NIST CPS Framework and Testbed

engineering laboratory
Cyber-Physical
Systems
Dr. E. R. Griffor, Associate
Director
US National Institute of
Standards and Technology
1
Oxford University – 20Mar2017

About NIST
• Part of the U.S. Department of
Commerce
• NIST’s mission is to develop and
promote measurement, standards, and
technology to enhance productivity,
facilitate trade, and improve the quality of
life.
• 3,000 employees
• 2,700 guest researchers
• 1,300 field staff in partner organizations
• Two main locations:
Gaithersburg, MD
Boulder, CO
Priority Research Areas
National Institute of Standards and Technology (NIST)
2

NIST Labs and Research Activities
3
•CPS Framework
•CPS Testbed UCEF
•Trustworthiness

Cyber-Physical Systems
• Examples include a smart gird, a
self-driving car, a smart
manufacturing plant, an intelligent
transportation system, a smart
city, and Internet of Things (IoT)
instances connecting new devices
for new data streams and new
applications.
• Common notions of IoT have
emphasized networked sensors
providing data streams to
applications.
• CPS concepts complete these IoT
notions, providing the means for
conceptualizing, realizing and
assuring all aspects of the
composed systems of which
sensors and data streams are
components.
4
The Framework for Cyber-Physical Systems was released by the NIST CPSPWG on May 26, 2016
Cyber-
Physical
Systems
(CPS) comprise
interacting
digital, analog,
physical, and
human
components
engineered for
function
through
integrated
physics and
logic.
system-of-systems
system
device
human
cyber
physical

CPS and IoT
Cyber-Physical Systems (CPS) comprise interacting digital,
analog, physical, and human components engineered for
function through integrated physics and logic.
Examples of a CPS that are not instances of IoT
• Segway Scooter
• Smart Spoon enabling Parkinson’s patients to feed
themselves (see https://www.liftware.com/)
• Autonomous vehicle operating without wired or wireless
connections outside the vehicle, e.g.
o a Mars rover operating between messages from Earth
o the original vehicles in the first DARPA Challenge
o cruise missile/smart bomb in flight to target
• Generally, any CPS that is fully contained with no outside
network connections
5
system-of-systems
system
device
human
cyber
physical

CPS vs. IoT: Motion Activated Light
6
Sensors
INs
OUTs
Communication
Channel
(Network)
Aggregator
(Fusion)
Computation
(e-utility)
Decision
(Software)
Actuators
OUTs
INs
CPS
IoT Scope of Research
Model of
Motion
Framework Schema: Phys-Log-Log-Log-Log-Phys
Testbed: Experiment, Measurement and Assurance
Challenges: Interoperability, Composition and Composition Types, Trustworthiness, etc.
Physical Interaction
Logical Interaction

Type Theoretic Assurance of CPS
property-Tree of a CPS
7
formal methods for assurance of a CPS
semantics of CPS Framework
… defines composition of concerns

AEB – vehicle provides automated collision safety function
AEB – vehicle provides/maintains safe stopping
AEB –braking function reacts as required
AEB – friction function provides appropriate friction
AEB – stopping algorithm provided safe stopping
AEB – distance and speed info is understood by braking
function
AEB – messaging function receives distance to obstacles
and speed from propulsion function
Safety “Properties” of a Function: AEB
Generate System
Properties
Applying CPS Framework to Decomposition
Apply
Aspects/Concerns
Functional
Decomposition/Allocation
Business Case
Use Case
‘feature’
CPS (Therm, HVAC, Sensor)
Physical
Logical
Msg
Info
CPS/Function Types
Influence
Energy

engineering laboratory 9
Applying Concerns to Functions
CPS
Function
Function/Feature
AES
OAuth
A secure, privacy protected CAN BUS Message may consist of these properties:
{Trustworthiness.Security.Cybersecurity.Confidentiality.Encryption.AES, Trustworthiness.Privacy.Predictability.Controls.Authorization.OAuth}
Generate
‘Properties’
Redundant Torque
Request for ASIL>QM
Concern 2
Concern 1
Trustworthiness Safety
Reliability
Security
Resilience
Privacy
Cyber Security
Physical Security
Confidentiality
Integrity
Availability
Predictability
Manageability
Dissociability
Controls
Transparency
Innovation
Concern 1
Concern 2
Authorization
Encryption
SME Taxonomies
Functional Safety
Concern1
Concern2
Severity
Frequency
Controllability
Hazard
Apply Aspects/Concerns

(NIST-SAE) Applying CPS Framework to Autonomous Vehicles
Automotive
Trustworthiness
Framework
Automotive
Trustworthiness
Testbed Pilot
Enumerate, define,
document
Automotive System
Trustworthiness
Concerns
NIST/SAE/OEM
Define Mapping of
System Properties to
Assurance Processes
(standards, etc.)
SAE/OEM
Enumerate, define,
document
Automotive System
Properties
NIST/SAE/OEM
Specify Automotive
UCEF Testbed with
SIM-Wrappers and
Configuration
NIST/SAE/OEM
Select targeted Use
Cases (Automotive
Systems) and Test
Cases
NIST/SAE/OEM
DRAFT System
Trustworthiness
Report and
integrate into J3061
SAE/OEM
Update Automotive
System
Development
Process
SAE/OEM
• Models and
Simulations
• Experiment
Design
• Run and
Publish
SAE/OEM
Annotate System
Trustworthiness
Report
SAE/OEM
Go/No-Go: Evaluate potential for Pilot
Evaluate potential
for additional CPS
Aspects beyond
Trustworthiness
Repeat above for
selected Aspects
Extend Automotive
CPS Framework
Model Go/No-Go
NIST/SAE/OEM (Optional)

CPS Framework: Concern-Property
Interactions
11
Privacy.Predictability(Ctrls, …, Ct)
Authentication
Controls
Security.Cybersecurity(C,I,A)
Confidentiality Encryption
Integrity
Availability
Concern Tree
Example Impact of one concern on another:
• Calculated using pathways through the up- or down-regulation relationships between the Properties of the CPS
• These correspond to derivatives (an incremental change in one results in a negative or positive impact on the
other)
• Impact is the ‘integral’ over all interaction pathways; T0 topological definition of integral/differential calculus
Interactions
i1
i2
.
.
.
ik
[+/-]f
AES
OAuth
Interactions
Properties/Requirements
[+/-]g
Legend
‘meets’
‘addresses’

IT- vs CPS-Based Risk Mitigation
IT System
IoT/CPS
Primary Impact of Failure
Digital Physical
Mitigation Mechanisms
Digital Analog Physical
“Better cybersecurity through physics!”

NIST Activities: CPS Framework
•Dimensional Analysis of the Model of a CPS, e.g.
Safety and HARA
oConcern-specific abstractions and methodology
oConcern Tree: Decomposition and Composition of
Concerns
•CPS Framework Open Source Project
oUML/XML Composite Model: Framework + Use Case
oXSLT Presentation of XML Model to make (should be ‘two-
way’, compare LaTeX vs. typeset text

Tools
14
Enterprise Architect: UML Editor XMLSpy: XML/XMLSchema Editor
TortoiseGit: Windows GitTool Notepadd++: Programmers Editor

Standardized XML
Schema
Derivation of a Union of Technologies
15
IEC 62559 Methodology NIST CPS Framework Methodology
Conceptualization
• Business Case
• Use Case
• Requirements
Realization
• Design
• Traceability to
Requirements
Assurance
• Algorithmically Prove
Design Meets
Requirements

Word Use Case Template
16

CPS Framework
17
Facets
Aspects
Conceptualization Realization Assurance
Functional
Business
Human
Trustworthiness
Timing
Data
Boundaries
Composition
Lifecycle
Activities
Artifacts
Use Case,
Requirements, …
Model of a CPS
Design / Produce /
Test / Operate
CPS
Argumentation,
Claims, Evidence
CPS Assurance
Manufacturing
Transportation
Energy
Healthcare
. . . Domain
Domains

Framework OpenSource Project
18
Common
XML format –
Model of CPS
CPS
Assurance of CPS
Requirements modeling tool
CPS Framework Use
Case/Aspects/Concerns
Analysis
Design Exploration / Model
Driven Development /
Continuous Integration Tools
Design Verification and
Validation and Assurance Tools

UML Model of Framework
19

Aspects and Concerns
20
class Aspects
FunctionalAspect
BoundariesAspect
LifecyscleAspect
BusinessAspect TrustworthinessAspect
Physical
Measurability
PerformanceConcern
Monitorability
Controllability
Sensing
Functionality
Uncertainty
Communication
PhysicalContext
Actuation
HumanAspect
Environment
Enterprise
Quality
TimeToMarket
Regulatory
Policy
Utility
Cost
HumanFactors
Usability
Maintainability
Engineerability
Producibility
Disposability
Operatability
Deployability
Procurability
Responsibility
Behavioral
Networkability
CompositionAspect
Reliability
Security
Privacy
Safety
Resiliance
Concerns
TimingAspect DataAspect
LogicalTime
TimingAndLatency
Synchronization
TimeAwareness
IntervalAndLatencyControl
DataSemantics
Identity
OperationsOnData
RelationshipsBetweenData
Adaptability
Complexity
Constructivity
Discoverability
Concern
+ trace: String [0..*]
+ property: String
+ weight: float [0..1]
0..*
0..*
0..*
0..*
0..*

Facets
21
class Facets
AnalyzeEvidence
ProductCertificationAnd
RegulatoryComplianceTesting
ManufacturingImplementation
RequirementsAllocation
RequirementsAnalysis
Disposal
RequirementsVerification
Design
FunctionalDecomposition
LifecycleManagement
PhysicalLayerRealization
IdentifyAssuranceObjectives
InterfaceRequirementsAnalysis
ConfigureAudit
ProvideAssuranceArgument
BusinessCaseAnalysis
ProvideEstimateOfConfidence
MissionAndBusiness
CaseDevelopment
ControlAssuranceEvidence
Cyber-PhysicalAbstraction
LayerFormation
Operations
DefineAssuranceStrategy
Conceptualization
Activity
Conceputalization
Artifact
Assurance
Artifact
Realization
Artifact
Assurance
Activity
Realization
Activity
ConceptualizationFacet
Assurance
Facet
Realization
Facet
Facet

IEC 62559 Model of a Use Case
22

XML Editor of a Use Case
23

NIST Activities: CPS Testbed
•CPS Testbed (Architecture and instance of HW and SW
Tools)
o UCEF
oControl Room + Visualization
oOpen Source Project 16May2017 at NIST
•CPS Testbed Science
oTestbed composition and its semantics (wrappers)
•Testing the concerns of the CPS Framework in the testbed
oSetup and Testing as in the case of requirements driven by the
Timing concerns

NIST Activities: Trustworthiness
•Trustworthiness Concerns (Architecture and instance of HW
and SW Tools)
o Decomposition
oSpecific science and methodology
•Logical and Physical ‘Security
oUsing physics to enhance cybersecurity (and other cyber concerns)
•Dependencies between concerns (holistics approach to the
specifics of individual concerns)
oMerging the physical concept of dependency with a logical concept
of dependency

The Category CyPhy
•The cyber-physical category CyPhy has as objects:
oAction/Actuation
oSense
oPhys_State
oDecision
•The morphisms of CyPhy are given by:
oMor(Act,Physical_State) = {phy_act-phys}
oMor(Decision,Act) = {log_dec-act}
oMor(Sense,Decision) = {log_sen-dec}
oMor(Sense,Act) = {phys_sen-act}
oMor(Phys_State,Sense) = {phy_Phys_State-Sense}.
26

Symmetric Monoidal Categories
• For purposes here systems will be viewed as processes and
interactions between them (process algebra in the sense of
Milnor for example)
• We distinguish two sorts of interactions between processes:
oLogical interactions (exchanges of information)
oPhysical interactions (exchanges of energy)
• Math model of physical interactions is algebraic systems of
ODEs
• Math model of logical interactions are formalizations of agent-
based models such as complex adaptive systems (J. Holland)
• We choose symmetric monoidal categories (SMC) as an
example of a model of systems in category
27

CPS as Functors
A cyber-physical system, in the sense of process algebra, can be
represented as a functor from a symmetric monoidal category
to the category CyPhy.
Such a functor represents:
• Processes as instances of Sensing, Decision, Action or
Physical
• Interactions as exchanges of information or exchanges of
energy
Benefit of this representation can be derived from:
• Structural representation of one CPS ‘in another’ (isomorphic
with a sub-CPS)
28

The category CPS
Given two representations of CPS as functors F and G, let
SM(F)/SM(G) denote the symmetric monoidal categories that F
and G map into CyPhy
Mor(F,G) is the functors T from SM(F) to SM(G) such that the
following diagram commutes:
29
SM(F) SM(G)
CyPhy
F G
T

NIST CPS Framework and Testbed

Recommended

Recommended

More Related Content

Similar to NIST CPS Framework and Testbed

Similar to NIST CPS Framework and Testbed (20)

Recently uploaded

Recently uploaded (20)

NIST CPS Framework and Testbed

Editor's Notes