-
Guaranteeing Proper-Temporal-Embedding Safety Rules in Wireless
CPS: A Hybrid
Formal Modeling Approach
Feng Tan*, Yufei Wang*, Qixin Wang*, Lei Bu†, Rong Zheng‡,
Neeraj Suri*** Embedded Systems & Networking Lab, Dept. of
Computing, The Hong Kong Polytechnic Univ.
† State Key Lab for Novel Software Tech., Dept. of Computer Sci.
& Tech., Nanjing Univ., China‡ Dept. of Computing and Software,
McMaster Univ., Canada
** Dept. of Computer Science, TU Darmstadt, GermanyJune 26,
2013
http://www.google.com.hk/url?sa=i&source=images&cd=&cad=rja&docid=tnuQqzuBPDEgYM&tbnid=u5Cdg6X7lv8UFM:&ved=0CAgQjRwwAA&url=http%3A%2F%2Fwww2.kau.se%2Ftp%2Fworkshopnanjing%2F&ei=pde7UY2QFZCUiAet4YCwDw&psig=AFQjCNH9oCTYbVxxNiSWOe2ygU2FpXs8Rw&ust=1371351333417891http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=9XR5TMVX-Lew2M&tbnid=Rya821O9a9XClM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.iap.tu-darmstadt.de%2Flqo%2F&ei=wNi7UfbjEuaviQf73oG4Bg&psig=AFQjCNG4YYQNQtRmlPn7HAIPoT7O-Buxpw&ust=1371351532231294
-
Evaluation
Related Work
Background
Problem
Solution
Demand
Overview
-
Cyber-Physical Systems (CPS) are typically distributed and
life/mission critical.
Life/Mission critical CPS demand wireless
Wireless is unreliable
Conflict
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
-
Cyber-Physical Systems (CPS) are typically distributed and
life/mission critical.
Life/Mission critical CPS demand wireless
Wireless is unreliable
ConflictPTE Safety Guarantee
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
-
Cyber-Physical Systems (CPS) are typically distributed and
life/mission critical.
Life/Mission critical CPS demand wireless
Wireless is unreliable
ConflictPTE Safety Guarantee
Design Pattern Hybrid Modeling
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
-
Cyber Physical Systems (CPS): systems involving tight/complex
coupling of computer and physical subsystems
Medical
Manufacturing
Avionics
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348
-
CPS Features
Typically distributed and life/mission-critical
Real-time (in addition to logical time) matters
Modeling must integrate both discrete and continuous aspects
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348
-
Distributed life/mission critical CPS demand wireless
communications.
-
Distributed life/mission critical CPS demand wireless
communications.
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=NDrY3pXl9XSNdM&tbnid=XbDWJe2hNKRTkM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.globalrobots.ae%2Frobots_applications%2Findex.html&ei=-9e-UeimH4GGiQfXv4FA&psig=AFQjCNHctciLpMsT7pWCuAQv8W_-kgEtOA&ust=1371547967472450
-
Distributed life/mission critical CPS demand wireless
communications.
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348
-
Distributed life/mission critical CPS demand wireless
communications.
Wireless is unreliable
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=NDrY3pXl9XSNdM&tbnid=XbDWJe2hNKRTkM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.globalrobots.ae%2Frobots_applications%2Findex.html&ei=-9e-UeimH4GGiQfXv4FA&psig=AFQjCNHctciLpMsT7pWCuAQv8W_-kgEtOA&ust=1371547967472450http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=1SNOj4u8CpQbhM&tbnid=-GTFrXhgLr1qFM:&ved=0CAUQjRw&url=http%3A%2F%2Fozurobotics.ozyegin.edu.tr%2FlabResources.php&ei=idi-UZXDGObNiAe9pYHIDQ&psig=AFQjCNHjnvEibKhYhW-42L1qM6vzl2tJYQ&ust=1371548114871727http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5FEBvknEzZpgsM&tbnid=SAxrNMPmgdBgDM:&ved=0CAUQjRw&url=http%3A%2F%2Fhisky.manufacturer.globalsources.com%2Fsi%2F6008826047824%2Fpdtl%2FRadio-controlled-model%2F1060140330%2FRadio-controller-Model.htm&ei=Ltq-UYLCIYKEiAesroGgBA&psig=AFQjCNGKSYycBBGHtIOH0reQ50OF8pi0Ig&ust=1371548569843348
-
How to guarantee the safety of life/mission critical wireless
CPS?
Life/Mission critical CPS demand wireless
Wireless is unreliable
Conflict
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
-
How to guarantee the Proper-Temporal-Embedding (PTE) safety rule
of life/mission critical wireless CPS?
Life/Mission critical CPS demand wireless
Wireless is unreliable
ConflictPTE Safety Guarantee
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
-
What is Proper-Temporal-Embedding (PTE) safety rule?
-
CPS Feature 2: real-time (in addition to logical time)
matters!
-
CPS Feature 2: real-time (in addition to logical time)
matters!
risky state dwelling time upper bound
risky state dwelling time upper bound
-
CPS Feature 2: real-time (in addition to logical time)
matters!
enter-risky safeguard interval
-
CPS Feature 2: real-time (in addition to logical time)
matters!
exit-risky safeguard interval
-
How to guarantee PTE safety despite of arbitrary wireless link
failures?
-
How to guarantee PTE safety despite of arbitrary wireless link
failures?
Leasing Design Pattern: risky state dwelling time must be
leased.
-
General concepts of Leasing design pattern: each CPS entity
takes one of the 3 roles.
Initiator
Supervisor
ParticipantParticipant
1. request2. lease2. l
ease
3. approve
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
CPS Features: 1. real-time matters; 2. real-time PTE even when
aborting/canceling. (+ 3. arbitrary comm. failures)
Initiator
Participant
Participant
active
fallback
active
fallback
active
fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
How to formally describe, analyze, and use Leasing design
pattern in the context of CPS?
-
How to formally describe, analyze, and use Leasing design
pattern in the context of CPS?
CPS Feature 3 implies the use of hybrid automata modeling
-
Hybrid Automaton is a state-of-the-art modeling tool for
CPS.
Bouncing Ball Example
-
Leasing Design Pattern for PTE Safety Rules: detailed
Supervisor's hybrid automaton
-
Leasing Design Pattern for PTE Safety Rules: detailed
Initiator's hybrid automaton
-
Leasing Design Pattern for PTE Safety Rules: detailed
Participant's hybrid automaton
-
Leasing Design Pattern for PTE Safety Rules: detailed
Participant's hybrid automaton
-
Leasing Design Pattern for PTE Safety Rules: detailed
Participant's hybrid automaton
-
Validity of the design pattern
Theorem 1: If the temporal parameters of the design pattern
hybrid automata satisfy a certain set of linear inequalities, then
PTE safety is guaranteed despite of arbitrary communications link
failures.
-
Validity of the design pattern
-
Using the design pattern: how to turn design pattern into
detailed CPS designs?
-
We proposed a formal procedure to elaborate a design pattern
hybrid automaton into a detailed design hybrid automaton.
Elaborate
-
Validity of elaboration
Theorem 2: If detailed design hybrid automata are respectively
derived by elaborating corresponding design pattern hybrid
automata, then PTE safety is guaranteed despite of arbitrary
communications link failures.
-
Laser Tracheotomy Medical CPS: interconnect/interlock smart
medical devices to increase safety
Laser Tracheotomy without Device Interlock
-
Laser Tracheotomy CPS
Laser Tracheotomy Medical CPS: interconnect/interlock smart
medical devices to increase safety
-
Demand to use wireless links for safety and efficiency
concerns.
Laser Tracheotomy CPS
wireless links
wireless links
-
Demand to use wireless links for safety and efficiency
concerns.
-
Demand to use wireless links for safety and efficiency
concerns.
Laser Tracheotomy CPS
wireless links
wireless links
-
Laser Tracheotomy CPS PTE safety rule.
≥3sec ≥1.5sec≤60sec
-
System architecture and roles of the design pattern: Initiator,
Supervisor, Participant
-
System architecture and roles of the design pattern: Initiator,
Supervisor, Participant
-
System architecture and roles of the design pattern: Initiator,
Supervisor, Participant
-
System architecture and roles of the design pattern: Initiator,
Supervisor, Participant
-
Following the Leasing design pattern and Elaboration procedure,
we derive detailed designs
-
Emulation Scheme
-
Emulation Results
-
Related Work
Leasing Protocol [7,8,9,10,11,12][24]
check-point & roll-back
logical time vs. real-time PTE
uncontrollable physical world parameters
-
Related Work
Use of formal modeling in design pattern [30~33].
Hybrid modeling mostly used for verification [3],[13~16].
Tichakorn [34] proposes use a subclass of hybrid automata for
designing periodical hybrid control systems.
-
Conclusion
1. Proposed a Lease based design pattern to guarantee PTE safety
rules in wireless CPS, under arbitrary communication link
failures.
2. Derived the corresponding closed-form linear constraints for
temporal configuration parameters.
3. Formal description of design pattern with hybrid
modeling.
4. Proposed a formal methodology to elaborate design pattern
hybrid automata to detailed design hybrid automata, while
maintaining PTE safety properties.
-
Thank you!Life/Mission critical CPS demand wireless
Wireless is unreliable
ConflictPTE Safety Guarantee
Design Pattern Hybrid Modeling
https://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=id8VZ9rR-4S87M&tbnid=pUWaJLZEMEa4YM:&ved=0CAUQjRw&url=https%3A%2F%2Fcommons.wikimedia.org%2Fwiki%2FFile%3ADove_peace.png&ei=uxy8UcqPKsShiQeKwIGIAg&psig=AFQjCNGrNzZCiBDMHyi421F66tjJUF5pgg&ust=1371368987347260
-
Cyber Physical Systems (CPS): systems involving tight/complex
coupling of computer and physical subsystems
Anesthesiology
Surgical Medicine
Nursing
Communications
Mechanics
Computer
Control
-
Cyber Physical Systems (CPS): systems involving tight/complex
coupling of computer and physical subsystems
Chemical Engineering
Control Mechanics
Thermal Engineering
Communications
Computer
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AoKD79CSip3aYM&tbnid=PvFxzfT8MaaLZM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.icsindustrialservices.co.uk%2Fchemical---filter-ccleaning%2F&ei=d86-Ucm5OKWwiQet0oCYBA&psig=AFQjCNEikfjrweJc924s2nIehw76GQGSmw&ust=1371545561438032
-
Cyber Physical Systems (CPS): systems involving tight/complex
coupling of computer and physical subsystems
Computer Mechanics Aerodynamics
Control
Material
Communications
-
Demand to use wireless links for safety and efficiency
concerns.
The Operation Room Spider Web
-
Demand to use wireless links for safety and efficiency
concerns.
The Operation Room Spider Web, after medical CPS safety
interlocks
-
Demand to use wireless links for safety and efficiency
concerns.
Spider Web OR vs. Wireless OR
-
How to guarantee PTE safety despite of arbitrary wireless link
failures?
Leasing Design Pattern
Hybrid Automata Modeling: formally describe, analyze, and use
the design pattern
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Supervisor
ParticipantParticipant
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Supervisor
ParticipantParticipant
FallbackFallback
Fallback
Fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Supervisor
ParticipantParticipant
FallbackFallback
Fallback
Request
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Supervisor
ParticipantParticipant
Fallback
RequestLease
Fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Supervisor
ParticipantParticipant
Fallback
RequestLease
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Supervisor
ParticipantParticipant
RequestLeaseLea
se
Fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Supervisor
ParticipantParticipant
RequestLeaseLea
se
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Supervisor
ParticipantParticipant
RequestLeaseLea
se
Approve
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=AZh6Zm3SPi8pAM&tbnid=pPC8d2CNOOVB7M:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clker.com%2Fclipart-manager-4.html&ei=fBi_Uey5EZGMlQWhpYCgCA&psig=AFQjCNGAB4jHZIkaGjySRjbMXIUTGMbgrg&ust=1371564442334088http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
General concept of Leasing Design Pattern for CPS PTE
guarantee
Initiator
Participant
Participant
active
fallback
active
fallback
active
fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
The same scenario can also apply to purely cyber systems. What's
the difference that CPS makes?
Initiator
Participant
Participant
active
fallback
active
fallback
active
fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
CPS Features: 1. real-time matters; 2. real-time PTE even when
aborting/canceling. (+ 3. arbitrary comm. failures)
Initiator
Participant
Participant
active
fallback
active
fallback
active
fallback
http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=dRcniwGPl7_FrM&tbnid=fvTWEYRoP5cSGM:&ved=0CAUQjRw&url=http%3A%2F%2Fgetreal.wgrc.com%2F&ei=nxe_UZj6I4uPkwXO_oHoAw&psig=AFQjCNFcqyR5PCK1HI0EARmwCFC5alPORQ&ust=1371564279409655http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=UmNsqO7dOxjqDM&tbnid=6uujomiBASIh6M:&ved=0CAUQjRw&url=http%3A%2F%2Fclipartist.net%2Fsvg%2Fstage-viscious-speed-scallywag-march-clipartist-net-art-clip-art-clipart-openclipart-org-scalable-vector-graphics-svg-public-domain%2F&ei=fxm_UdLPLcWnkgW9lIGoBA&psig=AFQjCNHi1f8l7EuM3DspPIOkDehDGJ6auA&ust=1371564737363004http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=sXFduz0cIPzwKM&tbnid=2bhZcmq5kHd7BM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.great-kids-birthday-parties.com%2Fkid-fonts.html&ei=YBq_UazEB9D3lAW_94GQDg&psig=AFQjCNHd18nCvKYBaFOqG89UbIE90tTlxw&ust=1371564990876191
-
Leasing Design Pattern for PTE Safety Rules: sketch of
Supervisor's hybrid automaton
-
Leasing Design Pattern for PTE Safety Rules: sketch of
Initiator's hybrid automaton
-
Leasing Design Pattern for PTE Safety Rules: sketch of
Participant's hybrid automaton
-
Emulation Scheme
)(5.1),(3:intervals safeguard PTE
)(6),(35),(3 :Ventilator
)(5.1),(20),(10),(5 :Initiator
)(3),(13 :Supervisor
min12:
min21:
1,max
1,max
1,
2,max
2,max
2,max
2,
maxmin0,
sTsT
sTsTsT
sTsTsTsT
sTsT
saferisky
exitrunenter
exitrunenterreq
waitfb
-
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
Laser Scalpel
SurgeonSupervisor
VentilatorPausing
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser Scalpel
Shooting
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
lost
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
-
Example Scenario
Patient
SpO2 Sensor
Laser Scalpel
SurgeonSupervisor
VentilatorPausing
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser Scalpel
Shooting
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
lost
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
-
Example Scenario
Patient
SpO2 Sensor
VentilatorPausing Laser
Scalpel
SurgeonSupervisor
http://www.google.hu/url?sa=i&rct=j&q=clock&source=images&cd=&cad=rja&docid=XIwTYzWn4N2blM&tbnid=qGboGtvjoJo6BM:&ved=0CAUQjRw&url=http%3A%2F%2Fredcandyuk.blogspot.com%2F2011%2F02%2Fimportance-of-clocks.html&ei=M1fKUeCTCMjwsgbEioGgCw&bvm=bv.48340889,d.Yms&psig=AFQjCNHR_ZcnPlN6VDKnmn_a9ZQQwR7ZJw&ust=1372301463954086
-
Example Scenario
Patient
SpO2 Sensor
Ventilator Laser Scalpel
SurgeonSupervisor
Guaranteeing Proper-Temporal-Embedding Safety Rules in Wireless
CPS: A Hybrid Formal Modeling ApproachSlide Number 2Cyber-Physical
Systems (CPS) are typically distributed and life/mission
critical.Cyber-Physical Systems (CPS) are typically distributed and
life/mission critical.Cyber-Physical Systems (CPS) are typically
distributed and life/mission critical.Cyber Physical Systems (CPS):
systems involving tight/complex coupling of computer and physical
subsystemsCPS FeaturesSlide Number 8Slide Number 9Slide Number
10Distributed life/mission critical CPS demand wireless
communications.How to guarantee the safety of life/mission critical
wireless CPS?How to guarantee the Proper-Temporal-Embedding (PTE)
safety rule of life/mission critical wireless CPS?What is
Proper-Temporal-Embedding (PTE) safety rule?CPS Feature 2:
real-time (in addition to logical time) matters!CPS Feature 2:
real-time (in addition to logical time) matters!CPS Feature 2:
real-time (in addition to logical time) matters!CPS Feature 2:
real-time (in addition to logical time) matters!How to guarantee
PTE safety despite of arbitrary wireless link failures?How to
guarantee PTE safety despite of arbitrary wireless link
failures?General concepts of Leasing design pattern: each CPS
entity takes one of the 3 roles.CPS Features: 1. real-time matters;
2. real-time PTE even when aborting/canceling. (+ 3. arbitrary
comm. failures)How to formally describe, analyze, and use Leasing
design pattern in the context of CPS?How to formally describe,
analyze, and use Leasing design pattern in the context of
CPS?Hybrid Automaton is a state-of-the-art modeling tool for
CPS.Leasing Design Pattern for PTE Safety Rules: detailed
Supervisor's hybrid automaton Leasing Design Pattern for PTE Safety
Rules: detailed Initiator's hybrid automaton Leasing Design Pattern
for PTE Safety Rules: detailed Participant's hybrid automaton
Leasing Design Pattern for PTE Safety Rules: detailed Participant's
hybrid automaton Leasing Design Pattern for PTE Safety Rules:
detailed Participant's hybrid automaton Validity of the design
pattern Validity of the design pattern Using the design pattern:
how to turn design pattern into detailed CPS designs?We proposed a
formal procedure to elaborate a design pattern hybrid automaton
into a detailed design hybrid automaton.Validity of elaboration
Laser Tracheotomy Medical CPS: interconnect/interlock smart medical
devices to increase safetySlide Number 37Demand to use wireless
links for safety and efficiency concerns.Demand to use wireless
links for safety and efficiency concerns.Demand to use wireless
links for safety and efficiency concerns.Laser Tracheotomy CPS PTE
safety rule.System architecture and roles of the design pattern:
Initiator, Supervisor, ParticipantSystem architecture and roles of
the design pattern: Initiator, Supervisor, ParticipantSystem
architecture and roles of the design pattern: Initiator,
Supervisor, ParticipantSystem architecture and roles of the design
pattern: Initiator, Supervisor, ParticipantFollowing the Leasing
design pattern and Elaboration procedure, we derive detailed
designsEmulation SchemeEmulation ResultsRelated WorkRelated
WorkConclusionThank you!Cyber Physical Systems (CPS): systems
involving tight/complex coupling of computer and physical
subsystemsCyber Physical Systems (CPS): systems involving
tight/complex coupling of computer and physical subsystemsCyber
Physical Systems (CPS): systems involving tight/complex coupling of
computer and physical subsystemsDemand to use wireless links for
safety and efficiency concerns.Demand to use wireless links for
safety and efficiency concerns.Demand to use wireless links for
safety and efficiency concerns.How to guarantee PTE safety despite
of arbitrary wireless link failures?General concept of Leasing
Design Pattern for CPS PTE guaranteeGeneral concept of Leasing
Design Pattern for CPS PTE guaranteeGeneral concept of Leasing
Design Pattern for CPS PTE guaranteeGeneral concept of Leasing
Design Pattern for CPS PTE guaranteeGeneral concept of Leasing
Design Pattern for CPS PTE guaranteeGeneral concept of Leasing
Design Pattern for CPS PTE guaranteeGeneral concept of Leasing
Design Pattern for CPS PTE guaranteeGeneral concept of Leasing
Design Pattern for CPS PTE guaranteeGeneral concept of Leasing
Design Pattern for CPS PTE guaranteeThe same scenario can also
apply to purely cyber systems. What's the difference that CPS
makes?CPS Features: 1. real-time matters; 2. real-time PTE even
when aborting/canceling. (+ 3. arbitrary comm. failures)Leasing
Design Pattern for PTE Safety Rules: sketch of Supervisor's hybrid
automaton Leasing Design Pattern for PTE Safety Rules: sketch of
Initiator's hybrid automaton Leasing Design Pattern for PTE Safety
Rules: sketch of Participant's hybrid automaton Emulation
SchemeExample ScenarioExample ScenarioExample ScenarioExample
ScenarioExample ScenarioExample ScenarioExample ScenarioExample
ScenarioExample ScenarioExample ScenarioExample ScenarioExample
ScenarioExample ScenarioExample ScenarioExample ScenarioExample
ScenarioExample ScenarioExample ScenarioExample ScenarioExample
Scenario