI2
15
ESL HW/SW Co-Design: HEPSYCODE
A System-Level Methodology for HW/SW Co-Design ofHeterogeneous Parallel Dedicated Systems that, starting from amodel of the system behaviour, based on a Concurrent ProcessesMoC, leads to an heterogeneous parallel dedicated system able tosatisfy given F/NF requirements
In particular, the goal is to suggest to designer
How to partition processes between HW and SW
Which kind of heterogeneous parallel architecture to use
How to map processes to processor
16
ESL HW/SW Co-Design: HEPSYCODE
The Co-Design Flow
System
Behaviour
Model
Functional
Simulation
Reference
Inputs
Co-Analysis
Co-Estimation
- Affinity
- Timing
- Size
- Concurrency
- Load
- Bandwidth
Timing
Constraints
HW/SW Partitioning,
Mapping and
Architecture Definition
Timing
Co-Simulation
Design Space Exploration
Algorithm-Level
Flow
System-Level Flow
Hetrogeneous
Parallel
Dedicated
System
Technologies Library
-Processors
-Memories
-Interconnections
Scheduling
Directives
Architectural
Constraints
17
Smart monitoring systems for Embedded SoC
architectures
Concept of a monitoring system
Functional RequirementsNon-functional Requirements Execution Time
Power Dissipation
Area
…
How estimate parameters starting by measurements?
How to make measurements?
How to take measurements?
Global MonitorSystem under
examination
Identification of the monitoring system
18
Proposed framework
Library
of
elements
System
identification
Inputs
Monitoring
system
composition
Monitoring
system
implementation
New
monitored
system
OutputsF/NF
requirements
General system view
19
core core
Bridge
Cache
I/D
core
Cache
I/D
Cache
I/D
SDRAM
Controller
NetworkUART
SSS
S S
SSS
S
S S
SS
Global monitor
Adapter
Inte
rfa
ce
Time
measure
Event
Count
Filtering
Hardware sniffers
Nucleus
Current collaboration with UNIMORE to manage access to shared
resources and to monitor system activities
Platforms
20
21
Multicore platforms
4–LOOP - SMP system including:
A quad-core Leon 3 with Linux operating system, OpenMP library and
hardware profiling system
ML605 (Virtex 6) Development Board
Current collaboration with POLIMI to port the Barbeque framework
(http://bosp.dei.polimi.it) on 4-LOOP platform
22
Multicore platforms
A–LOOP - AMP system including:
a dual-core ARM Cortex A9 processor with Linux operating system
a quad-core Leon3 processor with Linux operating system, OpenMP
library and a hardware profiling system
HARDWARE ARCHITECTURETHE PLATFORM
ZedBoard (Zynq7000)
Development Board
Current collaboration with POLITO to evaluate reliability of an AMP
(i.e. dual-SMP) PikeOS mixed-critical system
23
Advanced Processing Architectures
SDR Platforms
Sundance HW/SW development kit for Software-Defined-Radio (Wi-FI, 802.15.4, Wi-Max)
Many-core accelerators for TSR
Development of Parallel SW for True Software Radio
Avionic/TLC algorithms for a 64 VLIW cores accelerator
Simulator for PRAM MoC
Projects & People
24
25
M3 Main Research Projects
VISION (ERC-2009-StG 240555) Video-oriented UWB-based Intelligent Ubiquitous Sensing
SMILING (RIDITT 2009, national project) SMart In home LIviNG
PRESTO (Artemis-JU ASP 2010-269362) ImProvements of industrial Real Time Embedded SysTems develOpment
process
CRAFTERS (Artemis-JU ASP 2011-295371) ConstRaint and Application-driven Framework for Tailoring Embedded Real-time
Systems
26
M3 Main Research Projects
EMC2 (Artemis-JU AIPP 2013-621429) Embedded Multi-Core systems for Mixed Criticality applications in dynamic and
changeable real-time environments
CASPER (H2020-MSCA-RISE-2014) User-centric MW Architecture for Advanced Service Provisioning in Future
Networks
SAFECOP (ECSEL-JU RIA-2015) [in negotiation] Safe Cooperating Cyber-Physical Systems using Wireless Communication
27
People
Post-doc Fabio Federici, Claudia Rinaldi, Marco Santic
PhD Students Vittoriano Muttillo, Giacomo Valente
Collaborators Ileana Cerasani, Walter Tiberti
From Ambient Intelligence From Ambient Intelligence to Cyber-Physical Systemsto Cyber-Physical Systems
Stefania CostantiniStefania CostantiniPasquale CaianielloPasquale Caianiello
Giovanni De GasperisGiovanni De Gasperis
DISIMDISIMUniversità degli Studi di L’AquilaUniversità degli Studi di L’Aquila
Vision
• Così
• Non così
• E non così (wearable computing?)
Ambient Intelligence• The term ‘Ambient Intelligence’ was
introduced by Emile Aarts della Philips (http://www.research.philips.com/
technologies/syst_softw/ami/index.html) • It was then adopted by the European
Community
Ambient Intelligence (AmI)
• Computers and networks will be integratedinto the everyday environment renderingaccessible a multitude of services andapplications through easy-to-use humaninterfaces. This vision of "ambient intelligence"places the user, the individual, at the centre offuture developments for an inclusive knowledgebased society for all
• Now: Fog Computing, Cyber-Physical Systems
Ambient Intelligence (AmI)
• The Environment will be integrated byintelligent interfaces supported bycomputing and networking technology which is everywhere, embedded ineveryday objects such as furniture,clothes, vehicles, roads and smartmaterials even particles of decorativesubstances like paint
Ambient Intelligence: Vision
• Radically rethink the human-computerinteractive experience: – Integrate digital world (information &
services) and physical world (physicalobjects/environment)
– Make interfaces more responsive andproactive (objects & environment monitoruser and (proactively) presentinformation & services relevant to user’scurrent needs/interests)
Componenti dell’AmbientIntelligence
• Ambient– Materiali innovativi, Wearable Computing,
Sensori, Attuatori, Interfacce utente,Infrastrutture di Comunicazione
• Intelligence– Elaborazione del Linguaggio Naturale, Interfacce
Utente, Gestione dei Contenuti (Basi diConoscenza), Computational intelligence(Intelligenza Artificiale,Agenti Intelligenti
Internet of Everything
• I dispositivi digitali sonointegrati negli oggetti ditutti i giorni e nell‘ambiente(ubiquità, pervasività)
• Essi comunicano tramite unainfrastruttura comuneinvisibile e apparentementenon intrusiva
• Non c‘è più un solo computerper utente ma i varidispositivi interagisconomediante intelligenzadistribuita.
Un Possibile Futuro? Ambient semantics or “enriching your every day experience”
– Book tells you about friends/famous people that lovedit
– Book tells you about particularly interesting passages – Touching 2 books makes their connections appear – Picking up book makes relevant music play
Un Possibile Futuro?
• Objects with memory – Leaving messages in objects (e.g. reminders, personal
stories) – Objects that can tell you their relevant
stories/memories – Objects record history, rhythms of time and events
Intelligenza Artificiale e Agenti Intelligenti
I droidi D-3BO e C1-P8 di“Star Wars”
L’Intelligenza Artificiale(AI, born 1956)
John McCarthy, 1927-2011
Marvin Minski, 1927-2016
Agenti (software)• Sono situati in un ambiente non
necessariamente del tutto noto apriori
• Sono autonomi• Percepiscono l’ambiente• Agiscono sull’ambiente• Comunicano con altri agenti • Possono avere obiettivi, svolgere
compiti
Agenti Intelligenti(software)
• Interagiscono in modo flessibile conl’ambiente
– Sopravvivono– Imparano– Si adattano– Perseguono obiettivi– Cooperano, competono, negoziano
26 gennaio 2016 S. Costantini - IntelligenzaArtificiale
15
Features • Reattività• Proattività• Capacità di ragionamento
– pianificazione +– common sense reasoning
• Abilità sociale• Memoria• Capacità di imparare e rivedere le proprie
conoscenze
Una funzione essenziale: Imparare (Learning)
• Imparare dall’utente • Imparare come si comporta l’utente• Imparare dagli altri agenti• Imparare dall’esperienza
26 gennaio 2016 S. Costantini - IntelligenzaArtificiale
17
Intelligenza come fenomenoemergente
• Un agente software è dotato di un insiemedi comportamenti e capacità
• Quello che farà dipende:– dall’interazione con l’ambiente– dalle capacità dell’agente– dalle scelte dell’agente
• Se l’agente è ben programmato e adattato,si comporterà in modo “intelligente”
DALI: un linguaggio logico per agenti
Stefania Costantini & Arianna Tocchio
• Definito e implementato nel LaboratorioAAAI@AQ,
Università degli Studi di L’Aquila
• Brevettato, usato in applicazioni reali (ades. CUSPIS)– Disponibile su
• https://github.com/AAAI-DISIM-UnivAQ/DALI
A Scenario: Augmented Reality
• Augmented physical environments
– Objects around you can draw your attention(e.g. books on a bookshelf of specific interestto you)
– Walking around town, system points outbuildings/places of particular interest to a user(based on user’s interests)
Today’s Augmented Reality
• Google glasses or mobile apps
What we did:Turismo e Fruizione Beni Culturali
• Localizzazione utenti via satelliti GALILEO• Agenti Intelligenti per:
– Profilo utente– Informazioni personalizzate– Proposte correlate agli interessi
Fruizione Beni Culturali: scenario
Ruolo degli Agenti Intelligenti
• Interagire con l’utente per ottenere ilprofilo base
• Personalizzare informazioni e interazione• Capire gli interessi dell’utente, • Aggiornare il profilo
Progetto CUSPIS
CUSPIS Demonstrator : Villa Adriana
Domotica
• Si occupa dell'integrazione delle tecnologie checonsentono di automatizzare una serie dioperazioni all’interno della casa. – Integrazione dei dispositivi elettrici ed elettronici, degli
elettrodomestici, dei sistemi di comunicazione, dicontrollo e sorveglianza presenti nelle abitazioni.
Il termine domotica deriva dall’importazione delneologismo francese domotique = domos automatique
Domotic and Smart Cities
• Obiettivo: abitare in case più sicure econfortevoli, dotate di un sistema diautomazione semplice, affidabile, flessibileed economico
• Un sistema (teoricamente) alla portata ditutti.– Confort– Sicurezza– Risparmio energetico
Smart Buildings (EnergyProsumers/Consumers)
Intelligent DALI Agents forSmart Buildings
• Optimize personal confort according topreferences and health conditions whilerespecting overall objectives via a specialInterval Temporal Logic
• Objectives: keep comsumption/expense withinlimits, sell and buy energy at best prices
A Multiagent Saver for the Automatic Management of HVAC Systems Speaker: Giovanni De Gasperis,University of L'Aquila, Italy EEEIC 2015, Rome
Prosumer node model
– real-time predictivecontrol of airconditioning systemsin smart buildings inthe context of energymanagement.
In general, a PROSUMER NODE in a smart grid is:
– A smart building that can produce, accumulate and have autonomyof decision making about resource consumption, dealing with givencomfort constraints
A Predictive Model for the Automated Management of Conditioning Systems in Smart Buildings.Speaker: Giovanni De Gasperis, University of L'Aquila, Italy UkSIM 2015, 25-27 March 2015, Cambridge, UK
The predictive control needs agood estimate of near future powerdemand.
To achieve acceptable near futureestimates, we proposed a method basedon “Evidence combination”, measuringperformances of a bank of estimators overtime:
1. Simple Moving Average (SMA)2. Functional Regression (FR)3. Support Vector Regression (SVR)4. Gradient Tree Boosting (GTB)
SMA FR SVR GTBbank ofpowerdemandestimators
ActualPower
measures
performance assessment &evidence combination
power demandforecast
Cycling over 96 samples, 1 each quarter ofhour of the last 24
nextquarterofhour
A Multiagent Saver for the Automatic Management of HVAC Systems Speaker: Giovanni De Gasperis,University of L'Aquila, Italy EEEIC 2015, Rome
Multi Agent Energy Saver Supervisor SystemArchitecture
e-Healthapplications
What we intend to do: Sostegno ai Disabili
• La disabilità non è una malattia, ma un “condizioneattuale” di una persona (World HealthOrganization)
• Una persona disabile è temporaneamente odefinitivamente incapace di effettuaredeterminate attività in modo “corretto” o “normale”
• La disabilità è correlata a situazioni nelle quali unapersona non è capace di gestire in modo adeguatouna situazione– Per cause fisiche o cognitive– Per cause esterne che creano limitazioni
Tutti noi siamo occasionalmentedisabili!
Ambient Intelligence/CPSsper il Sostegno ai Disabili
• Localizzazione dell’utente nell’ambientecircostante
• Aiuto nel riconoscere luoghi e oggetti• Adattamento all’utente per aumentare
confidenza e garantire sicurezza• Fornire schemi per sequenze “corrette” di azioni• Riconoscere e correggere le sequenze “non
corrette” di azioni
Ambient Intelligence/CPSsper il Sostegno ai Disabili
• In casi estremi, prendere autonomamentealcune decisioni (ad esempio sul dove ecome spostarsi)
• Imparare ad interpretare autonomamentei pattern dei comportamenti quotidiani;
• Riconoscere segni di angoscia,disorientamento,confusione
Ambient Intelligence/CPSs
per il Sostegno ai Disabili
• Offrire un aiuto proattivo attraversodiversi tipi di interventi fisici e verbali– Effettuare azioni per conto dell’utente– Raccogliere e fornire informazioni utili
• Allertare altri in caso di pericolo.
Che cos'è il contesto?
“L’informazione di contesto può in generale esseredefinita come un insieme ordinato multilivello diinformazioni dichiarative riferite agli eventi che siverificano in un dato luogo e che coinvolgonooggetti animati ed inanimati” [J. Crowley]
Context-awareness
Context-Awareness• Rappresentare il contesto
– Ontologie (in Informatica): descrizioneformale delle tipologie che si assumeesistano in un dominio di interesse Ddalla prospettiva dell’individuo che usaun linguaggio L al fine di parlare di D”.
• Percepire il contesto allargando ladescrizione con le nuove percezioni.
Dall’informazione dicontesto alla comunicazione
personalizzata
• Obiettivi– adattività rispetto al contesto– adattività rispetto al terminale utente– personalizzazione rispetto al profilo
dell’utente
Dall’informazione di contesto allacomunicazione personalizzata
– Interazione multimodale: testo, voce,avatar
– Interazione controllata da un agenteintelligente
Big Picture(by Aielli, Ancona, Caianiello, Costantini,
De Gasperis, Di Marco, Mascardi)
What we intend to do: eF&K for eHealth
Thank you for yourThank you for yourAttention!Attention!