cyber physical systems: the need for new models and design paradigms bruce h. krogh carnegie mellon...
Post on 18-Dec-2015
222 views
TRANSCRIPT
Cyber Physical Systems: The Need for New
Models and Design Paradigms
Bruce H. KroghCarnegie Mellon University
Cyber-Physical systems
Cyber-Physical Systems (CPS) are integrations of computation and physical processes.1
What’s new?• size and power of computational elements• pervasive networking• sensing technology• actuation technologyWhat’s old?• modeling and design paradigms
1 Computing Foundations and Practice for Cyber-Physical Systems: A Preliminary ReportTechnical Report No. UCB/EECS-2007-72, May 21, 2007Edward Lee, University of California at Berkeley
More on Cyber-Physical Systems2
• Some defining characteristics:– Cyber capability in every physical component– Networked at multiple and extreme scales– Complex at multiple temporal and spatial scales– Dynamically reorganizing/reconfiguring– High degrees of automation, control loops must close at all scales– Operation must be dependable, certified in some cases
• Goals of a CPS research program– A new science for future engineered and monitored systems (10-20 year
perspective) – Physical and cyber design that is deeply integrated
• What cyber-physical systems are not:– Not desktop computing– Not traditional, post-hoc embedded/real-time systems– Not today’s sensor nets
2 CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University
Example: Health Care and Medicine
• National Health Information Network, Electronic Patient Record initiative
– Medical records at any point of service– Hospital, OR, ICU, …, EMT?
• Home care: monitoring and control – Pulse oximeters (oxygen saturation), blood glucose
monitors, infusion pumps (insulin), accelerometers (falling, immobility), wearable networks (gait analysis), …
• Operating Room of the Future (Goldman)– Closed loop monitoring and control; multiple treatment
stations, plug and play devices; robotic microsurgery (remotely guided?)
– System coordination challenge• Progress in bioinformatics: gene, protein
expression; systems biology; disease dynamics, control mechanisms
Images thanks to Dr. Julian Goldman, Dr. Fred Pearce
CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University
Example: Electric Power Grid
• Current picture:– Equipment protection devices trip locally,
reactively– Cascading failure: August (US/Canada)
and October (Europe), 2003• Better future?
– Real-time cooperative control of protection devices
– Or -- self-healing -- (re-)aggregate islands of stable bulk power (protection, market motives)
– Ubiquitous green technologies– Issue: standard operational control
concerns exhibit wide-area characteristics (bulk power stability and quality, flow control, fault isolation)
– Technology vectors: FACTS, PMUs– Context: market (timing?) behavior,
power routing transactions, regulation
IT Layer
Images thanks to William H. Sanders, Bruce Krogh, and Marija Ilic
CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University
Pervasive Underlying Problems, Not Solved by Current Technologies
• How to build predictable real-time, networked systems at all scales with integrated models of the physical world?
• How to formulate and manage high-confidence, dynamically-configured CPS?
• How to organize inter-operable “aggregated” systems?• How to cooperatively detect and manage interference among
systems in real time, avoid cascading failure?• How to formulate an evidential (synthetic and analytic) basis for
trusting systems?
CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University
Impending Technical Challenges
Shift FROM• compartmentalized designs of physical systems, control
subsystems and software architecture • lack of knowledge on the cyber side of engineering
principles and physical laws (and vice-versa)• cyclic executives + human- and information-centric
operation • centralized • separation in time and spaceTO• integrated and optimized design• CPS-awareness and expertise• to highly-automated, autonomous, coordinated frameworks• to federated, decentralized, open and configurable • multi-scale systems, mixed synchronous/reactive systems
Still• real-time (perhaps wide-area, time-critical), still safety- and
security-critical, require certificationCPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University
Recent Workshops onCyber-Physical Systems
• “High Confidence Medical Device Software and Systems (HCMDSS)”, June 2 - 3, 2005, Philadelphia, PAhttp://rtg.cis.upenn.edu/hcmdss/index.php3
• “Aviation Software Systems: Design for Certifiably Dependable Systems”, October 5-6, 2006, Alexandria http://chess.eecs.berkeley.edu/hcssas/index.html.
• NSF Workshop on “Cyber-Physical Systems”, October 16-17, 2006, Austin, http://varma.ece.cmu.edu/CPS.
• “Beyond SCADA: Networked Embedded Control for Cyber Physical Systems (NEC4CPS)”, November 8 & 9, 2006, Pittsburgh http://trust.eecs.berkeley.edu/scada/.
• “High-Confidence Software Platforms for Cyber-Physical Systems (HCSP-CPS), November 30 – December 1, 2006, Alexandria http://www.isis.vanderbilt.edu/HCSP-CPS/.
CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University
• Health-Care– Doug Busch, VP and CTO of Digital Health Group, Intel– David R. Jones, Director Quality Assurance, Regulatory Affairs and Philips Business
Excellence, Philips Consumer Healthcare Solutions • Automotive Systems
– Nady Boules, Director, Electrical and Controls Integration, General Motors– Venkatesh Prasad, Director, Ford
• Building and Process Controls– J. Michael McQuade, Senior VP, Science and Technology, United Technologies– Steve Schilling, VP, Emerson Process Control
• Defense and Aviation Systems– John Borgese , VP of Advanced Technology Center, Rockwell Collins– Gary Hafen, Director of Software Engineering, Lockheed Martin Corporate Headquarters– Peter Tufano, VP of Engineering for Network Enabled Systems, BAE– Don Winter, VP of Engineering and Information Technology, Boeing PhantomWorks
• Critical Infrastructure– Guido Bartels, Director, IBM Global Energy and Utility Solutions– Henry Kluepfel, Vice-President, SAIC
• Venture Capital– David Tennenhouse, General Partner, New Venture Partners
Industry Round-Table on CPSNSF, May 17, 2007
CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University
Traditional approach: Separation of Concerns• Control-theoretic design of continuous dynamic
feedback loops– ignore implementation details: mode switching, fault detection, real-
time constraints, implementation platform, etc.
• Event-based design to supervise real-time control loops– ignore continuous dynamics: stability, transient response, parametric
variations, etc.
Design of Embedded Control Systems
Traditional approach: Separation of Concerns• Control-theoretic design of continuous dynamic
feedback loops– ignore implementation details: mode switching, fault detection, real-
time constraints, implementation platform, etc.
• Event-based design to supervise real-time control loops– ignore continuous dynamics: stability, transient response, parametric
variations, etc.
This works in most cases, BUT ...
Design of Embedded Control Systems
Demands from Emerging Applications
New challenges• increasingly complex applications
– safety critical systems– autonomy– multi-agent
• increasingly complex solutions– heterogeneous, distributed platforms– sophisticated numerical control algorithms
• Implications– engineering insight is inadequate– testing-based V&V is insufficient– move toward model-based design
Tools for Design & Implementation of Embedded Control Systems
Lyapunov functions, eigenspace analysis, etc.
Analytical Tools
MATLAB, MatrixX, VisSim, etc.,
Software Tools
Control Design:Continuous State
differential equations, transfer functions, etc.
Models
Boolean algebra, formal logics, recursion, etc.
SCADE, Statemate, SMV, SAT, etc.
Control Implementation:
Discrete State/Events
automata, Petri nets, statecharts, etc.
Limitations of Conventional Control System Design (CCSD)
• Inputs/outputs are not intrinsic• From following commands to
implementing intent• Human-system interaction• Deeply embedded CPS
Inputs/outputs are not intrinsic
CCSD assumes an I/O structure. In CPS, the identity of input/output signals is context dependent (at best).
steer-by-wire temperature door closer
(J. C. Willems)
Inputs/outputs are not intrinsic
CCSD assumes an I/O structure. In CPS, the identity of input/output signals is context dependent (at best).
steer-by-wire temperature door closer
(J. C. Willems)
Model context-dependence as hybrid systems w/
mode switching
Inputs/outputs are not intrinsic
CCSD assumes an I/O structure. In CPS, the identity of input/output signals is context dependent (at best).
steer-by-wire temperature door closer
(J. C. Willems)
Physical modeling “languages”:• bond graphs • Omola/Dymola• SimMechanics
From following commands to realizing intent
CCSD assumes command-following performance measures. CPS will realize the intent of the user.
ABS Automated External Defibrillator
power grid?
From following commands to realizing intent
CCSD assumes command-following performance measures. CPS will realize the intent of the user.
ABS Automated External Defibrillator
power grid? Integration of logic/rules/events with
continuous/timed feedback control(hybrid systems)
From following commands to realizing intent
CCSD assumes command-following performance measures. CPS will realize the intent of the user.
ABS Automated External Defibrillator
power grid? Automate system operation under
stressed conditions.
Human-system interaction
CCSD assumes only information feedback. CPS will include physical feedback.
aircraft building control?ABS
Boeing 777
Airbus 380
Human-system interaction
CCSD assumes only information feedback. CPS will include physical feedback.
aircraft building control?ABS
Boeing 777
Airbus 380
Haptic systems design
Human-system interaction
CCSD assumes only information feedback. CPS will include physical feedback.
aircraft building control?ABS
Boeing 777
Airbus 380
Integrate human behavior into the control loop (e.g.,
make it uncomfortable so they will open the
windows)
Deeply embedded CPS
In CCSD embedded components close local “inner” feedback loops.
CPS will enhance and leverage nature physical feedback at all levels.
Deeply embedded CPS
In CCSD embedded components close local “inner” feedback loops.
CPS will enhance and leverage nature physical feedback at all levels.
E.g., medical implants that work with the natural healing processes
Physical is central to CPS:
We need• new cross-cutting paradigms• new architecturesCPS will lead to• more rapid transition of science/technology to
critical applications
Possible Grand Challenges3
• Zero automotive traffic fatalities, injuries minimized, and significantly reduced traffic congestion and delays
• Blackout-free electricity generation and distribution• Reduce testing and integration time and costs of complex
CPS systems (e.g. avionics) by one to two orders of magnitude
• Perpetual life assistants for busy, older or disabled people• Extreme-yield agriculture• Energy-aware buildings• Location-independent access to world-class medicine• Physical critical infrastructure that calls for preventive
maintenance• Self-correcting and self-certifying cyber-physical systems
for “one-off” applications
3 Industry Roundtable on Cyber-Physical SystemsNSF, May 17, 2007Raj Rajkumar, Carnegie Mellon University
Cyber Physical Systems or
Cyber for Physical Systems
• How should the requirements for control (and other) physical applications influence “cyber” research?
• Will the standard separation of concerns approach (applications vs. computing infrastructure) continue to work well?
Issues in Education
• computer science – focuses on discrete mathematics– little emphasis on numerical methods– limits the understanding of physical systems
• domain experts (engineers)– focuses on mathematics for analysis and design– little exposure to embed and real-time computing– limits the understanding of real-time implementation
We need to re-think how we educate domain experts and computer scientists if we are going to realize
sustainable CPS.
Core CPS Programmatic Themes
• Scientific foundations for building verifiably correct and safe cyber-physical systems
• Scalable infrastructure and components with which cyber-physical systems can be deployed
• Tools and Experimental Testbed• Education that encompasses both the cyber and
the physical domains
CPS BriefingNSF, May 10, 2007Raj Rajkumar, Carnegie Mellon University
Long-Term CPS Goal
• Transform how we interact with the physical world just like the internet transformed how we interact with one another.– Convergence of embedded systems, control theory, hybrid
systems, microcontrollers, sensors, actuators, wireless networks, wide area networks, distributed systems, operating systems, advances in structures, …
Seek scientific foundations and technologies to integrate cyber-concepts with the dynamics of physical
and engineered systems.
Industry Roundtable on Cyber-Physical SystemsNSF, May 17, 2007Raj Rajkumar, Carnegie Mellon University