Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Guaranteeing Proper-Temporal-Embedding Safety Rules in Wireless CPS: A Hybrid
Formal Modeling Approach
Feng Tan*, Yufei Wang*, Qixin Wang*, Lei Bu†, Rong Zheng‡, Neeraj Suri*** Embedded Systems & Networking Lab, Dept. of Computing, The Hong Kong Polytechnic Univ.
† State Key Lab for Novel Software Tech., Dept. of Computer Sci. & Tech., Nanjing Univ., China‡ Dept. of Computing and Software, McMaster Univ., Canada
** Dept. of Computer Science, TU Darmstadt, GermanyJune 26, 2013
http://www.google.com.hk/url?sa=i&source=images&cd=&cad=rja&docid=tnuQqzuBPDEgYM&tbnid=u5Cdg6X7lv8UFM:&ved=0CAgQjRwwAA&url=http%3A%2F%2Fwww2.kau.se%2Ftp%2Fworkshopnanjing%2F&ei=pde7UY2QFZCUiAet4YCwDw&psig=AFQjCNH9oCTYbVxxNiSWOe2ygU2FpXs8Rw&ust=1371351333417891http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=9XR5TMVX-Lew2M&tbnid=Rya821O9a9XClM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.iap.tu-darmstadt.de%2Flqo%2F&ei=wNi7UfbjEuaviQf73oG4Bg&psig=AFQjCNG4YYQNQtRmlPn7HAIPoT7O-Buxpw&ust=1371351532231294
Evaluation
Related Work
Background
Problem
Solution
Demand
Overview
Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.
Life/Mission critical CPS demand wireless
Wireless is unreliable
Conflict
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.
Life/Mission critical CPS demand wireless
Wireless is unreliable
ConflictPTE Safety Guarantee
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.
Life/Mission critical CPS demand wireless
Wireless is unreliable
ConflictPTE Safety Guarantee
Design Pattern Hybrid Modeling
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystems
Medical
Manufacturing
Avionics
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348
CPS Features
Typically distributed and life/mission-critical
Real-time (in addition to logical time) matters
Modeling must integrate both discrete and continuous aspects
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348
Distributed life/mission critical CPS demand wireless communications.
Distributed life/mission critical CPS demand wireless communications.
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=NDrY3pXl9XSNdM&tbnid=XbDWJe2hNKRTkM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.globalrobots.ae%2Frobots_applications%2Findex.html&ei=-9e-UeimH4GGiQfXv4FA&psig=AFQjCNHctciLpMsT7pWCuAQv8W_-kgEtOA&ust=1371547967472450
Distributed life/mission critical CPS demand wireless communications.
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348
Distributed life/mission critical CPS demand wireless communications.
Wireless is unreliable
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=NDrY3pXl9XSNdM&tbnid=XbDWJe2hNKRTkM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.globalrobots.ae%2Frobots_applications%2Findex.html&ei=-9e-UeimH4GGiQfXv4FA&psig=AFQjCNHctciLpMsT7pWCuAQv8W_-kgEtOA&ust=1371547967472450http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348
How to guarantee the safety of life/mission critical wireless CPS?
Life/Mission critical CPS demand wireless
Wireless is unreliable
Conflict
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
How to guarantee the Proper-Temporal-Embedding (PTE) safety rule of life/mission critical wireless CPS?
Life/Mission critical CPS demand wireless
Wireless is unreliable
ConflictPTE Safety Guarantee
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
What is Proper-Temporal-Embedding (PTE) safety rule?
CPS Feature 2: real-time (in addition to logical time) matters!
CPS Feature 2: real-time (in addition to logical time) matters!
risky state dwelling time upper bound
risky state dwelling time upper bound
CPS Feature 2: real-time (in addition to logical time) matters!
enter-risky safeguard interval
CPS Feature 2: real-time (in addition to logical time) matters!
exit-risky safeguard interval
How to guarantee PTE safety despite of arbitrary wireless link failures?
How to guarantee PTE safety despite of arbitrary wireless link failures?
Leasing Design Pattern: risky state dwelling time must be leased.
General concepts of Leasing design pattern: each CPS entity takes one of the 3 roles.
Initiator
Supervisor
ParticipantParticipant
1. request2. lease2. l
ease
3. approve
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
CPS Features: 1. real-time matters; 2. real-time PTE even when aborting/canceling. (+ 3. arbitrary comm. failures)
Initiator
Participant
Participant
active
fallback
active
fallback
active
fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
How to formally describe, analyze, and use Leasing design pattern in the context of CPS?
How to formally describe, analyze, and use Leasing design pattern in the context of CPS?
CPS Feature 3 implies the use of hybrid automata modeling
Hybrid Automaton is a state-of-the-art modeling tool for CPS.
Bouncing Ball Example
Leasing Design Pattern for PTE Safety Rules: detailed Supervisor's hybrid automaton
Leasing Design Pattern for PTE Safety Rules: detailed Initiator's hybrid automaton
Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton
Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton
Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton
Validity of the design pattern
Theorem 1: If the temporal parameters of the design pattern hybrid automata satisfy a certain set of linear inequalities, then PTE safety is guaranteed despite of arbitrary communications link failures.
Validity of the design pattern
Using the design pattern: how to turn design pattern into detailed CPS designs?
We proposed a formal procedure to elaborate a design pattern hybrid automaton into a detailed design hybrid automaton.
Elaborate
Validity of elaboration
Theorem 2: If detailed design hybrid automata are respectively derived by elaborating corresponding design pattern hybrid automata, then PTE safety is guaranteed despite of arbitrary communications link failures.
Laser Tracheotomy Medical CPS: interconnect/interlock smart medical devices to increase safety
Laser Tracheotomy without Device Interlock
Laser Tracheotomy CPS
Laser Tracheotomy Medical CPS: interconnect/interlock smart medical devices to increase safety
Demand to use wireless links for safety and efficiency concerns.
Laser Tracheotomy CPS
wireless links
wireless links
Demand to use wireless links for safety and efficiency concerns.
Demand to use wireless links for safety and efficiency concerns.
Laser Tracheotomy CPS
wireless links
wireless links
Laser Tracheotomy CPS PTE safety rule.
≥3sec ≥1.5sec≤60sec
System architecture and roles of the design pattern: Initiator, Supervisor, Participant
System architecture and roles of the design pattern: Initiator, Supervisor, Participant
System architecture and roles of the design pattern: Initiator, Supervisor, Participant
System architecture and roles of the design pattern: Initiator, Supervisor, Participant
Following the Leasing design pattern and Elaboration procedure, we derive detailed designs
Emulation Scheme
Emulation Results
Related Work
Leasing Protocol [7,8,9,10,11,12][24]
check-point & roll-back
logical time vs. real-time PTE
uncontrollable physical world parameters
Related Work
Use of formal modeling in design pattern [30~33].
Hybrid modeling mostly used for verification [3],[13~16].
Tichakorn [34] proposes use a subclass of hybrid automata for designing periodical hybrid control systems.
Conclusion
1. Proposed a Lease based design pattern to guarantee PTE safety rules in wireless CPS, under arbitrary communication link failures.
2. Derived the corresponding closed-form linear constraints for temporal configuration parameters.
3. Formal description of design pattern with hybrid modeling.
4. Proposed a formal methodology to elaborate design pattern hybrid automata to detailed design hybrid automata, while maintaining PTE safety properties.
Thank you!Life/Mission critical CPS demand wireless
Wireless is unreliable
ConflictPTE Safety Guarantee
Design Pattern Hybrid Modeling
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystems
Anesthesiology
Surgical Medicine
Nursing
Communications
Mechanics
Computer
Control
Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystems
Chemical Engineering
Control Mechanics
Thermal Engineering
Communications
Computer
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AoKD79CSip3aYM&tbnid=PvFxzfT8MaaLZM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.icsindustrialservices.co.uk%2Fchemical---filter-ccleaning%2F&ei=d86-Ucm5OKWwiQet0oCYBA&psig=AFQjCNEikfjrweJc924s2nIehw76GQGSmw&ust=1371545561438032
Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystems
Computer Mechanics Aerodynamics
Control
Material
Communications
Demand to use wireless links for safety and efficiency concerns.
The Operation Room Spider Web
Demand to use wireless links for safety and efficiency concerns.
The Operation Room Spider Web, after medical CPS safety interlocks
Demand to use wireless links for safety and efficiency concerns.
Spider Web OR vs. Wireless OR
How to guarantee PTE safety despite of arbitrary wireless link failures?
Leasing Design Pattern
Hybrid Automata Modeling: formally describe, analyze, and use the design pattern
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Supervisor
ParticipantParticipant
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Supervisor
ParticipantParticipant
FallbackFallback
Fallback
Fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Supervisor
ParticipantParticipant
FallbackFallback
Fallback
Request
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Supervisor
ParticipantParticipant
Fallback
RequestLease
Fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Supervisor
ParticipantParticipant
Fallback
RequestLease
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Supervisor
ParticipantParticipant
RequestLeaseLea
se
Fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Supervisor
ParticipantParticipant
RequestLeaseLea
se
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Supervisor
ParticipantParticipant
RequestLeaseLea
se
Approve
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
General concept of Leasing Design Pattern for CPS PTE guarantee
Initiator
Participant
Participant
active
fallback
active
fallback
active
fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
The same scenario can also apply to purely cyber systems. What's the difference that CPS makes?
Initiator
Participant
Participant
active
fallback
active
fallback
active
fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
CPS Features: 1. real-time matters; 2. real-time PTE even when aborting/canceling. (+ 3. arbitrary comm. failures)
Initiator
Participant
Participant
active
fallback
active
fallback
active
fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
Leasing Design Pattern for PTE Safety Rules: sketch of Supervisor's hybrid automaton
Leasing Design Pattern for PTE Safety Rules: sketch of Initiator's hybrid automaton
Leasing Design Pattern for PTE Safety Rules: sketch of Participant's hybrid automaton
Emulation Scheme
)(5.1),(3:intervals safeguard PTE
)(6),(35),(3 :Ventilator
)(5.1),(20),(10),(5 :Initiator
)(3),(13 :Supervisor
min12:
min21:
1,max
1,max
1,
2,max
2,max
2,max
2,
maxmin0,
sTsT
sTsTsT
sTsTsTsT
sTsT
saferisky
exitrunenter
exitrunenterreq
waitfb
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
Laser Scalpel
SurgeonSupervisor
VentilatorPausing
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser Scalpel
Shooting
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
lost
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
Example Scenario
Patient
SpO2 Sensor
Laser Scalpel
SurgeonSupervisor
VentilatorPausing
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser Scalpel
Shooting
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
lost
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
Guaranteeing Proper-Temporal-Embedding Safety Rules in Wireless CPS: A Hybrid Formal Modeling ApproachSlide Number 2Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.Cyber-Physical Systems (CPS) are typically distributed and life/mission critical.Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystemsCPS FeaturesSlide Number 8Slide Number 9Slide Number 10Distributed life/mission critical CPS demand wireless communications.How to guarantee the safety of life/mission critical wireless CPS?How to guarantee the Proper-Temporal-Embedding (PTE) safety rule of life/mission critical wireless CPS?What is Proper-Temporal-Embedding (PTE) safety rule?CPS Feature 2: real-time (in addition to logical time) matters!CPS Feature 2: real-time (in addition to logical time) matters!CPS Feature 2: real-time (in addition to logical time) matters!CPS Feature 2: real-time (in addition to logical time) matters!How to guarantee PTE safety despite of arbitrary wireless link failures?How to guarantee PTE safety despite of arbitrary wireless link failures?General concepts of Leasing design pattern: each CPS entity takes one of the 3 roles.CPS Features: 1. real-time matters; 2. real-time PTE even when aborting/canceling. (+ 3. arbitrary comm. failures)How to formally describe, analyze, and use Leasing design pattern in the context of CPS?How to formally describe, analyze, and use Leasing design pattern in the context of CPS?Hybrid Automaton is a state-of-the-art modeling tool for CPS.Leasing Design Pattern for PTE Safety Rules: detailed Supervisor's hybrid automaton Leasing Design Pattern for PTE Safety Rules: detailed Initiator's hybrid automaton Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton Leasing Design Pattern for PTE Safety Rules: detailed Participant's hybrid automaton Validity of the design pattern Validity of the design pattern Using the design pattern: how to turn design pattern into detailed CPS designs?We proposed a formal procedure to elaborate a design pattern hybrid automaton into a detailed design hybrid automaton.Validity of elaboration Laser Tracheotomy Medical CPS: interconnect/interlock smart medical devices to increase safetySlide Number 37Demand to use wireless links for safety and efficiency concerns.Demand to use wireless links for safety and efficiency concerns.Demand to use wireless links for safety and efficiency concerns.Laser Tracheotomy CPS PTE safety rule.System architecture and roles of the design pattern: Initiator, Supervisor, ParticipantSystem architecture and roles of the design pattern: Initiator, Supervisor, ParticipantSystem architecture and roles of the design pattern: Initiator, Supervisor, ParticipantSystem architecture and roles of the design pattern: Initiator, Supervisor, ParticipantFollowing the Leasing design pattern and Elaboration procedure, we derive detailed designsEmulation SchemeEmulation ResultsRelated WorkRelated WorkConclusionThank you!Cyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystemsCyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystemsCyber Physical Systems (CPS): systems involving tight/complex coupling of computer and physical subsystemsDemand to use wireless links for safety and efficiency concerns.Demand to use wireless links for safety and efficiency concerns.Demand to use wireless links for safety and efficiency concerns.How to guarantee PTE safety despite of arbitrary wireless link failures?General concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeGeneral concept of Leasing Design Pattern for CPS PTE guaranteeThe same scenario can also apply to purely cyber systems. What's the difference that CPS makes?CPS Features: 1. real-time matters; 2. real-time PTE even when aborting/canceling. (+ 3. arbitrary comm. failures)Leasing Design Pattern for PTE Safety Rules: sketch of Supervisor's hybrid automaton Leasing Design Pattern for PTE Safety Rules: sketch of Initiator's hybrid automaton Leasing Design Pattern for PTE Safety Rules: sketch of Participant's hybrid automaton Emulation SchemeExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample ScenarioExample Scenario