2. engineering laboratory
About NIST
• Part of the U.S. Department of
Commerce
• NIST’s mission is to develop and
promote measurement, standards, and
technology to enhance productivity,
facilitate trade, and improve the quality of
life.
• 3,000 employees
• 2,700 guest researchers
• 1,300 field staff in partner organizations
• Two main locations:
Gaithersburg, MD
Boulder, CO
Priority Research Areas
National Institute of Standards and Technology (NIST)
2
4. engineering laboratory
Cyber-Physical Systems
• Examples include a smart gird, a
self-driving car, a smart
manufacturing plant, an intelligent
transportation system, a smart
city, and Internet of Things (IoT)
instances connecting new devices
for new data streams and new
applications.
• Common notions of IoT have
emphasized networked sensors
providing data streams to
applications.
• CPS concepts complete these IoT
notions, providing the means for
conceptualizing, realizing and
assuring all aspects of the
composed systems of which
sensors and data streams are
components.
4
The Framework for Cyber-Physical Systems was released by the NIST CPSPWG on May 26, 2016
Cyber-
Physical
Systems
(CPS) comprise
interacting
digital, analog,
physical, and
human
components
engineered for
function
through
integrated
physics and
logic.
system-of-systems
system
device
human
cyber
physical
5. engineering laboratory
CPS and IoT
Cyber-Physical Systems (CPS) comprise interacting digital,
analog, physical, and human components engineered for
function through integrated physics and logic.
Examples of a CPS that are not instances of IoT
• Segway Scooter
• Smart Spoon enabling Parkinson’s patients to feed
themselves (see https://www.liftware.com/)
• Autonomous vehicle operating without wired or wireless
connections outside the vehicle, e.g.
o a Mars rover operating between messages from Earth
o the original vehicles in the first DARPA Challenge
o cruise missile/smart bomb in flight to target
• Generally, any CPS that is fully contained with no outside
network connections
5
system-of-systems
system
device
human
cyber
physical
6. engineering laboratory
CPS vs. IoT: Motion Activated Light
6
Sensors
INs
OUTs
Communication
Channel
(Network)
Aggregator
(Fusion)
Computation
(e-utility)
Decision
(Software)
Actuators
OUTs
INs
CPS
IoT Scope of Research
Model of
Motion
Framework Schema: Phys-Log-Log-Log-Log-Phys
Testbed: Experiment, Measurement and Assurance
Challenges: Interoperability, Composition and Composition Types, Trustworthiness, etc.
Physical Interaction
Logical Interaction
7. engineering laboratory
Type Theoretic Assurance of CPS
property-Tree of a CPS
7
formal methods for assurance of a CPS
semantics of CPS Framework
… defines composition of concerns
8. engineering laboratory
AEB – vehicle provides automated collision safety function
AEB – vehicle provides/maintains safe stopping
AEB –braking function reacts as required
AEB – friction function provides appropriate friction
AEB – stopping algorithm provided safe stopping
AEB – distance and speed info is understood by braking
function
AEB – messaging function receives distance to obstacles
and speed from propulsion function
Safety “Properties” of a Function: AEB
Generate System
Properties
Applying CPS Framework to Decomposition
Apply
Aspects/Concerns
Functional
Decomposition/Allocation
Business Case
Use Case
‘feature’
CPS (Therm, HVAC, Sensor)
Physical
Logical
Msg
Info
CPS/Function Types
Influence
Energy
9. engineering laboratory 9
Applying Concerns to Functions
CPS
Function
Function/Feature
AES
OAuth
A secure, privacy protected CAN BUS Message may consist of these properties:
{Trustworthiness.Security.Cybersecurity.Confidentiality.Encryption.AES, Trustworthiness.Privacy.Predictability.Controls.Authorization.OAuth}
Generate
‘Properties’
Redundant Torque
Request for ASIL>QM
Concern 2
Concern 1
Trustworthiness Safety
Reliability
Security
Resilience
Privacy
Cyber Security
Physical Security
Confidentiality
Integrity
Availability
Predictability
Manageability
Dissociability
Controls
Transparency
Innovation
Concern 1
Concern 2
Authorization
Encryption
SME Taxonomies
Functional Safety
Concern1
Concern2
Severity
Frequency
Controllability
Hazard
Apply Aspects/Concerns
10. engineering laboratory
(NIST-SAE) Applying CPS Framework to Autonomous Vehicles
Automotive
Trustworthiness
Framework
Automotive
Trustworthiness
Testbed Pilot
Enumerate, define,
document
Automotive System
Trustworthiness
Concerns
NIST/SAE/OEM
Define Mapping of
System Properties to
Assurance Processes
(standards, etc.)
SAE/OEM
Enumerate, define,
document
Automotive System
Properties
NIST/SAE/OEM
Specify Automotive
UCEF Testbed with
SIM-Wrappers and
Configuration
NIST/SAE/OEM
Select targeted Use
Cases (Automotive
Systems) and Test
Cases
NIST/SAE/OEM
DRAFT System
Trustworthiness
Report and
integrate into J3061
SAE/OEM
Update Automotive
System
Development
Process
SAE/OEM
• Models and
Simulations
• Experiment
Design
• Run and
Publish
SAE/OEM
Annotate System
Trustworthiness
Report
SAE/OEM
Go/No-Go: Evaluate potential for Pilot
Evaluate potential
for additional CPS
Aspects beyond
Trustworthiness
Repeat above for
selected Aspects
Extend Automotive
CPS Framework
Model Go/No-Go
NIST/SAE/OEM (Optional)
11. engineering laboratory
CPS Framework: Concern-Property
Interactions
11
Privacy.Predictability(Ctrls, …, Ct)
Authentication
Controls
Security.Cybersecurity(C,I,A)
Confidentiality Encryption
Integrity
Availability
Concern Tree
Example Impact of one concern on another:
• Calculated using pathways through the up- or down-regulation relationships between the Properties of the CPS
• These correspond to derivatives (an incremental change in one results in a negative or positive impact on the
other)
• Impact is the ‘integral’ over all interaction pathways; T0 topological definition of integral/differential calculus
Interactions
i1
i2
.
.
.
ik
[+/-]f
AES
OAuth
Interactions
Properties/Requirements
[+/-]g
Legend
‘meets’
‘addresses’
12. engineering laboratory
IT- vs CPS-Based Risk Mitigation
IT System
IoT/CPS
Primary Impact of Failure
Digital Physical
Mitigation Mechanisms
Digital Analog Physical
“Better cybersecurity through physics!”
13. engineering laboratory
NIST Activities: CPS Framework
•Dimensional Analysis of the Model of a CPS, e.g.
Safety and HARA
oConcern-specific abstractions and methodology
oConcern Tree: Decomposition and Composition of
Concerns
•CPS Framework Open Source Project
oUML/XML Composite Model: Framework + Use Case
oXSLT Presentation of XML Model to make (should be ‘two-
way’, compare LaTeX vs. typeset text
15. engineering laboratory
Standardized XML
Schema
Derivation of a Union of Technologies
15
IEC 62559 Methodology NIST CPS Framework Methodology
Conceptualization
• Business Case
• Use Case
• Requirements
Realization
• Design
• Traceability to
Requirements
Assurance
• Algorithmically Prove
Design Meets
Requirements
17. engineering laboratory
CPS Framework
17
Facets
Aspects
Conceptualization Realization Assurance
Functional
Business
Human
Trustworthiness
Timing
Data
Boundaries
Composition
Lifecycle
Activities
Artifacts
Use Case,
Requirements, …
Model of a CPS
Design / Produce /
Test / Operate
CPS
Argumentation,
Claims, Evidence
CPS Assurance
Manufacturing
Transportation
Energy
Healthcare
. . . Domain
Domains
18. engineering laboratory
Framework OpenSource Project
18
Common
XML format –
Model of CPS
CPS
Assurance of CPS
Requirements modeling tool
CPS Framework Use
Case/Aspects/Concerns
Analysis
Design Exploration / Model
Driven Development /
Continuous Integration Tools
Design Verification and
Validation and Assurance Tools
24. engineering laboratory
NIST Activities: CPS Testbed
•CPS Testbed (Architecture and instance of HW and SW
Tools)
o UCEF
oControl Room + Visualization
oOpen Source Project 16May2017 at NIST
•CPS Testbed Science
oTestbed composition and its semantics (wrappers)
•Testing the concerns of the CPS Framework in the testbed
oSetup and Testing as in the case of requirements driven by the
Timing concerns
25. engineering laboratory
NIST Activities: Trustworthiness
•Trustworthiness Concerns (Architecture and instance of HW
and SW Tools)
o Decomposition
oSpecific science and methodology
•Logical and Physical ‘Security
oUsing physics to enhance cybersecurity (and other cyber concerns)
•Dependencies between concerns (holistics approach to the
specifics of individual concerns)
oMerging the physical concept of dependency with a logical concept
of dependency
26. engineering laboratory
The Category CyPhy
•The cyber-physical category CyPhy has as objects:
oAction/Actuation
oSense
oPhys_State
oDecision
•The morphisms of CyPhy are given by:
oMor(Act,Physical_State) = {phy_act-phys}
oMor(Decision,Act) = {log_dec-act}
oMor(Sense,Decision) = {log_sen-dec}
oMor(Sense,Act) = {phys_sen-act}
oMor(Phys_State,Sense) = {phy_Phys_State-Sense}.
26
27. engineering laboratory
Symmetric Monoidal Categories
• For purposes here systems will be viewed as processes and
interactions between them (process algebra in the sense of
Milnor for example)
• We distinguish two sorts of interactions between processes:
oLogical interactions (exchanges of information)
oPhysical interactions (exchanges of energy)
• Math model of physical interactions is algebraic systems of
ODEs
• Math model of logical interactions are formalizations of agent-
based models such as complex adaptive systems (J. Holland)
• We choose symmetric monoidal categories (SMC) as an
example of a model of systems in category
27
28. engineering laboratory
CPS as Functors
A cyber-physical system, in the sense of process algebra, can be
represented as a functor from a symmetric monoidal category
to the category CyPhy.
Such a functor represents:
• Processes as instances of Sensing, Decision, Action or
Physical
• Interactions as exchanges of information or exchanges of
energy
Benefit of this representation can be derived from:
• Structural representation of one CPS ‘in another’ (isomorphic
with a sub-CPS)
28
29. engineering laboratory
The category CPS
Given two representations of CPS as functors F and G, let
SM(F)/SM(G) denote the symmetric monoidal categories that F
and G map into CyPhy
Mor(F,G) is the functors T from SM(F) to SM(G) such that the
following diagram commutes:
29
SM(F) SM(G)
CyPhy
F G
T
Editor's Notes
Donna provides NIST overview and NIST cyber overview