Professional Documents
Culture Documents
GRIFFOR - OxfordU CPS 20mar2017
GRIFFOR - OxfordU CPS 20mar2017
GRIFFOR - OxfordU CPS 20mar2017
Systems
Oxford University – 20Mar2017
engineering laboratory 1
National Institute of Standards and Technology (NIST)
About NIST Priority Research Areas
2
engineering laboratory
NIST Labs and Research Activities
•CPS Framework
•CPS Testbed UCEF
•Trustworthiness
engineering laboratory 3
Cyber-Physical Systems
Cyber- system-of-systems • Examples include a smart gird, a
self-driving car, a smart
Physical system manufacturing plant, an intelligent
Systems (CPS) transportation system, a smart city,
comprise device and Internet of Things (IoT)
instances connecting new devices
interacting for new data streams and new
digital, analog, applications.
physical, and c ybe r • Common notions of IoT have
human human emphasized networked sensors
phys ic al providing data streams to
components applications.
engineered for • CPS concepts complete these IoT
function notions, providing the means for
through conceptualizing, realizing and
assuring all aspects of the
integrated composed systems of which
physics and sensors and data streams are
logic. components.
The Framework for Cyber-Physical Systems was released by the NIST CPSPWG on May 26, 2016
engineering laboratory 4
CPS and IoT
Cyber-Physical Systems (CPS) comprise interacting digital,
analog, physical, and human components engineered for
function through integrated physics and logic.
system-of-systems
Examples of a CPS that are not instances of IoT
system
•Segway Scooter device
engineering laboratory 5
CPS vs. IoT: Motion Activated Light
CPS
IoT Scope of Research
OUTs
INs
Communication Aggregator Computation Decision
Sensors Actuators
Channel (Fusion) (e-utility) (Software)
(Network)
INs OUTs
Model of
Motion
Physical Interaction
Logical Interaction
engineering laboratory 6
Type Theoretic Assurance of CPS
property-Tree of a CPS semantics of CPS Framework
engineering laboratory 7
Applying CPS Framework to Decomposition
CPS/Function Types Safety “Properties” of a Function: AEB
Business Case AEB – vehicle provides automated collision safety function
Use Case
Functional Decomposition/Allocation
engineering laboratory
Applying Concerns to Functions Severity
Frequency Redundant Torque
Functional Safety Hazard Request for ASIL>QM
Safety Controllability
Trustworthiness Concern1
Concern2
Confidentiality Encryption AES
Reliability Integrity Concern 1
Availability Concern 2
Cyber Security
Security
SME Taxonomies
Physical Security
Resilience Controls Authorization OAuth
Predictability Transparency Concern 1
Manageability Innovation Concern 2
Privacy
Function/Feature
Dissociability Apply Aspects/Concerns Generate
‘Properties’
A secure, privacy protected CAN BUS Message may consist of these properties:
{Trustworthiness.Security.Cybersecurity.Confidentiality.Encryption.AES, Trustworthiness.Privacy.Predictability.Controls.Authorization.OAuth}
engineering laboratory 9
(NIST-SAE) Applying CPS Framework to Autonomous
Vehicles
NIST/SAE/OEM NIST/SAE/OEM SAE/OEM SAE/OEM SAE/OEM
Enumerate, define,
Enumerate, define, Define Mapping of Update Automotive DRAFT System
Automotive document
document System Properties to System Trustworthiness
Trustworthiness Automotive System
Automotive System Assurance Processes Development Report and
Framework Trustworthiness
Properties (standards, etc.) Process integrate into J3061
Concerns
NIST/SAE/OEM SAE/OEM
NIST/SAE/OEM SAE/OEM
• Models and
Specify Automotive Select targeted Use Simulations
Automotive Annotate System
UCEF Testbed with Cases (Automotive • Experiment
Trustworthiness Trustworthiness
SIM-Wrappers and Systems) and Test Design
Testbed Pilot Report
Configuration Cases • Run and
Publish
NIST/SAE/OEM (Optional)
Evaluate potential
Extend Automotive
for additional CPS Repeat above for
CPS Framework
Aspects beyond selected Aspects
Model
Trustworthiness Go/No-Go
engineering laboratory
CPS Framework: Concern-Property
Interactions Concern Tree Properties/Requirements Interactions
Privacy.Predictability(Ctrls, …, Ct) i1
i2
[+/-]f .
Interactions .
[+/-]g .
ik
Security.Cybersecurity(C,I,A)
Availability
Example Impact of one concern on another:
•Calculated using pathways through the up- or down-regulation relationships between the Properties of the CPS
•These correspond to derivatives (an incremental change in one results in a negative or positive impact on the other)
•Impact is the ‘integral’ over all interaction pathways; T 0 topological definition of integral/differential calculus
engineering laboratory 11
IT- vs CPS-Based Risk Mitigation
engineering laboratory
NIST Activities: CPS Framework
• Dimensional Analysis of the Model of a CPS, e.g.
Safety and HARA
o Concern-specific abstractions and methodology
o Concern Tree: Decomposition and Composition of
Concerns
• CPS Framework Open Source Project
o UML/XML Composite Model: Framework + Use Case
o XSLT Presentation of XML Model to make (should be ‘two-
way’, compare LaTeX vs. typeset text
engineering laboratory
Tools
Enterprise Architect: UML Editor XMLSpy: XML/XMLSchema Editor
engineering laboratory 14
Derivation of a Union of Technologies
IEC 62559 Methodology NIST CPS Framework Methodology
Standardized XML
Schema
15laboratory
engineering
Word Use Case Template
engineering laboratory 16
CPS Framework
Facets
Conceptualization Realization Assurance
Domains
Functional
Use Case, Design / Produce / Argumentation,
Business
Manufacturing Requirements, … Test / Operate Claims, Evidence
Human
Transportation
Aspects Trustworthiness
Activities
Timing
Energy
Data
Artifacts
Boundaries
Healthcare
Composition
Model of a CPS CPS CPS Assurance
Lifecycle
. . . Domain
engineering laboratory 17
Framework OpenSource Project
Common
XML format –
Model of CPS
CPS
CPS Framework Use Assurance of CPS
Case/Aspects/Concerns
Requirements modeling tool
Analysis
engineering laboratory 18
UML Model of Framework
engineering laboratory 19
Aspects and Concerns
class Aspects
Concerns Concern
Measurability
TimeToMarket
PerformanceConcern
Utility CompositionAspect LifecyscleAspect
BoundariesAspect
Physical
Adaptability
PhysicalContext Behav ioral Deployability
Uncertainty Disposability
Responsibility Constructiv ity
Engineerability
Discov erability
Maintainability
Procurability
Producibility
engineering laboratory 20
Facets class Facets
ConceptualizationFacet MissionAndBusiness
CaseDev elopment
FunctionalDecomposition
RequirementsAnalysis
Facet Conceputalization
Artifact
Conceptualization InterfaceRequirementsAnalysis
Activ ity
RequirementsAllocation
BusinessCaseAnalysis
Realization
Facet
LifecycleManagement
Design
Realization
Artifact
Realization ManufacturingImplementation
Activ ity
Operations
Disposal
Cyber-PhysicalAbstraction
LayerFormation
Assurance
Facet
PhysicalLayerRealization
Assurance
Artifact
IdentifyAssuranceObj ectiv es
Assurance
Activ ity
DefineAssuranceStrategy
ControlAssuranceEv idence
AnalyzeEv idence
Prov ideAssuranceArgument
Prov ideEstimateOfConfidence
ConfigureAudit
RequirementsVerification
ProductCertificationAnd
RegulatoryComplianceTesting
engineering laboratory 21
IEC 62559 Model of a Use Case
engineering laboratory 22
XML Editor of a Use Case
engineering laboratory 23
NIST Activities: CPS Testbed
• CPS Testbed (Architecture and instance of HW and SW
Tools)
o UCEF
o Control Room + Visualization
o Open Source Project 16May2017 at NIST
• CPS Testbed Science
o Testbed composition and its semantics (wrappers)
• Testing the concerns of the CPS Framework in the testbed
o Setup and Testing as in the case of requirements driven by the
Timing concerns
engineering laboratory
NIST Activities: Trustworthiness
• Trustworthiness Concerns (Architecture and instance of HW
and SW Tools)
o Decomposition
o Specific science and methodology
• Logical and Physical ‘Security
o Using physics to enhance cybersecurity (and other cyber concerns)
• Dependencies between concerns (holistics approach to the
specifics of individual concerns)
o Merging the physical concept of dependency with a logical concept
of dependency
engineering laboratory
The Category CyPhy
• The cyber-physical category CyPhy has as objects:
o Action/Actuation
o Sense
o Phys_State
o Decision
• The morphisms of CyPhy are given by:
o Mor(Act,Physical_State) = {phy_act-phys}
o Mor(Decision,Act) = {log_dec-act}
o Mor(Sense,Decision) = {log_sen-dec}
o Mor(Sense,Act) = {phys_sen-act}
o Mor(Phys_State,Sense) = {phy_Phys_State-Sense}.
engineering laboratory 26
Symmetric Monoidal Categories
• For purposes here systems will be viewed as processes and
interactions between them (process algebra in the sense of
Milnor for example)
• We distinguish two sorts of interactions between processes:
o Logical interactions (exchanges of information)
o Physical interactions (exchanges of energy)
• Math model of physical interactions is algebraic systems of
ODEs
• Math model of logical interactions are formalizations of agent-
based models such as complex adaptive systems (J. Holland)
• We choose symmetric monoidal categories (SMC) as an
example of a model of systems in category
engineering laboratory 27
CPS as Functors
A cyber-physical system, in the sense of process algebra, can be
represented as a functor from a symmetric monoidal category
to the category CyPhy.
Such a functor represents:
•Processes as instances of Sensing, Decision, Action or
Physical
•Interactions as exchanges of information or exchanges of
energy
Benefit of this representation can be derived from:
•Structural representation of one CPS ‘in another’ (isomorphic
with a sub-CPS)
engineering laboratory 28
The category CPS
Given two representations of CPS as functors F and G, let
SM(F)/SM(G) denote the symmetric monoidal categories that F
and G map into CyPhy
F G
CyPhy
engineering laboratory 29