Multi-View Design for CPSs

12/12/2018By Hui ZHAO (équipe KAIROS)

1

Outline1. CPS and variety of CPS Design

2. Multi-view and Model Driven Engineering

3. My works and contributions

4. A case study

2

CPS Design

Cyber Physical System

A simple example for typical CPS architecture

Networks

computational system A

computational system B

Physical Plant

Sensors

Actuators

[1] E. A. Lee, “Cyber Physical Systems: Design Challenges,” 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing, 2008, pp. 363–369.

3

Edward Lee :Cyber-Physical Systems (CPS) are integrations of computation and physical processes. Embedded computers and networks monitor and control the physical processes, usually with feedback loops where physical processes affect computations and vice versa.

CPS Design

CPS and IoT?

4

In my opinion, all IoT devices are Cyber Physical Systems, but CPSs are not necessarily connected to the Internet and

thus, not necessarily IoT devices.

I don't have a distinct definition either, but from my understanding, CPS is more related to physical objects

and machines, while the IoT is a little bit more abstract and allows the integration of service and not only physical objects. Furthermore, my understanding of CPS is more concentrated on concrete development

scenarios and does not target of providing data outside the original scenario.

Safety & security

Problematic for CPS Design

Large Scale Cyber-Physical Systems Components Pervez et al, A Vision of Cyber-Physical, ACS' 16, At Istanbul, Turkey

Consistency

Heterogeneous

Complexity MDE (Model-driven

Engineering)

5

CPS Design

…

Multi-View design

Functional view

Architectural view

Security view

Allocation

Physical view

System expert

HW engineer

Security expert

RAMS&Arch Engineer

System

UML/SysML

UML/SysML

SecureUML/Sysml-sec

AADL

…

Various viewsWhole system Domain experts Example of design languages

Relationships between

each other?How to put

them

together?

Problems

Eliminate gaps

?

7

Motivation

• No one language can cover all of development aspects

• Avoid a single platform getting bigger and bigger

• The gap between different develop stages and views

Multi-View design

8

CPS Design

https://polarsys.org/capella/arcadia_capella_sysml_tool.html9

CPS Design

R. Ameur-Boulifa et al, SysML model transformation for safety and security analysis, ISSA 2018

10

How to solve CPS design problems

Works and Contributions

1. Abstract the Metamodel from views at high level

2. Analyze the relationship between the MMs

3. Combine two MMs of views by using a

combinational MM

4. Define a set of operators

5. Implement the rules in code (for Sysml-sec and

AADL)

My works and contributions

11

Works and Contributions

Meta-Model A

M1

M2

Meta-Model B

Meta-Model A’

Model A1 Model A1’

conf

orm

to

1

2 3

4

5

6

conform to

Source models Resulting model

Language A Language Bco

nfor

m to

conf

orm

to

Ø Step 1 define a set of operators that are used to combine functional metamodels 2 and the security metamodel 3 , which can be interpreted as model transformation language such as ATL (at step 5 )

Ø Step 4 produces a resulting metamodel A’, that includes functions and security entities.

Ø Step 5 applies a number of rules to generate a new combined model which can be exported to the security framework to perform security analysis at step 6. 12

Works and Contributions

Import

Transformation Rule LIB

Import

Arcadia Models

Functional Design/Analysis

M2

M1Temporary AADL ModelsArchitectural + Timing

Design/Analysis

Simulation

schedule 1 schedule 2

Simulate

Traceback

1

2

34

conf

orm

to

correspondingcorresponding

Legend

conform to

Export

corresponding

to be implementedco

nform

to

Metamodels of AADLMetamodels of ARCADIA

Temporary combinational Metamodel

conform to

Zhao H, Apvrille L, Mallet F, Meta-models Combination for Reusing Verification Techniques, Modelsward 2019.

Fig: Overview workflow for reusing verification techniques

13

Works and Contributions

Instance model

Functional View

Excerpt of functional view’s Metamodel

• Comp = {UFun} is a logical component container

which contains a set of functional elements.

• Fun is a finite set of functional block include

their name and id attributes.

• Port is a finite set of functional ports including

directions and allocation attributes.

• Exfun⊆ Port × Port denotes a finite set of

functional exchange (connection) between two

functional ports, it must be pair, one is source,

another is target.

• Mcf : ΣFun → Comp allocate functions to a

logical component container.

14

Works and Contributions

• Node is a execution platform, named node in Arcadia, it could be different type of physical component (e.g, processor, board).

• PP is the physical component port. • PL is physical link, it could be assigned a concrete type such

as bus.

Instance model

Physical View

Excerpt of physical view’s Metamodel

15

Works and Contributions

Hybrid Metamodel in DIPLOCUS

16

Corresponding Table

Works and Contributions

18

RulesSymbols

Example of Operators

Works and Contributions

19

Works and Contributions

20

Research Roadmap

Research Roadmap

Fundamental Relation

Allocation Relation

Matching and Transformation

Link different properties

AADLMetamodels

Researching Implementation Application & Practice

Etc. 21

Wrap up• Analyzed the relationships among models

• Defined a set of operators

• Implemented on partial sysml-sec( ttool) and

experimenting on AADL

22

Thanks for your attention

Questions?

23